Vulnerabilities are disclosed on a daily basis and in the best case, new patches are released. It is not new that many application’s update processes have security weaknesses allowing fake updates injection. Evilgrade is a modular framework that allows the user to take advantage of an upgrade process from different applications, compromising the system by injecting custom payloads. The lecture will be the presentation and release of the tool, showing its features and possible attack scenarios.
Francisco Amato is a security researcher & consultant specialized in vulnerability development, blackbox testing, reverse engineering. He is running his own company, [ISR] – Infobyte Security Research www.infobyte.com.ar, where many of it’s developments in audit tools and vulnerabilities in several Novell , IBM products. He is one of the organizers of the ekoparty security conference. www.ekoparty.com.ar