[agentultra]

I was literally thinking about this the other day. There are a ton of games using kernel modules for anti-cheat and... just load and interpret data payloads. Certainly some of those payloads could manipulate the funny machines inside of a game executable if they're not careful about their parsing and validation.

Nice PoC!

Update: yes, most game client processes don't run in the kernel. My b. I was just thinking that updates and content payloads might be an interesting vector for langsec.

[Liquix]

Yes. For example world of warcraft's anticheat (warden), although it runs in userspace, has been exploited multiple times to gain RCE/server root after receiving malicious payloads from clients.

[agentultra]

Also, if you see content distribution networks the way we've been looking into package managers as a vector distributing poisoned payloads... seems fruitful.

[mavhc]

Imagine if security software did that, but also ran on boot and took down a million critical machines