Blended Threats

It had never occured to me that security bugs in multiple pieces of software could be linked together and exploited. Not that I recall very well anyhow. But after reading this article from Threatpost, It made sense. (As much sense, I suppose, as it could have considering my limited investigation of the example given and the concept in general.) Billy Rios developed one of these “Blended threats“, as they are called, and presented a talk about it at RuxCon and BayThreat last year. I would suggest that anybody interested read hisĀ blog post. Slides containing the code are available there as well. This is interesting stuff. See video below. Oh yeah, theres a live demo up as well. See slides.

Will It Blend – Ruxcon/Baythreat PoC Demo