Stay Off My Private Data: A Framework to Examine Mobile App Privacy Claims

PRESENTATION SLIDES (PDF) In recent years, we have witnessed many major companies being penalized by regulators due to violations of personal data privacy. Many countries and territories, such as the US, the EU and China, have put in place strict regulations for security compliance and privacy. Users’ concerns on how applications collect and use their […]

Securing Webviews and The Story Behind CVE-2021–21136

PRESENTATION SLIDES (PDF) Webview: An in-app Web Browser created to ensure seamless user experience without context switching between browser and mobile application. It allows developers to display web content directly into their mobile application and supports the concept of code reuse thus Webviews are extensively used in current mobile application development. This presentation will cover […]

trapfuzzer: Coverage-guided Binary Fuzzing with Breakpoints

PRESENTATION SLIDES (PDF) trapfuzzer is a tool I developed in Python and C and has the following features: Users can view the test status in the fuzzy process, pause / resume the test task, and manage the test status through TCP port The tool supports saving the mutation relationship between testcases in the fuzzing process […]

Container Escape in 2021

PRESENTATION SLIDES (PDF) Container escape is a hot topic in cloud security. Methods of container escaping has been covered by several parties however the traditional container (runc) uses the same kernel with the host so there are always new escape methods being discovered. In this talk, I will show three new methods to escape the […]

Going Deeper into Schneider Modicon PAC Security

PRESENTATION SLIDES (PDF) To provide an economical way to deliver functional control in the gap between the PLC and the DCS, Schneider offer industrial process automation controllers-Modicon PACs(M580, M340, MC80,etc).Modicon PACs feature redundancy functionality, native Ethernet, embedded cybersecurity,But are these industrial brains, widely used in power, water, and critical infrastructure, really secure? In this presentation,we […]

IDA2Obj: Static Binary Instrumentation On Steroids

PRESENTATION SLIDES (PDF) IDA2Obj is a tool I created that allows you to directly dump multiple object files just from one executable binary (exe, dll, etc) – The tool is designed mainly for Static Binary Instrumentation to collect code coverage and integrates with popular fuzzing engines (AFL, honggfuzz, etc). Based on my testing, it is […]

Taking Ghidra to the Next Level

PRESENTATION SLIDES (PDF) Ghidra is NSA opensouced in 2019. As the only one in the open source community that has the potential of being the replacement of IDA, it draws a lot of attention. However, due to the history of its development, the code has been historical. And the official seems to be moving slow […]

Make JDBC Attacks Brilliant Again

PRESENTATION SLIDES (PDF) In this presentation, we will share our latest research into attacking JDBC. We will start with the derivation of JDBC attacks including the JDBC concept and root cause of vulnerability. We will then give  a more in-depth analysis of occurred implementations including the 0day we found (Weblogic RCE). Finally we will share […]

Is Attestation All We Need? Fooling Apple’s AppAttest API

PRESENTATION SLIDES (PDF) AppAttest API has been released starting from iOS 14. This technology was declared as anti-tampering solution and we found out sometimes its misintepreted as silver bullet against data modification on client-side. in this session we will take a look at this technology from reverse engineering perspective. We will look at examples of […]