Archives

PRESENTATION SLIDES (PDF) AppAttest API has been released starting from iOS 14. This technology was declared as anti-tampering solution and we found out sometimes its misintepreted as silver bullet against data modification on client-side. in this session we will take a look at this technology from reverse engineering perspective. We will look at examples of […]

PRESENTATION SLIDES (PDF) SHADOWPAD emerged in 2015 as the successor to PlugX. However, it was not until several infamous supply-chain attack incidents happened – CCleaner, NetSarang and ShadowHammer – that it started to receive wide discussions in public. Unlike publicly-sold PlugX, SHADOWPAD is privately shared among a limited set of customers. Its plugin-based design and […]

PRESENTATION SLIDES (PDF) Facial recognition technology has grown in prevalence, and today you can find it in different areas of human activity, including social media, smart homes, ATMs, and stores. Recently, researchers have discovered that AI algorithms are prone to adversarial attacks which involve changing an image and staying undetectable to the human eye. While […]

PRESENTATION SLIDES (PDF) Many cloud DNS providers including opendns, heimdal, dnsfilter, cloudflare, and quad9 offer dns filtering whereby questions or answers deemed dangerous are answered dishonestly. this constructive dishonesty is a valuable security feature, and one which the US government recommended universally in an announcement in March 2021. However, managed private networks who use DNS […]

PRESENTATION SLIDES (PDF) Traditional fuzzing has been around for years now and it has proven itself a great way of finding a lot of bugs. Fuzzers came a long way over the past few years, but the majority of them still work in the traditional fashion. This talk describes our journey to make a traditional […]