Speaker | Report | Slides | Video |
---|---|---|---|
Alex Matrosov (@matrosov) | Hardware Security is Hard: how hardware boundaries define platform security | Link | Link |
Juho Nurminen (@jupenur) | app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patches | Link | Link |
An Trinh (@_tint0) | Dark sides of Java remote protocols | Link | Link |
Jakub Vrana (@jakubvrana), Krzysztof Kotowicz (@kkotowicz) | Trusted Types & the end of DOM XSS | Link | Link |
md4 | CiscoASA: From Zero to ID=0 | Link | Link |
Andrey Akimov (@e13fter) | Launching feedback-driven fuzzing on TrustZone TEE | Link | Link |
Emil Lerner | Single byte write to RCE: exploiting a bug in php-fpm | Link | Link |
Maria Nedyak (@mariya_ns) | Hacking Medical Imaging with DICOM | Link | Link |
Alex Kovrizhnykh (@a1exdandy) | crauEmu - your IDE for code-reuse attacks | Link | Link |
Roman Palkin (@chicken_2007) | Malign Machine Learning Models | Link | Link |
LimitedResults (@LimitedResults) | Fatal Fury on ESP32: Time to release Hardware Exploits | Link | Link |
Ke Liu (@klotxl404) | Two Bytes to Rule Adobe Reader Twice: The Black Magic Behind the Byte Order Mark | Link | Link |
Jayson E. Street | I PWN thee, I PWN thee not! | Link | Link |
Pavel Cheremushkin | Opwnsource: VNC vulnerability research | Link | Link |
Kai Jern Lau (@sgniwx), Nguyen Anh Quynh (@capstone_engine) | qiling.io: Advanced Binary Emulation framework | Link | Link |
Cesar Cerrudo (@cesarcer), Esteban Martinez Fayo (@estemf), Matias Sequeira | Practical LoRaWAN auditing and exploitation | Link | Link |
CiscoPangPang | Cisco to Disco! | Link | Link |
Ilya Shaposhnikov (@drakylar) | Oldschool way of hacking MicroDigital ip-cameras | Link | Link |
WEB VILLAGE
Speaker | Report | Slides |
---|---|---|
Aleksei "GreenDog" Tiurin (@antyurin) | From misconfigs to severe consequences | Link |
Pavel “sorokinpf” Sorokin (@sorokinpf) | GraphQL applications security testing automatization | Link |
Valeriy “krevetk0” Shevchenko (@Krevetk0Valeriy) | Principles in software testing and some bugs that others did not notice | Link |
Alexei “SooLFaa” Morozov (@xSooLFaa) | Blind SSRF | Link |
Ramazan "r0hack" Ramazanov | Operation of injections in ORM libraries | Link |
Sergey "BeLove" Belov (@sergeybelove) | The future without passwords | Link |
Paul Axe (@Paul_Axe) | ZN PWN Challenge | Link |
Denis “ttffdd” Rybin (@_ttffdd_) | Doing AWS Zoo Audit | Link |
Andrei Plastunov | Misusing oop in mvc frameworks. How to conveniently develop broken apps | Link |
Andrey Belenko | (Why) We Still Fail at Cryptography in 2019 | Link |
Igor Grachev, Evgeny Sidorov | Improving application security and exploitation detection with AppArmor & Osquery | Link |
Andrey Skablonsky | Threat hunting in сall trace | Link |
Andrey Abakumov, Andrew Krasichkov | Blue Team's approach to discovering 'secrets' in code | Link |
DEFENSIVE TRACK
Speaker | Report | Slides |
---|---|---|
Andrey Belenko | (Why) We Still Fail at Cryptography in 2019 | Link |
Igor Grachev, Evgeny Sidorov | Improving application security and exploitation detection with AppArmor & Osquery | Link |
Andrey Skablonsky | Threat hunting in сall trace | Link |
Andrey Abakumov, Andrew Krasichkov | Blue Team's approach to discovering 'secrets' in code | Link |