MENU

Fun & Interesting

#Hacktivity2024 // Hacking CS:GO to Death

Hacktivity - IT Security Festival 1,791 lượt xem 3 months ago
Video Not Working? Fix It Now

László Radnai - Hacking CS:GO to Death

This presentation was held at #Hacktivity2024 IT security conference on 14th October 2024.

Everyone loves to play a good First Person Shooter, but not everyone opens up a Ghidra session to analyze its code, understand its behavior, and find mistakes in the code.
The goal of the project was to understand the internals of CS:GO enough to exploit the client's runtime.

With the triage process finally at an end, it is possible now to disclose details of the total of five vulnerabilities, leading to two different complete exploit chains that both enable a malicious community server to take over a CS:GO client connecting to it. The exploits allow a malicious actor to execute arbitrary code, for example, initiate a reverse shell, or gain persistence on the unsuspecting player's machine.

The vulnerabilities that were in the newest version of the game at the time were all responsibly disclosed to Valve, whose rebranded product, CS2 -- replacing CS:GO -- is no longer vulnerable to the described exploits. The fix never landed in CS:GO, hence the title.

The technical deep-dive will present the vulnerabilities and the exploits, including a demo. The commentary will discuss my experiences with Valve's bug bounty and the implications of C code issues.

#hacktivity the biggest event of its kind in Central & Eastern Europe. About 1000 visitors are coming from all around the globe every year to learn more about the latest trends of cybersecurity, get inspired by people with similar interest and develop themselves via comprehensive workshops and training sessions.

https://www.hacktivity.com
#ai #cybermonth #cybersecurity

Comment