Open Sesame - Picking Locks with Cortana

Explore the "Open Sesame" vulnerability in Cortana, a critical security flaw allowing attackers to compromise locked Windows machines and execute arbitrary code. Delve into the attack model, demonstrating how adversaries can access sensitive files, browse websites, download and run executables, and potentially gain elevated privileges. Learn about Cortana's architecture, including the audio and semantic processing phases, and various attack vectors such as the "Voice of Esau" attack and "Skill of Death." Gain insights into defending against voice attacks and understand key takeaways for both defenders and security professionals. This 46-minute Black Hat conference presentation covers the full scope of the vulnerability, from discovery to exploitation, and provides valuable information for cybersecurity experts and Windows users alike.

Intro
What is Cortana?
Cortana Architecture - Example
Cortana Agent
Audio Processing Phase
Semantic Processing Phase
Cortana Skills
CVE-2018-8140 (Open Sesame)
Open Sesame: Attack Model
Lock Screen: You Had One Job
Open Sesame Summary
Attacking Cortana: Cruel Intentions
Voice of Esau Attack
Cortana over RDP Demo
The Voice of Esau
Skill of Death - Limited Functionality
Preventing Voice Attacks
Takeaways: Defenders
Takeaways: Builders & Breakers
Questions?