Speakers @OffensiveCon

Rodrigo Branco - Keynote Speaker

Inside the Machine: How Offensive Security is Defining the Way we Compute Data

Jörn Schneeweisz // joernchen - Surprise Rant

Surprise Rant

Alex Ionescu

Advancing the State of UEFI Bootkits: Persistence in the Age of PatchGuard and Windows 10

While popular during the "bootkit" craze more than a decade ago, boot-time persistence has once again quieted down, thanks in part to the rise of various security technologies that Microsoft and vendors have been pushing out. Read more...

Brian Gorenc, Abdul-Aziz Hariri, Jasiel Spelman

L'art de l'évasion: Modern VMWare Exploitation Techniques

Virtual machines play a crucial role in modern computing. They are often used to isolate multiple customers with instances on the same physical server. Virtual machines are also used by researchers and security practitioners to isolate potentially harmful code for analysis and review. Read more...

Niko Schmidt, Marco Bartoli, Fabian Yamaguchi

Field Report on a Zero-Day Machine

Make no mistake, security is about finding and exploiting vulnerabilities, not the ones everyone already knows about. The keen dream of the presenters is to build a machine that eats code on a large scale and outputs accurate information about all the ways in which this program exposes itself to the attacker, fails to be cautious about the input it receives, and leaks information. Read more...

Maddie Stone

The Smarts Behind Hacking Dumb Devices

This talk goes beyond describing a particular attack and lets you inside the attacker’s mind when exploiting a “dumb” embedded device. A “dumb” embedded device has a microcontroller which senses and/or controls hardware circuitry, but doesn't have any wireless connectivity. Read more...

Nick Sampanis

Windows 10 RS2/RS3 GDI Data-Only Exploitation Tales

On Windows 10 there is a continuous development and adoption of kernel memory corruption mitigations. This has resulted in a race to data-only attack methodologies, mainly by abusing kernel objects. Read more...

Jos Wetzels and Ali Abbasi

Dissecting QNX - Analyzing & Breaking QNX Exploit Mitigations and Secure Random Number Generators

QNX is a proprietary, real-time operating system used in many sensitive and critical embedded devices in different industry verticals from networking and automotive equipment to military and industrial control systems. Read more...

Alex Matrosov

Betraying the BIOS: Going Deeper into BIOS Guard Implementations

For UEFI firmware, the barbarians are at the gate -- and the gate is open. On the one hand, well-intentioned researchers are increasingly active in the UEFI security space; on the other hand, so are attackers. Read more...

Joe Bialek

The Evolution of CFI Attacks and Defenses

Control Flow Integrity (CFI) is a popular topic in the world of exploit mitigations these days. As Microsoft was the first company to ship a platform-wide, and enabled by default CFI solution, we’ve learned a lot of hard but valuable lessons. Read more...

Markus Vervier and Michele Orrù

Oh No, Where's FIDO? - A Journey into Novel Web-Technology and U2F Exploitation

The current state of web security and phishing protection is not state of the art: some might even say this is an understatement. Still, there are continuous efforts to improve the situation. Read more...

Ilya Smith

Linux ASLR and GNU Libc: Address Space Layout Computing and Defence, and “Stack Canary” Protection Bypass

Linux has been in active use worldwide both on servers and on client machines, on mobile devices (Android OS) and on various smart devices. A great number of mechanisms that protect against vulnerability exploitation have emerged since the Linux kernel has been created. Read more...

James Forshaw

New and Improved UMCI, Same Old Bugs

User Mode Code Integrity (UMCI) restricts what executables can be run based on the signer. UMCI was introduced with the ARM based Windows RT in 2012, however ways of bypassing the signing restrictions were quickly discovered. Read more...

Cedric Halbronn

Robin Hood vs Cisco ASA AnyConnect - Discovering and Exploiting a Vulnerability in your Firewall

This talk is about the journey of how we discovered a remote pre-authentication vulnerability in Cisco ASA firewalls in the AnyConnect service and how we exploited it to achieve remote code execution to obtain a Cisco shell. Read more...

Robert Gawlik

From Assembly to JavaScript and back: Turning Memory Corruption Errors into Code Execution with Client-Side Compilers

Compilers of interpreter languages were developed in order to speed up execution in the race for web browser performance. Various different compilers and analysis stages are involved to aggressively transform JavaScript code into machine code of the architecture the browser runs on. Read more...

Vitaly Nikolenko

Concolic Testing for Kernel Fuzzing and Vulnerability Discovery

Automated run-time testing has always been the easiest and most efficient approach accounting for the largest share of discovered kernel vulnerabilities. Read more...