In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges.
By Amichai Shulman, Ron Marcovich, Tal Be’ery and Yuval Ron
Full Abstract & Presentation Materials: https://www.blackhat.com/us-18/briefings/schedule/index.html#open-sesame-picking-locks-with-cortana-10547
