#RomHack2021 Agenda

Saturday 25th of September 2021 in Rome

Attack and Defense

Video & Slides of conference's spakers are online on Cyber Saiyan YouTube channel
Conference language is english

10:30 - 10:40 CEST
Conference opening

10:40 - 11:10 CEST
My last Solaris talk (not your average keynote)
[ 🎞️ Video | πŸ“œ Slides ]

This is not your average keynote.
Instead of talking buzzwords, I will be dissecting a particularly challenging memory corruption exploit I wrote last year.
In a web's world, a binary exploitation talk should be considered weird enough... But no! On top of that, this specific vulnerability is a format string bug, exploited on an obscure architecture.
I hope you will enjoy my last Solaris talk

11:10 - 12:00 CEST
Fuzzing Apache HTTP Server for fun (and CVEs)
[ 🎞️ Video | πŸ“œ Slides ]

In this talk, I will cover the more interesting bits of the research that I've carried out on Apache HTTP server's security. I will walk you through the entire review process, including fuzzing, static analysis, and variant analysis.

I will also show several vulnerabilities I discovered in Apache HTTP server and how they could be exploited. Highlights of found vulnerabilities include UAFs, race conditions and heap overflows.

It’s important to note that these vulnerabilities were recently discovered and they are currently in the process of being reported. Thus, some of these vulnerabilities will be publicly presented for the first time at this talk.

12:00 - 12:50 CEST
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
[ 🎞️ Video | πŸ“œ Slides ]

Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use.
However, the release of CRS 3.0 in 2017 and the advancements made up to CRS 3.4 successfully removed most of the false positives in the default installation. This improved the user experience when running ModSecurity / CRS - the only general purpose open source web application firewall.

The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.

12:50 - 14:00 CEST

14:00 - 14:50 CEST
Breaking Azure AD joined endpoints in zero-trust environments
[ 🎞️ Video | πŸ“œ Slides ]

How much trust is zero trust anyway? As more security controls are added to protect cloud accounts, much of that trust ends up on a users endpoint, where long-term credentials are stored which comply with strict security policies, such as Multi Factor Authentication and device compliancy.

To secure these credentials, hardware protection with a Trusted Platform Module is used where possible.
But how effective are these security controls? I have been researching Azure AD device security for the past year and have broken quite some security controls I encountered.

In this talk I'll demonstrate how and what the consequences of these attacks are.

14:50 - 15:40 CEST
sigstore, software signing for the masses!
[ 🎞️ Video | πŸ“œ Slides ]

Supply chain security has been a much discussed topic as of late, with many high profile attacks making mainstream news and a recent executive order signed off by the US president.
For this talk, Luke Hinds, a security engineering lead from Red Hat's office of the CTO, will delve into some recent attacks and then introduce project sigstore, a software signing service due to launch this year under the Linux Foundation.
Luke will provide a demo of sigstore's signing infrastructure and demonstrate how it protects the software supply chain.

15:40 - 16:30 CEST
Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs
[ 🎞️ Video | πŸ“œ Slides | πŸ’₯ Demo ]

This presentation is intended to demonstrate that sophisticated attacks, such as Stuxnet or Triton, could be still carried out against other ICS manufacturers and devices.
By relying on our own CVEs, we will explain how to exploit them to reproduce the key stages of a new Stuxnet with the ability to execute unconstrained code on PLCs.

In this context, the first three vulnerabilities are used to perform a Remote Code Execution from an IT access to the engineering station through the PLC simulator.
From this station, the fourth vulnerability is intended to abuse a shared memory to gain SYSTEM rights. Finally, the fifth vulnerability allows us to execute unconstrained code on PLCs. Also for automating our attack, we used intrinsic functionalities (COM/DCOM) offered by the main software.

16:30 - 16:40 CEST

18:00 - 20:00 CEST
Party & networking

The party is reserved to #RomHack2021 attendees
Pizza πŸ•πŸ• will be offered by Cyber Saiyan
Where: TatΓ  Pizzeria (2 minutes by walk from conference location)

Cyber Saiyan

RomHack is made with ❀ by Cyber Saiyan
Follow us, make a donation or become a member

Processing of personal data | Website privacy policy