YoVDO

Typhoon Mangkhut - One-click Remote Universal Root Formed with Two Vulnerabilities

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Exploit Development Courses Privilege Escalation Courses Android Security Courses Arbitrary Code Execution Courses

Course Description

Overview

Explore a 41-minute Black Hat conference talk detailing the Mangkhut exploit chain, which achieves one-click remote root access on modern Android devices using only two vulnerabilities. Dive into the intricacies of CVE-2020-6537, a Chrome vulnerability enabling arbitrary code execution in the browser render process, and CVE-2020-0423, a Binder vulnerability that escalates privileges from a sandboxed process to root. Learn how researchers Hongli Han, Rong Jian, Xiaodong Wang, and Peng Zhou overcame increasing Android security mitigations to develop this sophisticated remote root exploit chain targeting the latest Pixel devices.

Syllabus

Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities


Taught by

Black Hat

Related Courses

Breaking VSM by Attacking SecureKernel
Black Hat via YouTube Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube The Road to iOS Sandbox Escape
Hack In The Box Security Conference via YouTube The Great Escape of ESXi
media.ccc.de via YouTube Exploiting QSEE, The Raelize Way
Hack In The Box Security Conference via YouTube