ByePg: Do Blue Screens Really Have to End Up Blue?

PatchGuard is a component of NT Kernel Microsoft introduced back in 2005 to prevent both legitimate and malicious software from patching the kernel in unsupported ways, mainly for purposes such as preventing malicious processes, files and registries being hidden by the patching of system service tables. Researchers kept finding ways around it, researching components of […]

Manufacturing Cyber-Resilient IoT Devices

Whether at home or at the workplace, we are increasingly becoming reliant on various devices that have the ability to connect to the internet or more commonly referred to as the Internet of Things (IoT). As a product manufacturer, Panasonic strives to place secure products on the market for our users. As IoT has become […]

Offensive Development: Post Exploitation Tradecraft in an EDR World

You spend days or even weeks perfecting the perfect phish; your campaign has a targeted pre-text, a slick initial access payload and it slips through perimeter defences right in to your target’s inbox. Moments later, your c2 pings and your beacon is awake – you’re in, it’s time to explore! You start by probing the […]

Prisoner Number 6

In the 1968 television series, the Prisoner, a former British intelligence agent is imprisoned on an island called ‘the Village’ with other former spies who “know too much.” Escape is near impossible for the prisoners, who are only referred to by their numbers. We’ll assume the role of “Number Six” in this session and engage […]

Breaking and Securing Cloud Platforms

Many organizations greatly benefit from moving their infrastructure to cloud, providing additional scalability, availability and seeming ease of use. But these features come with a price: the complexity of cloud deployments and configurations lead to significant exposures and could lead to sensitive data disclosure or even compromise of the cloud infrastructure. This presentation will present […]

Hunting Kernel Exploits with JANUS

Worldwide, the number of devices per person is increasing. The statistic we found shows that the number of devices per person is expected to be 6.58, a total of about 50 billion devices in 2020. These devices are controlled by the OS, and each OS supports various file systems. Therefore, a filesystem vulnerability can be […]

60 CVEs in 60 Days

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. I will present a complementary approach to fuzzing called MTE. By using MTE, I managed to get over 60 CVEs, all are logical vulnerabilities, in 60 days across many major software vendors like Microsoft, Facebook, Intel, and more. Some […]

Documents of Doom – Infecting macOS via Office Macros

On the Windows platform, macro-based attacks are well understood (and frankly are rather old news). However on macOS, though such attacks are growing in popularity and are quite en vogue, they have received far less attention from the research and security community. In this talk, we will begin by analyzing recent macro-based attacks that target […]