YoVDO

Typhoon Mangkhut - One-click Remote Universal Root Formed with Two Vulnerabilities

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Exploit Development Courses Privilege Escalation Courses Android Security Courses Arbitrary Code Execution Courses

Course Description

Overview

Explore a 41-minute Black Hat conference talk detailing the Mangkhut exploit chain, which achieves one-click remote root access on modern Android devices using only two vulnerabilities. Dive into the intricacies of CVE-2020-6537, a Chrome vulnerability enabling arbitrary code execution in the browser render process, and CVE-2020-0423, a Binder vulnerability that escalates privileges from a sandboxed process to root. Learn how researchers Hongli Han, Rong Jian, Xiaodong Wang, and Peng Zhou overcame increasing Android security mitigations to develop this sophisticated remote root exploit chain targeting the latest Pixel devices.

Syllabus

Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube