Archives

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, with the rapid growth of cloud-native containers, several Cloud Service Providers are deploying Kubernetes in production to support customer multitenancy in their Serverless and CaaS offerings. Are they actually contain? Where is the weakness and how to exploit it? […]

Closing Note by Dhillon ‘L33tdawg’ Kannabhiran  

Electric vehicles represented by Tesla are changing the way people travel. How to safely and quickly charge electric vehicles is a problem that manufacturers of electric vehicles and charging piles need to solve. We conducted an in-depth analysis of the security of the DC fast charging communication protocol, and found many interesting findings. This talk […]

Virtualbox is a well-known open source cross-platform virtualization software. With the continuous update of virtualbox, its security has been greatly improved. For example, it now creates virtualbox process hardening to prevent malicious software from using VirtualBox as a vehicle to obtain kernel level access. They’ve also deleted Chromium 3D libraries and VHWA interface that are […]

The Panasonic Cyber Security Lab has developed a bug bounty platform called Chimera to proactively discover vulnerabilities in Panasonic products. The Chimera platform enables Panasonic to place various home appliances into a special box, and hackers are provided with a special mechanism to operate on the available appliances. After a year of trial implementation in […]

North Korea is regarded as the menace to the whole world not only by holding nuclear weapons in reality but bringing damages to cyberspace. For instance, the USD$101 million lost in Bangladesh Bank Heist, or Operation DarkSeoul that paralyzed banks and broadcasters’ network systems in 2013. In late 2020, the Cybersecurity & Security Infrastructure Agency […]

In this keynote presentation we’ll focus on Mobile Security, and discuss recent smartphones related events, signs of compromise on mobile devices, review of recent attacks, review of mobile EDR / DFIR with a deeper dive into mobile investigations. We will also explore the state of self-defense on mobile devices, vendors reactions to attacks, the FreeTheSandbox […]

In this talk, I want to share the story of how I discovered 17 Microsoft Office Excel vulnerabilities in half a year. I find these vulnerabilities by fuzzing. I will share why I pick up Microsoft Office Excel as my fuzzing target, and how to build an effective fuzzing framework step by step. In this […]

Microsoft embeds a translation design named WoW64 (Windows 32 on Windows 64) used for running 32 bit PE (Portable Executable format) on 64 bit Windows. The design basically hosts every 32 bit PE file inside as a native standalone 64-bit process and translates every 32-bit system interrupt into a 64-bit syscall. In this talk, we’re […]

Privilege escalation is a required step for an attacker in order to get full control of a system starting from a lower privileged access. In Windows there are many ways to reach this goal. The first part of the talk will be focused on showing all the recent techniques used to do privilege escalation starting […]