Banding in Games: A Noisy Rant
> If you use sRGB correctly, you’re doing pretty well - you will generally hardly notice banding (though dark areas remain)
> If you are not on a platform where it’s readily available, or you want to get rid of the last issues, the rest of this presentation is for you
Dithering. Lots of dithering.
Defending against transient execution attacks
> It is important to build up a systematic understanding of these attacks and possible defenses
Exploitation and state machines
Per author, Thomas Dullien / Halvar Flake:
> I know this borders on vanity and wanking, but ... re-reading my Infiltrate 2011 slides, I think that talk was probably one of my better talks. It contained many ideas in seed form that take (or took) years to flesh out properly.
Vulnerability in compiler leads to perfect stealth backdoor in software
> Formally speaking, the bug in the compiler does not take into account the
“!” (not) operator in context of equal checks.
> In the bogus environment of ml compiler, truth equation of “!” is changed.
> From the same line of code, we have a different logic result.
> Trusting the source code is now an error. The real logic is masked by the bug.
Some of the slides seem a little wonky with overwritten text, but mostly comprehensible.
The Rocky Road to TLS 1.3
Patterns of Refactoring C to Rust: The case of librsvg
> A year has passed, and now we have a team of people working on the Rustification of librsvg. I want to show you how we are doing it, and some common code patterns that have emerged.
> A major and the most significant approach to UEFI BIOS security is to prevent it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker place a rootkit into a system.
> In this talk, there were some thoughts on how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, researchers demonstrated how an adversary can compromise BIOS from the userland.
Archives of POC2018
> Denis Kolegov, Oleg Broslavsky, “WebGoat.SDWAN.Net in Depth”
> En He, Jiashui Wang “Hacking Android VoIP for Fun and Profit!”
> Gmliu, “Windows Kernel Fuzzing”
> Jaanus Kääp, “Document parsers “research” as passive income”
> Jiafeng Li, Zuotong Feng, “How to Exploit Blockchain Public Chain and Smart Contract Vulnerability”
> Jin Liu & Chong Xu, “Pwning Microsoft Edge Browser: From Memory Safety Vulnerability to Remote Code Execution”
> Kang Li, “Practical evading attacks on commercial AI image recognition services”
> Liang Chen, “Era of iOS 12 with A12: End of iOS War?”
> Lidong LI & Naijie XU, “802.11 Smart Fuzzing”
> Ned Williamson, “Exploiting Chrome IPC”
> Nikita Tarakanov, “Automating Windows Kernel Pool Overflow/Corruption Exploits Development”
> Samuel Groß, “IPC MitM: Exploiting a Fun Logic Bug for Kernel-Mode Code Execution on MacOS”
> Tielei Wang, Hao Xu, “IOService Becomes a Grandpa”
> WYP, “Vulnerability analysis of Z-wave products used in Korea”
> Yannay Livneh, “Baby I can drive your car: remotely hacking Telematics CAN-connected devices”
> Yongtao Wang, Sai Cheng, Jie Fu, “SSRF To RCE In Java ”
> Yunhai Zhang, “Diving into Windows Defender Application Guard”
Turning your BMC into a revolving door
> Baseboard Management Controller (BMC) embedded in most of HP servers for more than 10 years. Chipset directly integrated on the server’s motherboard.
There’s a computer inside your computer.
OpenBSD EuroBSDcon 2018
> Marc Espie, Advances in OpenBSD packages: https is a lie (slides)
> Kristaps Džonsons, OpenBSD and Diving (slides)
> Ingo Schwarze, Better documentation - on the web and for LibreSSL (slides, source)
> Bob Beck, Unveil in OpenBSD (slides)
> Todd Mortimer, Removing ROP Gadgets from OpenBSD (slides)
> Bob Beck, LibTLS Tutorial for TLS beginners (tutorial)
> Peter Hessler, Introduction to BGP for developers and sysadmins
Fuzzing the OpenBSD Kernel
> Fuzzing the OpenBSD kernel using the syzkaller kernel fuzzer.
> A driver for tracking kernel code coverage.
> Enabled on a per thread basis.
> The kernel program counter is tracked during syscalls made by the same thread.
> Not a strict requirement for syzkaller but improves its ability to generate interesting programs.
A Modern History of Offensive Security Research
Links in the slide notes.
Pledge, and Unveil, in OpenBSD
> Unveiling a directory unveils everything underneath it in the filesystem
More than you ever wanted to know about the JS engine most people never think about.
OpenBSD vmm/vmd Update
New guests, better hardware emulation, send and receive, etc.
The Evolution of CFI Attacks and Defenses
Learning from Failure
> It may seem odd if you’ve never worked in games, but it’s actually quite common to have to experiment to find the final technical direction. It leaves a lot of amazing stuff ‘on the side’, never released or shared. It was great to have a chance to share some of that work.
A Decade of Direct Anonymous Attestation
> From Research to Standard and Back
> Strong authentication of TPM with privacy
DAO for pentesters
> 1) Solidity hacks/vulnerabilities/attacks/features. 2) Client side attacks at DApp and ICO landing page. 3) Writeup of Parity bugs.
Exploiting hash collisions by Ange Albertini
Plus lots of fun info about file formats.