KeyBleed: Attacking the OneKey Mini
It’s hard to figure out which cryptocurrency wallets are more secure than others. Often good advice is to choose one that utilizes a Secure Element (like Ledger, ColdCard, OneKey, etc) as opposed to ones without that have been widely demonstrated to be easily dumped through fault injection (Trezor, KeepKey, etc). This talk will discuss how […]
Breaking ML Services: Finding 0-days in Azure Machine Learning
Cloud service providers offer Machine–Learning–as–a–Service platforms, enabling companies to leverage the power of scalability & reliability while performing ML operations. With huge adoption of such systems worldwide, the security posture of the platform itself often may go unnoticed as it has been observed in previous research about vulnerabilities in Google’s AI Hub and AWS’s Sagemaker […]
Locate Vulnerabilities of Ethereum Smart Contracts with Semi-Automated Analysis
Blockchain technology is trending in recent years, however, financial losses and impacts increase rapidly. By reviewing and investigating past incidents, it’s obvious that “Security” is mostly neglected or underestimated for projects of Decentralized Finance (DeFi) and Non-Fungible Token (NFT) fields. Though we have several auditing companies and static analysis tools, it’s still important for the industry […]
Developing Penetration Tools with AI: Leveraging Language Models like ChatGPT
As organizations rely more on technology to support their operations, the need for effective penetration testing tools is growing. Artificial intelligence (AI) has the potential to revolutionize penetration testing by automating many of the tedious and time-consuming tasks associated with manual testing. This talk will explore the use of language models like ChatGPT in the […]
Hacking into iOS’s VOLTE implementation
In this talk, we will be discussing a critical security vulnerability we discovered in the Voice over LTE (VoLTE) interface of iOS devices, including iPhones and Apple Watches. This vulnerability has been present in the iOS operating system since the inception of 4G VoLTE. We will shed light on the issue, its root cause, and […]
GPTHound – Your Active Directory Security Assistant
Active Directory (AD) issues have persisted for a long time, accumulating a wealth of information security research and numerous AD detection tools. Security professionals face challenges in identifying various types of issues and interpreting them due to the need for extensive prior knowledge and narrative skills, which can lead to inconsistencies in quality. Since AD […]
Scarlet OT – OT Adversary Emulation for Fun and Profit
Since 2010 with Stuxnet causing substantial damage to the nuclear program of Iran, ICS security issues have been on the rise. Enterprises need an efficient way to find vulnerabilities but they might not have the budget for ICS pentesters, which need strong background knowledge in several fields. To solve this problem, we made a rare […]
Take a Picture of Your App Code – Android MRI Interpreter
Magnetic Resonance Imaging (MRI), a medical device, allows tomographic imaging of human organs and measurement of blood flow. Using these features, modern doctors can easily detect diseases without having to perform open surgery as in the past. If it were possible to perform tomography on the app’s code through a simple procedure, such as taking […]
Hunting for Amazon Cognito Security Misconfigurations
Amazon Cognito is an AWS service that’s becoming increasingly popular in modern apps as it provides a complete solution for authentication, authorization, and user management. However, its implementation can easily be misconfigured leaving the door open for various cyber attacks. In this talk, we’ll go over some of these security misconfigurations and how to test […]
NVMe: New Vulnerabilities Made Easy
NVMe technology is part of every Could Service Provider, and nowadays, Cloud Services are perhaps the most important cornerstone of modern computing. For this technology to work effectively, there’s a need for a reliable communication standard between the different services and their storage, and that’s exactly where NVMe comes to play. In this session, we’ll […]