#RomHack2021 Agenda
Saturday 25th of September 2021 in Rome
Attack and Defense
Video & Slides of conference's spakers are online on Cyber Saiyan YouTube channelConference language is english
10:30 - 10:40 CEST
Conference opening
Conference opening
10:40 - 11:10 CEST
My last Solaris talk (not your average keynote)
[ ποΈ Video | π Slides ]
This is not your average keynote.
Instead of talking buzzwords, I will be dissecting a particularly challenging memory corruption exploit I wrote last year.
In a web's world, a binary exploitation talk should be considered weird enough... But no! On top of that, this specific vulnerability is a format string bug, exploited on an obscure architecture.
I hope you will enjoy my last Solaris talk
My last Solaris talk (not your average keynote)
[ ποΈ Video | π Slides ]
This is not your average keynote.
Instead of talking buzzwords, I will be dissecting a particularly challenging memory corruption exploit I wrote last year.
In a web's world, a binary exploitation talk should be considered weird enough... But no! On top of that, this specific vulnerability is a format string bug, exploited on an obscure architecture.
I hope you will enjoy my last Solaris talk
11:10 - 12:00 CEST
Fuzzing Apache HTTP Server for fun (and CVEs)
[ ποΈ Video | π Slides ]
In this talk, I will cover the more interesting bits of the research that I've carried out on Apache HTTP server's security. I will walk you through the entire review process, including fuzzing, static analysis, and variant analysis.
I will also show several vulnerabilities I discovered in Apache HTTP server and how they could be exploited. Highlights of found vulnerabilities include UAFs, race conditions and heap overflows.
Itβs important to note that these vulnerabilities were recently discovered and they are currently in the process of being reported. Thus, some of these vulnerabilities will be publicly presented for the first time at this talk.
Fuzzing Apache HTTP Server for fun (and CVEs)
[ ποΈ Video | π Slides ]
In this talk, I will cover the more interesting bits of the research that I've carried out on Apache HTTP server's security. I will walk you through the entire review process, including fuzzing, static analysis, and variant analysis.
I will also show several vulnerabilities I discovered in Apache HTTP server and how they could be exploited. Highlights of found vulnerabilities include UAFs, race conditions and heap overflows.
Itβs important to note that these vulnerabilities were recently discovered and they are currently in the process of being reported. Thus, some of these vulnerabilities will be publicly presented for the first time at this talk.
12:00 - 12:50 CEST
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
[ ποΈ Video | π Slides ]
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use.
However, the release of CRS 3.0 in 2017 and the advancements made up to CRS 3.4 successfully removed most of the false positives in the default installation. This improved the user experience when running ModSecurity / CRS - the only general purpose open source web application firewall.
The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
[ ποΈ Video | π Slides ]
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use.
However, the release of CRS 3.0 in 2017 and the advancements made up to CRS 3.4 successfully removed most of the false positives in the default installation. This improved the user experience when running ModSecurity / CRS - the only general purpose open source web application firewall.
The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.
12:50 - 14:00 CEST
Lunch
Lunch
14:00 - 14:50 CEST
Breaking Azure AD joined endpoints in zero-trust environments
[ ποΈ Video | π Slides ]
How much trust is zero trust anyway? As more security controls are added to protect cloud accounts, much of that trust ends up on a users endpoint, where long-term credentials are stored which comply with strict security policies, such as Multi Factor Authentication and device compliancy.
To secure these credentials, hardware protection with a Trusted Platform Module is used where possible.
But how effective are these security controls? I have been researching Azure AD device security for the past year and have broken quite some security controls I encountered.
In this talk I'll demonstrate how and what the consequences of these attacks are.
Breaking Azure AD joined endpoints in zero-trust environments
[ ποΈ Video | π Slides ]
How much trust is zero trust anyway? As more security controls are added to protect cloud accounts, much of that trust ends up on a users endpoint, where long-term credentials are stored which comply with strict security policies, such as Multi Factor Authentication and device compliancy.
To secure these credentials, hardware protection with a Trusted Platform Module is used where possible.
But how effective are these security controls? I have been researching Azure AD device security for the past year and have broken quite some security controls I encountered.
In this talk I'll demonstrate how and what the consequences of these attacks are.
14:50 - 15:40 CEST
sigstore, software signing for the masses!
[ ποΈ Video | π Slides ]
Supply chain security has been a much discussed topic as of late, with many high profile attacks making mainstream news and a recent executive order signed off by the US president.
For this talk, Luke Hinds, a security engineering lead from Red Hat's office of the CTO, will delve into some recent attacks and then introduce project sigstore, a software signing service due to launch this year under the Linux Foundation.
Luke will provide a demo of sigstore's signing infrastructure and demonstrate how it protects the software supply chain.
sigstore, software signing for the masses!
[ ποΈ Video | π Slides ]
Supply chain security has been a much discussed topic as of late, with many high profile attacks making mainstream news and a recent executive order signed off by the US president.
For this talk, Luke Hinds, a security engineering lead from Red Hat's office of the CTO, will delve into some recent attacks and then introduce project sigstore, a software signing service due to launch this year under the Linux Foundation.
Luke will provide a demo of sigstore's signing infrastructure and demonstrate how it protects the software supply chain.
15:40 - 16:30 CEST
Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs
[ ποΈ Video | π Slides | π₯ Demo ]
This presentation is intended to demonstrate that sophisticated attacks, such as Stuxnet or Triton, could be still carried out against other ICS manufacturers and devices.
By relying on our own CVEs, we will explain how to exploit them to reproduce the key stages of a new Stuxnet with the ability to execute unconstrained code on PLCs.
In this context, the first three vulnerabilities are used to perform a Remote Code Execution from an IT access to the engineering station through the PLC simulator.
From this station, the fourth vulnerability is intended to abuse a shared memory to gain SYSTEM rights. Finally, the fifth vulnerability allows us to execute unconstrained code on PLCs. Also for automating our attack, we used intrinsic functionalities (COM/DCOM) offered by the main software.
Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs
[ ποΈ Video | π Slides | π₯ Demo ]
This presentation is intended to demonstrate that sophisticated attacks, such as Stuxnet or Triton, could be still carried out against other ICS manufacturers and devices.
By relying on our own CVEs, we will explain how to exploit them to reproduce the key stages of a new Stuxnet with the ability to execute unconstrained code on PLCs.
In this context, the first three vulnerabilities are used to perform a Remote Code Execution from an IT access to the engineering station through the PLC simulator.
From this station, the fourth vulnerability is intended to abuse a shared memory to gain SYSTEM rights. Finally, the fifth vulnerability allows us to execute unconstrained code on PLCs. Also for automating our attack, we used intrinsic functionalities (COM/DCOM) offered by the main software.
16:30 - 16:40 CEST
Closing
Closing
18:00 - 20:00 CEST
Party & networking
The party is reserved to #RomHack2021 attendees
Pizza ππ will be offered by Cyber Saiyan
Where: TatΓ Pizzeria (2 minutes by walk from conference location)
Party & networking
The party is reserved to #RomHack2021 attendees
Pizza ππ will be offered by Cyber Saiyan
Where: TatΓ Pizzeria (2 minutes by walk from conference location)