The program has been formed and is almost ready to be published. Meanwhile, we’ve prepared a new list of speakers and talks.
Alex Kovrizhnykh — “crauEmu — your IDE for code-reuse attacks”
Alex Kovrizhnykh is an information security expert at Digital Security specialized in reverse engineering.
In this talk, Alex will introduce the crauEmu plugin for IDA Pro, which will simplify the process of creating, modifying, and debugging ROP/JOP and other code-reuse payloads, which is your typical nightmare scenario. Thanks to emulation, the plugin enables quick and simple checks and debugs of both individual gadgets and entire gadget chains.
crauEmu is capable of facilitating analysis and modification of already existing payloads and transferring them between researchers.
For the demonstration, he will show how the plugin works with the checkm8 exploit and, possibly, with other exploits.
Emil Lerner — “Single byte write to RCE: exploiting a bug in php-fpm”
Emil Lerner is an independent security researcher, member of Bushwhackers CTF team.
This talk is about how a specific issue in PHP (CVE 2019-11043) was found and exploited. It allows getting code execution from the outside in certain nginx configurations.
An ‘tint0’ Trinh — “Dark sides of Java remote protocols”
An is enthusiastic about offensive security and has been self-teaching pentest/redteam for many years. An reported RCE vulnerabilities in corporations such as Mastercard, SWIFT, Deutsche Telekom and in products of vendors like Oracle, VMWare, Dell. He also spoke at Bsides Singapore and tradahacking.
Java Remote Method Invocation (RMI) and Common Object Request Broker Architecture (CORBA) are widely deployed mechanisms for cross-process communications. In this talk, An Trinh will walk through the technical workflow of the technologies, revealing several critical flaws under the hood and showing how vendors are failing at securing their implementations of them.
An will disclose known, not widely known, and unknown exploitation techniques with overlooked 1-days and 0-days to present fruitful attack surfaces on the protocols’ implementation. This will be demonstrated via a number of pre-authentication, remote code execution exploits on products of some of the biggest vendors out there.