At the beginning of 2018, two severe attacks, called Meltdown and Spectre, have been published. These attacks exploit that the CPU either lazily enforces exceptions or speculates on the outcome of branch predictions or data dependencies. While the results of those computations are never made visible on the architectural level, secret data can still leak on the microarchitectural level and be observed by an attacker.

Since then, many different versions of these attacks have been found by various research teams around the world, e.g., Spectre Variant 1, Spectre Variant 2, Variant 4, Meltdown, Foreshadow, Foreshadow-NG, LazyFP. Due to the confusing naming scheme and the large amounts of papers and articles published, it has quickly become difficult to differentiate them all. Additionally, researchers, as well as companies, have proposed various countermeasures to mitigate these attacks, making it even more confusing and difficult to keep a clear overview of the current state.

Many of the proposed mitigation techniques involve substantial overhead, basically reducing the processing power of modern CPUs. With all these defences, one question remains: Do they actually work or are they just reducing the performance of our CPUs? Did the operating system implement them correctly? Is everything fixed now or are there even more variants that have so far been overlooked?

In this talk, we will discuss all existing variants and introduce a newer, easier to understand naming scheme based on the microarchitectural element the attacks exploit. We will discuss all mitigation techniques proposed so far and classify them based on how they attempt to stop leakage. We will also discuss which of those mitigations work in practice and which ones we were able to circumvent with our experiments. We will present new variants of Meltdown and Spectre attacks that have not been published so far and which we were able to discover due to our systematisation.

Modern browsers are complicated systems. They enforce numerous security mechanisms to ensure isolation between sites, facilitate web security protections and preventing untrusted remote content to compromise the security of the host. When working with Electron (https://electronjs.org/), things get even more complicated. 

The good news is that building secure Electron-based desktop applications is possible. Despite popular belief, the average Electron-based app is more secure than the average web application. The framework itself is getting better, secure-by-default settings are slowly becoming the norm and the dev community is gradually learning all common pitfalls.

It's time to shift gears. In this presentation, we will discuss a relatively unexplored class of vulnerabilities that can turn a boring XSS into RCE. Even without a framework bug (e.g. nodeIntegration bypass), BrowserWindow preload introduces a new interesting attack surface to Electron-based applications. 

Abusing Electron's internal IPC, loggers and other application components we will show how we can turn a Cross-Site Scripting vulnerability into a reliable exploitation mechanism to fully compromise popular desktop applications.

In this talk we will explore a wide range of novel techniques that abuse Microsoft Office features for offensive purposes. We will disclose details on new Word and Excel vulnerabilities, release attack vectors that Microsoft deemed features and demonstrate the security impact of the architectural design of the MS Office suite. A journey down the rabbit hole with offensive surprises ahead.

In previous research, we have already demonstrated that abusing legacy functionality (such as a macro language that pre-dates VBA) bypasses many existing security controls. In this talk we will go even further and share our most recent findings and insights into unexplored legacy functionality in the MS Office suite that can be abused in all stages of an attack. 

Amongst others, we will demonstrate how to abuse Word documents for stealing sensitive information from systems, how to create phishing documents for credential harvesting without a macro payload, how to bypass the most recent security features in MS Office (AMSI for VBA, ASR) and much more.

Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ARM processors. It allows a rogue process to read the kernel data in CPU L1-d cache, even when it is not authorized to do so. Until now, the only effective mitigation approach was to isolate kernel memory from user-mode processes. This solution has different names on different platforms: Kernel Page-Table Isolation (KPTI) on Linux, Kernel Virtual Address (KVA) Shadow on Windows, and Double Map (DM) on OS X. 

In this talk, however, we will prove the illusion that the strong isolation of KPTI has perfectly defeated Meltdown to be incorrect. First, we propose Variant V3r to demonstrate that Meltdown can be improved to be more powerful and reliable than what people originally thought. Variant V3r significantly increases the reliability for a rogue process to read any kernel data (not necessary in L1-d cache) on multiple platforms. Next, we further propose an even more powerful attack, Variant V3z, that allows a rogue process to bypass KPTI/KVA/DM and reliably read any kernel data. To the best of our knowledge, V3z is the first Meltdown variant that is able to defeat KPTI/KVA/DM.

To demonstrate the reliability, efficiency, and effectiveness of these two new variants, we will show demos that unprivileged processes can reliably leak secrets from anywhere in the kernel space, even in the presence of KALSR. 

Finally, we will offer suggestions to mitigate our proposed threats, and we call for more and more parties to join in this effort to improve the security of processors and operating systems.

Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ARM processors. It allows a rogue process to read the kernel data in CPU L1-d cache, even when it is not authorized to do so. Until now, the only effective mitigation approach was to isolate kernel memory from user-mode processes. This solution has different names on different platforms: Kernel Page-Table Isolation (KPTI) on Linux, Kernel Virtual Address (KVA) Shadow on Windows, and Double Map (DM) on OS X. 

In this talk, however, we will prove the illusion that the strong isolation of KPTI has perfectly defeated Meltdown to be incorrect. First, we propose Variant V3r to demonstrate that Meltdown can be improved to be more powerful and reliable than what people originally thought. Variant V3r significantly increases the reliability for a rogue process to read any kernel data (not necessary in L1-d cache) on multiple platforms. Next, we further propose an even more powerful attack, Variant V3z, that allows a rogue process to bypass KPTI/KVA/DM and reliably read any kernel data. To the best of our knowledge, V3z is the first Meltdown variant that is able to defeat KPTI/KVA/DM.

To demonstrate the reliability, efficiency, and effectiveness of these two new variants, we will show demos that unprivileged processes can reliably leak secrets from anywhere in the kernel space, even in the presence of KALSR. 

Finally, we will offer suggestions to mitigate our proposed threats, and we call for more and more parties to join in this effort to improve the security of processors and operating systems.

Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any software vulnerability. To mitigate such an attack, numerous software-only countermeasures have been proposed.

In this talk, we will present a novel exploit that is able to effectively break the most advanced rowhammer defense. The exploit allows an unprivileged user application to gain both root and kernel privileges. Further, the exploit is stealthier and more efficient compared to existing rowhammer exploits.

To demonstrate the effectiveness of the exploit, we will show live demos of two successful attacks on a real system. One is to gain the root privilege and the other is to gain the kernel privilege. 

Finally, we offer possible mitigations against our proposed exploit, and call for more parties to join in this effort to enhance the system security.

CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! 

This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience!

Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ARM processors. It allows a rogue process to read the kernel data in CPU L1-d cache, even when it is not authorized to do so. Until now, the only effective mitigation approach was to isolate kernel memory from user-mode processes. This solution has different names on different platforms: Kernel Page-Table Isolation (KPTI) on Linux, Kernel Virtual Address (KVA) Shadow on Windows, and Double Map (DM) on OS X. 

In this talk, however, we will prove the illusion that the strong isolation of KPTI has perfectly defeated Meltdown to be incorrect. First, we propose Variant V3r to demonstrate that Meltdown can be improved to be more powerful and reliable than what people originally thought. Variant V3r significantly increases the reliability for a rogue process to read any kernel data (not necessary in L1-d cache) on multiple platforms. Next, we further propose an even more powerful attack, Variant V3z, that allows a rogue process to bypass KPTI/KVA/DM and reliably read any kernel data. To the best of our knowledge, V3z is the first Meltdown variant that is able to defeat KPTI/KVA/DM.

To demonstrate the reliability, efficiency, and effectiveness of these two new variants, we will show demos that unprivileged processes can reliably leak secrets from anywhere in the kernel space, even in the presence of KALSR. 

Finally, we will offer suggestions to mitigate our proposed threats, and we call for more and more parties to join in this effort to improve the security of processors and operating systems.

Fuzzing has started to gain more recognition over the past years. The basic concept behind it is passing random, or otherwise procedurally generated data as input to the tested software. Multiple fuzzers emerged, including American Fuzzy Lop and syzkaller, which have an impressive number of bugs discovered. They employ more and more sophisticated techniques to test software in increasingly efficient ways. However, their applicability in fuzzing targets requiring highly structured yet arbitrarily nuanced input data, such as interpreters, is questionable.

At the same time, an interpreter's input is often untrusted. This, coupled with their widespread usage in web browsers, server-side applications and mobile or low-power IoT devices, makes them a high priority target for security research, especially considering their large codebases and high complexity.

In this research, we evaluate state of the art approaches to finding vulnerabilities in modern interpreters and introduce the concept of synthesizing code given arbitrary input data. For this purpose, we assume that the input is a certain serialization of an abstract syntax tree of a program code, which we deserialize and emit in a form expected by the interpreter and pass it for execution. We will discuss our implementation of this idea in a project which we called Fluff, and describe its integration with AFL - an open-source fuzzer.

Although the design behind Fluff is generic and can be applied to any programming language, our research was focused on testing JavaScript interpreters. We will discuss issues discovered by Fluff - to date, it has been able to identify over 25 issues (of which 5 could result in execution of arbitrary code, and 17 cause DoS) across 5 different execution engines. Finally, we will discuss limitations and possible extensions of this approach. We will also present ideas for further research in this field.

The complexity of x86-based systems has become so great that not even specialists can know everything. The recently discovered Meltdown/Spectre vulnerabilities, as well as numerous issues in Intel Management Engine, underscore the platform's mindboggling intricacies. So, the chips manufacturer has to actively use of various means for manufacturing verification and post-silicon debugging.

We found that modern Platform Controller Hub (PCH) and CPU contain a full-fledged logic signal analyzer, which allows monitoring the state of internal lines and buses in real time—a gold mine for researchers. A vulnerability previously discovered by us, INTEL-SA-00086, enabled studying this technology, which is called Intel Visualization of Internal Signals Architecture (VISA). We believe it is used for manufacturing line verification of chips. With an enormous number of settings, VISA allows for the creating of custom rules for capturing and analyzing signals. VISA documentation is subject to an NDA and not available to ordinary users. However, we will show how, with the help of publicly available methods, one can access all the might of this technology WITHOUT ANY HARDWARE MODIFICATIONS on publicly available motherboards.

With VISA, we succeeded in partially reconstructing the internal architecture of PCH and, within the chip, discovered dozens of devices that are invisible to the user yet are able to access certain critical data. In our talk, we will demonstrate how to read signals from PCH internal buses (for example, IOSF Primary and Side Band buses and Intel ME Front Side Bus) and other security-sensitive internal devices.

This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which, when combined, compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions. Joint work with Pedro Y. S. Barbosa, Thiago N. C. Cardoso, Caio Lüders and Paulo Matias.

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same-Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.

In this presentation, we elaborate on our study in which we evaluated the effectiveness of these defense mechanisms by creating a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identified several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were analyzed. We find that even built-in protection mechanisms can be circumvented by the multiple novel techniques we discovered. Furthermore, our results show that for every anti-tracking or ad-blocking browser extension, there exists at least one technique to bypass its defenses. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.

The complexity of x86-based systems has become so great that not even specialists can know everything. The recently discovered Meltdown/Spectre vulnerabilities, as well as numerous issues in Intel Management Engine, underscore the platform's mindboggling intricacies. So, the chips manufacturer has to actively use of various means for manufacturing verification and post-silicon debugging.

We found that modern Platform Controller Hub (PCH) and CPU contain a full-fledged logic signal analyzer, which allows monitoring the state of internal lines and buses in real time—a gold mine for researchers. A vulnerability previously discovered by us, INTEL-SA-00086, enabled studying this technology, which is called Intel Visualization of Internal Signals Architecture (VISA). We believe it is used for manufacturing line verification of chips. With an enormous number of settings, VISA allows for the creating of custom rules for capturing and analyzing signals. VISA documentation is subject to an NDA and not available to ordinary users. However, we will show how, with the help of publicly available methods, one can access all the might of this technology WITHOUT ANY HARDWARE MODIFICATIONS on publicly available motherboards.

With VISA, we succeeded in partially reconstructing the internal architecture of PCH and, within the chip, discovered dozens of devices that are invisible to the user yet are able to access certain critical data. In our talk, we will demonstrate how to read signals from PCH internal buses (for example, IOSF Primary and Side Band buses and Intel ME Front Side Bus) and other security-sensitive internal devices.

Trusted Platform Module (TPM) is a tamper-resistant device and designed to provide hardware-based security functions. A TPM chip has a random number generator, non-volatile storage, encryption/decryption modules, and Platform Configuration Registers (PCRs), which can be utilized for various security applications such as BitLocker, DM-Crypt, Trusted Boot (tboot), and Open Cloud Integrity Technology (Open CIT).

TPM has been widely deployed in commodity devices to provide a strong foundation for building trusted platforms, especially in devices used in enterprise and government systems. Because TPM is the critical point in the trusted platform, many researchers have tried to find vulnerabilities in the TPM and concluded that it is hard to break it without physical access. However, this is not true anymore. 

In this talk, we present two vulnerabilities, CVE-2017-16837 and CVE-2018-6622. The vulnerabilities we found can subvert the TPM with Advanced Configuration and Power Interface (ACPI). ACPI in PCs, laptops, and servers provide six sleeping states (S0-S5) for reducing power consumption. When the system enters the sleeping state, CPU, device, and RAM are powered off. Since the system powers the components off including security devices, the system should reinitialize them while waking up and this could be the attack surface. We found vulnerabilities on this attack surface without physical access. 

To mitigate the vulnerabilities, we also present countermeasures and a new tool, "Napper," to check the vulnerabilities of the TPM. Napper is a bootable USB device based-on Linux, and it has a custom kernel and a vulnerability checking software. When you boot a system with the Napper, it makes your system to take a nap to check the vulnerabilities and to report the result to you.

In this talk we will explore a wide range of novel techniques that abuse Microsoft Office features for offensive purposes. We will disclose details on new Word and Excel vulnerabilities, release attack vectors that Microsoft deemed features and demonstrate the security impact of the architectural design of the MS Office suite. A journey down the rabbit hole with offensive surprises ahead.

In previous research, we have already demonstrated that abusing legacy functionality (such as a macro language that pre-dates VBA) bypasses many existing security controls. In this talk we will go even further and share our most recent findings and insights into unexplored legacy functionality in the MS Office suite that can be abused in all stages of an attack. 

Amongst others, we will demonstrate how to abuse Word documents for stealing sensitive information from systems, how to create phishing documents for credential harvesting without a macro payload, how to bypass the most recent security features in MS Office (AMSI for VBA, ASR) and much more.

The traditional voice phishing we know is that an attacker makes a call to the victim and then commits fraud by way of social engineering techniques. However, these days, there are very few users who are deceived by such an obvious attack. But what happens if attackers intercept the call when we make a call to the primary number of a government agency or financial company? We will trust the other party because we made a call ourselves.

We discovered malicious apps with the feature to intercept outgoing calls last year, but we didn't have a live malicious app distribution server because the server was already closed when we received victim reports. After a few months, we received a report immediately from a victim, and we finally had a live malware distribution server. We were able to check which port on the server was open, and we were able to get the webpage source code as well. We made a real-time malicious app automation collection script based on the strings of webpage source code discovered from the first distribution server. We have been able to find malicious app distribution servers and variant malicious apps.

After we found the first a live distribution servers, we collected about 3,000 apps from distribution servers. The C&C server address was hard-coded inside of malicious apps, and it could be easily extracted. The C&C server is web-based.

We analyzed the C&C server and stumbled across a file containing the account information needed to access the server. It was able to acquire the privileges of the Windows server administrator of the distribution server and the DB administrator of the C&C server through the account information. We got a lot of information through the RDP connection to the server. In particular, we confirmed that the attacker is using PPPoE to connect to the Internet, which led us to find that the geographical location of the server is located in China (Taiwan).

One of the most fascinating discoveries occurred after we installed a malicious app on a test phone, and we made a call to a real attacker. The man received the call, and he was fluent in Korean. He asked me to make a call tomorrow morning again because his work hours are over. (In Korea banking business time is from 9 AM to 4 PM. When I called him, it was after 4 PM.)

In this talk, we will disclose the findings of the actual voice phishing criminal traces over the last few months as I said above.

CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! 

This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience!

CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! 

This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience!

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

The number of cyber attacks is undoubtedly on the rise targeting government, military, public and private sectors. Most of these cyber attacks make use of malicious programs (Malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use various techniques to execute their malicious code and to remain undetected from the security products. With adversaries becoming sophisticated and carrying out advanced malware attacks, it is critical for the cybersecurity professionals to detect and respond to such intrusions. This presentation mainly focuses on the practical concept of memory forensics and shows how to use memory forensics to detect, investigate and understand the capabilities of malicious software. In addition to that, with the help of various demonstrations, the presentation also covers various tricks and techniques used by the malware including some of the stealth and evasive capabilities.

Keeping members of a community in sync is a resource-consuming task. For example, many security researchers have to spend the whole day on IMs in order not to miss a single threat.

As a former creator of an open source community, I have also been working in the infosec community for several years and have learned some effective approaches from open source communities.

During the operation of an open source community, we found that old-school members tend to use e-mail, NNTP, RSS, etc, which have a long history yet are still effective. I will briefly introduce the story of "The Email Client -- PINE" that has survived since 1992. Yes, Linus Torvalds uses it. I have been using it for the past three years and have provided some patches for it. 

However, new members tend to use a variety of fancy instant messaging tools. In order to both encourage new members and not to offend old-fashioned members, we created a bot that forwards messages between IM and old-school tools.

According to Dunbar's number (the rule of 150), the difficulty of establishing close ties between members is greatly increased when the community grows bigger. Plus, there are tens of thousands of messages every day, making it difficult for members to keep up with every new idea in the community. Our recommendation is to provide a semi-automatic or fully automated summary service, as the services provided by LLVM Weekly and LWN, periodically publish the abstracts of the discussions within the community to the blog.

Interestingly, we found that the popular sticker culture is not conducive to community discussion -- it is too large while providing no information. This will discourage people from posting valuable information. We made a bot to delete them. This policy has achieved surprisingly good results.

For offline events, we developed a set of Danmaku tools -- a floating left-to-right comment -- both software and hardware to make it easy for audiences to comment in real time, right on the big screen. The interactive experience is very inspiring. We also find it awesome to record the event to publish in our podcast.

It is worth mentioning that setting up some barriers to entry is beneficial to the expansion of the community. We will explain why.

These approaches have been proven to be effective during the operation of an 8-year-old open source community. I hope those would be some inspiration for the infosec community to help keep every member in sync without consuming too much energy.

With the leak of Mirai botnet source code back in 2016, countless IoT botnet variants have emerged and evolved as the new fashion trends. In this session, we love to share the interesting stories from single honeypot, leading to the discovery of gigabytes of botnet source code, and uncovering various dramatic scenes within the bot herders behind the curtain.

In early 2017, we started to listen quietly to the Telnet traffic for fun after Mirai Botnet DDoS attacks. Multiple botnet variants emerge rapidly over the time with differing fancy names (e.g. OWARI, SATORI, MASUTA, SORA, JOSHO, OMG, and many more). By tracking the distinct characteristic with OSINT, we discovered various source code repositories surfaced and disappeared on the Internet over short periods, with the huge collection of IoT botnets source code. While reading some of the latest juicy source code, those new variants only be spotted in the wild after a few weeks.

In addition, we stumbled upon various interesting dramatic scenes and a turf war between the bot herders, e.g gained access and wiped out others' botnet for territorial fight, delivered sneaky backdoor-ed exploit scripts to the peers publicly, involved in DDoS attack on financial institute with the purpose of showcasing the power of the DDoS bandwidth, 'bashing' well-known IoT botnet security researchers who discovered their botnets.

All of these were kick-started from just a single home-based IoT honeypot for the threat hunt.

Since 2012, OAuth 2.0 has been widely deployed by online service providers worldwide. Security-related headlines related to OAuth showed up from time to time, and most problems were caused by incorrect implementations of the protocol/service. The User-Agent Redirection mechanism in OAuth is one of the weaker links, as it is difficult for developers and operators to realize, understand, and implement all the subtle but critical requirements properly. 

In this talk, we begin by tracing the history of the security community's understanding of OAuth redirection threats. The resultant changes/evolution of the OAuth specification, as well as the best current practice on its implementation/deployment, will also be discussed. 

We then introduce new OAuth redirection attack techniques which exploit the interaction of URL parsing problems with redirection handling in mainstream browsers or mobile apps. In particular, some attacks leverage our newly discovered URL interpretation bugs in mainstream browsers or Android platform (The latter were independently discovered and have been patched recently). 

Our empirical study on 50 OAuth service providers worldwide found that numerous top-tiered providers with over 10,000 OAuth client apps and 10's of millions of end-users are vulnerable to this new attack with severe impact. In particular, it enables the attacker to hijack 3rd party (Relying party) application / web-based service accounts, gain access to sensitive private information / protected resources, or even perform privileged actions on behalf of the victim users.

To speed up the javascript code, the modern browser introduces the Just-In-Time(JIT) compiler to javascript engine, which is also used by the Microsoft Edge javascript engine chakra. Because the javascript is a dynamic, �untyped language before JIT compiling, the engine will collect the type information (called profile data) when the interpreter is executed the bytecode. The JIT engine will then do a great deal of optimization during compilation. Implementing a JIT compiler is a complex project, using the profile data to further optimize increases this complexity, which may lead to vulnerability in the implementation.

This topic contains the following sections:

First, we will introduce the chakra JIT engine architecture, detailing the optimization in the compiler each phase.\

Second, we will put forth the attack surface in the JIT compiler. To speed up the code run, JIT compiler will do a lot of optimization in each phase. When the optimization is implemented incorrectly, it may lead to a vulnerability.

Third, focus on some interesting vulnerabilities which were found according to the attack surface. We’ll also look into the mitigation Microsoft has introduced into chakra engine in order to address the special type JIT vulnerabilities.

Fourth, we will give a full exploit demo (may be 0day vulnerability) to describe how to write an exploit from vulnerability to arbitrary code execution in the latest windows 10 x64 platform. We will give two methods to bypass Control Flow Guard(CFG), explaining how to construct ROP gadgets on the windows 10 x64 platform.

Radio-frequency (RF) remote controllers are widely used in the manufacturing, construction, transportation, and many other industrial applications. Cranes, drillers, and miners, among others, are commonly equipped with RF remotes, which have become the weakest link in these safety-critical applications, characterized by high replacement costs, long lifespans, and cumbersome patching processes.

Our research reveals that RF remote controllers are distributed globally, and millions of vulnerable units are installed on heavy industrial machinery and environments. Our extensive in-lab and on-site analysis of 7 popular vendors reveals a lack of security features at different levels, with obscure, proprietary protocols instead of standard ones. Therefore, they are vulnerable to command spoofing, so an attacker can selectively alter their behavior by crafting arbitrary commands—with consequences ranging from sabotage, injury, theft, or extortion.

This is not a replay attack. We will disclose the reverse engineering of the radio protocols and show how to forge valid commands for a target. To make the attack more elegant, we developed RFQuack, a pocket-sized research hardware tool, and show how to persistently and remotely take control or simulate the malfunction of the attached machinery, and provide concrete examples of attacks like command injection, emergency-stop abuse, and malicious re-pairing. We will also demonstrate how to attack controller programmers, which lack any security measures, opening the remote controllers to remote attack vectors. We will show how to extract, analyze, and alter their firmware to implement persistent and sophisticated attacks. Given the pervasive connectivity promoted by the Industry 4.0 trend, additional attack opportunities may arise.

We have reported our 0-day vulnerabilities to the vendors who acknowledged our findings and are working on suitable mitigations.

At the beginning of 2018, two severe attacks, called Meltdown and Spectre, have been published. These attacks exploit that the CPU either lazily enforces exceptions or speculates on the outcome of branch predictions or data dependencies. While the results of those computations are never made visible on the architectural level, secret data can still leak on the microarchitectural level and be observed by an attacker.

Since then, many different versions of these attacks have been found by various research teams around the world, e.g., Spectre Variant 1, Spectre Variant 2, Variant 4, Meltdown, Foreshadow, Foreshadow-NG, LazyFP. Due to the confusing naming scheme and the large amounts of papers and articles published, it has quickly become difficult to differentiate them all. Additionally, researchers, as well as companies, have proposed various countermeasures to mitigate these attacks, making it even more confusing and difficult to keep a clear overview of the current state.

Many of the proposed mitigation techniques involve substantial overhead, basically reducing the processing power of modern CPUs. With all these defences, one question remains: Do they actually work or are they just reducing the performance of our CPUs? Did the operating system implement them correctly? Is everything fixed now or are there even more variants that have so far been overlooked?

In this talk, we will discuss all existing variants and introduce a newer, easier to understand naming scheme based on the microarchitectural element the attacks exploit. We will discuss all mitigation techniques proposed so far and classify them based on how they attempt to stop leakage. We will also discuss which of those mitigations work in practice and which ones we were able to circumvent with our experiments. We will present new variants of Meltdown and Spectre attacks that have not been published so far and which we were able to discover due to our systematisation.

The Sandbox technique has been widely adopted in almost all web browsers and is proven effective for attack mitigation. With the consistent increase of new features in sandbox policy, it has become almost too much of an effort for attackers to exploit. In this presentation, we will discuss how to stay and attack sandbox persistently, even permanently, and how to conduct many unexpected fancy attacks without breaking sandbox's policies.

First, we propose a new attack vector and demonstrate it in real world -- living in sandbox persistently even permanently. We found that evil codes in sandbox can survive after the tab closing by some tricks. Additionally, we researched the mechanism of browser cache, and succeeded in gaining persistence even after browser or device restart. To achieve a permanent attack, we proposed a mind-blowing attack vector called "Clone Attack", through which attackers can clone victims' accounts remotely to achieve long-term control by exploiting the cross-domain vulnerabilities of misconfigured webview.

Surprisingly, we found that many evil things can still be conducted without breaking sandbox but beyond its expectation, such as Credentials Stealing, Lateral Movement and even Side Channel Attack. We did comprehensive research about various sandboxes and summarized all the features, attack vectors and what we can do inside sandboxes of both standalone browsers such as Chrome, Edge, Firefox and Webview in Android, iOS, etc.

By combining these parts, we confirm that many fancy attacks can still be accomplished inside the sandbox and it is difficult, even impossible, to prevent them entirely. Sandbox is the best choice but we should be aware of that it is not the silver bullet for your security.

Control-flow hijacking is a crucial step of modern vulnerability exploitation, which helps to convert a memory safety vulnerability into arbitrary code execution. The security industry has put in great efforts in combating the control-flow hijacking, however it turns out the pure software-based control-flow integrity solution (such as Microsoft's CFG) is inadequate to defeat those sophisticate control-flow hijacking attacks which may expect hardware assisted solution. Intel's Control-flow Enforcement Technology (CET) is such a solution which aims at preventing the exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret). The latest Windows 10 RS5 has introduced some new mitigation change to support Intel CET (the new PTE type for shadow stack), and this is a clear sign that Microsoft is taking serious steps to address the control-flow hijacking issue once for all. In this talk, we'll give a deep dive into Intel CET and its implementation on the latest Windows 10 x64 operating system (RS5 and 19H1). Moreover, we'll discuss possible ways that still achieve the control-flow hijacking when CET is enabled. We'll also provide demonstrations for the attacks discussed.

VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device. 

Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.

Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.

To speed up the javascript code, the modern browser introduces the Just-In-Time(JIT) compiler to javascript engine, which is also used by the Microsoft Edge javascript engine chakra. Because the javascript is a dynamic, �untyped language before JIT compiling, the engine will collect the type information (called profile data) when the interpreter is executed the bytecode. The JIT engine will then do a great deal of optimization during compilation. Implementing a JIT compiler is a complex project, using the profile data to further optimize increases this complexity, which may lead to vulnerability in the implementation.

This topic contains the following sections:

First, we will introduce the chakra JIT engine architecture, detailing the optimization in the compiler each phase.\

Second, we will put forth the attack surface in the JIT compiler. To speed up the code run, JIT compiler will do a lot of optimization in each phase. When the optimization is implemented incorrectly, it may lead to a vulnerability.

Third, focus on some interesting vulnerabilities which were found according to the attack surface. We’ll also look into the mitigation Microsoft has introduced into chakra engine in order to address the special type JIT vulnerabilities.

Fourth, we will give a full exploit demo (may be 0day vulnerability) to describe how to write an exploit from vulnerability to arbitrary code execution in the latest windows 10 x64 platform. We will give two methods to bypass Control Flow Guard(CFG), explaining how to construct ROP gadgets on the windows 10 x64 platform.

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device. 

Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.

Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.

The Sandbox technique has been widely adopted in almost all web browsers and is proven effective for attack mitigation. With the consistent increase of new features in sandbox policy, it has become almost too much of an effort for attackers to exploit. In this presentation, we will discuss how to stay and attack sandbox persistently, even permanently, and how to conduct many unexpected fancy attacks without breaking sandbox's policies.

First, we propose a new attack vector and demonstrate it in real world -- living in sandbox persistently even permanently. We found that evil codes in sandbox can survive after the tab closing by some tricks. Additionally, we researched the mechanism of browser cache, and succeeded in gaining persistence even after browser or device restart. To achieve a permanent attack, we proposed a mind-blowing attack vector called "Clone Attack", through which attackers can clone victims' accounts remotely to achieve long-term control by exploiting the cross-domain vulnerabilities of misconfigured webview.

Surprisingly, we found that many evil things can still be conducted without breaking sandbox but beyond its expectation, such as Credentials Stealing, Lateral Movement and even Side Channel Attack. We did comprehensive research about various sandboxes and summarized all the features, attack vectors and what we can do inside sandboxes of both standalone browsers such as Chrome, Edge, Firefox and Webview in Android, iOS, etc.

By combining these parts, we confirm that many fancy attacks can still be accomplished inside the sandbox and it is difficult, even impossible, to prevent them entirely. Sandbox is the best choice but we should be aware of that it is not the silver bullet for your security.

Many hardware vendors are armoring modern Secure Boot by moving Root of Trust to the hardware. While it is definitely the right direction to create more difficulties for the attacker, many layers of code exist between hardware and firmware. Also, hardware vendors are always fighting for boot performance, which creates interesting security issues in actual implementations.

In this presentation, I'll explain new security issues to bypass a specific implementation of Intel Boot Guard technology in one of the most common enterprise vendors. The actual vulnerability allows the attacker to bypass Intel Boot Guard security checks from OS without physical access to the hardware. Also, I'll cover topics including Embedded Controller (EC) with focus on UEFI Firmware cooperation and Authenticated Code Module (ACM) runtime environment. It is brand new research not based on my previous Boot Guard discoveries.

Although Man-in-the-Middle (MitM) attacks on LANs have been known for some time, they are still considered a significant threat. This is because these attacks are relatively easy to achieve, yet challenging to detect. For example, a planted network bridge or compromised switch leaves no forensic evidence.

In this talk, I will present Vesper: a novel plug-and-play MitM detector for local area networks. Vesper uses a technique inspired from the domain of acoustic signal processing. Analogous to how echoes in a cave capture the shape and construction of the environment, so to can a short and intense pulse of ICMP echo requests model the link between two network hosts. Vesper sends these probes to a target network host and then uses the reflected signal to summarize the channel environment (think sonar). Vesper uses neural networks called autoencoders to profile the link with each host, and to detect when the environment changes. Using this technique, Vesper can detect MitM attacks with high accuracy, to the extent that it can distinguish between identical networking devices. 

Vesper is implimented at the software level and is therefore is cross platform.

We evaluate Vesper on LANs consisting of video surveillance cameras, servers, and hundreds of PC workstations. We show how Vesper works across multiple network switches and in the presence of traffic. We also investigate several possible adversarial attacks against Vesper, and demonstrate how Vesper mitigates these attacks. Finally, we show how Vesper can be used to fingerprint network devices remotely (e.g., for tamper protection). To demonstrate this, we show how Vesper can differentiate between 40 identical Raspberry Pis.

Vesper's source code will be avalaible for anybody to download, and a white paper will be provided.

Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any software vulnerability. To mitigate such an attack, numerous software-only countermeasures have been proposed.

In this talk, we will present a novel exploit that is able to effectively break the most advanced rowhammer defense. The exploit allows an unprivileged user application to gain both root and kernel privileges. Further, the exploit is stealthier and more efficient compared to existing rowhammer exploits.

To demonstrate the effectiveness of the exploit, we will show live demos of two successful attacks on a real system. One is to gain the root privilege and the other is to gain the kernel privilege. 

Finally, we offer possible mitigations against our proposed exploit, and call for more parties to join in this effort to enhance the system security.

Trusted Platform Module (TPM) is a tamper-resistant device and designed to provide hardware-based security functions. A TPM chip has a random number generator, non-volatile storage, encryption/decryption modules, and Platform Configuration Registers (PCRs), which can be utilized for various security applications such as BitLocker, DM-Crypt, Trusted Boot (tboot), and Open Cloud Integrity Technology (Open CIT).

TPM has been widely deployed in commodity devices to provide a strong foundation for building trusted platforms, especially in devices used in enterprise and government systems. Because TPM is the critical point in the trusted platform, many researchers have tried to find vulnerabilities in the TPM and concluded that it is hard to break it without physical access. However, this is not true anymore. 

In this talk, we present two vulnerabilities, CVE-2017-16837 and CVE-2018-6622. The vulnerabilities we found can subvert the TPM with Advanced Configuration and Power Interface (ACPI). ACPI in PCs, laptops, and servers provide six sleeping states (S0-S5) for reducing power consumption. When the system enters the sleeping state, CPU, device, and RAM are powered off. Since the system powers the components off including security devices, the system should reinitialize them while waking up and this could be the attack surface. We found vulnerabilities on this attack surface without physical access. 

To mitigate the vulnerabilities, we also present countermeasures and a new tool, "Napper," to check the vulnerabilities of the TPM. Napper is a bootable USB device based-on Linux, and it has a custom kernel and a vulnerability checking software. When you boot a system with the Napper, it makes your system to take a nap to check the vulnerabilities and to report the result to you.

Fuzzing has started to gain more recognition over the past years. The basic concept behind it is passing random, or otherwise procedurally generated data as input to the tested software. Multiple fuzzers emerged, including American Fuzzy Lop and syzkaller, which have an impressive number of bugs discovered. They employ more and more sophisticated techniques to test software in increasingly efficient ways. However, their applicability in fuzzing targets requiring highly structured yet arbitrarily nuanced input data, such as interpreters, is questionable.

At the same time, an interpreter's input is often untrusted. This, coupled with their widespread usage in web browsers, server-side applications and mobile or low-power IoT devices, makes them a high priority target for security research, especially considering their large codebases and high complexity.

In this research, we evaluate state of the art approaches to finding vulnerabilities in modern interpreters and introduce the concept of synthesizing code given arbitrary input data. For this purpose, we assume that the input is a certain serialization of an abstract syntax tree of a program code, which we deserialize and emit in a form expected by the interpreter and pass it for execution. We will discuss our implementation of this idea in a project which we called Fluff, and describe its integration with AFL - an open-source fuzzer.

Although the design behind Fluff is generic and can be applied to any programming language, our research was focused on testing JavaScript interpreters. We will discuss issues discovered by Fluff - to date, it has been able to identify over 25 issues (of which 5 could result in execution of arbitrary code, and 17 cause DoS) across 5 different execution engines. Finally, we will discuss limitations and possible extensions of this approach. We will also present ideas for further research in this field.

Modern processors use branch prediction and speculative execution to increase their performance. Since January 2018, with the publication of Spectre attacks, we have seen that speculative execution can be abused to leak confidential information. By inducing a victim to speculatively perform operations that would not occur during correct program execution, confidential information can be leaked via a side channel to the adversary. Many countermeasures and workarounds have been proposed, all assuming that Spectre attacks are local attacks, requiring an adversary to execute code on the victim machine. 

In this talk, we present NetSpectre attacks. We show that Spectre attacks are not limited to local code execution but can even be mounted remotely over the network. NetSpectre attacks can be mounted without any user interaction, just by exploiting Spectre-like gadgets exposed to the network. We show that such an attack is not only theoretically possible by presenting data leakage across virtual machines in the Google cloud. 

We will then discuss why Spectre mitigations are incomplete and do not prevent NetSpectre. By demonstrating a novel variation of Spectre, which uses a previously unknown side channel, we show that the assumptions of many countermeasures are wrong, making these countermeasures ineffective. Thus, we emphasize the need for more research on such attacks to find better countermeasures.

We outline challenges for future research on Spectre attacks and mitigations. Finally, we will discuss the short-term and long-term implications of Spectre as well as NetSpectre for hardware vendors, software vendors, and users.

Modern processors use branch prediction and speculative execution to increase their performance. Since January 2018, with the publication of Spectre attacks, we have seen that speculative execution can be abused to leak confidential information. By inducing a victim to speculatively perform operations that would not occur during correct program execution, confidential information can be leaked via a side channel to the adversary. Many countermeasures and workarounds have been proposed, all assuming that Spectre attacks are local attacks, requiring an adversary to execute code on the victim machine. 

In this talk, we present NetSpectre attacks. We show that Spectre attacks are not limited to local code execution but can even be mounted remotely over the network. NetSpectre attacks can be mounted without any user interaction, just by exploiting Spectre-like gadgets exposed to the network. We show that such an attack is not only theoretically possible by presenting data leakage across virtual machines in the Google cloud. 

We will then discuss why Spectre mitigations are incomplete and do not prevent NetSpectre. By demonstrating a novel variation of Spectre, which uses a previously unknown side channel, we show that the assumptions of many countermeasures are wrong, making these countermeasures ineffective. Thus, we emphasize the need for more research on such attacks to find better countermeasures.

We outline challenges for future research on Spectre attacks and mitigations. Finally, we will discuss the short-term and long-term implications of Spectre as well as NetSpectre for hardware vendors, software vendors, and users.

Since 2012, OAuth 2.0 has been widely deployed by online service providers worldwide. Security-related headlines related to OAuth showed up from time to time, and most problems were caused by incorrect implementations of the protocol/service. The User-Agent Redirection mechanism in OAuth is one of the weaker links, as it is difficult for developers and operators to realize, understand, and implement all the subtle but critical requirements properly. 

In this talk, we begin by tracing the history of the security community's understanding of OAuth redirection threats. The resultant changes/evolution of the OAuth specification, as well as the best current practice on its implementation/deployment, will also be discussed. 

We then introduce new OAuth redirection attack techniques which exploit the interaction of URL parsing problems with redirection handling in mainstream browsers or mobile apps. In particular, some attacks leverage our newly discovered URL interpretation bugs in mainstream browsers or Android platform (The latter were independently discovered and have been patched recently). 

Our empirical study on 50 OAuth service providers worldwide found that numerous top-tiered providers with over 10,000 OAuth client apps and 10's of millions of end-users are vulnerable to this new attack with severe impact. In particular, it enables the attacker to hijack 3rd party (Relying party) application / web-based service accounts, gain access to sensitive private information / protected resources, or even perform privileged actions on behalf of the victim users.

• Create a security culture amongst the already integrated “DevOps” team

• Find and fix security bugs as early as possible in the SDLC

• Promote the philosophy “security is everyone’s problem” by creating Security champions within the organisation

• Integrate all security software centrally and utilize the results more effectively

• Measure and shrink the attack surface

Control-flow hijacking is a crucial step of modern vulnerability exploitation, which helps to convert a memory safety vulnerability into arbitrary code execution. The security industry has put in great efforts in combating the control-flow hijacking, however it turns out the pure software-based control-flow integrity solution (such as Microsoft's CFG) is inadequate to defeat those sophisticate control-flow hijacking attacks which may expect hardware assisted solution. Intel's Control-flow Enforcement Technology (CET) is such a solution which aims at preventing the exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret). The latest Windows 10 RS5 has introduced some new mitigation change to support Intel CET (the new PTE type for shadow stack), and this is a clear sign that Microsoft is taking serious steps to address the control-flow hijacking issue once for all. In this talk, we'll give a deep dive into Intel CET and its implementation on the latest Windows 10 x64 operating system (RS5 and 19H1). Moreover, we'll discuss possible ways that still achieve the control-flow hijacking when CET is enabled. We'll also provide demonstrations for the attacks discussed.

Radio-frequency (RF) remote controllers are widely used in the manufacturing, construction, transportation, and many other industrial applications. Cranes, drillers, and miners, among others, are commonly equipped with RF remotes, which have become the weakest link in these safety-critical applications, characterized by high replacement costs, long lifespans, and cumbersome patching processes.

Our research reveals that RF remote controllers are distributed globally, and millions of vulnerable units are installed on heavy industrial machinery and environments. Our extensive in-lab and on-site analysis of 7 popular vendors reveals a lack of security features at different levels, with obscure, proprietary protocols instead of standard ones. Therefore, they are vulnerable to command spoofing, so an attacker can selectively alter their behavior by crafting arbitrary commands—with consequences ranging from sabotage, injury, theft, or extortion.

This is not a replay attack. We will disclose the reverse engineering of the radio protocols and show how to forge valid commands for a target. To make the attack more elegant, we developed RFQuack, a pocket-sized research hardware tool, and show how to persistently and remotely take control or simulate the malfunction of the attached machinery, and provide concrete examples of attacks like command injection, emergency-stop abuse, and malicious re-pairing. We will also demonstrate how to attack controller programmers, which lack any security measures, opening the remote controllers to remote attack vectors. We will show how to extract, analyze, and alter their firmware to implement persistent and sophisticated attacks. Given the pervasive connectivity promoted by the Industry 4.0 trend, additional attack opportunities may arise.

We have reported our 0-day vulnerabilities to the vendors who acknowledged our findings and are working on suitable mitigations.

Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same-Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.

In this presentation, we elaborate on our study in which we evaluated the effectiveness of these defense mechanisms by creating a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identified several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were analyzed. We find that even built-in protection mechanisms can be circumvented by the multiple novel techniques we discovered. Furthermore, our results show that for every anti-tracking or ad-blocking browser extension, there exists at least one technique to bypass its defenses. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.

VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device. 

Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.

Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.

Since 2012, OAuth 2.0 has been widely deployed by online service providers worldwide. Security-related headlines related to OAuth showed up from time to time, and most problems were caused by incorrect implementations of the protocol/service. The User-Agent Redirection mechanism in OAuth is one of the weaker links, as it is difficult for developers and operators to realize, understand, and implement all the subtle but critical requirements properly. 

In this talk, we begin by tracing the history of the security community's understanding of OAuth redirection threats. The resultant changes/evolution of the OAuth specification, as well as the best current practice on its implementation/deployment, will also be discussed. 

We then introduce new OAuth redirection attack techniques which exploit the interaction of URL parsing problems with redirection handling in mainstream browsers or mobile apps. In particular, some attacks leverage our newly discovered URL interpretation bugs in mainstream browsers or Android platform (The latter were independently discovered and have been patched recently). 

Our empirical study on 50 OAuth service providers worldwide found that numerous top-tiered providers with over 10,000 OAuth client apps and 10's of millions of end-users are vulnerable to this new attack with severe impact. In particular, it enables the attacker to hijack 3rd party (Relying party) application / web-based service accounts, gain access to sensitive private information / protected resources, or even perform privileged actions on behalf of the victim users.

The Sandbox technique has been widely adopted in almost all web browsers and is proven effective for attack mitigation. With the consistent increase of new features in sandbox policy, it has become almost too much of an effort for attackers to exploit. In this presentation, we will discuss how to stay and attack sandbox persistently, even permanently, and how to conduct many unexpected fancy attacks without breaking sandbox's policies.

First, we propose a new attack vector and demonstrate it in real world -- living in sandbox persistently even permanently. We found that evil codes in sandbox can survive after the tab closing by some tricks. Additionally, we researched the mechanism of browser cache, and succeeded in gaining persistence even after browser or device restart. To achieve a permanent attack, we proposed a mind-blowing attack vector called "Clone Attack", through which attackers can clone victims' accounts remotely to achieve long-term control by exploiting the cross-domain vulnerabilities of misconfigured webview.

Surprisingly, we found that many evil things can still be conducted without breaking sandbox but beyond its expectation, such as Credentials Stealing, Lateral Movement and even Side Channel Attack. We did comprehensive research about various sandboxes and summarized all the features, attack vectors and what we can do inside sandboxes of both standalone browsers such as Chrome, Edge, Firefox and Webview in Android, iOS, etc.

By combining these parts, we confirm that many fancy attacks can still be accomplished inside the sandbox and it is difficult, even impossible, to prevent them entirely. Sandbox is the best choice but we should be aware of that it is not the silver bullet for your security.

Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any software vulnerability. To mitigate such an attack, numerous software-only countermeasures have been proposed.

In this talk, we will present a novel exploit that is able to effectively break the most advanced rowhammer defense. The exploit allows an unprivileged user application to gain both root and kernel privileges. Further, the exploit is stealthier and more efficient compared to existing rowhammer exploits.

To demonstrate the effectiveness of the exploit, we will show live demos of two successful attacks on a real system. One is to gain the root privilege and the other is to gain the kernel privilege. 

Finally, we offer possible mitigations against our proposed exploit, and call for more parties to join in this effort to enhance the system security.

Many industry specific solutions in the field of SCADA consist of unknown custom chips without public documentation. These Application Specific Integrated Circuits (ASICs) are often simple System on Chip (SoC) solutions with standardized modules and few custom functionalities like additional CAN-Bus interfaces etc.

During this talk we will present hardware reverse engineering of custom chips and how to find vulnerabilities by using the Siemens S7-1200 (v1 and v4) series as exemplary targets.

After opening the PLC, it was clear that all parts, except the main SoC, were off-the-shelf components. This was the case for both versions of the Siemens PLCs. Leaked boards for both chips, MB87M2230 and SIEMENS-A5E30235063 were found and bought on a Chinese online shop.

With these boards, more than 60 percent of the pins from both chips were reverse-engineered. With the help of an oscilloscope, the protocols and the different voltage levels were identified. Simple resistance measurements were also done to find all connections between the components and to determine the pin-resistance.

Additionally, the interfaces for the flash memories, the RAM and the JTAG-ports were also identified on both chips.

It was found that the SoC on the older S7-1200v1 series is a Fujitsu ARM-BE chip with the chip-ID 0x1406C009. After decapping the chip, a label became visible, setting the date when it was designed back to 2007.

The SoC on the newer S7-1200v4 is a ARM-Cortex-R4 r1p3 in big endian mode. For the newer PLC series (S7-1200v4) a working debug setup with a JTAG-adapter was created. This enabled us to dump/write memory, set breakpoints, modify the program counter and use all other features to do live debugging on the Siemens PLC. Since all S7-1200 devices share the same SoC, it is possible to enable debugging on all PLCs of this series.
 

Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ARM processors. It allows a rogue process to read the kernel data in CPU L1-d cache, even when it is not authorized to do so. Until now, the only effective mitigation approach was to isolate kernel memory from user-mode processes. This solution has different names on different platforms: Kernel Page-Table Isolation (KPTI) on Linux, Kernel Virtual Address (KVA) Shadow on Windows, and Double Map (DM) on OS X. 

In this talk, however, we will prove the illusion that the strong isolation of KPTI has perfectly defeated Meltdown to be incorrect. First, we propose Variant V3r to demonstrate that Meltdown can be improved to be more powerful and reliable than what people originally thought. Variant V3r significantly increases the reliability for a rogue process to read any kernel data (not necessary in L1-d cache) on multiple platforms. Next, we further propose an even more powerful attack, Variant V3z, that allows a rogue process to bypass KPTI/KVA/DM and reliably read any kernel data. To the best of our knowledge, V3z is the first Meltdown variant that is able to defeat KPTI/KVA/DM.

To demonstrate the reliability, efficiency, and effectiveness of these two new variants, we will show demos that unprivileged processes can reliably leak secrets from anywhere in the kernel space, even in the presence of KALSR. 

Finally, we will offer suggestions to mitigate our proposed threats, and we call for more and more parties to join in this effort to improve the security of processors and operating systems.

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

Control-flow hijacking is a crucial step of modern vulnerability exploitation, which helps to convert a memory safety vulnerability into arbitrary code execution. The security industry has put in great efforts in combating the control-flow hijacking, however it turns out the pure software-based control-flow integrity solution (such as Microsoft's CFG) is inadequate to defeat those sophisticate control-flow hijacking attacks which may expect hardware assisted solution. Intel's Control-flow Enforcement Technology (CET) is such a solution which aims at preventing the exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret). The latest Windows 10 RS5 has introduced some new mitigation change to support Intel CET (the new PTE type for shadow stack), and this is a clear sign that Microsoft is taking serious steps to address the control-flow hijacking issue once for all. In this talk, we'll give a deep dive into Intel CET and its implementation on the latest Windows 10 x64 operating system (RS5 and 19H1). Moreover, we'll discuss possible ways that still achieve the control-flow hijacking when CET is enabled. We'll also provide demonstrations for the attacks discussed.

Since 2012, OAuth 2.0 has been widely deployed by online service providers worldwide. Security-related headlines related to OAuth showed up from time to time, and most problems were caused by incorrect implementations of the protocol/service. The User-Agent Redirection mechanism in OAuth is one of the weaker links, as it is difficult for developers and operators to realize, understand, and implement all the subtle but critical requirements properly. 

In this talk, we begin by tracing the history of the security community's understanding of OAuth redirection threats. The resultant changes/evolution of the OAuth specification, as well as the best current practice on its implementation/deployment, will also be discussed. 

We then introduce new OAuth redirection attack techniques which exploit the interaction of URL parsing problems with redirection handling in mainstream browsers or mobile apps. In particular, some attacks leverage our newly discovered URL interpretation bugs in mainstream browsers or Android platform (The latter were independently discovered and have been patched recently). 

Our empirical study on 50 OAuth service providers worldwide found that numerous top-tiered providers with over 10,000 OAuth client apps and 10's of millions of end-users are vulnerable to this new attack with severe impact. In particular, it enables the attacker to hijack 3rd party (Relying party) application / web-based service accounts, gain access to sensitive private information / protected resources, or even perform privileged actions on behalf of the victim users.

HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specification has a long list of workarounds, countermeasures and caveats, which must be carefully followed to prevent attack. This is evident from the fact that PKCS #1 v1.5 padding, RC4 encryption, and CBC mode ciphers can all be used in TLSv1.2.

This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. The GOLDENDOODLE attack also demonstrates that a Cisco ASA CVE previously not known to affect confidentiality can, in fact, reveal sensitive data, such as session cookies to a network-based attacker.

Meltdown is a hardware vulnerability affecting most modern processors, including Intel, AMD, IBM POWER, and ARM processors. It allows a rogue process to read the kernel data in CPU L1-d cache, even when it is not authorized to do so. Until now, the only effective mitigation approach was to isolate kernel memory from user-mode processes. This solution has different names on different platforms: Kernel Page-Table Isolation (KPTI) on Linux, Kernel Virtual Address (KVA) Shadow on Windows, and Double Map (DM) on OS X. 

In this talk, however, we will prove the illusion that the strong isolation of KPTI has perfectly defeated Meltdown to be incorrect. First, we propose Variant V3r to demonstrate that Meltdown can be improved to be more powerful and reliable than what people originally thought. Variant V3r significantly increases the reliability for a rogue process to read any kernel data (not necessary in L1-d cache) on multiple platforms. Next, we further propose an even more powerful attack, Variant V3z, that allows a rogue process to bypass KPTI/KVA/DM and reliably read any kernel data. To the best of our knowledge, V3z is the first Meltdown variant that is able to defeat KPTI/KVA/DM.

To demonstrate the reliability, efficiency, and effectiveness of these two new variants, we will show demos that unprivileged processes can reliably leak secrets from anywhere in the kernel space, even in the presence of KALSR. 

Finally, we will offer suggestions to mitigate our proposed threats, and we call for more and more parties to join in this effort to improve the security of processors and operating systems.

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

Rowhammer attacks can break the MMU-enforced memory protection to achieve privilege escalation, without requiring any software vulnerability. To mitigate such an attack, numerous software-only countermeasures have been proposed.

In this talk, we will present a novel exploit that is able to effectively break the most advanced rowhammer defense. The exploit allows an unprivileged user application to gain both root and kernel privileges. Further, the exploit is stealthier and more efficient compared to existing rowhammer exploits.

To demonstrate the effectiveness of the exploit, we will show live demos of two successful attacks on a real system. One is to gain the root privilege and the other is to gain the kernel privilege. 

Finally, we offer possible mitigations against our proposed exploit, and call for more parties to join in this effort to enhance the system security.

Deep Neural Networks (DNNs) have been found vulnerable to adversarial examples – inputs that an attacker has intentionally designed to cause the model to make mistakes. Fortunately, generating adversarial examples usually requires white-box access to the victim model, and adversarial attacks against black-box models are still imaginary without running unlimited brute-force search. Thus, keeping models in the cloud can usually give a (false) sense of security. Our goal of this talk is to shed light on a new hidden attack vector of DNNs, which allows adversarial examples to be efficiently generated against black-box models used in mission-critical tasks such as facial recognition, image classification, and autonomous driving.

We report an intriguing vulnerability that allows an attacker to effectively attack black-box object detection DNNs using adversarial examples generated from white-box open source models. This vulnerability comes from a prevailing strategy used in deep learning areas to alleviate the thirst for data, called transfer learning, where highly tuned and complex models that have been well-trained on huge datasets are used as pre-trained layers for other similar applications. It is also a recommended practice by major deep learning service providers, including Google Cloud ML and Microsoft Cognitive Toolkit. However, despite its appeal as a solution to the data scarcity problem, we show that the model similarity introduced by transfer learning also creates a more attractive and vulnerable target for attackers. 

In the talk, we will first present the alarming results from our measurement study that most main-stream object detection models are adopting those winning image classification models in the ImageNet contest as their first few layers, to extract low-level features in the image. Then we will discuss the attack algorithms, as well as the techniques to identify which pre-trained feature extractor is used by target object detection model with limited queries. We will demo how the adversarial examples generated using our algorithms from YOLOV3, is able to attack other object detection DNNs, that are usually considered using totally different techniques. Finally, we wrap up the presentation with a demo on attacking models from commercial machine-learning-as-a-service provider to make audience aware that keeping models proprietary isn't a guarantee for security against adversarial examples.

VxWorks is the industry's leading real-time operating system. It has been widely used in various industry scenarios, which require real-time, deterministic performance and, in many cases, safety and security certifications. There has been a great deal of research on Linux based Router and camera, rarely seen research of VxWorks based device. 

Most of VxWorks based IoT devices on the market did't contain any built-in debugger like WDB(VxWorks WDB Debug Agent) or command line debugger. Without debugger it's almost impossible to analyze the root cause of a vulnerability or exploit vulnerabilities.

Our talk introduces how to find vulnerabilities with memory fuzzing and debug VxWorks based IoT Device without built-in debugger.