Playing with vulnerabilities at ZeroNights
Dear Friends, we continue to introduce the main program speakers. Today we present not just hackers with good imagination, but meticulous researchers, who go off the beaten path and find their own ways. Just have a look:
- James Lee (United Kingdom), a math geek, will go through ActiveX, a feature that has been embedded into Internet Explorer almost since its inception. And James knows it inside and out. His paper called “Playing With IE11 ActiveX 0days” describes the ways to find bugs in the seemingly well-studied system.
- Nicolas Alejandro Economou (Argentina), an independent researcher, who specialized in the Windows kernel exploitation for the last 10 years will present the paper called “Abusing GDI for ring0 Exploit Primitives: Reloaded”. He will explain how to use the techniques and continue exploiting Windows 10 “Fall Creators Update” in a reliable way, despite the vendor’s efforts to mitigate them.
- Aleksey Tiurin (Russia), the head of pentester team at Digital Security, will present the paper “MITM Attacks on HTTPS: Another Perspective”. The purpose of TLS/HTTPS is to protect against MITM attacks. We used to think about attacks on TLS/HTTPS from cryptographic perspective. But remember that TLS/HTTPS is not a self-sufficient entity, and modern systems consist of a number of interconnected technologies, protocols and services. Lets add a little logic, a pinch of tricks and we have the opportunity to perform an MITM attack on HTTPS!