1. POC
2. 2019
3. Event

Events of poc2019

Belluminar by POC
Belluminar is presented in POC2015, KOREA for the first time. Belluminar is meaning ‘Bellum’(war in Latin) and ‘seminar’. It is not a just hacking contest but a festival consisting of CTF & seminar together with challenges. Each team creates their own challenges and these are solved by other teams. After the CTF is over, they then discuss the challenges they created during the seminar. The main goal is to develop a competition and demonstrates the team’s diverse abilities, not just problem solving.

DATE: 2019.11.7 ~ 8
VENUE: TheK-Hotel
EMAIL: belluminar@gmail.com
OPERATING: POC 


Power of XX by POC
Power of XX is the one and only CTF for female hackers. It was established in 2011. And now it is not a simple CTF, it became one of the 'community' in Korea. To cultivate women cyber security researchers and retain women who already in the field. POC have established an active and sociable networking community.

DATE: 2019.10.5(preliminary round, online)
           2017.11.07(the final)
VENUE: TheK-Hotel
EMAIL: powerofxx@gmail.com
OPERATING: SISS & Demon Team

 
Speedhack by THEORI
THEORI has been running Speedhack event at POC for 3 years. It's an event for you to solve the challenges quick as you can and own the prize! 3 challenges in total, time limits 25mins

DATE: 2019.11.07~08
VENUE: TheK-Hotel
OPERATING: THEORI


BOSS zone by BOSS
The BOSS is "Best Of Security Study" of Kumoh National Institute of Technology. We prepared a mini games. This challenges consists of shooting games, ball bouncing, and typing competition. Let’s get away from hacking and play the game!

DATE: 2019.11.07 ~ 08
VENUE: TheK-Hotel
HOST/OPERATING: BOSS


Blind coding by layer7
It's very important to read the codes when you code. But you'll be blinded and unable to read your codes! So, can you code? Give it a try!

DATE: 2019.11.07 ~ 08
VENUE: TheK-Hotel
HOST/OPERATING: Layer7


DeVuln Patch Challenge by layer7
There are serious vulnerabilities in this program. Go ahead and patch the vulnerabilities

DATE: 2019.11.07 ~ 08
VENUE: TheK-Hotel
HOST/OPERATING: Layer7
          

1. POC
2. 2019
3. Speaker

Aaron Adams, "How CVE-2018-8611 can be exploited to achieve privilege escalation on Windows 10 1809 and earlier."

Aaron Adams(@fidgetingbits) is a security researcher in NCC Group's Exploit Development Group. He has been working with computer security for over 15 years, over that time working on vulnerability and malware analysis, code auditing, reverse engineering, and exploitation. Since joining NCC Group he has published some research on exploiting public vulnerabilities in the Windows kernel, Samba, Xen, Cisco ASA, etc..

[Abstract]
==========
This talk will discuss how CVE-2018-8611 can be exploited to achieve privilege escalation on Windows 10 1809 and earlier. This research was done without getting a chance to analyze the in-the-wild 0day exploit that lead to the bug being patched by Microsoft, but rather by patch diffing and following some minimal public information as a starting point.

This presentation will go through the following:
- Windows Kernel Transaction Manager (KTM) internals
- Analyzing and winning the CVE-2018-8611 race condition vulnerability
- Abusing a fairly restrictive while loop to build a limited write primitive
- Building an arbitrary read primitive
- Escalating privileges and escaping the loop

Brian Pak,"Breaking Android Obfuscation By Applying BAOBAB"

Brian Pak(Cai): CEO, Theori
- B.S. in Computer Science, Carnegie Mellon University (2011)
- M.S. in Computer Science, Carnegie Mellon University (2012)
- Plaid Parliament of Pwning (PPP) Founder
- 5-times DEFCON winner (2013, 2014, 2016, 2017, 2019)
- 50+ International CTFs winner
- KITRI Best of the Best (BoB) Mentor

[Abstract]
==========
메신저, 공유서비스, 게임, 금융 등 다양한 분야의 각 회사들은 모바일 앱을 제공하고 있습니다. 앱의 보안성과 정보의 은닉성 향상이라는 명목하에 앱 난독화 솔루션과 같은 모바일 앱 보안 솔루션들이 사용됩니다.

앱 보안 솔루션은 국내외 다수 존재하지만, 시장에서 독보적으로 인정받는 솔루션은 아직 존재하지 않습니다. 그렇다면, 이러한 솔루션들이 제공하는 기능들은 정확히 무엇이며 각 기능이 얼마나 효용성이 있는 것일까요? 여러가지 기능들을 자랑하는 다양한 솔루션들이 존재하는데, 이 중에서 어떤 것이 가성비가 가장 좋을까요? 이 질문들은 관련 솔루션을 적지 않은 비용을 들여가며 도입한 기업 고객사들이 저희에게 매번 문의하는 단골 질문입니다.
보다 기술적으로 정확한 답변을 전하기 위해 내부적으로 연구를 진행하였습니다.

이번 발표에서는 국내외 앱 보안 솔루션들 10여종을 살펴보고, 난독화에 사용된 기술에 대해 공유합니다. 특히 더 흥미로운 기법이 활용되는 안드로이드 진영의 솔루션들을 분석하였습니다.
적용된 난독화 기법들에 대하여 단계별로 정리하고 각 기법을 우회하거나 원상복구하는 방법에 대해 설명합니다. 또한, 기존 분석툴을 개선시켜 난독화 기술이 적용된 앱들의 분석을 훨씬 용이하게 하는 최적화 기법을 오픈소스할 예정입니다.

마지막으로, 모바일 앱과 서비스를 안전하게 보호하기 위해서 궁극적으로 해야하는 것이 무엇인지 알아봅니다. 이번 연구의 결과가 모바일 앱 보안 솔루션의 도입을 고민중이거나 이미 도입한 기업들의 위협모델링과 보안설계에 추가적인 지표로 사용되기를 기대합니다.

Chao Zhang, "Revery: from POC to EXP"

Dr. Chao Zhang is an Associate Professor at Tsinghua University. He was a member of the CTF team Blue-Lotus and now the coach. His research interest lies in system and software security, especially in vulnerability analysis. His automated vulnerability detection solutions have found over 200 CVE vulnerabilities. He co-led a team CodeJitsu from UC Berkeley and built an automated system Glactica which did excellently in the Cyber Grand Challenge launched by DARPA.

[Abstract]
==========
Vulnerability assessment, especially exploitability assessment, is important for both defenders and attackers. Automated exploit generation (AEG) is an important way to assess the exploitability of vulnerabilities. However, AEG is an open challenge. In some cases, the given proof-of-concept (PoC) input, which triggers the vulnerability, could exercise a crashing path but could not enter an exploitable program state. In this talk the speaker will introduce a solution Revery to this specific challenge.

Cristofaro Mune & Niek Timmers, "Using Fault Injection for Turning Data Transfers into Arbitrary Execution"

Cristofaro Mune has 15+ years of experience in SW & HW security assessment of highly secure products. He has given talks at renown security conferences, like BlackHat, BlueHat, HITB, WarCon, hardwear.io, on Fault Injection (EoP and Encrypted Secure Boot bypass), TEEs, White-Box cryptography, IoT exploitation and mobile security.
Niek Timmers(MSc) is an independent Device Security Expert at TwentyTwo Security. Niek has been analyzing and testing the security devices for over 10 years. Usually Niek’s interest is sparked by technologies where the hardware is fundamentally present. Niek shared his research on topics like secure and fault injection at various conferences like Black Hat, Bluehat and hardwear.io.

[Abstract]
==========
Unprivileged data is often transferred across multiple security boundaries.
In secure systems, such data is carefully checked, handled and sanitized, often leaving little chance for exploitable software vulnerabilities.
We have already demonstrated that fault injection could achieve the following on ARMv7 systems (PC directly addressable):

1) [2016]: precise control of Program Counter from data transfers
2) [2017]: Linux kernel code execution from userspace.
3) [2019]: Encrypted Secure Boot bypass without knowledge of the actual encryption key.

Nonetheless, the full potential of the underlying concepts has not been publicly discussed until now.
In our talk, we go through techniques for turning a transfer of attacker-controlled data into a fully fledged execution primitive.

Additionally, we share for the first time techniques that allow for PC control on architectures where PC is not directly addressable.
Such techniques could be applied to ARMv8 devices, including mobile phones, potentially achieving 1), 2) and 3), without relying on any software vulnerability.

Denis Kolegov & Anton Nikolaev, "Machine learning implementation security in the wild"

Denis Kolegov is a principal security researcher at BiZone LLC and an associate professor of Computer Security at Tomsk State University.
His research focuses on network security, machine learning security, web application security, cryptography engineering and covert communications. He holds a PhD and an associate professor degree. Denis presented at various international security conferences including Power of Community, DeepSec, Area41, SecurityFest, Zero Nights, Positive Hack Days, InsomniHack and SibeCrypt.
Anton Nikolaev is a security developer at BiZone LLC and a post-graduate student at Computer Security department of Tomsk State University. Anton also is the lead developer of the open-source Grinder framework and a contributor of SD-WAN New Hope and AISec projects. He gave talks at different international security conferences, such as Zero Nights and Positive Hack Days.

[Abstract]
==========
In this talk, we will present the results of the Internet-wide survey on implementation security of practical machine learning systems. We will show that many machine learning related systems suffer from low-hanging fruit implementation vulnerabilities that can compromise the security of machine learning. In our presentation, we will describe the methodology of the survey and the used automation framework. We will also disclose the vulnerabilities found in widespread and most popular machine learning products and technologies.

Gengming Liu & Jianyu Chen, "Chrome Exploitation"

[Speaker Info]
==========
Gengming Liu is a security researcher at KeenLab of Tencent. He has mostly focused on browser security in recent years. He participated in Pwn2Own in 2016 & 2017 and won "Master of Pwn" with Tencent Security Team Sniper. He has also won Chrome Pwnium Bounty in 2019. He is also the fan of CTF games. He is the captain of eee CTF team and the former captain of AAA CTF team. Gengming has spoken at several security conferences including BlackHat USA 2019, CanSecWest 2017.
Jianyu Chen is a security researcher at KeenLab of Tencent. His interest lies on penetration test and browser security. He is also a member of CTF team AAA (sometimes A*0*E) and had participated in DEFCON 26 & 27. He has made a chrome sandbox escape(together with Gengming Liu).

[Abstract]
==========
Browser security is always a prevalent topic in security research. Due to the great design and long-term effort, browsers have been more and more secure. The last time Chrome was pwned in Pwn2Own dates back to Mobile Pwn2Own 2016. In that contest, we, Keen Security Lab of Tencent, pwned Nexus 6P via Chrome browser. This year, we won the Chrome Pwnium(Guest to guest persistence root via webpage), which is the most valuable award in Chrome bounty.
As we all know, exploitation is also a key point in Pwning contest. It requires full and in-depth knowledge of the target. In our talk, we will share some novel exploitation techniques we used in Pwn2Own and Pwnium. For instance, although most researchers have realized JIT is a good target for bug hunting on Javascript, few people notice it could also be used to do exploitation. We will show how we used some general JIT fragments to exploit low-quality bugs.
Besides, we'll share our research on Chrome sandbox escape. We will introduce some practical methods in sandbox exploitation, including a data-only attack to do CFI bypass.
Finally, we will bring a demo of full-chain exploitation of Chrome on Linux.

James Forshaw, "Reimplementing Local RPC in .NET"/p>

James Forshaw is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

[Abstract]
==========
Finding privilege escalation in local Windows RPC servers is the new hotness. Unfortunately the standard Microsoft tooling only generates code for C/C++ which presents a problem for anyone wanting to write proof-of-concepts in a .NET language such as C# or PowerShell.
This presentation will go through the various tasks I undertook to implement a working including:
- Assessing the best approaches to implementing an RPC client in .NET.
- Reverse engineering the APIs to identify the low-level ALPC implementation.
- Implementing NDR parsing and serialization.
- PowerShell Integration.
The presentation will finish up with some details one of the bugs I discovered with the new tooling. The tooling itself will be available to all.

Jaanus Kääp, "Attacking Hyper-V"

Jaanus Kääp works as a security researcher, penetration tester, and developer at Clarified Security. Over the last years he has mostly focused on finding vulnerabilities in Windows and software around it. He has been in the MSRC top list for 4 years and currently trying to find energy to convert his Hyper-V research into a master degree thesis. This talk is about this research.

[Abstract]
==========

Until this year's BlackHat presentation from Apple the highest bug bounties were offered by Microsoft for Hyper-V vulnerabilities. But even now when the bug bounties are not the highest in the industry any longer they are still highly motivating. Therefore it is interesting that only a few vulnerabilities are reported and out of these only very few are reported from non-Microsoft researchers. This might be because the entry level to Hyper-V research is quite high and there is not enough public information nor tools available about it. While Microsoft has released more information about it over the last years there is still lack of tools and knowledge about Hyper-V outside Microsoft itself.
This talk tries to change this a bit by describing the attack surface, inner workings, necessary engineering methods and tools for testing it from an outside researcher's perspective. Speaker will make his toolset public, that will hopefully help in testing, fuzzing and analyzing Hyper-V for newcomers to this topic.

JingLi Hao & Wanqiao Zhang, "Threat From The Satellite"

JingLi Hao is from 360 Company ,a member of 360 Unicorn Team and researcher of 360 Security Research Institute,a satellite hacker from China,spacker of the HITB 2019 and MOSEC 2019.
Wanqiao Zhang is a member of 360 security institute and UnicornTeam. She is focusing on the security research of Communication, Radio of Civil Aviation, Satellite Communication etc.Speaker of DEFCON, POC, RUXCON, MOSEC.

[Abstract]
==========
In the current global satellite communication field, the main components of satellite communication are transponders. The types of transponders are used in different communication systems. Due to the preciousness and insufficiency of the power on the satellites, the devices traditionally used on the ground cannot be completed. The application to the satellite, and due to certain characteristics of the satellite, such as the failure to change the hardware equipment after the launch,the traditional system maintenance can not meet the needs of satellite communications.
Therefore, the satellite transponder contains a large number of "pent-pipe" payload that have been left to date and are being manufactured. This type of load has been widely used in satellite systems. This topic will discuss the principles and defects of this load, including this. Some technical parameters and frequency information commonly used in class load, for this load, the attacker can easily achieve interference, forgery, eavesdropping and other attack means for satellite communication, posing a great threat to the communication data.
At the same time, as a necessary device for satellite communications: modems, after research found that some of the world's most widely used brands - Comtech's modem, there are loopholes in the device's remote control function, which will allow illegal users to falsify control information The normal satellite communication link is shutdown.
This issue will show the attack video of this attack and the effect on data forgery. This vulnerability was first disclosed in a meeting.And this vulnerability does not only exist in the combech brand.

Kang Li & Yan Zhang, "Checking Defects in Deep Learning AI Models"

Kang Li a professor of computer science and the director of the Institute for Cybersecurity and Privacy at the University of Georgia. His research results have been published at academic venues, such as IEEE S&P, ACM CCS, USENIX Security and NDSS, as well as industrial conferences, such as BlackHat, DEFCON, SyScan, and ShmooCon. Dr. Kang Li is the founder and mentor of multiple CTF security teams, including SecDawg and Blue-Lotus. He was also a founder and player of the Team Disekt, a finalist team in the 2016 DARPA Cyber Grand Challenge.
Yan Zhang is from 360 research, her interests are in the area of AI and cloud security. She led the 360 virtualization security team.

[Abstract]
==========
Although the core concept inside an deep learning AI model is common, currently there is no uniformed standard for representing AI models. Each popular DL framework, such as TensorFlow and Caffe2, uses its own formats. In addition, vendors, such as XiaoMi, Qualcomm, Tencent, all come up their own model formats. Most of DL framework and run-time systems make some sanity check to the AI models before loading them from applications. However, the properties being checked are ad-hoc. A framework or its run-time environment can load an AI model with defects or containing malformed neural networks.

This talk presents a static checker that find defects in AI models. The checker can detect flaws such as inconsistency of data dimensions, topology errors in neural networks. The checker also highlights the vendor specific content in AI models. We show that, such defects, if not detected, can cause damages to the run-time environments and cause security risks to deep learning applications. The danger to be shown in this presentation includes system hangs, crashes, and leak of critical application and user information. These flaws affect DL frameworks from well-known mobile vendors, and DL systems that support cloud-based AI services. 


Kushal Arvind Shah, "Software Zero-Day Discovery - How To? Targets/Seeds? Methods - Fuzzing, Reverse-Engg, 'Neither'??"

Kushal Arvind Shah is working at Fortinet's FortiGuard Labs. His research areas are vulnerablity discovery, pentetration test and etc... He has many 0-day credts and Hall of Fames(Microsoft, Google, Adobe, Cisco, Intel, Samsung, Facebook, Tableau, Nvidia, Foxit Software, Hancom, Schneider Electric, Amazon, SAP and Many More.)

[Abstract]
==========
Software Zero [0]-Day Discovery has been pursued by many researchers since the time soft-wares were first developed. Over the years, many researchers have shared their strategies, tools, etc., in the hope of aiding others Researchers in the field in this Art.
This talk is about several things Critical BUT Not Explained in the whole Software Zero-Day Discovery approach, such as the following: -
1) How to find recent Zero-Day Vulnerabilities Details & their PoCs?
2) Which Target to select and How to Build/Use them?
3) How to find and build corpus for the Selected Targets?
4) Brief Intro to the Common methods involved in 0Day Discovery like Fuzzing.
5) LASTLY, How to find Critical Vulnerabilities by Neither Fuzzing Nor Reverse Engineering. ;)
This talk would also include a “Live Demo” about some Recent Critical Vulnerabilities (in a Widely Used Product by a Big Vendor) I discovered, and most importantly "How I discovered them without Reversing or Fuzzing!!"

Liang Chen, "Exploiting IOSurface 0"

Liang Chen is a senior security researcher of Pangu Team.

[Abstract]
==========
IOSurface is a fundamental element in iOS/macOS. In system wide its id starts from 1 and increases progressively, while IOSurface 0 doesn't exist. However, when users lookup IOSurface 0, the system doesn't treat the lookup request as illegal. This feature exposes an eleet method for exploiting bugs. In this talk, I will show a case study by exploiting IOSurface 0, leading to type confusion, then info leak to bypass kASLR and finally code execution. Recently, new version of iOS has already mitigated the attack chain, especially after the introduction of A12 PAC and iOS 13. I will also analyze those mitigations and discuss about the way to bypass.

Luca Todesco, "The One Weird Trick SecureROM Hates"

Luca Todesco(@qwertyoruiop) has spent the past 4 years doing iOS-focused independent security research, and has been passionate about iOS for a decade. As a result, he has contributed to several public and private jailbreaks for iOS and PlayStation 4, and continues to research to this day.

[Abstract]
==========
The hacker(@axi0mX) recently released a SecureROM bug dubbed Checkm8 affecting hundreds of millions of devices. Due to the nature of SecureROM, this is effectively unpatchable. In this talk we will analyze the root cause of the vulnerability and exploit techniques used, plus a brief overview of the work needed in order to turn it into a jailbreak for any iOS version on affected devices.

Nafiez & Jaan Yeh, "Hunting Vulnerability of Antivirus product"

Nafiez(@zeifan) is an independent security researcher. He is a fan of memory corruption and discovered numbers of vulnerability. He has passion in vulnerability research, reverse engineering and malware analysis. Occasionally blog about his security findings in https://nafiez.github.io/​. He has been helping organizing international CTF for HITB and local CTF, Wargames.MY.
Jaan Yeh(@iamyeh) has experience more than 10 years in the Anti-Virus field. Currently working in Carbon Black as Threat Researcher. Hack In The Box (HITB) Core Crew and Capture the Flag (CTF) 3.0 Developed challenges for the CTF in HITB and Wargames Malaysia for the past 8 years.

[Abstract]
==========
These days, Antivirus has been part of computers, servers, smart phone, ATM machine and even large corporation / enterprise still relying on Antivirus as one of their methods to detect and prevent malicious attacks and outbreaks. Of course, Antivirus software has its pros and cons, but Antivirus has always been mislead and untrusted due to the mechanism of the software failed to protect users. We will discuss more on security perspective in various Antivirus software. Antivirus product known to be poor quality from security perspective, something that needs to get attention from vendors. Antivirus software prone to vulnerable with different types of vulnerabilities. For some cases, Antivirus issue were at the lowest hanging fruit and quite trivial to exploit it. In this talk, we will discuss why Antivirus fail in security perspective, how does one can simply find a critical vulnerability, and attack classes. Besides that, we will discuss how we rate the criticality of the security issue found in Antivirus product. In our discussion, we will include the methodology of the assessment, techniques, tools and how it can be exploited.

Qian Chen, "Bug Hunting in Synology NAS"

Qian Chen is a security engineer of Qihoo 360 Nirvan Team. He mainly focuses on the security of embedded devices.

[Abstract]
==========
Network Attached Storage (NAS) is a device that makes storage available on a network. It's mainly used for providing centralized and shared storage for digital files. Synology, which is the leader in the small-business and home NAS area, offers a wide range of network-attached storage choice for every occasion.
With the increasing usage of Synology NAS, it's essential to secure these devices because they can contain sensitive information and are often exposed to the Internet.
In this talk, we will introduce the steps to prepare the environment for bug hunting, the protocol used to search the devices in the local area network, the flows to process the requests and so on. Then we will share some vulnerabilities found from both the local attack perspective and the remote attack perspective.

Ryan Sherstobitoff, "Inside Hidden Cobra Cyber Offensive Programs"

Ryan Sherstobitoff is a Senior Analyst for Major Campaigns – Advanced Threat Research in McAfee.
Ryan specializes in threat intelligence in the Asia Pacific Region where he conducts cutting edge research into new adversarial techniques and adapts those to better monitor the threat landscape. He formerly was the Chief Corporate Evangelist at Panda Security, where he managed the US strategic response for new and emerging threats. Ryan is widely recognized as a security & cloud computing expert throughout the country.

[Abstract]
==========
In 2018 McAfee ATR began to re-focus on identifying and tracking the operations attributed to Hidden Cobra / Lazarus group in an effort to better understand and reveal activity never seen before. In this talk we will present research conducted by McAfee Advanced Threat Research into the threat actor known as Hidden Cobra and the various operations targeting different sectors over the years.

The actor known as Hidden Cobra is thought to have been linked to the North Korean intelligence services and has been involved in numerous operations dating back to 2007. Over the course of 2018, McAfee ATR discovered several major campaigns linked to Hidden Cobra using complex and hidden implants aimed at gathering intelligence on targeted victims, disrupting their operations and generating hard currency for the regime through fraud operations. This talk will take a deep dive look into the techniques, tactics and procedures of Hidden Cobra as well as the developments in this actor’s complex toolkit including several new implant frameworks. This talk goes into detail about McAfee ATR’s various investigations into Hidden Cobra and what we have learned as a result of our investigations. We will also discuss the various partnerships with International law enforcement in our efforts to uncover backend systems used by this actor. Thus, we will discuss the behind the scenes of Operation Sharpshooter case that took us from the Rising Sun implant to the exposure of the backend C2 server.

Xpl017Elz, "KNOX Kernel Mitigation Bypasses (New Reliable Android Kernel Root Exploitation Part #2)"

Xpl017Elz
- Co-founder / CEO / SecuriON
- Co-founder / CTO / Head of INetCop Security smart platform lab
- Ph.D. Chonnam National University Graduate School of Information Security​


[Abstract]
==========
Introduces Samsung KNOX protection technology, a representative security technology in the hypervisor environment of Android devices, and demonstrates an attack that bypasses kernel protection (or mitigation) technology.

- Linux kernel-based attack and protection, protection bypass technique trends
- Hypervisor-based linux kernel protection and bypass technique trends
- Demonstrated the case of Samsung KNOX (2.x ~ 3.2) bypass attack
- KASLR / PXN / RKP / JOPP / EPV Bypass attack

Yongtao Wang & Yang Zhang & Kunzhe Chai, "A Whole New Perspective In SSRF: MAKE IT GREAT AGAIN AND Ignore Most Of SSRF DEFENSE SOLUTIONS THAT WE KNOWND"

Yongtao Wang(@by_Sanr) is Leader of Red Team at BCM Social Corp.He has profound experience in wireless security and penetration testing, and His research interests include Active Directory、Threat hunting.He shares research achievements at China Internet Security Conference (ISC), Blackhat, Codeblue, POC, CanSecWest, HackInTheBox etc.
Yang Zhang(izy) is a security researcher in BCM Social Corp, with rich experience in application security and penetration testing, leader of Back2Zero Team and core member of XDSEC Team. Currently focusing on the security research of application security, cloud security, blockchain security. International renowned security conference speaker.
Kunzhe Chai (Anthony) is a Chief Information Security Officer at BCM Social Corp, Founder of PegasusTeam and author of the well-known security tool MDK4. He is the maker of China's first Wireless Security Defense Product Standard and he also is the world's first inventor of Fake Base Stations defense technology, He leads his team to share the research results at HackInTheBox(HITB), BlackHat, DEFCON, Cansecwest, CodeBlue, POC, etc. Follow him on Twitter at @swe3per

[Abstract]
==========
In this presentation, we will start with some traditional SSRF attack chains before introducing our research. After that, we will exhibit a new attack surface and demonstrate it how to ignore SSRF protections, even results in RCE(Remote Command Execution). In the end, we will also disclose a number of vulnerabilities that existed in prevalent programming languages and fundamental libraries, and describe them in real-world attack scenarios which have never been noticed.

Zhiyang Zeng, "Safari Adventure: A Dive into Apple Browser Internals"

Zhiyang Zeng(a.k.a Wester) currently works as a security researcher at Tencent Blade Team, mainly focusing on penetration testing, browser and web security. He has been acknowledged by famous vendors including Apple, Google, Microsoft, and PayPal for his contribution in discovering vulnerabilities in their systems and improving the security of their products.

[Abstract]
==========

Browser is a perpetual topic in the field of Cyber Security, and what we are witnessing today is a more mature and somewhat less-fluctuating browser market. According to the latest market statistics report, Safari is the second most popular browser behind Chrome. The main part of this presentation will focus on the "Safari Adventure", we'll take a deep dive into Safari internals and explain different kind of attack vectors campaign targeting multiple components, such as User-Interface, Security-Feature, Just-in-time compiler, and SafariServices framework. Specifically, I am going to illustrate how I found 6+ CVEs in Safari within one year.

1. POC
2. 2019
3. Training

Advanced Windows Logic Bug Hunting

∙ Trainer: Yongil Lee
∙ Date: 2019.11.4 ~ 6
∙ Fee: $3,500

Offensive Mobile Reversing and Exploitation

∙ Trainer: Prateek Gianchandani, Dinesh
∙ Date: 2019.11.4 ~ 6
∙ Fee: $4,000

TEE Offensive Core

∙ Trainer: 	Cristofaro Mune
∙ Date: 2019.11.4 ~ 6
∙ Fee: $3,500

Windows Kernel Exploitation Foundation & Advanced

∙ Trainer: Ashfaq Ansari
∙ Date: 2019.11.4 ~ 6
∙ Fee: $3,500

1. POC
2. 2019
3. Sponsor

Sponsors

Supporting Friends