Vilgrade – “You Have Pending Upgrades” presented at TROOPERS 2008

by Francisco Amato,

Tags: Application Security


Summary : Vulnerabilities are disclosed on a daily basis and in the best case, new patches are released.
It is not new that many application's update processes have security weaknesses allowing fake updates injection. Evilgrade is a modular framework that allows the user to take advantage of an upgrade process from different applications, compromising the system by injecting custom payloads. The lecture will be the presentation and release of the tool, showing its features and possible attack scenarios.