Welcoming of the Guests
Matt Suiche, (Founder at Comae & OPCDE)
CrimeOps: The operational art of cybercrime
Cybercrime rewards innovative organisations. Groups can innovate at the tactical level (e.g. new or updated TTP), the strategic level (e.g. new monetisation methods), or at the operational level -- the management of resources and personnel to achieve strategic objectives.
The operational level is seldom analyzed because it is rarely visible to information security researchers. Changes in TTP are discovered quickly on the ground, and new strategies emerge by monitoring major shifts and trends. The operational glue that enables a group to execute well is almost never apparent to an outside observer.
The Grugq, (Strategor)
grugq has been analyzing and authoring content about applied security, cyber, operational, and otherwise for around 25 years. His writings range from in-depth papers on forensics and anti-forensics, to detailed analysis of events that skirt both international espionage and cyber security. grugq has been cited in The New York Times, The Washington Post, Wired (magazine), and Vice (magazine) as well as referenced at security conferences. grugq has grown a large following online and as of April 2019 had over 102k followers on Twitter and over 30k followers on Medium.
Scoop the Windows 10 pool!
Heap Overflow are a fairly common vulnerability in applications. Exploiting such vulnerabilities often rely on a deep understanding of the underlying mechanisms used to manage the heap. Windows 10 recently changed the way it managed its heap in kernel land. This presentation aims to review the recent evolution of the heap mechanisms in Windows NT Kernel and to present a new exploitation technique specific to the kernel Pool.
Corentin Bayet, Security Engineer, Synacktiv
Paul Fariello, Security Engineer, Synacktiv
Corentin BAYET is a security researcher at @Synacktiv. He previously worked on Windows Kernel heap exploitation, and is particularly interested in applicative security and low level exploitation. Recently, he started to get interested in hypervisors security, and participated to Pwn2Own 2020 targeting VMware Workstation.
Paul Fariello is a security engineer at Synacktiv. He has interest in security and low level stuff. He started in security as a developer on projects focusing on security. More recently, he worked on VM escape and presented its work in Phrack and at Infiltrate.
SMBaloo: From zero to hero - Building the first public RCE Exploit for Windows ARM64 (SMBGhost Edition)
Conference organizers asking for an abstract again! This presentation will be my journey in building the first public Windows ARM64 exploit (SMBaloo) where I took advantage of the SMBGhost bug and exploit of chompie1337 to port it, come up with new techniques and build my payloads for Windows ARM64. Code will be released on GitHub with a nice article.