It's coming, and you aren't ready—your first generative AI chatbot incident. GenAI chatbots, leveraging LLMs, are revolutionizing customer engagement by providing real-time, automated 24/7 chat support. But when your company's virtual agent starts responding inappropriately to requests and handing out customer PII to anyone who asks nicely, who are they going to call? You.
You've seen the cool prompt injection attack demos and may even be vaguely aware of preventions like LLM guardrails; but are you ready to investigate and respond when those preventions inevitably fail? Would you even know where to start? It's time to connect traditional investigation and response procedures with the exciting new world of GenAI chatbots.
In this talk, you'll learn how to investigate and respond to the unique threats targeting these systems. You'll discover new methods for isolating attacks, gathering information, and getting to the root cause of an incident using AI defense tooling and LLM guardrails. You'll come away from this talk with a playbook for investigating and responding to this new class of GenAI incidents and the preparation steps you'll need to take before your company's chatbot responses start going viral—for the wrong reasons.
Quick Share (formerly Nearby Share) has allowed Android users to easily share files for four years now. A year ago, Google introduced a Windows version.
Google's promotion of Quick Share for preinstallation on Windows, alongside the limited recent research, ignited our curiosity about its safety, leading to an investigation that uncovered more than we had imagined.
We studied its Protobuf-based protocol using hooks, built tools to communicate with Quick Share devices, and a fuzzer that found non-exploitable crashes in the Windows app. We then diverted to search for logic vulnerabilities, and boy oh boy, we regretted we hadn't done it sooner.
We found 10 vulnerabilities both in Windows & Android allowing us to remotely write files into devices without approval, force the Windows app to crash in additional ways, redirect its traffic to our WiFi AP, traverse paths to the user's folder, and more. However, we were looking for the holy grail, an RCE. Thus, we returned to the drawing board, where we realized that the RCE is already in our possession in the form of a complex chain.
In this talk, we'll introduce QuickShell - An RCE attack chain on Windows combining 5 out of 10 vulnerabilities in Quick Share. We'll provide an overview about Quick Share's protocol, present our fuzzer, the found vulnerabilities, a new HTTPS MITM technique, and finally the RCE chain.
Or Yair is a security research professional with seven years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system's components, though his past work also included research of Linux kernel components and some Android components. Or has already presented his vulnerability and security research discoveries internationally at conferences he spoke at such as Black Hat USA 2023, Black Hat Asia 2024, Black Hat Europe 2022, DEF CON 32 (2024), SecTor 2023, RSAC 2023, Security Fest 2023, CONFidence 2023 & 2024 and more.
Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.