tag: RCE

Achieving Remote Code Execution in Steam: a journey into the Remote Play protocol

4 Dec, 2023 by Valentino Ricotta

Remote Play Together, developed by Valve, allows sharing local multi-player games with friends over the network through streaming. The associated protocol is elaborate enough to shelter a valuable attack surface that has scarcely been ventured into in the past.

This post covers the reverse engineering of the protocol and client/server implementations inside Steam, before presenting a dedicated fuzzer that unveiled a few critical vulnerabilities.

Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666)

10 Dec, 2021 by Valentino Ricotta

This is the third installment in my three-part series of articles on fuzzing Microsoft’s RDP client, where I explain a bug I found by fuzzing the smart card extension.