Archives: Session

Nakatomi Space: Lateral Movement as L1 Post-Exploitation in OT

PRESENTATION SLIDES (PDF) In OT networks, it is common knowledge that Purdue Reference Model Level 1 (L1) devices such as PLCs and DCS controllers are notoriously insecure. Regardless, L1 devices that sit at the intersection of multiple, mixed networks are often still treated as security perimeters without the corresponding hardening and risk profiles that would […]

Privilege Escalation Using DOP in MacOS x86-64

PRESENTATION SLIDES (PDF) Data-Oriented Programming (DOP) is a well-known exploit technique, especially in academia, but not used in practice. This is because DOP is a technique that is possible only when various primitives can be utilized. In particular, kernel exploitation (i.e., privilege escalation) with DOP requires three primitives–i.e., information leakage (IL), arbitrary address read (AAR), […]

Your Not so “Home” Office – Soho Hacking at Pwn2Own

PRESENTATION SLIDES (PDF) There has been a huge shift towards home working within the last couple of years. With this comes the security challenges of enterprises finding that their security perimeter has moved to the home office.  In the last 6 months NCC Exploit Development Group (EDG) participated in Pwn2Own 2022 Toronto targeting all consumer […]

The Lost World of DirectComposition: Hunting Windows Desktop Window Manager Bugs

PRESENTATION SLIDES (PDF) In the past few years, Windows win32k privilege escalation vulnerabilities have emerged in an endless stream. Researchers discovered new attack surfaces such as win32k Callback, DirectX, DirectComposition, etc. Even so, it’s still difficult to discover new vulnerabilities inside win32k attack surface. Are there still other attack surfaces inside the windows graphics component? […]

Bypassing Anti-Cheats & Hacking Competitive Games

PRESENTATION SLIDES (PDF) With the increasing popularity of games having a competitive element, cheats have become a common method for hackers to gain an advantage. These cheats could range from a sniper bullet that felt just a little too accurate to a player teleporting across the map, and chances are that you must have been […]

How MySQL Servers Can Attack YOU

PRESENTATION SLIDES (PDF) Imagine a WordPress site is hacked again and now must be restored. WordPress compromises aren’t interesting and a backup is readily available, the only step required is to re-create the database. After logging in to the MySQL server, your screen goes black, and a bitcoin address appears with instructions to unlock. What […]

A Security Analysis of Computer Numerical Control Machines in Industry 4.0

PRESENTATION SLIDES (PDF) Computer numerical control (CNC) machines are largely used in production plants and constitute a critical asset for organizations globally. The main benefit of CNC machines such as automated drills, lathes, and mills is that they are programmed to execute repetitive tasks with the goal of improving the production while reducing the costs. […]

Investigating Web3 with OSINT

Web3 introduces various innovations such as new stores of value and digital assets trading, DeFi and the token economy. Unfortunately,  these novel services are tarnished by rampant speculation, fraud and hacks. In this session, using public sources and online free tools, we will debunk the FUD around web3 by discussing the fundamentals: Blockchain transactions and […]

ChatGPT: Please Write Me a Piece of Polymorphic Malware

PRESENTATION SLIDES (PDF) Polymorphic malware is a type of malicious software that is designed to evade detection by using a variety of techniques to change its appearance or behavior constantly. These techniques can include modifying the malware’s code, using encryption or obfuscation to hide the malware’s true purpose, and using multiple layers of indirection to […]