Offensive Development: Post Exploitation Tradecraft in an EDR World

You spend days or even weeks perfecting the perfect phish; your campaign has a targeted pre-text, a slick initial access payload and it slips through perimeter defences right in to your target’s inbox. Moments later, your c2 pings and your beacon is awake – you’re in, it’s time to explore! You start by probing the […]

Prisoner Number 6

In the 1968 television series, the Prisoner, a former British intelligence agent is imprisoned on an island called ‘the Village’ with other former spies who “know too much.” Escape is near impossible for the prisoners, who are only referred to by their numbers. We’ll assume the role of “Number Six” in this session and engage […]

Breaking and Securing Cloud Platforms

Many organizations greatly benefit from moving their infrastructure to cloud, providing additional scalability, availability and seeming ease of use. But these features come with a price: the complexity of cloud deployments and configurations lead to significant exposures and could lead to sensitive data disclosure or even compromise of the cloud infrastructure. This presentation will present […]

Documents of Doom – Infecting macOS via Office Macros

On the Windows platform, macro-based attacks are well understood (and frankly are rather old news). However on macOS, though such attacks are growing in popularity and are quite en vogue, they have received far less attention from the research and security community. In this talk, we will begin by analyzing recent macro-based attacks that target […]

Exploiting Directory Permissions on MacOS

This talk covers how we can exploit applications on macOS (including macOS itself), where some of the directory / file permissions are incorrectly set. The incorrectness of these settings is not trivial at first sight because understanding these permissions are not intuitive. We will see bugs from simple arbitrary overwrites, to file disclosures and privilege […]

Identifying Multi-binary Vulnerabilities in Embedded Firmware at Scale

Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure, which led to the development of an IoT-specific cybercrime underground. Unfortunately, the software on these systems […]

Applied Ca$h Eviction Through ATM Exploitation

Networked ATMs have been in continuous operation since the 1980s, and with that comes an industry built around legacy software, hardware, and network protocols. These are the original “IoT” devices, and it shows – picking apart many ATMs will reveal the dirty secret of a dial-up modem hiding behind steel walls. Despite this, the high […]

Untrusted Roots: Exploiting Vulnerabilities in Intel ACMs

Targeting better x86 platform security, Intel have created a hardware-based firmware protection mechanisms: TXT, BIOS Guard, Boot Guard and SGX. Since there’s nothing to trust at the runtime, these protections rely on a hardware boundaries set up in a manufacturing environment. This introduces only two Roots of Trusts – Intel Management Engine ROM and Intel […]