POC 2019컨퍼런스 일정 및 발표주제

컨퍼런스 일정 공식 홈페이지 : http://www.powerofcommunity.net/speaker_main.htm

Power of Community

 

[November 7, 2019]

Main Talk	Main Track(Geomungo A+B)
08:00 - 09:00	Registration
09:00 - 09:30	Welcome & Introduction to POC2019
09:30 - 10:30	Liang Chen, "Exploiting IOSurface 0"
10:30 - 11:00	Break Time
	Track A(Geomungo A)	Track B(Geomungo B)
11:00 - 12:00	Gengming Liu & Jianyu Chen, "Chrome Exploitation"	Brian Pak,"Breaking Android Obfuscation By Applying BAOBAB"
12:00 - 13:20	Lunch
13:20 - 14:20	Zhiyang Zeng, "Safari Adventure: A Dive into Apple Browser Internals"	Kushal Arvind Shah, "Software Zero-Day Discovery - How To? Targets/Seeds? Methods - Fuzzing, Reverse-Engg, 'Neither'??"
14:30 - 15:30	Cristofaro Mune & Niek Timmers, "Using Fault Injection for Turning Data Transfers into Arbitrary Execution"	Qian Chen, "Bug Hunting in Synology NAS"
15:30 - 16:00	Break Time
16:00 - 17:00	Kang Li & Yan Zhang, "Checking Defects in Deep Learning AI Models"	Nafiez & Jaan Yeh, "Hunting Vulnerability of Antivirus product"
17:10 - 18:10	Denis Kolegov & Anton Nikolaev, "Machine learning implementation security in the wild"	Jaanus Kääp, "Attacking Hyper-V"

 

[November 8, 2019]

November 8, 2019
08:30 - 09:30	Registration
	Track A	Track B
09:30 - 10:30	Ryan Sherstobitoff, "Inside Hidden Cobra Cyber Offensive Programs"	Yongtao Wang & Yang Zhang & Kunzhe Chai, "A Whole New Perspective In SSRF: MAKE IT GREAT AGAIN AND Ignore Most Of SSRF DEFENSE SOLUTIONS THAT WE KNOWND"
10:30 - 11:00	Break Time
11:00 - 12:00	JingLi Hao & Wanqiao Zhang, "Threat From The Satellite"	Aaron Adams, "How CVE-2018-8611 can be exploited to achieve privilege escalation on Windows 10 1809 and earlier"
12:00 - 13:30	Lunch
13:30 - 14:30	Chao Zhang, "Revery: from POC to EXP"	Xpl017Elz, "KNOX Kernel Mitigation Bypasses (New Reliable Android Kernel Root Exploitation Part #2)"
14:30 - 15:00	Break Time
15:00 - 16:00	Luca Todesco, "The One Weird Trick SecureROM Hates"
16:00 - 16:30	Break Time
16:30 - 17:30	James Forshaw, "Reimplementing Local RPC in .NET"
17:30 - 18:00	Closing Ceremony
19:00 - 21:00	Dinner Party for speakers, guests, attendees, and staffs
21:00 -	Drinking Hell (Only one crazy guy can survive!)

 

---

 

[DAY 2]

 

Ryan Sherstobitoff, "Inside Hidden Cobra Cyber Offensive Programs"

 

[Speaker Info]

==========

Ryan Sherstobitoff is a Senior Analyst for Major Campaigns – Advanced Threat Research in McAfee.

Ryan specializes in threat intelligence in the Asia Pacific Region where he conducts cutting edge research into new adversarial techniques and adapts those to better monitor the threat landscape. He formerly was the Chief Corporate Evangelist at Panda Security, where he managed the US strategic response for new and emerging threats. Ryan is widely recognized as a security & cloud computing expert throughout the country.

 

[Abstract]

==========

In 2018 McAfee ATR began to re-focus on identifying and tracking the operations attributed to Hidden Cobra / Lazarus group in an effort to better understand and reveal activity never seen before. In this talk we will present research conducted by McAfee Advanced Threat Research into the threat actor known as Hidden Cobra and the various operations targeting different sectors over the years.

 

The actor known as Hidden Cobra is thought to have been linked to the North Korean intelligence services and has been involved in numerous operations dating back to 2007. Over the course of 2018, McAfee ATR discovered several major campaigns linked to Hidden Cobra using complex and hidden implants aimed at gathering intelligence on targeted victims, disrupting their operations and generating hard currency for the regime through fraud operations. This talk will take a deep dive look into the techniques, tactics and procedures of Hidden Cobra as well as the developments in this actor’s complex toolkit including several new implant frameworks. This talk goes into detail about McAfee ATR’s various investigations into Hidden Cobra and what we have learned as a result of our investigations. We will also discuss the various partnerships with International law enforcement in our efforts to uncover backend systems used by this actor. Thus, we will discuss the behind the scenes of Operation Sharpshooter case that took us from the Rising Sun implant to the exposure of the backend C2 server.

 

---

 

Yongtao Wang & Yang Zhang & Kunzhe Chai, "A Whole New Perspective In SSRF: MAKE IT GREAT AGAIN AND Ignore Most Of SSRF DEFENSE SOLUTIONS THAT WE KNOWND"

 

[Speaker Info]

==========

Yongtao Wang(@by_Sanr) is Leader of Red Team at BCM Social Corp.He has profound experience in wireless security and penetration testing, and His research interests include Active Directory、Threat hunting.He shares research achievements at China Internet Security Conference (ISC), Blackhat, Codeblue, POC, CanSecWest, HackInTheBox etc.

Yang Zhang(izy) is a security researcher in BCM Social Corp, with rich experience in application security and penetration testing, leader of Back2Zero Team and core member of XDSEC Team. Currently focusing on the security research of application security, cloud security, blockchain security. International renowned security conference speaker.

Kunzhe Chai (Anthony) is a Chief Information Security Officer at BCM Social Corp, Founder of PegasusTeam and author of the well-known security tool MDK4. He is the maker of China's first Wireless Security Defense Product Standard and he also is the world's first inventor of Fake Base Stations defense technology, He leads his team to share the research results at HackInTheBox(HITB), BlackHat, DEFCON, Cansecwest, CodeBlue, POC, etc. Follow him on Twitter at @swe3per

 

[Abstract]

==========

 

In this presentation, we will start with some traditional SSRF attack chains before introducing our research. After that, we will exhibit a new attack surface and demonstrate it how to ignore SSRF protections, even results in RCE(Remote Command Execution). In the end, we will also disclose a number of vulnerabilities that existed in prevalent programming languages and fundamental libraries, and describe them in real-world attack scenarios which have never been noticed.

 

---

 

JingLi Hao & Wanqiao Zhang, "Threat From The Satellite"

 

[Speaker Info]

==========

JingLi Hao is from 360 Company ,a member of 360 Unicorn Team and researcher of 360 Security Research Institute,a satellite hacker from China,spacker of the HITB 2019 and MOSEC 2019.

Wanqiao Zhang is a member of 360 security institute and UnicornTeam. She is focusing on the security research of Communication, Radio of Civil Aviation, Satellite Communication etc.Speaker of DEFCON, POC, RUXCON, MOSEC.

 

[Abstract]

==========

 

In the current global satellite communication field, the main components of satellite communication are transponders. The types of transponders are used in different communication systems. Due to the preciousness and insufficiency of the power on the satellites, the devices traditionally used on the ground cannot be completed. The application to the satellite, and due to certain characteristics of the satellite, such as the failure to change the hardware equipment after the launch,the traditional system maintenance can not meet the needs of satellite communications.

Therefore, the satellite transponder contains a large number of "pent-pipe" payload that have been left to date and are being manufactured. This type of load has been widely used in satellite systems. This topic will discuss the principles and defects of this load, including this. Some technical parameters and frequency information commonly used in class load, for this load, the attacker can easily achieve interference, forgery, eavesdropping and other attack means for satellite communication, posing a great threat to the communication data.

At the same time, as a necessary device for satellite communications: modems, after research found that some of the world's most widely used brands - Comtech's modem, there are loopholes in the device's remote control function, which will allow illegal users to falsify control information The normal satellite communication link is shutdown.

This issue will show the attack video of this attack and the effect on data forgery. This vulnerability was first disclosed in a meeting.And this vulnerability does not only exist in the combech brand.

 

---

 

Aaron Adams, "How CVE-2018-8611 can be exploited to achieve privilege escalation on Windows 10 1809 and earlier."

 

[Speaker Info]

==========

Aaron Adams(@fidgetingbits) is a security researcher in NCC Group's Exploit Development Group. He has been working with computer security for over 15 years, over that time working on vulnerability and malware analysis, code auditing, reverse engineering, and exploitation. Since joining NCC Group he has published some research on exploiting public vulnerabilities in the Windows kernel, Samba, Xen, Cisco ASA, etc..

 

 

[Abstract]

==========

 

This talk will discuss how CVE-2018-8611 can be exploited to achieve privilege escalation on Windows 10 1809 and earlier. This research was done without getting a chance to analyze the in-the-wild 0day exploit that lead to the bug being patched by Microsoft, but rather by patch diffing and following some minimal public information as a starting point.

 

This presentation will go through the following:

- Windows Kernel Transaction Manager (KTM) internals

- Analyzing and winning the CVE-2018-8611 race condition vulnerability

- Abusing a fairly restrictive while loop to build a limited write primitive

- Building an arbitrary read primitive

- Escalating privileges and escaping the loop

 

CVE-2018-8611 :  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8611

참고 링크 :  https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/

 

---

 

Chao Zhang, "Revery: from POC to EXP"

 

[Speaker Info]

==========

Dr. Chao Zhang is an Associate Professor at Tsinghua University. He was a member of the CTF team Blue-Lotus and now the coach. His research interest lies in system and software security, especially in vulnerability analysis. His automated vulnerability detection solutions have found over 200 CVE vulnerabilities. He co-led a team CodeJitsu from UC Berkeley and built an automated system Glactica which did excellently in the Cyber Grand Challenge launched by DARPA.

 

[Abstract]

==========

 

Vulnerability assessment, especially exploitability assessment, is important for both defenders and attackers. Automated exploit generation (AEG) is an important way to assess the exploitability of vulnerabilities. However, AEG is an open challenge. In some cases, the given proof-of-concept (PoC) input, which triggers the vulnerability, could exercise a crashing path but could not enter an exploitable program state. In this talk the speaker will introduce a solution Revery to this specific challenge.

 

---

 

Xpl017Elz, "KNOX Kernel Mitigation Bypasses (New Reliable Android Kernel Root Exploitation Part #2)"

 

[Speaker Info]

==========

Xpl017Elz

- Co-founder / CEO / SecuriON

- Co-founder / CTO / Head of INetCop Security smart platform lab

- Ph.D. Chonnam National University Graduate School of Information Security

 

 

[Abstract]

==========

 

Introduces Samsung KNOX protection technology, a representative security technology in the hypervisor environment of Android devices, and demonstrates an attack that bypasses kernel protection (or mitigation) technology.

 

- Linux kernel-based attack and protection, protection bypass technique trends

- Hypervisor-based linux kernel protection and bypass technique trends

- Demonstrated the case of Samsung KNOX (2.x ~ 3.2) bypass attack

- KASLR / PXN / RKP / JOPP / EPV Bypass attack

 

---

 

Luca Todesco, "The One Weird Trick SecureROM Hates"

 

[Speaker Info]

==========

Luca Todesco(@qwertyoruiop) has spent the past 4 years doing iOS-focused independent security research, and has been passionate about iOS for a decade. As a result, he has contributed to several public and private jailbreaks for iOS and PlayStation 4, and continues to research to this day.

 

[Abstract]

==========

The hacker(@axi0mX) recently released a SecureROM bug dubbed Checkm8 affecting hundreds of millions of devices. Due to the nature of SecureROM, this is effectively unpatchable. In this talk we will analyze the root cause of the vulnerability and exploit techniques used, plus a brief overview of the work needed in order to turn it into a jailbreak for any iOS version on affected devices.

 

---

 

James Forshaw, "Reimplementing Local RPC in .NET"

 

[Speaker Info]

==========

James Forshaw is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

 

[Abstract]

==========

 

Finding privilege escalation in local Windows RPC servers is the new hotness. Unfortunately the standard Microsoft tooling only generates code for C/C++ which presents a problem for anyone wanting to write proof-of-concepts in a .NET language such as C# or PowerShell.

This presentation will go through the various tasks I undertook to implement a working including:

- Assessing the best approaches to implementing an RPC client in .NET.

- Reverse engineering the APIs to identify the low-level ALPC implementation.

- Implementing NDR parsing and serialization.

- PowerShell Integration.

The presentation will finish up with some details one of the bugs I discovered with the new tooling. The tooling itself will be available to all.