Talks

speaker

Remotely Compromising a Modern iOS Device
(7) 32 reviewers

Author: Marco Grassi
Liang Chen
Category: Vulnerability Research
Summary: Achieving a successful remote compromise of a modern Apple iOS device has become in recent years particularly challenging for an ...

speaker

Fried apples: Create your own jailbreak
(7) 21 reviewers

Author: Max Bazaliy
Alex Hude
Vlad Putin
Category: Vulnerability Research
Summary: In this talk we focus on challenges that Fried Apple team solved in a process of making untethered 9.0-9.3.x jailbreak. ...

speaker

Sierra Had a Little Lamb: A Userland Kit for MacOS
(7) 34 reviewers

Author: Stephanie Archibald
Category: Exploit Development
Summary: Long gone are the days of trivially exploiting services to gain root; these days, multiple exploits are typically strung together ...

speaker

Logic Bug Hunting in Chrome on Android
(6) 28 reviewers

Author: Georgi Geshev
Rober Miller
Category: Vulnerability Development
Summary: Memory corruption exploits are requiring greater and greater investment in time and effort to bypass the latest mitigations in applications ...

speaker

The Shadow over Android: Heap exploitation assistance for Android's libc allocator
(6) 22 reviewers

Author: Vasilis Tsaousoglou / Patroklos Argyroudis
Category: Exploit Development
Summary: The jemalloc allocator has been adopted as the default libc malloc(3) implementation on Android since version 5.0, and is being ...

speaker

Post Exploitation in Software-Defined Networking: A Controller's Perspective
(6) 23 reviewers

Author: Tommy Chin
Category: Exploit Research
Summary: Software-Defined Networking (SDN) is an emerging paradigm to support and optimize virtualization communication systems. Numerous research development approaches utilize SDN ...

speaker

Getting bank transaction history and bank balance of anyone
(6) 32 reviewers

Author: Indrajeet Bhuyan
Category: Penetration Testing
Summary: Recently Indian government launched a mega scheme 'Jan Dhan Yojana'. On the inaugural day 15 Millions of bank accounts were ...

speaker

Hunting For Vulnerabilities in Signal
(5) 22 reviewers

Author: Jean-Philippe Aumasson
Markus Vervier
Category: Vulnerability Development
Summary: Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed ...

speaker

It's virtually really happening, virtual reality hacking all of the things
(5) 21 reviewers

Author: Ron Schlecht
Category: Virtual Hacking
Summary: Platform accessibility, programming frameworks, hardware sprawl, and yes....the porn industry are driving how quickly virtual reality is being brought in ...

speaker

The Nihilist’s Guide to Wrecking Humans and Systems
(5) 21 reviewers

Author: Christina Camilleri
Category: Exploit Research
Summary: Many can identify the soft, fallible bundle of meat and love that is a human. Humans can be found in ...

speaker

This Will Cut You: Go's Sharper Edges
(5) 12 reviewers

Author: Thomas Shadwell
Category: Exploit Research
Summary: An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore ...

speaker

Forget Enumerating a Network, Hack the SIEM and Win the War
(4) 20 reviewers

Author: John Grigg
Category: Penetration Testing
Summary: Every company, big and small, is hopping on the SIEM bandwagon. And while they are being sold a solution to ...

speaker

802.11 Protocol Chaos
(4) 20 reviewers

Author: Andres Blanco
Category: Vulnerability Research
Summary: Over the last few years, IEEE 802.11 standard for wireless connectivity usage has turned massive. Wireless devices are everywhere, from ...

speaker

Hadoop Safari: hunting for vulnerabilities
(4) 12 reviewers

Author: Mahdi BRAIK / Thomas DEBIZE
Category: Vulnerability Research
Summary: With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular ...

speaker

Hidden Insider Threats - Hunting the adversary Pipes
(4) 18 reviewers

Author: Almog Ohayon
Category: APT
Summary: Lateral movement over Named Pipes is a great method to evade defenders and it was being used in many well-known ...

speaker

You're Off the Hook: Blinding Security Software
(4) 17 reviewers

Author: Jeff Tang
Category: Vulnerability Development
Summary: Security companies are increasing their focus on behavior based detection to convict malicious software but thanks to Microsoft's Kernel Patch ...

speaker

(In) Security graph database in real world
(4) 12 reviewers

Author: Alfonso Muñoz
Category: Penetration Testing
Summary: Graph databases are an "emerging" technology useful in the field of cybersecurity, especially in the detection of new threats based ...

speaker

Inside the Threat Actor's Studio
(3) 12 reviewers

Author: Aamir Lakhani
Category: APT
Summary: Cybercrime is risky business but it’s also big business. Lloyd’s of London estimates the cost of cybercrime to businesses at ...

speaker

Creating Your Own Customized Metamorphic Algorithm
(3) 11 reviewers

Author: Raul Alvarez
Category: Vulnerability Development
Summary: Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into ...

speaker

Catching 0day Attacks Using Code Signing
(2) 10 reviewers

Author: Dean Sysman
Category: Defense
Summary: Code signing is a powerful method to ensure only validated code will be executed. Using this technique in Windows and ...

speaker

Unveiling Patchwork
(2) 10 reviewers

Author: Dean Sysman
Gadi Evron
Category: APT
Summary: Patchwork is a highly successful nation state targeted attack operation, which infected approximately 2,500 high-value targets such as governments, worldwide. ...