Archives

Client-Side Attacks on Live-Streaming Services Using Grid Computing

Due to the recent activation of non-face-to-face services under the influence of covid-19, live streaming services are rapidly increasing. However, despite the rise of these live streaming platforms, there are still no cases of research into the security issues of the system infrastructure. We have researched client-side attacks on software that uses grid computing and […]

POSWorld. Should You be Afraid of Hands-On Payment Devices?

The dark market is full of cloned Point of Sales terminals and offers for fake merchant accounts. But how do they get there if every terminal is built to have anti-tampering mechanisms, segregated memory for private crypto keys, and multiple other layers of protection? In this talk, we follow the life cycle of the most […]

MacOS Local Security: Escaping the Sandbox and Bypassing TCC

“SomeApp would like to access files in your Documents folder.” Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware? Sandboxing on macOS was introduced 13 years ago, but Apple didn’t leave it at […]

JOP ROCKET: Bypassing DEP with Jump-Oriented Programming

Much focus has been on Return-oriented Programming, or ROP, with respect to code-reuse attacks, to the extent that many assume code-reuse attacks is just another word for ROP. However, we also have Jump-oriented Programming, or JOP. Until recently JOP, was a footnote, seldom referenced or used, barely introduced in the academic literature in the early […]

Utilizing Lol-Drivers in Post Exploitation Tradecraft

Windows Driver Signature Enforcement and PatchGuard make it harder to operate custom-developed rootkits for lots of threat actors. While attackers continue utilizing common methods like exploiting vulnerable drivers for executing malicious codes in the kernel, the adversarial simulation techniques mostly lack the capability to simulate the kernel-mode threats. However, from the perspective of a red […]

HACK AT THE STUDIO: Crowdfense AMA

Join us for an Ask Me Anything session with Andrea Zapparoli Manzoni from Crowdfense as we talk about the current state of exploitation pwnage and what’s next in the ‘new normal’ for pwners and exploit writers. About Crowdfense Crowdfense is a world-leading vulnerability research hub, engineered from the ground up to serve institutional Customers and […]

KEYNOTE 1: Surveillance Is Not The Answer; What Is The Question?

The Internet is no longer a toy we play with, itโ€™s where we live. In it we have new problems and old problems amplified. The new problems include mis- and disinformation, tracking through metadata, the effects of the attention and surveillance economies, to outright betrayals of trust from our ISPs and other providers. Old problems […]