Speakers 2019

Alex Ionescu - Keynote Speaker

Reversing without Reversing

Am I 4 people? Do I actually have Windows source access? What dirt must I have on the kernel team? Am I a bot? All the answers to these real questions that have been asked (seriously) will be answered — and hopefully open up attendees’ eyes toward a different kind of reversing. Read more...

Samuel Groß

FuzzIL: Guided Fuzzing for JavaScript Engines

This talk will discuss a new approach for guided fuzzing of JavaScript (and browser) engines. In contrast to existing fuzzers, which commonly operate on syntactical elements such as the abstract syntax tree (AST), the presented approach performs mutations on a custom, bytecode-like intermediate language, named FuzzIL, which is afterwards translated to JavaScript. Read more...

Ned Williamson

Modern Source Fuzzing

I've publicly discussed a bit about my process when researching the Chrome sandbox last year. In this talk I follow up with more details about my process and how to make quick progress with fuzzing. Read more...

Niklas Baumstark

IPC you outside the sandbox: One bug to rule the Chrome broker

A single bug in the Chrome broker process found by Ned Williamson was enough for the two of us to fully escape the sandbox on Windows. I will provide insights into our exploitation approach, generic exploitation primitives available in the broker process and how to stage an IPC-based exploit from the renderer process. Read more...

Max Bazaliy

iOS dual booting demystified

In this talk I will cover iOS boot process in detail, and demo a dual boot implementation on a modern iPhone hardware. Read more...

Jasiel Spelman, Brian Gorenc, Abdul-Aziz Hariri

Bugs so nice they patched them twice! A (continuing?) story about failed patches

Over the last several years, the industry has experienced a spike in research focused on finding a wide variety of vulnerabilities in PDF rendering applications. Read more...

Minrui Yan

Attack surface of a connected vehicle

Nowadays, more and more connected cars on the road, cars brought convenience experience and service to the users, but the hidden security risks and hidden dangers behind also will increase. Read more...

Luc Reginato

Updated analysis of PatchGuard on Windows RS4: Is the mouse finally caught?

This presentation will focus on analyzing PatchGuard on Windows 10 RS4 and provide an aggregated and updated view of the whole mechanism, from initialization to BSOD. Read more...

Eloi Benoist-Vanderbeken

macOS: How to gain root with CVE-2018-4193 in < 10s

To escape the Safari sandbox at pwn2own 2018, Ret2 discovered and exploited CVE-2018-4193. They detailed their exploit, which takes 90s to pop a shell, in a blogpost series and challenged their readers to do better... this presentation is Synacktiv's answer. Read more...

Alex Matrosov

Attacking Hardware Root of Trust from UEFI Firmware

In this presentation, I'll explain new security issues to bypass specific implementation of Intel Boot Guard technology in one of the most common enterprise vendors. Read more...

Jason Matthyser

3D Accelerated Exploitation

Amongst other things this talk aims to discuss some of the useful exploitation primitives that exist within 3D Acceleration and can be leveraged to escape a virtual machine without executing a single line of shellcode. Read more...

Andrey Konovalov

Coverage-guided USB fuzzing with syzkaller

This talk is about coverage-guided fuzzing of Linux kernel USB drivers looking for vulnerabilities, that can be exploited externally by a malicious USB device. Read more...

Daniel King, Shawn Denbow

Growing Hypervisor 0day with Hyperseed

In this talk we will briefly cover Hyper-V architecture and its attack surface to set the stage for the audience. Read more...

Emeric Nasi

Bypass Windows Exploit Guard ASR

How to bypass all Microsoft latest "Attack Surface Reduction" rules with malicious Office documents and scripts. Read more...

Bruno Keith

Attacking Edge through the JavaScript Just-In-Time compiler

As major JavaScript engines matured over time, attackers and researchers turned to specific and complex areas such as Just-in-Time compilation to find exploitable vulnerabilities. Read more...

Lucian Cojocar

Reverse Engineering of Error-Correcting Codes

We describe several ways to reverse engineer Error-Correcting Codes (ECC) that are implemented in memory controllers. Read more...

Sergei Volokitin

Glitch in the Matrix: Exploiting Bitcoin Hardware Wallets

In this research one of the most popular hardware wallet's physical security was put to the test. An exploit, allowing an attacker with physical access to the device to change the device's PIN and get the full access to its secrets, is presented. Read more...

Tyler Bohan

OSX XPC Revisited - 3rd Party Application Flaws

Reverse engineering the XPC protocol in Objective-C to locate privilege escalation attacks on incorrectly coded third party applications. Read more...