Since we’ve announced not all ZN 2019 talks, here is the list of further speakers and their topics of presentations. The time and location of presentations are available on the website.
Maria Nedyak — “Hacking Medical Imaging with DICOM”
Currently, DICOM is one of the core technologies used in Machine Learning Medical Imaging, which is becoming more relevant. The subject of this talk is discovery of vulnerabilities in a widely-used application for DICOM. The vulnerabilities discovered during the security assessment will be also discussed.
Trammell Hudson — “Finding TOCTOU vulnerabilities in BootGuard with spispy”
BootGuard’s Verified Boot mode on modern Intel CPUs is the core root of trust and measurement during the boot process, and preserves the chain of trust by only executing firmware with a valid vendor signature. These protections are supposed to be secure against physical attacks on the system, although with the open source spispy tool, the researcher has found multiple errors in handling the SPI flash firmware volumes as well as an error in transitioning from cache-as-RAM mode after the signature check has been done. This is what the current talk is about.
Kai Jern, Lau, Nguyen Anh Quynh — “qiling.io: Advanced Binary Emulation framework”
QIling is a sandbox framework that focuses on providing low level Python API to enable users to build highly customizable analysis tool on top.
This research introduces a comprehensive overview on the Qiling. The researchers will present all the technical issues they had to deal with. To conclude the presentation, they will show live demos.
Cesar Cerrudo, Esteban Martinez Fayo, Matias Sequeira — “Practical LoRaWAN auditing and exploitation”
IoT deployments just keep growing, and one part of that significant growth is composed of millions of LPWAN (low-power wide-area network) sensors. One of the most used LPWAN technologies is LoRa, for which LoRaWAN is the network standard (MAC layer). LoRaWAN is a secure protocol with built-in encryption
Over the last year, they have been researching LoRaWAN to identify common security problems and building tools to test LoRaWAN network security.
In this talk, the researchers are going to describe common security problems they found on LoRaWAN deployments. Also, they are going to provide step by step guidelines on how and what to test on LoRaWan networks indicating what hardware and software to use. Plus, they will be releasing new tools to test the security of LoRaWan networks. Finally, they are going to provide recommendations for secure LoRaWan deployments.
