Konferenz Besucher

Schedule

Schedule
Alle nur Kuratierte nur von Assemblies nur Self-organized-Sessions
Tag 1 Tag 2 Tag 3 Tag 4
nur aufgezeichnete nur nicht aufgezeichnete
Tracks
Art & Beauty Entertainment CCC Security Science Hardware & Making Ethics, Society & Politics

 

Tag 4
11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

Saal 1
From Simulation to Tenant Takeover (en)

Vaisha Bernard

All I wanted was for Microsoft to deliver my phishing simulation. This journey took me from discovering trivial vulnerabilities in Microsoft's Attack Simulation platform, to a Chinese company to which Microsoft outsourced its support department that wanted all my access tokens. I finally ended up hijacking remote PowerShell sessions and obtaining all data from random Microsoft 365 tenants, all the while reeling in bug bounties along the way.
Ten Years of Rowhammer: A Retrospect (and Path to the Future) (en)

Daniel Gruss, Martin Heckel, Florian Adamsky

The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible memory locations by reading the contents of nearby accessible memory rows. Since its discovery in 2014, we have seen a cat-and-mouse security game with a continuous stream of new attacks and new defenses. Now, in 2024, exactly 10 years after Rowhammer was discovered, it is time to look back and reflect on the progress we have made and give an outlook on the future. Additionally, we will present an open-source framework to check if your system is vulnerable to Rowhammer.
Find My * 101 (en)

Henryk Plötz

I'll introduce the technology underlying bluetooth trackers from Apple and Google, and will describe and show what can actually be seen on the air (using a hackrf/rad1o for example). This is part demonstration of what is possible right now, part explanation of the underlying principles, and part invitation to would-be hackers to make creative use of this technology.

Saal GLITCH
Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys (en)

sather

We present Milksad, our research on a class of vulnerabilities that exposed over a billion dollars worth of cryptocurrency to anyone willing to 'crunch the numbers'. The fatal flaw? Not enough chaos. Learn how we found and disclosed issues in affected open source wallet software, brute-forced thousands of individual affected wallets on a budget, and traced over a billion US dollars worth of prior transactions through them.

Saal ZIGZAG
From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11 (en)

NiNi Chen

In the October 2023 update, Windows 11 introduced support for 11 additional compression formats, including RAR and 7z, allowing users to manage these types of files natively within File Explorer. The enhancement significantly improves convenience; however, it also introduces potential security risks. To support these various compression formats, Windows 11 utilizes the libarchive library, a well-established open-source library used across multiple operating systems like Linux, BSD, and macOS, and in major projects such as ClickHouse, Homebrew, and Osquery. The libarchive has been continuously fuzzed by Google’s OSS-Fuzz project, making it a time-tested library. However, its coverage in OSS-Fuzz has been less than ideal. In addition to the two remote code execution (RCE) vulnerabilities disclosed by Microsoft Offensive Research & Security Engineering (MORSE) in January, we have identified several vulnerabilities in libarchive through code review and fuzzing. These include a heap buffer overflow vulnerability in the RAR decompression and arbitrary file write and delete vulnerabilities due to insufficient checks of libarchive’s output on Windows. Additionally, in our presentation, we will reveal several interesting features that emerged from the integration of libarchive with Windows. And whenever vulnerabilities are discovered in widely-used libraries like libarchive, their risks often permeate every corner, making it difficult to estimate the potential hazards. Moreover, when Microsoft patches Windows, the corresponding fixes are not immediately merged into libarchive. This delay gives attackers the opportunity to exploit other projects using libarchive. For example, the vulnerabilities patched by Microsoft in January were not merged into libarchive until May, leaving countless applications exposed to risk for four months. The worst part is that the developers might not know the vulnerability details or even be aware of its existence. To illustrate this situation, we will use the vulnerabilities we reported to ClickHouse as an example to demonstrate how attackers can exploit the vulnerabilities while libarchive remains unpatched.
Archived page - Impressum/Datenschutz