Materials — ZeroNights 2019
Materials
Speaker ReportSlidesVideo
Alex Matrosov (@matrosov) Hardware Security is Hard: how hardware boundaries define platform securityLinkLink
Juho Nurminen (@jupenur) app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patchesLinkLink
An Trinh (@_tint0) Dark sides of Java remote protocolsLinkLink
Jakub Vrana (@jakubvrana), Krzysztof Kotowicz (@kkotowicz) Trusted Types & the end of DOM XSSLinkLink
md4 CiscoASA: From Zero to ID=0LinkLink
Andrey Akimov (@e13fter) Launching feedback-driven fuzzing on TrustZone TEELinkLink
Emil Lerner Single byte write to RCE: exploiting a bug in php-fpmLinkLink
Maria Nedyak (@mariya_ns) Hacking Medical Imaging with DICOMLinkLink
Alex Kovrizhnykh (@a1exdandy) crauEmu - your IDE for code-reuse attacksLinkLink
Roman Palkin (@chicken_2007) Malign Machine Learning ModelsLinkLink
LimitedResults (@LimitedResults) Fatal Fury on ESP32: Time to release Hardware ExploitsLinkLink
Ke Liu (@klotxl404) Two Bytes to Rule Adobe Reader Twice: The Black Magic Behind the Byte Order MarkLinkLink
Jayson E. Street I PWN thee, I PWN thee not!LinkLink
Pavel Cheremushkin Opwnsource: VNC vulnerability researchLinkLink
Kai Jern Lau (@sgniwx), Nguyen Anh Quynh (@capstone_engine) qiling.io: Advanced Binary Emulation frameworkLinkLink
Cesar Cerrudo (@cesarcer), Esteban Martinez Fayo (@estemf), Matias Sequeira Practical LoRaWAN auditing and exploitationLinkLink
CiscoPangPang Cisco to Disco!LinkLink
Ilya Shaposhnikov (@drakylar) Oldschool way of hacking MicroDigital ip-cameras LinkLink

WEB VILLAGE

SpeakerReportSlides
Aleksei "GreenDog" Tiurin (@antyurin)From misconfigs to severe consequencesLink
Pavel “sorokinpf” Sorokin (@sorokinpf)GraphQL applications security testing automatizationLink
Valeriy “krevetk0” Shevchenko (@Krevetk0Valeriy)Principles in software testing and some bugs that others did not noticeLink
Alexei “SooLFaa” Morozov (@xSooLFaa)Blind SSRFLink
Ramazan "r0hack" RamazanovOperation of injections in ORM librariesLink
Sergey "BeLove" Belov (@sergeybelove)The future without passwordsLink
Paul Axe (@Paul_Axe)ZN PWN ChallengeLink
Denis “ttffdd” Rybin (@_ttffdd_)Doing AWS Zoo AuditLink
Andrei PlastunovMisusing oop in mvc frameworks. How to conveniently develop broken appsLink
Andrey Belenko(Why) We Still Fail at Cryptography in 2019Link
Igor Grachev, Evgeny SidorovImproving application security and exploitation detection with AppArmor & OsqueryLink
Andrey SkablonskyThreat hunting in сall traceLink
Andrey Abakumov, Andrew KrasichkovBlue Team's approach to discovering 'secrets' in codeLink

DEFENSIVE TRACK

SpeakerReportSlides
Andrey Belenko(Why) We Still Fail at Cryptography in 2019Link
Igor Grachev, Evgeny SidorovImproving application security and exploitation detection with AppArmor & OsqueryLink
Andrey SkablonskyThreat hunting in сall traceLink
Andrey Abakumov, Andrew KrasichkovBlue Team's approach to discovering 'secrets' in codeLink