Day 1 - 15th of May
08:15 - 09:15
Registration, coffee and snacks
09:15 - 09:30
Welcome Address
09:30 - 10:30
Keynote - Chaotic Good and Chaotic Bad: ensuring collective success in defensive endeavours through offence by Ollie Whitehouse
10:30 - 11:30
Tile-Based Deferred Rooting: When Your GPU Starts Rendering To Kernel Code Space! by Xingyu Jin and Martijn Bogaard
11:30 - 11:45
Coffee Break
11:45 - 12:45
The DNG Weird Machine: Deconstructing an In-The-Wild Android Image Exploit by Benoît Sevens
12:45 - 13:15
Beyond the Limits of Site Isolation by Ivan Fratric
14:15 - 15:15
Exploiting QSEE Vulnerabilities In Google's Wifi Pro by Cristofaro Mune
15:15 - 16:15
SELECT shell FROM postgres: Digging up a 20-year-old bug for ZeroDay.Cloud by Paul Gerste and Moritz Sanft
16:15 - 16:45
Coffee Break
16:45 - 17:45
Design-Based Vulnerabilities on macOS: Oops, Not a One-Shot Fix by Zhongquan Li
17:45 - 18:45
4-Byte Heap Overflow To RCE In Minecraft by Hrvoje Misetic
18:45 - 19:15
Coffee and Beer Break
19:15 - 19:45
Enhanced Insecurity Mode: 23 RCEs in Edge's "Safe" WebAssembly Interpreter by sakura and R1nd0
20:00 - 20:30
Welcome drinks and gather up at Austernbank
20:30
Opening Party/Dinner at
Austernbank 📍 - sponsored by
Data Flow Security
Day 2 - 16th of May
09:30 - 10:30
From Samsung Account to RCE: A Journey to a Remote 0-Click Capability by Kaufi
10:30 - 11:00
IRON GIANT: When The Vault Becomes The Victim by Erik Egsgard
11:00 - 11:15
Coffee Break
11:15 - 11:45
Navigating the MTE Landscape: iOS Memory Protection Deep Dive by Patrick Ventuzelo and Atlan Pinabel
11:45 - 12:45
Exploiting Android Apps with Counterfeit Art by Philipp Mao and Rokhaya Fall
13:45 - 14:45
Your TEE Is Only as Strong as Its Interconnect: Breaking SEV-SNP using AMD's Infinity Fabric by csrrw and bschlueter
14:45 - 15:00
Coffee Break
15:00 - 16:00
Pedal to the Metal: Accelerating to the Host via VirtualBox VMSVGA by NiNi and Xiaobye
16:00 - 17:00
From Zero To Root: Attacking Qualcomm DSP Driver by Xiling Gong
17:00 - 17:30
Coffee and Beer Break
17:30 - 18:30
A 0-Click Exploit Chain For The Pixel 10 by Natalie Silvanovich and Seth Jenkins
18:30 - 19:00
Pwn2Own Winners Announcement
19:00 - 19:30
Closing Remarks
20:00 - 20:30
Welcome drinks and gather up at Ayoka
20:30
Closing Party/Dinner at
Ayoka 📍 - sponsored by
Epsilon
