Do you want to know how to build a top-ranked competitive security team?. Learn our proven system for building an elite team of hackers that we’ve maintained for over a decade. It’s surprisingly easy, but not what you’d think.

In recent years, the threat of fully-remote vulnerabilities to mobile devices has become increasingly apparent. But are they really a new phenomenon?

This talk will present how we compromised a Canon printer, during the Pwn2Own 2021 - Austin Edition. We will cover the whole process of compromising the device, going from firmware extraction to shellcode execution.

In this talk, we present a sub-class of transient execution attacks, we call SPEAR. This sub-class enables an attacker to repurpose memory corruption primitives that cannot be used in the context of traditional exploitation to achieve arbitrary memory read. In our talk, we discuss how SPEAR change the game in three main use-cases: control flow integrity (CFI), memory safety languages and stack smashing protectors (SSP) .

This presentation will cover the following:

• EMUX internals and architecture

• How to add new CPU architectures to EMUX (beyond ARM and MIPS)

• Challenges in emulation

• Live demo: Extracting firmware from SPI flash and emulating an entire IoT device in EMUX

In this talk, we will present our security research on QEMU/KVM, a hypervisor widely used in cloud computing, and analyze the root cause and common consequences of recursive MMIO, thus disclosing a new attack surface.

Step 1: Learn about Java Databases, Relational and Non-Relational

Step 2:

• a.) Exploit Diverse Relational Databases

• b.) Exploit Diverse Non-Relational Databases

Step 3: PWN!

Container break-out seems inevitable. Once outside of a container, an attacker can escalate privilege and possibly end up owning the entire cluster. As attackers, how do we break out of the container and then how do we escalate privilege? As defenders, how do we reduce the odds of a container break-out, while reducing its blast radius? In this demo-heavy presentation, we'll answer these questions, demonstrating attacks and defenses that you can take back and repeat on your own clusters.

This talk is a discussion about low-level remote management systems and protocols; how even with the best security on our systems, and inside our VMs, out-of-band management interfaces often remain unprotected, unpatched, and unmonitored. All while being connected in some cases directly to the Internet. EDR does nothing if a threat actor can re-initialize the RAID array your VMs are stored on.

Currently a work in-progress that will be extended for the final version, this submission aims at demystifying the eBPF technology for the security community. While it is currently well-known in cloud environments (such as process visibility and programmable network flows), eBPF has had little experimentation when it comes to its usage as a building block of security focused tools.

This talk will review both the historical and technical aspects of two HL7 protocols, HL7v2 and FHIR, in depth.

This talk will provide an introduction to FirmWire, our open-source emulation platform for cellular baseband images. The platform allows researchers to dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time.

We have discovered serious vulnerabilities in the open source ALAC that many third-party vendors have inherited into their projects. Looking for a way to hack a mobile phone or a PC remotely? We know one way…

The security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure?

This case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.

PWN Windows by Ziming Zhang

In this talk I will present my research on various techniques to silently bypass the default Falco ruleset (based on pre-latest v0.30.0). I will demonstrate nine different classes of bypasses, seven of which are novel and have never been presented.

Supply chain attacks have been on the rise in the past two years and are proving to be common and reliable attack vectors that affect all consumers of software. In this talk we are going to present our proposed solution - Securing the 3rd Party Software Life Cycle, an end-to-end framework for ensuring the security of third-party software throughout its lifecycle.

Mystique Hits: Vulnerability Chain that breaks the Android Application Sandbox by the Dawn Security Group