Archives

Attacking Cloud Native Kubernetes with CDK

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, with the rapid growth of cloud-native containers, several Cloud Service Providers are deploying Kubernetes in production to support customer multitenancy in their Serverless and CaaS offerings. Are they actually contain? Where is the weakness and how to exploit it? […]

X-in-the-Middle : Attacking Fast Charging Electric Vehicles

Electric vehicles represented by Tesla are changing the way people travel. How to safely and quickly charge electric vehicles is a problem that manufacturers of electric vehicles and charging piles need to solve. We conducted an in-depth analysis of the security of the DC fast charging communication protocol, and found many interesting findings. This talk […]

Hack Out of The Box: Discovering 10+ Vulnerabilities in VirtualBox

Virtualbox is a well-known open source cross-platform virtualization software. With the continuous update of virtualbox, its security has been greatly improved. For example, it now creates virtualbox process hardening to prevent malicious software from using VirtualBox as a vehicle to obtain kernel level access. They’ve also deleted Chromium 3D libraries and VHWA interface that are […]

HACK AT THE STUDIO: Panasonic Chimera

The Panasonic Cyber Security Lab has developed a bug bounty platform called Chimera to proactively discover vulnerabilities in Panasonic products. The Chimera platform enables Panasonic to place various home appliances into a special box, and hackers are provided with a special mechanism to operate on the available appliances. After a year of trial implementation in […]

The Phishermen: Dissecting Phishing Techniques of CloudDragon APT

North Korea is regarded as the menace to the whole world not only by holding nuclear weapons in reality but bringing damages to cyberspace. For instance, the USD$101 million lost in Bangladesh Bank Heist, or Operation DarkSeoul that paralyzed banks and broadcastersโ€™ network systems in 2013. In late 2020, the Cybersecurity & Security Infrastructure Agency […]

KEYNOTE 2: The State of Mobile Security

In this keynote presentation weโ€™ll focus on Mobile Security, and discuss recent smartphones related events, signs of compromise on mobile devices, review of recent attacks, review of mobile EDR / DFIR with a deeper dive into mobile investigations. We will also explore the state of self-defense on mobile devices, vendors reactions to attacks, the FreeTheSandbox […]

WoW Hell: Rebuilding Heavens Gate

Microsoft embeds a translation design named WoW64 (Windows 32 on Windows 64) used for running 32 bit PE (Portable Executable format) on 64 bit Windows. The design basically hosts every 32 bit PE file inside as a native standalone 64-bit process and translates every 32-bit system interrupt into a 64-bit syscall. In this talk, we’re […]

The Rise of Potatoes: Privilege Escalation in Windows Services

Privilege escalation is a required step for an attacker in order to get full control of a system starting from a lower privileged access. In Windows there are many ways to reach this goal. The first part of the talk will be focused on showing all the recent techniques used to do privilege escalation starting […]