1. POC
2. 2023
3. Event

Events of poc2023

MYOR(Make Your Own Radio) by Graylab
Presenting you an exceptional experience of making FM Radio with Arduino and listen to what Pirates are saying(broadcasting)

아두이노로 FM 라디오를 직접 만들어보고, 만들어진 라디오로 해적 방송도 들어봅니다.

DATE: 2023.11.02 ~ 03
OPERATING: Graylab

          

1. POC
2. 2023
3. Speaker

Antonio Cocomazzi, "10 years of Windows Privilege Escalation with Potatoes"

[Speaker Info]
==========
Antonio Cocomazzi(aka splinter_code) is a Senior Offensive Security Researcher at SentinelOne. Specializing in low-level exploitation and EDR evasion, he has a keen interest in unraveling the intricacies of Windows OS internals.
Antonio's primary research focus lies in identifying novel attack vectors against Windows operating systems and devising innovative techniques for maintaining stealth in highly monitored environments.
Beyond his work at SentinelOne, Antonio is an active independent researcher, continually seeking out new vulnerabilities. His enthusiasm for reverse engineering extends from unpacking sophisticated malware to dissecting Windows internal components.
His expertise has been recognized on international stages, having previously presented at prominent security conferences such as BlueHat IL, Black Hat Asia, Insomni Hack and Hack In The Box.



[Abstract]
==========

Back in early 2014, a new privilege escalation vulnerability was publicly disclosed, detailing a new way of performing a local NTLM reflection attack leveraging a DCOM trigger. Since then, a new Pandora's box has been opened, starting the "dynasty" of a series of exploits known as "Potatoes". Each exploit in this series relies on the DCOM trigger as its core exploitation method.
Most of these exploits allow an attacker to break the WSH (Windows Service Hardening) boundary, enabling privilege escalation from a limited service to SYSTEM: a common scenario when dealing with web services like IIS or MSSQL.

Interestingly, Microsoft does not consider WSH a security boundary but rather a safety boundary; for this reason, many Potato exploits work (and have been working) on fully updated Windows systems. Moreover, recent iterations of the Potato exploits enable privilege escalation even from an unprivileged user, eliminating the prerequisite of running as a service. Among these, our latest Potato exploit, LocalPotato (also known as CVE-2023-21746), stands out. This exploit employs a specific type of NTLM reflection attack targeting local authentication, and it allows for arbitrary file read/write and privilege escalation, all starting from an unprivileged user account.

In this talk, we will present our journey into the discovery of our Potato exploits, including RoguePotato, RemotePotato0, JuicyPotatoNG and LocalPotato. We'll delve into the vulnerabilities, the fixes, and the bypasses of those fixes, unfolding an intricate story of how a single unfixed bug has led to a long-running history of privilege escalation vulnerabilities on Windows systems.

As a bonus demo for the conference, we will release a new variant of LocalPotato that exploits the HTTP protocol and has been classified as "won't fix" by Microsoft, so it still works on updated systems.

Avboy1337 & yyjb & vrk, "Modern Chrome Exploit Development"

[Speaker Info]
==========
avboy1337(@frust93717815) focusing on Chrome and Linux kernel exploit development
yyjb focusing on Windows kernel and protocols vulnerabilities.
vrk is a NumenCyber Security Research Lab Manager

we are focusing on writing exploit especially the beautiful ones in wild.
NumenCyber(@SG) labs are focusing on android/Linux/Windows kernel and browser security. We also provid sevice for web3 security Solution. We are based in SG.

[Abstract]
==========

We will delve into the comprehensive process and challenges faced during the development of the exploit chain. This includes discussing the V8 sandbox bypass, with a special emphasis on hijacking the latest Chrome V8 rip, focusing beyond just the lower 4 bytes. Additionally, we'll cover the reliable technique for jumping to LONG shellcode without relying on ROP, and the distinctions between untrusted processes and Chrome's rendering process.

In the context of Chrome's sandbox, we've utilized CVE-2023-21674. Our discussion will reveal in-depth details of the ALPC kernel exploit, and the construction process for its proof of concept (PoC). We will also touch upon the transition from use-after-free (UAF) vulnerabilities to arbitrary read/write primitives, and the method of object memory replace from the Chrome render process to the kernel heap, and methods to bypass numerous API restrictions.

Lastly, we'll highlight crucial considerations and key points when developing real-world exploits.

Dongok Kim & SeungHyun Lee & Insu Yun, "One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability"

[Speaker Info]
==========
Dongok Kim is a Master's student at KAIST Hacking Lab. He received his bachelor's degree at KAIST, School of Computing and Electrical Engineering. He is interested in general system security, including software security, binary exploitation and embedded system security. Currently, he focuses on Linux kernel security, especially in kernel exploit automation and kernel vulnerability triage. He is also a competitive CTF player and often plays for team KAIST GoN and The Goose. He participated and was awarded on several global/local CTFs.

SeungHyun Lee is an undergraduate student at KAIST, currently working as a research intern in Hacking Lab. His research focuses on system security, binary analysis, automatic vulnerability discovery and exploit generation. He is also an active CTF player at KAIST GoN and a member of multinational CTF team zer0pts.

Insu Yun is an assistant professor at KAIST, currently leading Hacking Lab. He is interested in system security in general, especially, binary analysis, automatic vulnerability detection, and automatic exploit generation. His work has been published to the major computer conferences such as IEEE Security & Privacy, USENIX Security, and USENIX OSDI. Particularly, his research won the best paper award from USENIX Security and OSDI in 2018.
In addition to research, he has been participating in several hacking competitions as a hacking expert. In particular, he won Pwn2Own 2020 by compromising Apple Safari and won DEFCON CTF in 2015 and 2018, which is the world hacking competition.
Prior to joining KAIST, he received his Ph.D. degree in Computer Science from Georgia Tech in 2020.

[Abstract]
==========

Desktops, servers, cloud computing services, mobile devices, and IoT devices. Linux is the most popular open-source kernel and is used in various IT platforms. Because of the ubiquitous presence of Linux and the characteristic of the kernel which governs the entire system, security threat against Linux kernel is a significant concern. Numerous vulnerabilities in Linux are reported frequently, either discovered by fuzzer or through manual analysis. However, assessing the exploitability of these vulnerabilities is not a straightforward task these days, where various mitigations are applied.

To address these issues, Google recently announced kernelCTF — a bug bounty program that is specifically designed for studying Linux kernel exploits. kernelCTF originated from kCTF, which initially was a bug bounty program for GKE (Google Kubernetes Engine). Then, it has evolved into kernelCTF, to provide an environment for kernel security researchers to actively engage in vulnerability identification and exploit mitigations. For the intention of the program, kernelCTF provides various targets such as the latest LTS Linux kernel, Container-optimized OS (COS) used for GKE, and LTS Linux kernel with Google’s custom kernel exploit mitigations. Unlike other bug bounty programs, Google considers submissions as valid regardless of whether the vulnerability is 0-day or 1-day if they can successfully achieve full LPE kernel exploits with container escape.

In this talk, we will present our exploits submitted to kernelCTF. Notably, this is the first submission in kernelCTF's history that exploits every target with a single (1-day) vulnerability. We will briefly introduce what kernelCTF is and each target kernel instance of kernelCTF. Then, we will explain how we built the 1-day vulnerability exploit for every target instance in detail. This will include how we discovered this vulnerability, and how we made exploits working for the different target kernel versions, build configs, and applied mitigations. Finally, we will share our novel research and insights into kernel exploit mitigations of Linux and Google, focusing on their limitations and side effects. We will also discuss the difficulties to apply mitigations to the Linux kernel.

Ignat Korchagin, "Linux user namespaces: a blessing and a curse"

[Speaker Info]
==========
Ignat is a systems engineer at Cloudflare working mostly on Linux, platforms and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming.
Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division. His solutions may be found in many older Samsung smart phones and tablets. Ignat started his career as a security researcher in the Ukrainian government’s communications services.

[Abstract]
==========

Unprivileged Linux user namespaces is a rather controversial topic in the security community, Linux Kernel community and in software engineering in general. On one side it allows building unprivileged and sandboxed services and applications, which would otherwise require elevated privileges to successfully run and provide features to their users. Not granting privileges to such applications follows the least privilege principle and makes our systems more secure.

On the other side, this mechanism has been repeatedly used in various vulnerabilities and exploits as a starting attack vector, multiplying the damage and impact of these exploits. And since it became so popular within the offensive industry, many Linux distributions and security guidances started recommending disabling this feature altogether.

There is an ongoing debate whether unprivileged user namespaces provide more security or make the system more vulnerable. In this presentation we will review how user namespaces might help building sandboxed secure applications. But we will also show how a recently discovered Linux kernel bug turned into a security vulnerability just because user namespaces are available on the system. Finally, we will give recommendations on how to get the best of both worlds: allow well-behaved applications to utilize user namespaces for better security, while blocking the feature for potentially malicious users/code.

James Forshaw, "Building More Windows RPC Tooling for Security Research"

[Speaker Info]
==========
James Forshaw is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of the upcoming book “Windows Security Internals with PowerShell” available from NoStarch Press.

[Abstract]
==========

One of the big targets for Windows security vulnerabilities in recent years has been insecure RPC services. It's also one of the harder areas to explore due a lack of good security tooling. For this reason I wrote .NET based tooling to extract and call arbitrary local RPC services on Windows which could be used for analysis testing and fuzzing.

However, local vulnerabilities are not the only important attack surface. RPC can be used remotely over various network protocols, resulting in some interesting security vulnerabilities such as Zerologon and PetitPotam. Therefore I spent time in the past year improving the tooling to provide a wider range of protocols and features.

This presentation will describe the changes I've been making to my tooling to support new RPC protocol sequences such as TCP, SMB and Hyper-V sockets. It also has gained cross platform RPC support including NTLM and Kerberos authentication on Linux or macOS with .NET core. I'll also discuss some of the issues that I've discovered and interesting attack surfaces to look into. All the new tooling will be released prior to the conference so attendees can immediately start using them.

Mark Brand, "MTE as Tested"

[Speaker Info]
==========
Mark Brand is a software engineer on Google's Project Zero team, which aims to reduce harm caused by targeted attacks on the Internet. His current focus is on web browser security.

[Abstract]
==========

This talk will walk through the process of testing pre-production MTE hardware from a researcher's perspective. The technical results of this work have already been published (https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html), so this talk will focus on the research process, the technical setbacks encountered during the testing, and the limits of how thoroughly we can test the behaviour of modern CPUs. We'll give a brief summary of the main results, and then finish with a deep-dive into some of the limitations of MTE when used for security purposes.

MJ0011, "Navigating the Light and Darkness in the World of Vulnerabilities” (keynote)

[Speaker Info]
==========
MJ0011 is a CEO of Cyber Kunlun.

[Abstract]
==========

This talk reviews vulnerabilities based on Kunlun Lab's research insights over the past years. It examines exploited flaws and discoveries, as well as overlooked facets where problems persist.
By analyzing key challenges like comprehensive fixes and coordination, the discussion reflects on the obstacles faced and efforts made to enhance understanding of this complex domain.

Ned Williamson, "Fuzzing as Reinforcement Learning"

[Speaker Info]
==========
Ned Williamson is a security researcher at Google Project Zero. He has experience exploiting Chrome and iOS and focuses on novel and deep fuzzing techniques.

[Abstract]
==========

Traditional fuzzing techniques rely heavily on heuristic methods and code coverage, which can often lead to limitations in bug discovery. This presentation discusses the potential overlap between fuzzing and Reinforcement Learning (RL), especially in the context of recent transformer models. Using a framework that expands feedback mechanisms beyond code coverage, the talk aims to explore the possible pathways to build a more efficient bug-hunting methodology. Inspired by real-world case studies like Zenbleed, the discussion covers how an RL-guided system could better adapt to multiple feedback signals. The talk also opens a dialogue on modeling the broader landscape of bug hunting activities within an RL context, encouraging an exploration toward more adaptable and efficient security research methods.

Nikita Pupyshev, "Evolution of Safari mitigations and bypasses in 2022"

[Speaker Info]
==========
Nikita is an independent security researcher with about 4 years of experience with security research. He mostly focuses on Apple platforms, but also explore Android/Linux and embedded devices occasionally. For 2 years he was researching WebKit, though now trying himself at hacking XNU.

[Abstract]
==========

iOS 14 and 15 have seen a large number of new mitigations in Safari that were gradually bypassed. In this talk I’ll discuss various methods that could be used to bypass PAC, APRR, etc. and finally execute custom code in the JIT region and how these evolved facing changes from Apple. Additionally I’ll tell about ways to find these bypasses and their generic structure.

Ryan Sherstobitoff, "Tracking APTs through Advanced SIGINT techniques"

[Speaker Info]
==========
Ryan Sherstobitoff is the Senior Vice President, Threat Research and Intelligence where he oversees the threat research, collections, and intelligence teams. Prior to SecurityScorecard Ryan was at McAfee Corp where he led and contributed to nation state threat research and analysis. He is also the former Chief Corporate Evangelist at Panda Security, where he managed the US strategic response for new and emerging threats. Ryan is widely recognized as a security, intelligence expert throughout the country.

[Abstract]
==========

In today's rapidly evolving cyber landscape, traditional methods of threat hunting and threat intelligence are often not sufficient to keep up with sophisticated adversaries. Our talk aims to bridge this gap by focusing on passive signals intelligence (SIGINT) as a robust solution for tracking cyber actors without directly interacting with them. By adopting passive techniques, we can conduct monitoring globally and collect actionable insights while maintaining a low profile, thereby reducing the risk of alerting the adversary to our monitoring efforts.

The talk will be divided into three key parts. The first segment will provide an in-depth introduction to what passive SIGINT entails. Unlike active SIGINT, where data is obtained through direct engagement, passive SIGINT relies on 'listening' to the traffic, both incoming and outgoing. This involves monitoring data packets, DNS requests, and other network-level indicators that pass through global networks.

In the second part of the talk, we will delve into the intricacies of advanced SIGINT techniques. We will explore various cutting-edge technologies and tools that are crucial for conducting passive SIGINT operations. The audience will gain insights into a spectrum of solutions, starting with fundamental packet sniffing tools such as Wireshark, and progressing to highly sophisticated platforms that leverage machine learning algorithms for the detection and analysis of complex data patterns.

Moreover, we will examine the integration of cloud-based threat intelligence feeds into your passive SIGINT operations. These feeds play a pivotal role in enhancing your overall situational awareness and providing a more comprehensive understanding of the evolving threat landscape. By harnessing the power of cloud-based intelligence, SIGINT analysts can stay ahead of adversaries and make more informed decisions in the realm of cybersecurity.

In the third segment of our presentation, we will showcase concrete examples of real-world attacks to illustrate the practical application of passive SIGINT techniques. Our focus will be on demonstrating how advanced SIGINT methods were employed to detect and expose Advanced Persistent Threats (APTs) by analyzing global network traffic.

During this section, we will unveil valuable insights into how these threat actors manifest themselves within network environments. We will also delve into the specific methodologies we employed for tracking and identifying threat actors originating from North Korea and China. This research will shed light on the distinctive characteristics of these threat actors when viewed from a network perspective, providing a deeper understanding of their tactics, techniques, and procedures.

Seth Jenkins, "Exploiting null-derefs: Doing the impossible in the Linux kernel"

[Speaker Info]
==========
Seth Jenkins is a security researcher at Google Project Zero. He primarily focuses on Linux kernel zero-day research but has dabbled across a broad variety of architectures, operating systems, and software, finding vulnerabilities and writing exploits in many different contexts. Seth particularly enjoys innovating novel strategies for exploit development.

[Abstract]
==========

While for a fair amount of time, null-dereferences were exploitable vulnerabilities in the Linux kernel, due to the introduction of modern exploit mitigations, null-deref bugs are generally not considered a security issue in modern Linux kernel versions. This research describes an innovative exploit technique for null-deref vulnerabilities that circumvents these mitigations to gain privilege escalation.

This research involved using state-desynchronization primitives that occur when the kernel tries to recover to a safe execution state after a null-dereference has occurred. The kernel does this by killing the faulting task and throwing out the associated kernel task stack, which can result in local state-cleanup steps not being performed. In some cases, this can lead to exploitable conditions!

This presentation will step through each stage of this process, from the original bug discovery and nondescript public report, to the discovery (and consequent horror) of the exploit technique. We'll then build from this idea to a powerful primitive where an attacker-controlled process and a privileged process are made to share the same address space, allowing us to complete our privilege elevation. We will then discuss the subsequent mitigation introduced to the Linux kernel to prevent this technique, and demonstrate the exploit.

wh1tc & Zhiniang Peng, "OLE object are still dangerous today — Exploiting Microsoft Office"

[Speaker Info]
==========
@wh1tc is a security researcher at Sangfor. He has been engaged in Windows vulnerability hunting and fuzzing for 3 years . He was ranked #3 on the MSRC 2023 Q1 Security Researcher Leaderboard.

Dr. Zhiniang Peng (@edwardzpeng) is the chief architect at Sangfor. His current research areas include applied cryptography, software security and threat hunting. He has more than 10 years of experience in both offensive and defensive security and published many research in both academia and industry.

[Abstract]
==========

OLE is a mechanism that allows users to create and edit documents containing items or "objects" created by multiple applications，and Microsoft Office provides an interface to support the OLE mechanism, which allows users to easily use some OLE objects in documents, such as Sound clips, spreadsheets, and bitmaps.

While this design is user-friendly, the interface can load any CLSID, even if these objects are not intended for Office. This significantly expands the attack surface because any Windows machine will have thousands of COM objects designed to work in various scenarios.

The presence of this attack surface has been discovered as early as 2010, and there have been many zero-day vulnerabilities in the following years. With the iteration of the windows system, many new com objects appeared in win10 and win11, but are they safe?

With such questions in mind, we analyzed these COM objects and discovered 10+ new vulnerabilities, including two critical ones, which attackers could easily exploit for remote code execution in Office.

In this talk, we will share the details of these vulnerabilities and how to exploit them. Additionally, we will propose effective fixes and protective measures.

Yingjie Cao & Zhe Jing, "A roadmap to $50,000 at Pwn2Own Vehicle 2024: Dissecting QNX, and exploiting its vulnerabilities"

[Speaker Info]
==========
Yingjie Cao is a senior security researcher at 360 Security and a preparatory PhD student at the Hong Kong PolyU, focusing on connected vehicle security. His research has been accepted by both the academia and industry. He is enthusiastic about studying offensive and defensive techniques related to vehicle security.

Zhe Jing is a security researcher with expertise in both offensive and defensive security. He is particularly passionate about fuzzing and exploiting binary vulnerabilities.

[Abstract]
==========

Connected vehicles have rapidly gained popularity in the market, but this proliferation has also introduced greater risks to both passengers and traffic security. While there is a growing body of research on hacking and security vulnerabilities in individual cars, there’s been relatively limited focus on the operating systems that underpin these vehicles, despite the potential for higher impact.

In this presentation, we aim to address this gap by introducing the first fullchain exploits against QNX, one of the most widely deployed, COTS operating systems in the automotive industry. QNX is such a significant target that it has been featured in PWN2OWN Vehicle 2024. Our objective is to drive innovation within the research community by shedding light on the vulnerabilities inherent to this critical component of connected vehicles.

During this talk, we will conduct a comprehensive dissection of QNX, delving into its architecture, design, and overall security posture. By doing so, we hope to spark discussions in the security communicty and encourage a proactive approach to enhancing the security of this pivotal automotive operating system.

Yong Wang, "Simple bug but not easy exploit: Rooting Android devices in one shot"

[Speaker Info]
==========
Yong Wang(@ThomasKing2014) is a Security Engineer at Alibaba Cloud Pandora Lab. Yong currently focuses on Android/Browser vulnerability hunting and exploitation. He was a speaker at several security conferences including Black Hat(Asia, Europe, USA), HITB Amsterdam, Zer0Con, POC, CanSecWest and QPSS. Over the years, he has reported several vulnerabilities, and one of them was nominated for Pwnie Award 2019.

[Abstract]
==========

In the past few years, the kernel attack surfaces that can be accessed by untrusted applications have been significantly reduced. And nowadays it becomes more and more difficult to hunt the bugs of high quality. With more and more hardware and software mitigations, it's common to label bugs of low quality as unexploitable bugs. From my own perspective, the advanced exploitation technique can significantly improve the exploitable possibility of low-quality bugs.

In this talk, I will first analyze a low-quality bug fixed last year. Back in 2015, there's no doubt that it's exploitable. But now the mitigations can hinder the exploitation directly. To exploit the bug, I will detail the idea of partially bypassing the KASLR mitigation and introduce a practical method to predict the addresses of attacker-controlled kernel objects. Then, I will detail how to gain the arbitrary physical memory Read/Write ability in one shot. Last but not least, since the affected devices are shipped with custom mitigations, I will also detail how to bypass them and gain the root privilege.

During the presentation, I will give the exploit demos of rooting the affected Android devices. In summary, the ideas of exploitation have not been thoroughly presented in any previous talks.

Yuki Chen & Qibo Shi(k0shl) & Azure Yang, "Bug Hunting and Exploiting in Microsoft's Message Queuing (MSMQ) Components"

[Speaker Info]
==========
Yuki Chen is a security Researcher at Cyber Kunlun

Qibo Shi(k0shl) is a security Researcher at Cyber Kunlun

Azure Yang is a security Researcher at Cyber Kunlun



[Abstract]
==========

Microsoft's Message Queuing (MSMQ) is a protocol that enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. In April this year, the QUEUEJUMPER bug aroused public attension about the remote attack surfaces in MSMQ.

Over the last few months, we have conducted a research on MSMQ and have found 30+ vulneraiblities including RCE and EoP in it, in both user mode service and the kernel driver.

In this session, we'll explore the attack surfaces of Microsoft MSMQ. These remote/local attack surfaces cross multiple protocols including TCP/HTTP/MultiCast and the local kernel driver. For each attack surface we'll introduce the detailed implementation of the related module, as well as some real bugs we found in it.

We'll also introduce how we can chain multiple bugs we found to achieve remote code execution + kernel level EoP in MSMQ.

Zhaofeng Chen, "Attack Move Verifiers: Our Experiences of Exploiting and Enhancing Move-based Blockchain"

[Speaker Info]
==========
Zhaofeng Chen is a security researcher at CertiK, specializing in confidential computing, system security, and mobile security. He has delivered talks at security conferences such as Zer0Con, POC, BlackHat, and CanSecWest. He is passionate about researching offense and defense techniques, with a recent focus on Web3 infrastructure security.

[Abstract]
==========

This talk will present our experiences exploiting Move-based blockchains, such as Aptos and Sui. Move is a secure programming language that powers a new blockchain paradigm. The Move-based ecosystem is considered more secure than its predecessors, thanks to the on-chain bytecode verifiers and memory-safe VM implementations that safeguard against malformed bytecode.

However, the implementation of such security protection is not flaw-free. Through the past months, we have been rewarded over $500K bounties for discovering multiple severe vulnerabilities on the Move-based blockchains. By submitting small malformed payloads, attackers can bypass the type-safety checkers to fabricate arbitrary digital assets or make the entire network unable to process new transactions.

In this presentation, we will share three critical bugs, their root causes, and demonstrate their potential impact. Before delving into the vulnerabilities, we will first outline the benefits of Move’s built-in security features, providing examples of how they can be used in crypto and Defi applications. We will then focus on how Move implements these security protections, including using bytecode verifiers to ensure correct types and references at load and runtime. Finally, we will demonstrate the impact of the vulnerabilities on a local blockchain TestNet that potentially can cause catastrophic impacts to the systems if not fixed.

1. POC
2. 2023
3. Training

Mobile Security Masterclass: Platform Internals and InSecurity(4-days course)

[Abstract]
==========
This in-depth and immersive three-day course offers participants an opportunity to gain a deep understanding of iOS and Android platform internals, application security, and exploitation. Thecourse is fast-paced and covers a wide range of topics, including reverse engineering, exploitation techniques, vulnerability analysis, kernel internals, and mitigation strategies.
The masterclass features real-world case studies on exploits, malware, and vulnerability analysis. Participants will learn about the mobile OS security model and exploit mitigations available on these platforms. There will be an in-depth discussion and hands-on labs for ARM64 instruction set, code signing, sandboxing, inter-process communication mechanisms, and advanced techniques to bypass anti-debugging and obfuscation.
This masterclass is designed for security professionals and software engineers who wish to enhance their expertise in mobile security and acquire practical skills to assess, secure, and analyze both iOS and Android platforms.
Slides, and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course.


[Trainer Info]
==========
Prateek Gianchandani has more than 10 years of experience in security research and
penetration testing. His core focus area is mobile exploitation, reverse engineering, and embedded device security. He is also the author of the open-source vulnerable application named Damn Vulnerable iOS app. He has presented and trained at many international conferences including Defcon, POC, TyphoonCon, Blackhat USA, Brucon, Hack in Paris, Phdays, Appsec USA, etc. In his free time, he blogs at https://highaltitudehacks.com.
Twitter: https://twitter.com/prateekg147
LinkedIn: https://www.linkedin.com/in/prateekgianchandani

Dinesh’s core area of expertise is Mobile and Embedded application pen-testing and exploitation. He has spoken at conferences like Black Hat, Bsides, DefCon, BruCon, AppsecUSA, AppsecEU, HackFest and many more. He maintains an open-source intentionally vulnerable Android application named InsecureBankv2 for use by developers and security enthusiasts. He has also authored the guide to Mitigating Risk in IoT systems which covers techniques on security IoT devices and Hacking iOS Applications which covers all of the known techniques of exploiting iOS applications.
Twitter: https://twitter.com/din3zh
LinkedIn: https://www.linkedin.com/in/dineshshetty1

8ksec is a foremost cyber security research company offering exceptional training and consulting services to aid clients in enhancing their security stance. Our experts possess extensive experience in delivering specialized cybersecurity training and consulting to several commercial and defense organizations across the United States, Europe, and the Middle East and North Africa region

Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation (100% Hands-On, Extended Edition)(4-days course)

[Abstract]
==========
Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training!   

I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.

What’s more, you will also learn about data exfiltration techniques, bypassing protection mechanisms, tools used by successful bug hunters / pentesters, and a lot more more. That’s what you need to become a full-stack exploitation master. 

There is a lab exercise for each attack, vulnerability and technique presented in this training + when the training is over, you can take the complete lab environments home to hack again at your own pace. 

[Trainer Info]
==========
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB+CyberWeek (Abu Dhabi), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).

Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/subscribe-to-my-newsletter/) and follow him on LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).

1. POC
2. 2023
3. Sponsor

Sponsors

Supporting Friends