Archives

Virtualbox is a well-known open source cross-platform virtualization software. With the continuous update of virtualbox, its security has been greatly improved. For example, it now creates virtualbox process hardening to prevent malicious software from using VirtualBox as a vehicle to obtain kernel level access. They’ve also deleted Chromium 3D libraries and VHWA interface that are […]

The Panasonic Cyber Security Lab has developed a bug bounty platform called Chimera to proactively discover vulnerabilities in Panasonic products. The Chimera platform enables Panasonic to place various home appliances into a special box, and hackers are provided with a special mechanism to operate on the available appliances. After a year of trial implementation in […]

Microsoft embeds a translation design named WoW64 (Windows 32 on Windows 64) used for running 32 bit PE (Portable Executable format) on 64 bit Windows. The design basically hosts every 32 bit PE file inside as a native standalone 64-bit process and translates every 32-bit system interrupt into a 64-bit syscall. In this talk, we’re […]

Network Attached Storage (NAS) makes storage available on a network. Synology, the leader in the small-business and home NAS area, offers a wide range of network-attached storage choice for every occasion. In this talk, we choose Synology NAS as the target and describe our journey into bug hunting on the device. First, we will show […]

A brief recap of the talks from Day 1

Modern devices are nowadays often equipped with a Trusted Execution Environment (TEE) to support secure parallel execution of security critical use cases. For example, it’s very likely a TEE is involved whenever you make a payment or watch a DRM-protected stream on your mobile phone. Nonetheless, we were surprised and intrigued at the same time, […]

Join us for an Ask Me Anything session with Andrea Zapparoli Manzoni from Crowdfense as we talk about the current state of exploitation pwnage and what’s next in the ‘new normal’ for pwners and exploit writers. About Crowdfense Crowdfense is a world-leading vulnerability research hub, engineered from the ground up to serve institutional Customers and […]