About me
I am Björn Ruytenberg, MSc student in Computer Science and Engineering at TU/e and RU. Being a technology enthusiast, I hold a BSc in Electrical Engineering as well as Computer Science (cum laude). Currently, I am writing my MSc thesis, which will include my work on Thunderspy. Aside from my studies, I enjoy participating in bug bounty programs. My vulnerability research mainly focuses on hardware and firmware security, as well as sandboxing technology and input validation in widely deployed enterprise products. Previously, I have been a teaching assistant for Software Security (2DMI20), Networks and Security (3USU0) and Parallelization, Compilers and Platforms (5LIM0).
You can get in touch with me by email at bjorn bjornweb nl (PGP; previous key) and Twitter (@0Xiphorus).
Talks
- When
Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
- Black Hat USA 2020, peer-reviewed conference talk (08/2020) • Abstract - Slides - Live Recording
- Dutch Design Week 2020, invited talk (10/2020) • Abstract - Slides - Live Recording
- Chaos Communication Congress rC3, peer-reviewed conference talk (12/2020) • Abstract - Slides - Live Recording
- Playing in the Sandbox: Adobe Flash Exploitation Tales
(updated)
- CONFidence Krakow, peer-reviewed conference talk (06/2019) • Abstract - Slides - Live Recording
- Playing in the Sandbox: Adobe Flash Exploitation Tales
- On
the Spectre of Meltdown: Analysing the Attacks and Mitigations
- TU/e Department of Mathematics and Computer Science, seminar talk (05/2018) - Slides
- TU/e Embedded Systems graduate course "Parallelization, Compilers and Platforms", guest lecture (03/2018)
- Scribbles:
Dissecting the Vault7 Office Tracker Implant
- TU/e Information Security seminar (06/2017) - Slides
Security vulnerabilities
I report security vulnerabilities whenever I find them. Some are listed below:
- CAPEC-665 - Thunderspy: Intel Thunderbolt 1, 2 and 3 multiple critical vulnerabilities
- CVE-2018-12402 - Mozilla Firefox WebBrowserPersist uses incorrect origin information
- CVE-2017-4939 - VMware Workstation DLL Hijacking Arbitrary Code Execution
- SSD-3463 - Microsoft Office Host Machine Information and Windows User Credentials Disclosure
- CVE-2017-3085 - Adobe Flash Remote Sandbox Windows User Credentials Disclosure
- CVE-2016-4271 - Adobe Flash Local Data Exfiltration and Windows User Credentials Disclosure
- ZDI-16-395 - Foxit Reader Arbitrary Code Execution and Information Disclosure
Blog
My blog is a collection of writeups on some security vulnerabilities I've found. Here are the most recent entries:
- Playing in the Remote Sandbox: Adobe Flash Windows User Credentials Disclosure Vulnerability (CVE-2017-3085)
- Adobe Flash: Bypassing the local sandbox to exfiltrate data, obtain Windows user credentials (CVE-2016-4271)
- Foxit Reader: Bypassing the Safe Mode sandbox to execute arbitrary code, exfiltrate data (ZDI-16-395)
Projects
My profile on GitHub is where I publish projects I've been working on. Some projects you might find interesting:
- Spycheck - Verify whether your Thunderbolt-enabled system is vulnerable to the Thunderspy attacks.
- Thunderbolt Controller Firmware Patcher - PoC demonstrating one of the several Thunderspy attack methods.
- SPIblock - Configure SPI flash write protection.
- kDMAp-patcher - Patches Kernel DMA Protection onto unsupported Thunderbolt-powered systems.