PANEL DISCUSSION: iOS / OS X Security
A catch up with some of the former “jailbreak Dream team” members and some usual suspects of the iOS / OS X hacking scene – a look back, and a look forward at the state of security in Apple land… Got a question for the panelists? Tweet it with the #askinthebox hashtag
Exploiting Inter-Process Communication with New Desynchronization Primitives
Most organizations, including 90% of Fortune 500 companies, rely on SAP’s software to keep their business up and running. At the core of every SAP deployment, the Internet Communication Manager is the piece of software in charge of handling all HTTP requests and responses. This talk will demonstrate how to leverage two memory corruption vulnerabilities […]
Smart Speaker Shenanigans – Making the SONOS One Sing Its Secrets
PRESENTATION SLIDES (PDF) Sometimes you take a weird detour during security research; this is the tale of one of those incidents. During a thorough investigation for the Pwn2Own competition into the SONOS One Smart Speaker product the presenter of this talk got completely side-trailed and nerdsniped into learning more about the exact details of the […]
Active Directory Abuse Primitives and Operation Security
PRESENTATION SLIDES (PDF) Active Directory (AD) is widely used by enterprises for centralized management of digital assets such as accounts, machines, and access rights. AD is always the primary target for adversaries since compromising AD also grants control over an entire enterprise’s network. Furthermore, AD attacks techniques are mostly in the form of leveraging the […]
KEYNOTE 1: The Myths of Software Security
The security industry has always brimmed with the results of industry surveys, the opinions of experts wrapped up as facts and a set of industry best practices handed down over the years. If you look behind the curtains, all too often, they are just myths. Some things are from folklore passed down over time, some […]
