HITBSecConf 2019 May 6, 2019 to May 10, 2019, Amsterdam, Netherlands

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Beginning Is The End: Ten Years In The NL Box Dhillon ‘l33tdawg’ Kannabhiran Time flies when you’re having fun! It flies even faster when you’re having fun with ...
Make ARM Shellcode Great Again Saumil Udayan Shah Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ...
Hourglass Fuzz: A Quick Bug Hunting Method Moony Li , Lilang Wu , Todd Han , Lance Jiang As we all know, the Android operating system has a huge market reach and is ...
Now You See It: TOCTOU Attacks Against Secure Boot and BootGuard Trammell Bosch BootGuard’s Verified Boot mode on modern Intel CPUs is the core root of trust and ...
Hidden Agendas: Bypassing GSMA Recommendations on SS7 Networks Kirill Puzankov For years SS7 security has been in the focus of security researchers and the media. ...
HAXPO: Hacking the 0day Market Andrea Zapparoli Manzoni The 0day vulnerability market developed in a way that is unsafe, chaotic and rather inefficient ...
HAXPO: WiCy: Monitoring 802.11AC Networks at Scale Vivek Ramachandran 802.11ac networks bring in significant monitoring complexities with features such as multi-user MIMO, advanced beamforming, ...
mbuf-oflow: Finding Vulnerabilities in iOS/MacOS Networking Code Kevin Backhouse By its nature, networking code is both complex and security critical. Any data received from ...
fn_fuzzy: Fast Multiple Binary Diffing Triage with IDA Takahiro Haruyama IDA Pro is the de facto disassembler for malware reverse engineers. The program saves their ...
HITB LAB: i.MX Memory Madness: How to Dump, Parse, and Analyze i.MX Flash Memory Chips Damien "virtualabs" Cauquil NXP i.MX architecture offers a great platform for embedded systems, and is usually found in ...
HAXPO: This is a Public Service Announcement: Hacking LTE Public Warning Systems Weiguang Li Public warning system (PWS) based on mobile communication system is used to alert the public ...
HAXPO: V1 Bounty: Building an International Coordinated Bug Disclosure Bridge for the European Union Benjamin kunz The lecture deals with the networking and general structure of a newly formed international bug ...
The Birdman: Hacking Cospas-Sarsat Satellites Hao Jingli With the demands of ubiquitous global connectivity, satellite-based communication has been the only valid method ...
GDALR: Duplicating Black Box Machine Learning Models Rewanth Joshi The trained Machine learning models are core components of proprietary products. Business models are entirely ...
HITB LAB: Overcoming Fear: Reversing with Radare2 Arnau Gamez Montolio The well-known free and open source reverse engineering framework radare2 is becoming more popular among ...
HAXPO: Social Networks: Can We Fix Them? Joel Hernandez Online mass mobbing, fake news, depression, anxiety… How did social networks get there? A quick ...
HAXPO: Ghost Tunnel 2.0: Blue Ghost Yongtao Wang GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. ...
Modern Techniques to Deobfuscate UEFI/BIOS Malware and Virtualized Packers Alexandre Borges Modern advanced malware samples are used to infect countries and they make part of the ...
Fresh Apples: Researching New Attack Interfaces on iOS and OSX Lilang Li The more you know about your enemy, then the more probability you have of defeating ...
HAXPO: Hiding a Secret Distributed Chat System Inside 802.11 Management Frames Yago Hansen The talk demonstrates how to deliver a distributed chat system that creates a way for ...
HAXPO: VoLTE Phreaking Ralph Monnen Voice over 4G, or VoLTE, brings back the phreaking 80’s. Once again, after 3 decades, ...
Content Security Policy: A Successful Mess Between Hardening and Mitigation Lukas Spagnuolo In this talk, we distill our multi-year experience fighting XSS at Google with nonce-based Content ...
For the Win: The Art of the Windows Kernel Fuzzing Guangming Liu Over the year, the Windows kernel has been enhanced through a variety of kernel security ...
HAXPO: How to Query and Visualize Almost Anything, Anywhere with Apache Drill Charles Givre One of the most challenging problems in analyzing security data is that it can come ...
SeasCoASA: Exploiting a Small Leak in a Great Ship Kaiyi Tang Cisco ASA is one of the most widely used firewall/VPN solutions for small to medium ...
H(ack)DMI: Pwning HDMI for Fun and Profit Jeonghoon Moon HDMI (High-Definition Multimedia Interface) is a proprietary audio/video interface for transmitting uncompressed video data and ...
HAXPO: A Decade of Infosec Tools Thomas Debize The information security domain, now infamously called cybersecurity, is constantly evolving and has quite changed ...
HAXPO: Infrared: Old Threat Meets New Devices Wang Bo The infrared remote control had been once widely used before Bluetooth kicks in. There are ...
Pwning Centrally-Controlled Smart Homes: It’s a Gas Sanghyun Cho Smart homes are very popular in South Korea where the internet is well developed. There ...
Automated Discovery of Logical Privilege Escalation Bugs in Windows 10 Wenxu Qin Services have always been an important component of Windows 10. In recent years, there have ...
KEYNOTE 2: Securing Journalists Runa a. Sandvik In this keynote, Runa will discuss elements of the program and lessons learned while building ...
Compiler Bugs and Bug Compilers Marion Marschalek You wouldn’t think how many bugs one -accidentally- places into binaries, digging around in a ...
Deep Confusables: Improving Unicode Encoding Attacks with Deep Learning Alfonso Muñoz , Miguel Hernández Boza , José Ignacio Escribano In this talk we use deep learning and transfer learning to improve attacks based on ...
HAXPO: Hey Attacker! I Can See You! Ross ‘shodan’ Bevington How do you cope when you’re being attacked thousands of times per second? How do ...
HAXPO: Rise of the WarPi Kevin Mcpeake Kevin McPeake is an international champion among WarRoamers, currently ranking the second most successful Individual ...
Muraena: The Unexpected Phish Michele Trotta Two-factor authentication is considered “the solution” to prevent phishing.In reality, only Universal Two-factor (U2F) is ...
Reversing Cryptographic Primitives Using Quantum Computing Renaud Lifchitz In the last year there were several advances in practical quantum computing: now there are ...
HAXPO: Attacking Encrypted VOIP Protocols Ivica Stipovic More and more of classic voice,video,messaging and phone communication is moving nowadays into the IP-based ...
HAXPO: PatrOwl – The Red Flavour of SOC Automation and Orchestration Nicolas Mattiocco A company, regardless of its size and market power, may go out of business or ...
Hacking Jenkins Orange Tsai Jenkins as a well-known CI/CD server, is the most popular and widely used CI/CD application ...
Binder: The Bridge to Root Hongli Zhou Binder is one of the key components of the Android system. Last year, we researched ...
HAXPO: Implementation and Evaluation of Secure and Scalable Anomaly-Based Network Intrusion Detection Philipp Mieden Corporate communication networks are frequently attacked with sophisticated and previously unseen malware or insider threats, ...
HAXPO: RF Exploitation: Demystifying IoT/OT Hacks with SDR Harshit Mehta What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks ...
Sneaking Past Device Guard Philip Tsukerman Device Guard (or WDAC) Is an application whitelisting feature on Windows 10 systems that allows ...
ModJack: Hijacking The MacOS Kernel Zhi Zhou When talking about kernel exploits, most of the known attack techniques are related to memory ...
HAXPO: Reverse Engineering Custom ASICs by Exploiting Potential Supply-Chain Leaks Thomas Weber Many industry specific solutions in the field of SCADA consist of unknown custom chips without ...
HAXPO: I Own Your Building (Management System) Gjoko Krstic Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments ...
Hey Operator, Where’s Your Crane? Attacking Industrial Remote Controllers Marco Maggi Radio-frequency (RF) remote controllers are widely used in multiple industrial applications like manufacturing, construction and ...
Panic on the Streets of Amsterdam: PanicXNU 3.0 Juwei Lu Modern fuzzing techniques including code coverage driven, syntax description, passive and active combination and so ...
Exploit Development for Java Serialization Jameel Nabbo This session will present an 0day custom exploit in a simple application deployed in Apache ...
CLOSING KEYNOTE: The Beginning of the End? A Return to the Abyss for a Quick Look Richard Thieme Beware lest staring into the abyss turns into the abyss staring into you, Nietzsche warned. ...