BSidesVienna 0x7e8
I guess that no day in 2024 went by without a security person crying because they realized that their organization will employ an LLM application, and they are the one responsible for its security. This application will receive inputs from scary sources like customers, emails and the internet. But don’t you fear dear security person, there is a security vendor coming to the rescue. They bring tools and APIs that can be installed easily, work with everything and make all problems go away. Or do they? We will explore the landscape of current solutions, see how to break them, and release a new tool called "Sprechen Sie Deutsch?". This aims to help the security community understand these measures so that they can be improved in the future.
LLMs turn out to be highly practical for summarising and extracting information from unstructured Cyber Threat Intelligence (CTI) reports. However, most models were not trained specifically for understanding the lingo of CTI. We will present our custom, local LLM, fine-tuned for CTI purposes. But how would we know if it's any good? That only makes sense with a CTI text benchmark dataset. Trying to solve these two challenges was quite a journey. Set-backs guaranteed. We will share our findings.
In this presentation, we will delve into the often overlooked security risks associated with macOS (.pkg) and Windows (.msi) installer packages. Installers are a critical part of software deployment, yet they can harbor significant vulnerabilities that, if exploited, can lead to privilege escalation and remote code execution (RCE).
We will start by unpacking the structure of macOS and Windows installer packages, shedding light on their internal components and the common security flaws that can be exploited. Through real-world examples and demonstrations, we will explore how attackers can leverage these flaws to gain unauthorized access and control over systems.
Attendees will learn about the following key areas:
Understanding Installer Packages: A comprehensive overview of the structure and function of macOS .pkg and Windows .msi files.
Common Security Flaws: Identification and explanation of typical vulnerabilities found in installer packages.
Privilege Escalation: How malicious actors exploit installer flaws to escalate privileges on both macOS and Windows platforms.
Enterprise copilots, from Microsoft Copilot to Salesforce’s Einstein, are adopted by every major enterprise. Grounded into your personal enterprise data they offer major productivity gains. But what happens when they get compromised? And how exactly can that happen?
In this talk we will see how we can turn these trusted enterprise AI assistants into our own malicious insiders within the victim organization. Spreading misinformation, tricking innocent employees into making fatal mistakes, routing users to our phishing sites, and even directly exfiltrating sensitive data!
We’ll go through the process of building these attack techniques from scratch, presenting a mental framework for how to hack any enterprise copilot, no prior experience needed. Starting from system prompt extraction techniques to crafting reliable and robust indirect prompt injections (IPIs) using our extracted system prompt. Showing a step by step process of how we arrived at each of the results we’ve mentioned above, and how you can replicate them to any enterprise copilot of your choosing.
To demonstrate the efficacy of our methods, we will use Microsoft Copilot as our guinea pig for the session, seeing how our newly found techniques manage to circumvent Microsoft’s responsible AI security layer.
Join us to explore the unique attack surface of enterprise copilots, and learn how to harden your own enterprise copilot to protect against the vulnerabilities we were able to discover.
Traditional IDS benchmarks rely on predictable, static attack patterns using predefined scripts and attack vectors. But do these methods really test the robustness of modern detection systems? In this talk, we’ll introduce Stealth Cup, a new approach to IDS benchmarking that leverages real hackers to put systems through their paces.
Stealth Cup challenges teams of ethical hackers to infiltrate simulated, yet realistic IT/OT environments while remaining undetected. It’s a competition where stealth is the key to victory, and the best team walks away with more than just bragging rights.
The Stealth Cup kicks off in Q1/Q2 2025 - are you ready to disappear?
Sign up here to get the latest informations about the Stealthcup.
Rootkits are a specialized form of malware, with the goal of absolute stealth.
They have lived through an evolution of development through the time,
as have the efforts to detect them.
This talk presents a detection approach based on time probes that detect the delays caused
by a rootkit.
This is realized with modern eBPF technology.
Additionally a general overview of rootkits is given.
In today's digital landscape, adversaries have shifted their focus to the cloud, finding it easier to attack and compromise than traditional on-premises systems. This talk explores the asymmetry in cloud security, where attackers find the cloud environment more accessible and easier to exploit, while defenders struggle to keep up. We will delve into the reasons behind this imbalance, including the global accessibility of cloud services, the critical role of identity as the new perimeter, and the low barrier to entry for attackers needing only a single set of credentials. Additionally, we'll discuss the lack of visibility in cloud environments compared to the well-established practices in on-premises setups, and how the diverse configurations and logging systems of various cloud providers add to the complexity. Finally, we will address the unique skill set required for incident response in the cloud and the industry's current readiness. Attendees will gain a comprehensive understanding of these challenges and learn practical strategies to enhance their cloud defense capabilities.
I will share my experience in building defensive interactive labs. During the talk, I will cover typical cyber range architecture, its pros and cons. Listeners will gain insights into how to build their own cyber range.
I will share the problems that listeners will most likely encounter if they decide to build a home lab. By the end of the talk, listeners will be informed on how to build their own cyber range and how to avoid common mistakes.
The ongoing use of mercenary spyware, such as Predator, for purposes beyond legitimate law enforcement raises concerns regarding privacy, legal implications, and the physical safety of targeted individuals, their employers, and those involved in these activities. Although marketed ostensibly for counterterrorism and law enforcement, there is a well-documented pattern of Predator being used to target civil society, including journalists, politicians, and activists. This presentation aims to demonstrate how Predator has been exposed and the impact on their operations when combined with political re-evaluations, such as sanctions.
In the first part, we examine the multi-tiered Predator delivery infrastructure network identified and exposed by Recorded Future. This includes delivery servers, upstream servers, and infrastructure that is highly likely linked to Predator customers. We illustrate how, among other things, spyware operators initially responded to public reporting in September 2023 and continued their operations with minimal changes to their modus operandi. Our investigation uncovered ongoing Predator usage in at least 11 countries, including two previously unidentified: the Philippines and Botswana.
In the second part, we aim to evaluate the operational status of Intellexa’s Predator after more than a year of major publications. These include Citizen Lab’s report on the hacking of Ahmed Eltantawy, Amnesty’s Predator Files detailing leaked documents about capabilities and an in-depth investigation into Indonesia, and infrastructure exposure by private security companies like Recorded Future. We illustrate how public reporting, alongside unprecedented sanctions and political efforts to combat spyware proliferation—including the US adding Intellexa to the entity list, an EU resolution, a US visa ban for various individuals involved with Intellexa, and the initiation of the Paul Mall Process—has significantly impacted Predator’s operations.
In the end, we will zoom out, offering insights into the future direction of Predator and providing an outlook on the future of the entire landscape of the mercenary spyware ecosystem.
Source code review is a skill which complements the black-box toolset perfectly. In this talk, we'll go over the basics of source code review, sources and sinks, some pitfalls and learnings I had from doing (way too) many reviews. Then, we'll have a few challenges: Can you spot the vulnerability of famous CVEs in the source code? Featuring Ivanti, JetBrains and GitLab!
Since 1982 we’re sending e-mails across the globe with the Simple Mail Transfer Protocol (SMTP). Nevertheless, just last year, a simple yet crucial mistake in popular SMTP implementations was discovered, allowing for so called SMTP smuggling. Have you ever wanted to send e-mails as [email protected] while still passing SPF checks? SMTP smuggling had you covered! However, with global fixes applied, this is now another story.
Therefore, building upon the knowledge established in the initial discovery, this talk delves deeper into the intricacies of SMTP smuggling, unveiling novel exploits and targeting unexpected attack surfaces. Starting from SMTP smuggling fundamentals, we’re analyzing theoretical and practical ways to once again send an e-mail as [email protected].
Hence, we again shine the light on SMTP and see what this protocol has left to offer!
Do you want to be a connoisseur of modern ART but always feel a bit too intimidated by it? Do you want to see the good, the bad, and the ugly sides of ART? Have you ever wondered what depths lie behind something seemingly simple?
Then this talk is for you!
The Android Runtime is powering modern Android and aims to run apps - fast, resource-conserving, and uncomplicated. The former two were apparently more important, but fortunately, the ART is part of the Android Open Source Project - which means we can look under the hood to understand better what it does for apps, what it does to apps, and what it could do for us.
A bit more than two years ago, in early summer of 2022, someone contacted us at the Metalab Hackspace if we would be interested in an electronically defective, but probably repairable industrial coffee vending machine. An industrial coffee machine with a touchscreen and cocoa toppings? No idea where we would find enough room for it or if it would actually be used, but of course we'd be interested!
An invisible, never-ending battle is being fought between those creating anti-automation solutions and those finding ways to bypass them. This talk aims to provide the audience with a foundational understanding of these anti-automation mechanisms, alongside the techniques and tools commonly used to circumvent them. Attendees will gain insights into the principles behind anti-automation defences, as well as an exploration of how these measures are evaded in practice.
In an era where industrial systems are increasingly targeted by sophisticated cyber threats, understanding how these attacks take place and how to defend against these attacks is crucial. This presentation will provide an in-depth look at Red Team operations within Operational Technology (OT) environments, such as factories and power plants.
This talk seeks to demystify red team operations against compromised Linux hosts. We'll briefly discuss the sort of things a hacker stands to gain, but the bulk of the talk will walk through a reasonably representative operation, mainly sticking with common command-line tools and demonstrating what goes on when a Linux host is compromised and, more importantly, why.
Continuous Integration and Continuous Delivery systems are omnipresent in today's development workflows. They help developers to focus more on their actual programming duties by automating repetitive tasks and allow the periodic usage of security tools. But the messy truth is, that in many organizations they are simply taken for granted as yet another development tool instead of being recognized for what they are: a system at the core of your infrastructure with almost unbounded permissions.