Archives

Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, managing marketing content and assets. Top companies use AEM as a platform for building their web-applications. I started to look into AEM security back in 2015. Since then I discovered and reported several server-side vulnerabilities and developed toolset for AEM hacking (https://github.com/0ang3el/aem-hacker) […]

This workshop is a live digital crisis simulation game. Attendees are split into teams and roleplay a typical telco CERT. They have to deal with an escalating high-stakes incident that put them under pressure. They have to use strategic and analytical skills to solve the crisis, while keeping the company running and the executive board […]

Today software based analysis is very common but hardware just growing up. It is very effective and efficient to dig out vulnerabilities from the chip level but hardware analysis always seems difficult and involves higher costs while using advanced equipment and skills like soldering, chip on/off or even in-circuit system programming. During the workshop, I […]

Windows services are particular processes that run in a separate Session and without user interaction. For security reasons, many of these services run under dedicated and less privileged accounts (WSH). But those accounts usually holds impersonation privileges that can be also abused under certain conditions, for instance the well known DCOM/NTLM reflection. Even if some […]

Vulnerability research and especially “fuzz-testing” has become an ever-growing field recently. Finding (exploitable) vulnerabilities and developing effective countermeasures are an essential result from analyzing the inner workings and general system internals of complex systems. File systems are no exception to this and are an often overlooked component on both the attacker and defender side. A […]

WIN A FLIGHT* + VIP TICKETS to HITBSecConf2020 – Singapore! The lucky draw will be held at 09:00 in Track 1 before the start of Keynote 2 on 24th April See you there! * terms and conditions apply

KEYNOTE ABSTRACT “Is it secure?” What does that even mean? The question itself is biased; looking for a Yes/No response. We get annoyed when TV lawyers press a testifying witness for a Yes/No answer, when we can clearly see that both answers are wrong since there are so many potential contextual nuances that affect how […]

This 120-minute workshop will cover the malware analysis process applied to memory forensics and the current issues and open challenges faced during this process. Memory forensics is one of the steps in computer forensics, regarding to the analysis of digital evidences collected from the memory of the system under analysis after a computer incident. Memory […]