Archives

COMMSEC: The State of ICS Security : Then and Now

This talk will be live streamed on the HITBSecConf Youtube Channel Industrial and critical infrastructure automation systems, integrated with the Industrial Internet of things (IIoT) are becoming lucrative targets for cyber-attackers. Typically these are cyber-physical systems, with cyber components such as sensors, actuators, micro-controllers, programmable logic controllers, or distributed control systems, field-area networks, wide-area networks, […]

COMMSEC: Botnet Infrastructures with Zero Day Exploits & Attack Vectors

This talk will be live streamed on the HITBSecConf Youtube Channel This presentation provides an in-depth look at and analysis of zero-day vulnerabilities with the features that make them exploitable on millions of end-user devices or systems. The track includes all the information about failed or unknown exploitation vectors associated with zero-day exploits and the […]

COMMSEC: What the log? So Many Events, So Little Time

This talk will be live streamed on the HITBSecConf Youtube Channel Detecting adversaries is not always easy – especially when it comes to correlating Windows Event Logs to real-world attack patterns and techniques. EventList helps to match Windows Event Log IDs with the MITRE ATT&CK framework (and vice-versa) and offers methods to simplify the detection […]

COMMSEC: These (Secure) Boots Were Made For Walking

This talk will be live streamed on the HITBSecConf Youtube Channel Do you want to hack your Xbox One for FREE GAMES?? Well you can’t. The reason for that is that someone did a really good job protecting the device’s boot sequence. But this isn’t a story of “that one time that someone did a […]

COMMSEC: Hiding In Plain Sight: Analyzing Recent Evolutions in Malware Loaders

This talk will be live streamed on the HITBSecConf Youtube Channel Adversaries are constantly finding new ways to infect systems and are willing to use any means necessary. For years, malware distributors leveraged malware distribution frameworks like exploit kits and traffic distribution systems to spread their malware. Adversaries are continuously experimenting with different mixtures of […]

COMMSEC: GraphQL is Falling Down – Breaking GraphQL Servers with Queries

This talk will be live streamed on the HITBSecConf Youtube Channel Websites are widely adopting GraphQL, an open-source data query and manipulation language for APIs. The approach taken by this language looks appealing as it permits API endpoints to be dynamically defined and there are libraries for languages such as Haskell, JavaScript, Perl, Python, Ruby, […]

COMMSEC: Open the Gates – The (in)security of Cloudless Smart Door Systems

This talk will be live streamed on the HITBSecConf Youtube Channel Building communication like door intercom systems uses traditionally own buses in the building. However, nowadays everything needs to be smart and IP based. Therefore, gateways are available to couple the building intercom with IP networks and further with smartphone apps. We analyzed two smart […]