Speakers

The following are speakers that will be presenting at our event. We will publish the agenda and schedule as soon as we finalize it.

Halvar Flake / @halvarflakehalvar-flake

The good 0(ld) days

Abstract:

Software supply chains are complicated. Open-source has allowed for tremendous advances and democratization everywhere, but many organisations do not have good control over what open-source code they are using where - and who is responsible for making sure that code stays up-to-date. Vulnerabilities can often be found by back-porting bugs in open-source software into closed-source environments. This talk discusses some methods for the detection of FOSS code in binaries and examines some particular cases where bugs could be obtained by first identifying the open-source code in binaries and then going from there.

Adam Donenfeld /  @doadam

Viewer discretion is advised: (De)coding an iOS vulnerability

Abstract:

Over the years, ring-0 vulnerabilities in mobile devices have become increasingly difficult to find and exploit. Attackers and defenders alike must find new attack vectors, as well as develop tools to expedite the research process and increase coverage. One significant challenge is a more confining sandbox. While vendors usually put less emphasis on the security of mechanisms which are not operable from within the sandbox, sandboxing applications appropriately is not always that easy.


In this talk, a real-world journey of finding, we will be uncovering a deeply buried vulnerability in the iOS kernel cache. The vulnerability, which is hidden within the video-decoder driver, can be triggered by processing maliciously crafted codec frames. The driver is normally not accessible to the standard application. This vulnerability, however, is still exploitable from within a sandboxed process or application. During this talk, concepts and methods of work will be given: from initial investigation till getting familiar with a complete closed-source environment, as well as a real-world example of finding “sandbox-restrictive” vulnerabilities and exploiting them from the most narrowed context nevertheless.

Bio:
Adam Donenfeld is a mobile security researcher at Zimperium with vast experience in the mobile research field. Researching vulnerabilities and exploiting them for both PC and mobile environments, Adam has given talks at several international security conferences including Black Hat, DEF CON and HITB. In his past, Adam served in the IDF in an elite intelligence unit.