Archives

Due to the recent activation of non-face-to-face services under the influence of covid-19, live streaming services are rapidly increasing. However, despite the rise of these live streaming platforms, there are still no cases of research into the security issues of the system infrastructure. We have researched client-side attacks on software that uses grid computing and […]

Network Attached Storage (NAS) makes storage available on a network. Synology, the leader in the small-business and home NAS area, offers a wide range of network-attached storage choice for every occasion. In this talk, we choose Synology NAS as the target and describe our journey into bug hunting on the device. First, we will show […]

The dark market is full of cloned Point of Sales terminals and offers for fake merchant accounts. But how do they get there if every terminal is built to have anti-tampering mechanisms, segregated memory for private crypto keys, and multiple other layers of protection? In this talk, we follow the life cycle of the most […]

A brief recap of the talks from Day 1

“SomeApp would like to access files in your Documents folder.” Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware? Sandboxing on macOS was introduced 13 years ago, but Apple didn’t leave it at […]

Modern devices are nowadays often equipped with a Trusted Execution Environment (TEE) to support secure parallel execution of security critical use cases. For example, it’s very likely a TEE is involved whenever you make a payment or watch a DRM-protected stream on your mobile phone. Nonetheless, we were surprised and intrigued at the same time, […]

Much focus has been on Return-oriented Programming, or ROP, with respect to code-reuse attacks, to the extent that many assume code-reuse attacks is just another word for ROP. However, we also have Jump-oriented Programming, or JOP. Until recently JOP, was a footnote, seldom referenced or used, barely introduced in the academic literature in the early […]

Windows Driver Signature Enforcement and PatchGuard make it harder to operate custom-developed rootkits for lots of threat actors. While attackers continue utilizing common methods like exploiting vulnerable drivers for executing malicious codes in the kernel, the adversarial simulation techniques mostly lack the capability to simulate the kernel-mode threats. However, from the perspective of a red […]

Join us for an Ask Me Anything session with Andrea Zapparoli Manzoni from Crowdfense as we talk about the current state of exploitation pwnage and what’s next in the ‘new normal’ for pwners and exploit writers. About Crowdfense Crowdfense is a world-leading vulnerability research hub, engineered from the ground up to serve institutional Customers and […]

The Internet is no longer a toy we play with, it’s where we live. In it we have new problems and old problems amplified. The new problems include mis- and disinformation, tracking through metadata, the effects of the attention and surveillance economies, to outright betrayals of trust from our ISPs and other providers. Old problems […]