COMMSEC: ALPChecker – Detecting Spoofing and Blinding Attacks

In recent years, there has been a significant increase in the number of attacks on the Windows operating system carried out using kernel drivers. To date, there is a trend for attacks targeting AV\EDR systems. One of the vectors of such attacks targets the Asynchronous Local Procedure Call (ALPC) technology. Windows client-server interaction ALPC mechanism […]

TSSHOCK – Breaking MPC Wallets and Digital Custodians

At the core of modern Multi-Party Computation (MPC) wallets and digital asset custody solutions of major blockchains is a cryptographic protocol named Threshold Signature Scheme (TSS). Today, many institutions, including banks, exchanges, and wallets, rely on TSS to enable a group of parties to authorize transactions by generating signatures without having to reveal their individual […]

COMMSEC: The Future of Hacking – Unleashing the Power of OpenAI’s GPT-4 Code Interpreter

Join us in an exploration of the transformative potential of AI, particularly the enhanced capabilities of OpenAI’s GPT-4 Code Interpreter, in revolutionizing the field of cybersecurity. Our session recognizes and addresses several critical challenges that security researchers and bug bounty hunters face and help them save time: Difficulty communicating technical issues to non-technical stakeholders: Cybersecurity […]

COMMSEC: Tracing the Intrusion: Unveiling the Covert Trails of Infostealer Malware Ecosystems

This talk presents the extensive research done on Infostealer malwares which has emerged as a major threat in the field of Cybersecurity with over 160000 malicious videos posted on approximately 60000 compromised YouTube channels disseminating these malwares in a single month. These videos cumulatively had approximately 1 million views per week. We will explore different […]

COMMSEC: A Practical Method of Finding Vulnerabilities in Internet of Things

As Internet of Things (IoT) technology evolves, IoT devices are being utilized in a variety of fields. However, it has become a new surface of cyber attacks and is affecting industries that did not previously consider cyber breaches. After a intrusion occurs, post-processing and damage spread prevention are important, but it is difficult to respond […]

COMMSEC: B(l)utter – Reversing Flutter Applications by using Dart Runtime

There are currently only a few tools available for reverse engineering Flutter applications. Reading Dart snapshots, which are used to store all Dart objects, is a common problem because the format changes with each update. Updating the snapshot reader for each new release of the Flutter framework is a tedious task. Currently, “Reflutter” is the […]

COMMSEC: The Tragedy of Bluetooth Low Energy

Bluetooth Low Energy (BLE) has become an integral component of billions of smart devices worldwide, but it also faces various challenges from different attack methods. In this talk, I will discuss examples of how wireless bit streams can escape and affect reality, covering security risks from shallow to deep levels on different protocol layers of […]

COMMSEC: Big Match – How I Learned to Stop Reversing and Love the Strings

We’ve all been there: after a month of reversing, you realize you are looking at open-source code. Why? Because you didn’t copy-paste the correct string into Google. So we asked ourselves: “can we not just grep all strings from GitHub and stop this nonsense?” In this talk you’ll get a taste of Big Match – […]

COMMSEC: Hardware Backdooring an eScooter

In this talk, we are going to talk about ECU vulnerabilities in e-scooters. Our target is Indian OEM, though similar orĀ  same vulnerabilities can be found in other e-scooters, We are going to demonstrate the attack where we took control of an e-scooter with the help of a hardware implant attack. The devices used in […]