Unlocking KeeLoq: A Reverse Engineering Story
KeeLoq Remote Keyless Entry systems make use of radio frequency transmissions to operate and have many known weaknesses. A 64-bit manufacturer key is used in transmissions to encrypt an incrementing transmission sequence number in order to provide replay protection. This presentation is a journey into bringing existing research together to make Keeloq attacks practical, ultimately […]
Scripts-behavioral ML Classification Using Windows 10 AMSI-instrumentation
As browser and operating system security have been improving, there has been a decline in conventional drive-by exploit attacks and a rise in social-engineering based attacks instead. One of the main types of social engineering attacks employs emails with attached archives containing script-based malware loaders or macro attachments. Usually these scripts are JavaScript, Visual Basic […]
Breaking Web3: Exploitation Techniques for Cryptocurrency Hacking
In my previous presentations I have spoken about bridge vulnerabilities and how to exploit them by simple tools. This was an introduction to the core concepts of cryptocurrency hacking in a system where web2 and web3 are combined. This talk goes further into these exploitation techniques with a walk through of an imagined Web3/blockchain project […]
EDR Evasion Primer for Red Teamers
EDRs are everywhere, but relatively little is known about how the tools work and how to effectively circumvent them. We are effectively trusting black boxes to protect our endpoints. This presentation discusses insights on EDR inner workings and evasion options gathered over several years of intense red teaming. We will cover: Test lab results: The […]
Settlers of Netlink: Exploiting a Limited UAF on Ubuntu 22.04 to Achieve LPE
Recently my team discovered a Linux kernel vulnerability affecting the netlink subsystem. The bug can be exploited by an unprivileged user to escalate to root on systems that allow unprivileged namespace creation, such as Ubuntu. We developed an exploit targeting the latest version of Ubuntu (LTS 22.04). In the talk I will discuss the details […]
E’rybody Gettin’ TIPC: Demystifying Remote Linux Kernel Exploitation
2022 has been one hell of a year for Linux exploitation, with several high profile vulnerabilities including DirtyPipe (CVE-2022-0847), Pwnkit (CVE-2021-4034) and many other equally cool but unbranded bugs (like CVE-2022-27666). Having worked on these exploits and more, from trivial to complex, I can tell you they all had one thing in common: all involved […]
One-Click to Completely Takeover a MacOS Device
Since Apple released its own powerful M-series chips, Mac products have become more and more popular for ordinary users, and hence more and more attractive for hackers. Both zero-click and one-click attacking are eligible for a generous bug bounty. However, it is not easy to do that. Because there are many significant security features to […]
Attacking WPA3: New Vulnerabilities and Exploit Framework
In this presentation, we perform an audit of WPA3’s new features. We focus on Management Frame Protection, which prevents the popular deauthentication attack, and we study the new Simultaneous Authentication of Equals handshake. This uncovered several 0-day vulnerabilities, ranging from attacks that allow an adversary to trivially disconnect users from the network, to remotely crashing […]
KEYNOTE 2: Adventures in Security Research
A personal talk about my 12-year relationship with defensive security work and other random stories. Come for the tales about journalism security, mission and impact. Stay for the fun nuggets about gun hacking, malware analysis, and other things.
KEYNOTE 1: A Random Walk through a Few Million Things
At Phosphorus Cybersecurity, we have examined millions of IoT and OT devices in the Enterprise. This includes everything from desktop VoIP phones to BACnet devices such as power distribution and chillers, to cameras, thermostats, door lock controllers, fire control panels, and lots of printers. We find a 90% common corpus of vendors to have been […]
