Exploit? “...is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior...” Wikipedia
What? Counter-Strike: Global Offensive ● Source code leak from 2013 for reference. ○ github.com/ValveSoftware/source-... ● Lots of existing exploit examples. ○ github.com/search?q=dwLocalPlaye...
“Steel-thread” Implementation ● “Out of Box” win32 APIs to exploit the client side process. ○ read/write with kernel32.dll ○ input with with user32.dll ● “Benign” exploit impact. ○ client side jump abuse aka “bunny hop”
Testing Value’s CS:GO ● 30GB Package ● Steam DRM + VAC Anti-cheat ● GUI + Internet ● A popular game My CS:GO ● 42KB Binary ● 14 LOC ● Headless + Offline ● Loads a DLL and hangs