CanSecWest 2022

Presentations for CanSecWest 2022

 

Defeating Stack Canaries and Memory Safety with Speculative Execution

In this talk, we present a sub-class of transient execution attacks, we call SPEAR. This sub-class enables an attacker to repurpose memory corruption primitives that cannot be used in the context of traditional exploitation to achieve arbitrary memory read. In our talk, we discuss how SPEAR change the game in three main use-cases: control flow integrity (CFI), memory safety languages and stack smashing protectors (SSP) .

Read More

Kubernetes Attack and Defense: Break Out and Escalate!

Container break-out seems inevitable. Once outside of a container, an attacker can escalate privilege and possibly end up owning the entire cluster. As attackers, how do we break out of the container and then how do we escalate privilege? As defenders, how do we reduce the odds of a container break-out, while reducing its blast radius? In this demo-heavy presentation, we'll answer these questions, demonstrating attacks and defenses that you can take back and repeat on your own clusters.

Read More

Thanks for Leaving the Lights On

This talk is a discussion about low-level remote management systems and protocols; how even with the best security on our systems, and inside our VMs, out-of-band management interfaces often remain unprotected, unpatched, and unmonitored. All while being connected in some cases directly to the Internet. EDR does nothing if a threat actor can re-initialize the RAID array your VMs are stored on.

Read More

When eBPF meets TLS!

Currently a work in-progress that will be extended for the final version, this submission aims at demystifying the eBPF technology for the security community. While it is currently well-known in cloud environments (such as process visibility and programmable network flows), eBPF has had little experimentation when it comes to its usage as a building block of security focused tools.

Read More

Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry System

The security of Tesla's cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure?

This case study sheds light on the inner workings of Tesla's Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.

Read More

Securing the 3rd Party Software Life Cycle

Supply chain attacks have been on the rise in the past two years and are proving to be common and reliable attack vectors that affect all consumers of software. In this talk we are going to present our proposed solution - Securing the 3rd Party Software Life Cycle, an end-to-end framework for ensuring the security of third-party software throughout its lifecycle.

Read More