Anibal Sacco

Brief Bio

Anibal Sacco is a SSr Exploit Writer and Reverse Engineer at CORE Security Technologies. He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 3 years. Focusing first in windows kernel-mode vulnerabilities, and lately in OS X vulnerabilities. He also loves to apply some obscure ninjutsu moves to understand and improve any kind of firmwares found out there. And enjoys origami, too.

Technical Papers and Publications

• Deactivate the Rootkit (ekoparty edition) (view)
  • Authors: Anibal Sacco, Alfredo Ortega
  • In: Ekoparty 2009, Buenos Aires, Argentina
  • Date published: 2009-09-18
  • Attachments: Presentation Slides
• Deactivate the Rootkit (view)
  • Authors: Anibal Sacco and Alfredo Ortega
  • In: Black Hat Briefings 2009 USA. Las Vegas, NE. July 30
  • Date published: 2009-07-30
  • Attachments: Python program to modify the obfuscated Windows registry key that stores the hostname used by the Computrace agent to report, Whitepaper describing the findings and potential risk mitigation actions, Slides of the BlackHat Briefings 2009 talk, A packet capture showing the Computrace agent's plaintext HTTP outbound connection to search.namequery.com, Python program to dump the BIOS firmware and search for a CompuTrace Option ROM
• Persistent BIOS Infection (view)
  • Authors: Alfredo Ortega and Anibal Sacco
  • In: Tenth annual CanSecWest applied security conference. March 16-20 2009. Vancouver, British Columbia, Canada.
  • Date published: 2009-03-18
  • Attachments: Slides of the talk at the CanSecWest 2009 applied security conference

Advisories

• Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability (view)
  • Authors: Anibal Sacco
  • Date published: 2009-06-02
• Sun xVM VirtualBox Privilege Escalation Vulnerability (view)
  • Authors: Anibal Sacco
  • Date published: 2008-08-04
• Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls (view)
  • Authors: Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco, Rodrigo Carvalho
  • Date published: 2008-04-28
• VLC media player chunk context validation error (view)
  • Authors: Felipe Manzano, Anibal Sacco
  • Date published: 2008-02-27
• MPlayer arbitrary pointer dereference (view)
  • Authors: Felipe Manzano, Anibal Sacco
  • Date published: 2008-02-04

Related information

Projects

• BIOS rootkits

Publications

• 2009-03-18. Persistent BIOS Infection, Alfredo Ortega and Anibal Sacco | 2009-07-30. Deactivate the Rootkit, Anibal Sacco and Alfredo Ortega | 2009-09-18. Deactivate the Rootkit (ekoparty edition), Anibal Sacco, Alfredo Ortega

Advisories

• 2008-02-04. MPlayer arbitrary pointer dereference, Felipe Manzano, Anibal Sacco | 2008-02-27. VLC media player chunk context validation error, Felipe Manzano, Anibal Sacco | 2008-04-28. Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls, Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco, Rodrigo Carvalho | 2008-08-04. Sun xVM VirtualBox Privilege Escalation Vulnerability, Anibal Sacco | 2009-06-02. Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability, Anibal Sacco