Category: Travel & Events

Finding Bugs Compiler Knows but Doesn’t Tell You-Dissecting Undefined Behavior Optimizations in LLVM

Undefined Behavior, like signed integer overflow or accessing null pointer, is an erroneous action that makes programs unpredictable. There are no rules on how to generate code for Undefined Behavior. Compiler writers can treat Undefined Behavior as nasal demons and...

/ May 21, 2021

This is for the Pwners : Exploiting a WebKit 0-day in PlayStation 4

Despite an active console hacking community, only few public PlayStation 4 exploits have been released. The exposed WebKit-based browser is usually the entrypoint of a fullchain attack: from browser exploitation to kernel exploitation. However, browser-engine hardening techniques together… By: Quentin...

/ May 21, 2021

Cross-Site Escape: Pwning macOS Safari Sandbox the Unusual Way

In this talk, I’ll present a novel attack targeting the design flaws of the reachable IPC and their associated WebViews by utilizing the classic web security attack, i.e., Cross-Site Scripting (XSS). Without re-exploiting WebKit twice, native code execution outside the...

/ May 21, 2021

Portable Data exFiltration: XSS for PDFs

PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner workings of a PDF? In this session, you will...

/ May 21, 2021

Debug Resurrection on Nordic nRF52 Series

Nordic nRF52 System-on-Chips (SoCs) are unquestionably dominating the IoT dedicated platforms market today, especially for short range communications (BLE, Zigbee…) and asset tracking segments.The entire family consists of six different nRF52 platforms, all built around the ARM… By: LimitedResults Full...

/ May 21, 2021

How to Better Fuzz Windows 10 Directx Kernel at Present

DirectX is the engine that handles rendering on the Windows platform. Many outstanding people have made outstanding contributions in the research of DirectX. In this talk, I will share new research content of DirectX including the discovery of new attack...

/ May 21, 2021

Permission Mining in GCP

“Do you know exactly what each user can do in your Google Cloud Platform (GCP) environment? Do you know if you have users who can assume other identities to escalate their privileges? Do you know the effective permissions the users...

/ May 21, 2021

Please Make a Dentist Appointment ASAP: Attacking IOBluetoothFamily HCI and Vendor-Specific Commands

“In order to control the firmware link manager and baseband controller, Bluetooth stacks usually abstract a set of command interfaces called Host-Controller Interface (HCI). Through these interfaces, the host can access and modify control registers and hardware status on the...

/ May 21, 2021

Manufacturing Hardware Implants from Idea to Mass Production: A Hacker’s Journey

This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn’t know how to deal with R&D, Quality Assurance, and Mass Production… By:...

/ May 21, 2021

Bypassing NGAV for Fun and Profit

In this talk, we demonstrate the first methodological approach to reverse engineer a NGAV model and features without reversingthe product, and generate a PE malware that bypasses next generation anti-virus (NGAV) products (e.g., Cylance). Previous such attacks against such machine...

/ May 21, 2021

The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain

Because the Internet of Things is a major part of modern life, security threats are everywhere. Security incidents as well as the results of our many threat hunts have shown us that hundreds of millions of devices have been traumatized...

/ May 21, 2021

How the Security Features in TLS Inspection Solutions can be Exploited for Covert Data Exfiltration

In this talk, we will reveal a new stealthy method of data exfiltration that specifically bypasses security solutions created to detect this attack scenario. By using our exfiltration method SNIcat, we will show how we can bypass a security perimeter...

/ May 21, 2021