Security Research

by Moritz Jodeit

• Moritz Jodeit: Look Mom! I don't use Shellcode: Browser Exploitation Case Study for Internet Explorer 11, in HITB GSEC 2016, August 2016 (pdf)
• Moritz Jodeit: Exploiting CVE-2014-4113 on Windows 8.1, October 2014 (pdf)
• Moritz Jodeit: Hacking Video Conferencing Systems, in Black Hat Europe 2013, March 2013 (pdf)
• Martin Johns, Moritz Jodeit: Scanstud: A Methodology for Systematic, Fine-grained Evaluation of Static Analysis Tools, in 2nd International Workshop on Security Testing (SECTEST 2011), March 2011 (pdf)
• Moritz Jodeit, Martin Johns: USB Device Drivers: A Stepping Stone into your Kernel, in 6th European Conference on Computer Network Defense (EC2ND 2010), October 2010 (pdf)
• Moritz Jodeit: Evaluating Security Aspects of the Universal Serial Bus, Diploma Thesis, University of Hamburg, Germany, December 2008 (pdf)
• Schreckling, D. et al.: CISAT: Integration of security-centric static analysis into the development process (German), in 14th DFN-CERT Workshop "Sicherheit in vernetzten Systemen", February 2007 (pdf)

• Look Mom! I don't use Shellcode: Browser Exploitation Case Study for Internet Explorer 11
• SyScan360 2016, November 25th 2016, Shanghai, China (slides)
• Ekoparty 2016, October 26th 2016, Buenos Aires, Argentina (slides)
• 44CON 2016, September 16th 2016, London, United Kingdom (slides)
• HITB GSEC 2016, August 26th 2016, Singapore (slides)
• Forensics on Video Conferencing Systems, University of Erlangen, January 28th 2014, Erlangen, Germany (slides)
• Hacking Video Conferencing Systems, Black Hat Europe 2013, March 15th 2013, Amsterdam, Netherlands (slides)
• Scanstud: A Methodology for Systematic, Fine-grained Evaluation of Static Analysis Tools, 2nd International Workshop on Security Testing (SECTEST 2011), March 25th 2011, Berlin, Germany (slides)
• Java-Sicherheit: Das wahre Leben (Java Security: The real life), OOP 2011, January 26th 2011, Munich, Germany (slides)
• USB Device Drivers: A Stepping Stone into your Kernel
• EC2ND 2010, October 28-29th 2010, Berlin, Germany (slides)
• DeepSec IDSC 2009, November 19th 2009, Vienna, Austria (slides)
• Attacking Adjacent Layers, Hackerpraktikum Ruhr University Bochum, July 14th 2010, Bochum, Germany (slides)
• Evaluating Security Aspects of the Universal Serial Bus, Oberseminar "Security in Distributed Systems", January 13th 2009, University of Hamburg, Germany (slides)
• Scanstud - Evaluating static analysis tools (with Martin Johns, Wolfgang Koeppl, and Martin Wimmer), OWASP AppSec 2008, May 22nd 2008, Ghent, Belgium (slides)

• CVE-2016-3213, Microsoft Windows Enhanced Protected Mode Bypass via Local NetBIOS Name Spoofing (ref)
• CVE-2016-0188, Microsoft Internet Explorer God Mode Mitigation Bypass (ref)
• CVE-2016-3210, Microsoft Internet Explorer Typed Array Neutering Vulnerability (ref)
• BFS-SA-2016-001, FireEye Detection Evasion and Whitelisting of Arbitrary Malware (ref)
• CVE-2015-6152, Microsoft Internet Explorer CObjectElement Use-After-Free Vulnerability (ref)
• CVE-2015-6564, OpenSSH Use-After-Free in PAM Privilege Separation (ref)
• CVE-2015-6563, OpenSSH PAM Authentication Bypass in Privilege Separation (ref)
• CVE-2015-2444, Microsoft Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability (ref)
• n.runs-SA-2013.001, Polycom Command Shell Grants System-Level Access (ref)
• n.runs-SA-2013.002, Polycom Firmware Update Command Injection (ref)
• n.runs-SA-2013.003, Polycom H.323 CDR Database SQL Injection (ref)
• n.runs-SA-2013.004, Polycom H.323 Format String Vulnerability (ref)
• CVE-2013-0084, Microsoft SharePoint Directory Traversal Vulnerability (ref)
• CVE-2012-2174, IBM Lotus Notes URL Command Injection (ref)
• CVE-2011-3508, Oracle Solaris LDAP Library Format String Vulnerability (ref)
• CVE-2010-4107, HP LaserJet MFP Devices - Directory Traversal in PJL Interface (ref)
• CVE-2010-1882, Microsoft Windows MP3 Audio Decoder Buffer Overflow (ref)
• CVE-2010-0520, Apple QuickTime FLI LinePacket Remote Code Execution (ref)
• n.runs-SA-2011.002, Citrix XenApp / XenDesktop XML Service Heap Corruption (ref)
• n.runs-SA-2011.001, Citrix XenApp / XenDesktop Stack-Based Buffer Overflow (ref)
• CVE-2009-0157, Apple OS X Heap-Based Buffer Overflow in CFNetwork Component (ref)
• CVE-2008-5050, ClamAV Off-by-One in VBA Project File Parser (ref)
• CVE-2007-5863, Apple OS X Software Update Command Injection Vulnerability (ref)
• CVE-2007-5135, OpenSSL SSL_get_shared_ciphers() Off-by-One Buffer Overflow (ref)
• CVE-2007-1387, Xine DirectShow Buffer Overflow Vulnerability (ref)
• CVE-2007-1218, Tcpdump Off-by-One Buffer Overflow in 802.11 Packet Parser (ref)
• CVE-2006-4434, Sendmail Long Header Line Use-After-Free Vulnerability (ref)