Ever wanted to know what a binary looks like from the inside? Wonder no more, binary insides is all you will see in this class. We’ll go from 0 to yo there’s a bug in your application in just one day. This training is very busy, from file formats, loaders and process execution, disassemblers and debuggers, to bug hunting of the special kind. But don’t worry, we’ll arm you with all the necessary skills! The target will be x86-64 Linux ELF executables.

Ever wondered how compiler mitigations are built? Or how a sophisticated build chain attack can target a compiler to place backdoors and other miscreants? Wonder no more, this hands-on workshop shows you how to build your own compiler pass, which can any source code you build to your liking. We'll learn how source code makes its way through the different stages of a compiler into its final binary form, how compilers perform modifications and optimizations of the code, and how they translate their view of the code to a given architecture's binary representation. Students will get a glimpse how some mitigations everybody knows and loves are actually implemented in a compiler. They'll work hands on with LLVM Clang, following along theoretical chapters of the workshop, and eventually they'll implement a Clang plugin themselves to sneak a backdoor into otherwise perfectly secure code.
Prerequisites: Linux computer or virtual machine or cloud instance

This talk looks at some of the best of the worst examples of disclosing bugs to vendors. We'll go behind the scenes to show the sometimes gory details and laughable farces of bug disclosure. Finally, we'll offer some advice to those who may be on the receiving end of disclosure to help them ensure they don't end up in version 2.0 of this talk.

Increasingly threat actors are moving off of Windows endpoints and into places less visible like appliances. An analysis of CISA’s Known Exploited Vulnerabilities from 2023, and recent years, reveals that threat actors are targeting and exploiting appliances with both known vulnerabilities and 0-days of their own.

This talk covers the vulnerability research process used to discover 16 vulnerabilities across three different security appliances in the Fortinet product line. From command injection, SQLi, file reads, and more, this journey started what I dubbed the “Forti Forty”, a goal (cut short) to find 40 CVE’s in Fortinet appliances.

Attendees can expect to walk away with a general overview of how to approach reverse engineering security appliances, methodology used in reviewing large systems and code bases, and the common pitfalls that developers make in these complex systems.

In 2017, I gave a keynote at ZeroNights Moscow about the role of AI in security, both on the offensive and the defensive side. This keynote will revisit the topics of 2017, and discuss how the changing landscape of AI and security has affected and changed, and which parts remain unchanged.

The world is awash in large-language model (LLM) AI (e.g., ChatGPT) news, predictions, and of course, content (all for good and ill). This talk takes a step back from the posturing and hype to look at how these models work, and how to detect the content they produce. We will look at the fundamentals of LLM-generated text detection, compare the best in breed: GPTZero, Roberta, etc. detector with a novel detector, ZipPy.
ZipPy is a new, open-source LLM text detector (and attribution tool!) developed by Thinkst Labs that is 60-100x faster than the competition, over 1000x smaller (< 200KB), and for many types of content, more accurate. We will explain the intuition behind ZipPy, show how it works, and they types of content it struggles with. Finally we look at where LLMs can improve their stealth, and fundamental shortcomings in their designs that enable detection long-term.

Emulation and fuzzing are among the many techniques that can be used to improve cybersecurity; however, utilizing these efficiently can be tricky. This workshop will help you understanding how these powerful tools and techniques work. Using a couple of real-world use cases and practical examples, this talk will help you grasp the fundamental concepts of fuzzing and emulation along with advanced vulnerability research, providing you with the tools and skills needed to find security flaws in your software.
The workshop will showcase the QEMU Course, were we move among different architectures and harnesses. We will show famous tools such as American Fuzzy Lop (AFL) and its improved version, AFL++. You’ll learn how to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung’s Mobile Baseband software, Shannon.

Advances in embedded device security features have led to more and more researchers utilizing fault injection techniques to bypass security features and gain increased access to systems. While some open-source tools exist to perform these types of attacks, there are still many hurdles that researchers must overcome when conducting their power analysis of a device that they wish to perform a fault injection attack.

While vulnerable to voltage glitching attacks, sudden voltage drops at specific timings can cause permanent damage to devices. We will begin this talk by describing our power analysis research that led us to an RDP bypass on the STM32F4 via voltage glitching. Despite being able to bypass RDP protections with a traditional voltage glitch, the attack would occasionally permanently damage the device. As a result of this, we developed a more reliable EMFI attack.

This talk describes utilizing open-source tools to perform an EMFI attack on an STM32F4 microcontroller, allowing for a full RDP (read-out-protection) bypass via a targeted EMP. This research will release the open-source tooling used to instrument a generic 3D printer and examples of how we integrated it into the workflow utilizing the ChipWhisperer Husky and PicoEMP.

Diffing is used in reverse-engineer, to analyze two variants or versions of a same software whether its a legit executable or a malware. It is useful to transfer information from a program to another, for anti-plagiarism or for patch analysis and thus vulnerability research. While multiple diffing tools exists little has been done to perform it at scale on numerous binaries.

This workshop introduces a variety of tools to both analyze binaries by working on their representation extracted from a disassembler and also tools to automate diffing with Bindiff. All these tools have been open-sourced very recently and documentation is available at https://diffing.quarkslab.com.

Most of you have likely heard about hardware Fault Injection. Actually, it's likely some of you have experience injecting glitches into chips. However, many of you are likely still unaware of the full potential of the faults you are, sort of randomly, bringing to life. In this workshop, you will conduct a hands-on Fault Injection experiment and model your faults systemically. This understanding allows you to envision, and potentially devise, powerful Fault Injection exploits.

The Dark Wolf "Hack Our Drone" workshop provides participants the ability to learn hands-on cybersecurity testing techniques for evaluating Unmanned Autonomous Systems. The workshop includes a full Unmanned Autonomous System test target composed of a BeagleBone Blue Flight Vehicle (UAV), a Ground Control System (GCS), and a MAVLink over 802.11 WiFi Communications system. The workshop includes both instructor assistance and detailed lab manuals to guide participants through a series of tasks to discover and exploit cybersecurity weaknesses in the UAS. Tasks include firmware analysis, network service exploitation, password cracking, elevation of privilege, and UAV over-the-air hijacks. Participants are expected to bring a laptop with either Kali Linux installed or one that can boot a Kali Linux Live USB drive.

Hooking is a powerful method employed to monitor, intercept and manipulate the flow of data and control within an application. It involves injecting custom code inside a target process to alter, or enhance its functionality. Hooking plays a pivotal role in anti-game cheats, fortifying security controls, gathering valuable telemetry data, and empowering Endpoint Detection and Response (EDR) systems. This workshop delves deep into advanced hooking techniques, and provides a unique opportunity for participants to master this intricate art. Whether you're a seasoned malware researcher seeking to dissect threats or a red teamer looking to uncover defense blind spots, this workshop will equip you with the skills and knowledge needed to excel in your security endeavors.

The goal of this workshop is to teach participants how to use patch diffing techniques to analyze real-world vulnerabilities in Microsoft Windows via (CVE-2023-28308) and Android via (CVE-2022-36934). The main point of the workshop is to help researchers understand that they already have the information and tools needed to understand complex vulnerabilities. By learning to patch diff "in the dark", a researcher can progress from knowing about a vulnerability to actually understanding its root cause.