Back To Schedule
Friday, April 27 • 11:15 - 12:00
The Story of Escape Sequence Vulnerabilities

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Escape sequences (or control sequences) are sets of characters that change the behavior of the terminal and allow interacting with it. Basic escape sequences are frequently used for formatting output, e.g. for changing text color. Some sequences served purposes in physical terminals but remained in use with modern terminal emulators.

Historically, there were many dangerous and easy ways to exploit popular terminals by abusing escape sequences. Some of these techniques relied on sequences that are now obsolete. Weaknesses relating to escape sequences are still being found to this day in modern terminals.

In my talk I will explore related past vulnerabilities and recent ones. I will examine vulnerabilities where terminal programs failed to sanitize bad content, and bring examples for how they may have been exploited.

I plan to discuss my own research in finding such vulnerabilities, including the details of my work on Busybox that led to CVE-2017-16544. Finally, I'll do a short demonstration on how attackers can hide malicious code from developers using git, with only a simple escape sequence.
Busybox research details:

Hiding content from git:


Ariel Z

Security Research Team Lead, Palo Alto Networks
Ariel is a security researcher and the head of research at Twistlock, dealing with hacking and securing anything related to containers.

Friday April 27, 2018 11:15 - 12:00 ADT
Track 2 - Room A1