{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.1"}, "schedule": {"url": "https://pretalx.com/orangecon-2024/schedule/", "version": "0.5", "base_url": "https://pretalx.com", "conference": {"acronym": "orangecon-2024", "title": "OrangeCon", "start": "2024-09-05", "end": "2024-09-05", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "Europe/Amsterdam", "colors": {"primary": "#F57104"}, "rooms": [{"name": "Main track", "slug": "3014-main-track", "guid": "d84bc6ea-c080-5e60-843a-4a1044ea55b8", "description": "Main talk track", "capacity": null}, {"name": "Second track", "slug": "3388-second-track", "guid": "1e779681-9be0-5f9e-9492-1541da97d7c8", "description": null, "capacity": null}, {"name": "Workshop track 1", "slug": "3015-workshop-track-1", "guid": "e847bba9-a4e0-53c3-8040-eaf4d8f5f43c", "description": null, "capacity": 20}, {"name": "Workshop track 2", "slug": "3389-workshop-track-2", "guid": "66721b16-9982-5f44-8d44-514bd24d0e48", "description": null, "capacity": null}], "tracks": [{"name": "Main track", "slug": "4793-main-track", "color": "#F96C06"}, {"name": "Track 2", "slug": "4941-track-2", "color": "#F60546"}, {"name": "Workshop track 1", "slug": "4794-workshop-track-1", "color": "#000000"}, {"name": "Workshop track 2", "slug": "4940-workshop-track-2", "color": "#3A3D90"}], "days": [{"index": 1, "date": "2024-09-05", "day_start": "2024-09-05T04:00:00+02:00", "day_end": "2024-09-06T03:59:00+02:00", "rooms": {"Main track": [{"guid": "40b98c08-ef4b-54bc-8e80-e2a5febef4e2", "code": "SVTD8P", "id": 54605, "logo": "https://pretalx.com/media/orangecon-2024/submissions/SVTD8P/logo_white_OXLjDnF.png", "date": "2024-09-05T09:15:00+02:00", "start": "09:15", "duration": "00:05", "room": "Main track", "slug": "orangecon-2024-54605-orange-is-the-new-black", "url": "https://pretalx.com/orangecon-2024/talk/SVTD8P/", "title": "Orange is the new Black", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Welcome to Orangecon!", "description": "Oranges: The Juicy Heartbeat of Innovation and Well-being\r\n\r\nPrepare to embark on a vibrant journey into the world of one of nature's most extraordinary gifts\u2014Oranges! As we gather here today, let us peel back the layers of this citrus marvel to reveal the rich tapestry of innovation, health, and cultural significance that it brings to our lives. This kick-off will be an exhilarating exploration of the orange's journey from grove to greatness, celebrating its role as a catalyst for health, culinary creativity, and economic vitality.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UAUWWB", "name": "Fish_, Cherry and Stef", "avatar": "https://pretalx.com/media/avatars/UAUWWB_hLk7nWc.webp", "biography": "We like Oranges.", "public_name": "Fish_, Cherry and Stef", "guid": "93195d5b-6252-5ca6-a78b-44e30173e1ad", "url": "https://pretalx.com/orangecon-2024/speaker/UAUWWB/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/SVTD8P/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/SVTD8P/", "attachments": []}, {"guid": "aea97fa1-053e-54c6-9229-8282b07be851", "code": "XVEWPL", "id": 54446, "logo": null, "date": "2024-09-05T09:20:00+02:00", "start": "09:20", "duration": "00:40", "room": "Main track", "slug": "orangecon-2024-54446-cybersecurity-s-new-imperative-metawar-defending-the-cognitive-infrastructure", "url": "https://pretalx.com/orangecon-2024/talk/XVEWPL/", "title": "Cybersecurity\u2019s New Imperative: Metawar - Defending the Cognitive Infrastructure.", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Winn\u2019s keynote is a call to action. Winn challenges us with a new goal: Strengthen and defend the human mental immune system. Our brains, sensory nervous systems, and minds are the new attack surface. Will the hacker community rise to the challenge of solving the most existential threat it has ever faced?", "description": "A long time ago, on June 27, 1991, Winn testified before the US Congress and was asked, \u201cMr. Schwartau: Why would the bad guys ever want to use the internet?\u201d \r\n\r\nToday, our cognitive infrastructure is under attack, and humanity needs hackers more than ever. \r\n\r\nMetawar is the art and science of creating immersive experiences to influence, alter, and define one\u2019s sense of reality. It is the battle for control over one\u2019s belief systems, identity, and sense of reality outside one\u2019s conscious awareness. Reason and emotion are incompatible operating systems. \r\n\r\nBig Tech is digitally terraforming the planet\u2019s future cognitive infrastructure, Web 3.0, with little concern for the downsides. The metaverse is an evolving, immersive storytelling environment designed to be the most powerful and addictive reality distortion machine ever conceived. It will also predict and anticipate your every desire and every move! \r\n\r\nOn the global stage, metawar represents the sixth domain of warfare.\u20601 They who control the technology control the narrative, and reality is only a keystroke away. \r\n\r\nWe have no choice but to learn how to coexist with the reality-distorting technologies we have created by implementing technical, policy, and cognitive defenses to protect our sense of truth, reality, and self-identity. \r\n\r\nWinn\u2019s keynote is a call to action. \r\n\r\nThe hacker community is among the best problem solvers the planet has ever seen. It acts as a team, a collective of like-minded individuals with an amazing array of skills who stop at nothing to achieve their aims\u2014against all odds.\r\n\r\nWinn challenges us with a new goal: Strengthen and defend the human mental immune system. Our brains, sensory nervous systems, and minds are the new attack surface.\r\n\r\nWill the hacker community rise to the challenge of solving the most existential threat it has ever faced?", "recording_license": "", "do_not_record": false, "persons": [{"code": "SQGTLH", "name": "Winn Schwartau", "avatar": "https://pretalx.com/media/avatars/SQGTLH_5iHnqBw.webp", "biography": "Winn Schwartau is one of the world\u2019s top experts on security, privacy, infowar, cyber-terrorism, and related topics. He has lived cybersecurity since 1983 and his predictions about the Internet and security have been scarily spot on.", "public_name": "Winn Schwartau", "guid": "c7d2949e-e2a8-5fe4-a7dc-008daeb25d87", "url": "https://pretalx.com/orangecon-2024/speaker/SQGTLH/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/XVEWPL/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/XVEWPL/", "attachments": []}, {"guid": "3d0b41a9-e474-57db-b4d5-8e59041db4f3", "code": "FSCA3A", "id": 52807, "logo": null, "date": "2024-09-05T10:00:00+02:00", "start": "10:00", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-52807-low-energy-to-high-energy-hacking-nearby-ev-chargers-over-bluetooth", "url": "https://pretalx.com/orangecon-2024/talk/FSCA3A/", "title": "Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "During the first Pwn2Own Automotive, organised by ZDI in Tokyo in January 2024, Computest Sector 7 successfully demonstrated exploits for vulnerabilities in three different EV-chargers. All three could be exploited to execute arbitrary code on the charger, with the only prerequisite being close enough to connect to Bluetooth.", "description": "As electric vehicles become increasingly integrated into our transportation infrastructure, the security of their charging systems is becoming paramount. A threat actor hacking EV chargers at scale could have a real life impact on the continuity of our power grid and the transportation sector. Therefore, it is important that manufacturers and operators are well aware of their role in protecting our power grid.\r\n\r\nThis year we demonstrated several zero day attacks against commonly used EV chargers during the international Pwn2Own Automotive competition. Most of these vulnerabilities were very easy to find once the firmware was extracted. The lack of mitigations against binary exploitation meant writing the exploits was also straightforward.\r\n\r\nIn this talk, we will explain the vulnerabilities we found, the exploits we developed and what lessons about IoT security in general can be learned from this.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MDJWZK", "name": "Daan Keuper", "avatar": "https://pretalx.com/media/avatars/MDJWZK_DCMJcAP.webp", "biography": "Daan Keuper is the head of security research at Computest Security. This division is responsible for advanced security research on commonly used systems and environments.\r\n\r\nDaan participated four times in the internationally known Pwn2Own competition by demonstrating zero-day attacks against Zoom and multiple ICS applications. In addition Daan did research on internet connected cars, in which several vulnerabilities were found in cars from the Volkswagen Group.", "public_name": "Daan Keuper", "guid": "e3d2d027-ec50-51d3-bbde-e95502e0a2b2", "url": "https://pretalx.com/orangecon-2024/speaker/MDJWZK/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/FSCA3A/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/FSCA3A/", "attachments": []}, {"guid": "a3638f20-5768-546b-a335-bac6e3a68874", "code": "EFL9RJ", "id": 54030, "logo": null, "date": "2024-09-05T11:00:00+02:00", "start": "11:00", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-54030-making-penetration-testing-auditable", "url": "https://pretalx.com/orangecon-2024/talk/EFL9RJ/", "title": "Making penetration testing auditable", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Penetration testing can vary widely in execution, sometimes providing clear insights, and other times leaving much to be desired. For clients, these tests are essential for ensuring product security and often hold significant audit value. The COVID-19 crisis revealed a powerful opportunity: enhancing client assurance through more transparent and reliable pentests, a necessity increasingly driven by evolving legislation.\r\n\r\nThis realization sparked the creation of a groundbreaking collaboration. Clients, software developers, pentesters, auditors, and information security researchers now join forces in a unique alliance. Our mission? To empower every knowledgeable professional to contribute, ensuring that every crucial aspect is thoroughly examined.\r\n\r\nWelcome to the Methodology for Information Security Research with Audit Value \u2013 a comprehensive, participatory approach that elevates the standards of penetration testing. Embrace this innovative methodology and transform how you achieve security and compliance!", "description": "### Unveiling a Revolutionary Approach to Penetration Testing: The Methodology for Information Security Research with Audit Value\r\n\r\nIn the ever-evolving landscape of cybersecurity, penetration testing has become a cornerstone for ensuring product security and compliance. However, the methods of conducting these tests can vary significantly, sometimes offering clear insights and other times leaving much to be desired. Clients rely on these tests not only for assurance but also for their crucial audit value. The recent COVID-19 crisis highlighted a vital need: enhancing client assurance through more transparent and reliable penetration tests, a necessity increasingly driven by stringent legislation.\r\n\r\n#### A Unique Collaboration for Enhanced Security\r\n\r\nThis realization led to the formation of a groundbreaking collaboration, bringing together clients, software developers, pentesters, auditors, and information security researchers. Our innovative approach is designed to empower every knowledgeable professional to contribute, ensuring that every critical component is thoroughly examined. Welcome to the Methodology for Information Security Research with Audit Value.\r\n\r\n#### Focusing on Open Standards\r\n\r\nOur methodology is rooted in open standards, promoting transparency, interoperability, and innovation. By adhering to these standards, we ensure that our approach is not only robust but also adaptable to various environments and requirements. Open standards facilitate a common language and framework, making it easier for all stakeholders to collaborate and for solutions to integrate seamlessly.\r\n\r\n#### Addressing Requirements and Consequences\r\n\r\nThe Methodology for Information Security Research with Audit Value goes beyond merely meeting requirements. It provides a clear understanding of the consequences if certain aspects are missing, ensuring that clients are fully informed of potential risks and impacts. This comprehensive approach includes:\r\n\r\n- **Procurement Requirements**: Ensuring that all inkoopeisen (procurement requirements) are met with precision, helping clients make informed decisions when acquiring new products or services.\r\n- **Legal Aspects**: Addressing all juridische aspecten (legal aspects) to ensure compliance with relevant laws and regulations, thereby minimizing legal risks and liabilities.\r\n\r\n#### Providing Comprehensive Compliance Tools\r\n\r\nOur methodology equips you with everything needed to achieve and maintain compliance. From detailed guidelines and best practices to thorough checklists and audit trails, we provide all the tools necessary to ensure that nothing is overlooked. This includes:\r\n\r\n- **Detailed Guidelines**: Step-by-step instructions and best practices to guide you through every stage of the penetration testing process.\r\n- **Thorough Checklists**: Comprehensive checklists to ensure all critical aspects are covered, leaving no room for oversight.\r\n- **Audit Trails**: Robust audit trails that document every action and decision, providing transparency and accountability throughout the testing process.\r\n\r\n#### Transforming Security and Compliance\r\n\r\nEmbrace this innovative methodology and transform the way you achieve security and compliance. The Methodology for Information Security Research with Audit Value represents a comprehensive, participatory approach that elevates the standards of penetration testing. By focusing on open standards, addressing requirements and their consequences, and providing all necessary compliance tools, we ensure that your security measures are not only effective but also thoroughly documented and auditable.\r\n\r\nJoin us in pioneering a new era of cybersecurity. Discover the future of penetration testing with the Methodology for Information Security Research with Audit Value, and ensure that your security practices are second to none.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UTLHLR", "name": "Brenno de Winter", "avatar": "https://pretalx.com/media/avatars/UTLHLR_RfAwF2A.webp", "biography": "Brenno de Winter has been involved in security since his early years. For 15 years he was a renowned Dutch investigative journalist. Born on December 6, 1971, in Ede, Netherlands, de Winter has made significant contributions to the field of information security and privacy. He is best known for his work in uncovering vulnerabilities in public and private sector IT systems, often bringing to light the importance of cybersecurity.\r\n\r\nDe Winter started his career as a programmer, but had several roles. In 2001 he became a journalist and quickly gained a reputation for his thorough investigative techniques and commitment to transparency and public accountability. His notable works include exposing security flaws in the Dutch public transport chip card (OV-chipkaart) and various governmental IT systems, which prompted widespread public discourse and policy changes.\r\n\r\nIn addition to his journalism, de Winter is a sought-after speaker and educator on topics related to cybersecurity, privacy, and digital rights. He has authored several articles and books, sharing his extensive knowledge and advocating for stronger security measures and better data protection practices.\r\n\r\nThroughout his career, Brenno de Winter has received numerous accolades for his contributions to the field, cementing his status as a leading figure in cybersecurity and investigative journalism in the Netherlands and beyond.\r\n\r\nHe is the 'catfather' of the OpenKAT-project and currently leads the effort of standardizing penetration testing.", "public_name": "Brenno de Winter", "guid": "37e36f84-089b-541e-8f0b-dfee8239be6d", "url": "https://pretalx.com/orangecon-2024/speaker/UTLHLR/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/EFL9RJ/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/EFL9RJ/", "attachments": []}, {"guid": "5fd0e92b-209e-53c0-bfa6-c0ce21fa0a22", "code": "C8PRBG", "id": 53225, "logo": "https://pretalx.com/media/orangecon-2024/submissions/C8PRBG/Wire_2024-07-10_at_09-46-08_S9XrsVF.png", "date": "2024-09-05T11:30:00+02:00", "start": "11:30", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-53225-the-registry-rundown", "url": "https://pretalx.com/orangecon-2024/talk/C8PRBG/", "title": "The Registry Rundown", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Thought you knew how the Windows Registry worked? We have some tricks up our sleave to abuse the Remote Registry for extended remote reconnaissance and moving laterally to other systems, even bypassing typical remote UAC restrictions to gain code execution.", "description": "The talk will cover the basics of the Windows Registry and its structure, including the different hives (e.g. HKLM, HKCU) and their purpose. We will then delve into the different ways the registry can be accessed, both locally and remotely.\r\n\r\nLots of informaton can be gathered from a remote system via the Remote Registry, such as installed software, configuration, and user activity. All using the privileges of a regular domain user without local administrator permission.\r\n\r\nWe will share some interesting findings that we came across that facilitate lateral movement via the registry (bypassing remote UAC). We also successfully used the Remote Registry service to bypass typical jumpbox restrictions that normally don\u2019t allow the user to login via RDP directly.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CMZKXS", "name": "Cedric Van Bockhaven", "avatar": null, "biography": "Cedric loves solving offensive computer security puzzles, researching new attack vectors, and finding vulnerabilities in obscure technologies. At Outflank, he performs Red Teaming projects and works on the Outflank Security Tooling (OST).", "public_name": "Cedric Van Bockhaven", "guid": "3da240ce-7859-52d1-86b5-1c8b4319da5b", "url": "https://pretalx.com/orangecon-2024/speaker/CMZKXS/"}, {"code": "SNY7MG", "name": "Max Grim", "avatar": "https://pretalx.com/media/avatars/SNY7MG_8h1v3lm.webp", "biography": "Max is a Red Team operator and software developer at Outflank. He earned his Master\u2019s degree in System and Network Engineering at the University of Amsterdam with a focus on network- and system security. Max has a background in security testing, software engineering, cloud environments and DevOps practices and he applies that knowledge building the Outflank Security Tooling (OST). He also has a keen interest in designing and hacking (embedded) hardware devices.", "public_name": "Max Grim", "guid": "6e1b58b5-a672-5f1a-81eb-345cedcba9c3", "url": "https://pretalx.com/orangecon-2024/speaker/SNY7MG/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/C8PRBG/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/C8PRBG/", "attachments": []}, {"guid": "f491086e-15b4-5523-bbf7-463defd29038", "code": "DSMSJH", "id": 54048, "logo": null, "date": "2024-09-05T12:00:00+02:00", "start": "12:00", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-54048-securing-ot-too-hard-or-not-for-me", "url": "https://pretalx.com/orangecon-2024/talk/DSMSJH/", "title": "Securing OT, too hard or not for me?", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "We read regularly in the news that critical infrastructure or OT networks should be better secured. We learn about APTs attacking these networks, or the latest ICS zero day vulnerabilities demonstrated during Pwn2Own. Mostly advanced attacks, which could feel overwhelming and hard to defend against, but is this actually true? If we think a bit longer about this we can come up with the following questions:\r\n\r\n- Are these actually the biggest threats to your OT environment you should be focusing on?\r\n- Should we just accept OT networks are insecure and could be easily hacked? \r\n- Or is there something that could be done to improve the security of these environments?\r\n\r\nDuring this talk we will try to answer these question by combining threat intelligence and first hand security testing experience of OT environments and systems. We will share common vulnerabilities or configuration weaknesses and recommendations for improvements. Hopefully, after this talk you have the feeling not all is lost, and there is still a lot of room for improving the security of OT networks and systems.", "description": "Presentation outline:\r\n- Introduction\r\n- Why is OT different from IT?\r\n- OT threats\r\n\t- Targeted (critical infrastructure) vs non targeted (generic OT)\r\n\t- Example threat scenarios:\r\n\t\t- Ransomware\r\n\t\t- (Preposition for) sabotage\r\n\t\t- Supply chain and suppliers\r\n\t\t- Internet connected OT devices and hacktivists\r\n* Security testing OT\r\n\t* Why is this different?\r\n\t* Approach\r\n* Common vulnerabilities and weaknesses\r\n\t* Network design & security architecture\r\n\t\t* Purdue model\r\n\t\t* firewall configuration\r\n\t\t* Virtualisation\r\n\t\t* Switching infrastructure\r\n\t* Windows systems\r\n\t\t* Active Directory\r\n\t\t* Vulnerabilities\r\n\t\t* Hardening\r\n\t* HMI, PLC, sensors and actuators\r\n\t\t* Weak or default passwords\r\n\t\t* Vulnerabilities\r\n\t\t* Insecure protocols\r\n* Conclusions & recommendations\r\n* Questions", "recording_license": "", "do_not_record": false, "persons": [{"code": "9CRFZE", "name": "Erwin Paternotte", "avatar": null, "biography": "Erwin currently works as a CTI specialist at the Dutch government. In his previous life he was a penetration tester/red teamer for over 20 years. During these years tested a large variety of systems and networks and let complex assignments. Over the years he specialized in OT systems and networks, IoT devices and hardware hacking. He previously presented his OT research at the S4 conference, DEF CON, Hardwear.io and Hack in the Box.", "public_name": "Erwin Paternotte", "guid": "321517ba-ec25-5a7e-a5be-51d38a084b45", "url": "https://pretalx.com/orangecon-2024/speaker/9CRFZE/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/DSMSJH/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/DSMSJH/", "attachments": []}, {"guid": "23a6faa4-ac9a-5230-984a-8e17c85f6a7c", "code": "ZEXPCK", "id": 51030, "logo": null, "date": "2024-09-05T13:30:00+02:00", "start": "13:30", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-51030-protecting-organizations-against-aitm-lessons-learned", "url": "https://pretalx.com/orangecon-2024/talk/ZEXPCK/", "title": "Protecting organizations against AITM: lessons learned.", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Protecting Hundreds of Organizations Against AiTM: Lessons Learned\" dives into the evolving threat of AiTM) attacks. Our presentation highlights the transition from basic phishing tactics to sophisticated methods that compromise organizational security. The presentation outlines the journey from oldschool phishing attacks, to phishing framework like UADMIN, and the introduction of tools like Evilginx. And now the SaaS providers allowing anyone to buy access to an AiTM platform.\r\n\r\nWe\u2019ve introduced a free method of detecting AiTM attacks. Which has allowed us an insight into the scale of AiTM attacks atleast against Microsoft M365 tenants. This prompted the development of a fingerprinting tool to gain an insight into the different actors performing these attacks and typical methods they employ.  \r\n\r\nWe give an insight into a popular AiTM SaaS platform and the revenue stream hosting such software creates. The session ends by outlining common techniques to prevent these types of attacks. Most organizations use M365 and experience attacks using AITM to bypass MFA. At the same time SaaS providers are building AITM services that allow targeteted attacks allowing for supply chain attacks (AITM targeted against admin sites for: pypi, npmjs and rubygems). At the same time used for very specific scams for example against booking.com. Attackers use the booking.com hotel login to extract creditcard information for upcomming hotel guests.", "description": "There\u2019s been an uprising in the amount of AITM based attacks. BEC fraud operators use it as MFA is more and more common. But the apearance of SaaS providers in the AITM space make these attacks easier to perform and therefore making them more common. Booking.com has been a popular target allowing attackers to use the hotel operator login to phish creditcards by sending upcomming guests reminders to pay. The fact that these reminders are sent via the booking.com app makes them super trustworthy. At the same time environments such as M365/EntraID are popular targets for other operators. This past year we\u2019ve been trying to prevent and detect these types of attacks. The goal of the presentation is make attendees aware of the risks, the different operators and types of attacks happening today.", "recording_license": "", "do_not_record": false, "persons": [{"code": "G9R83H", "name": "Rik van Duijn", "avatar": "https://pretalx.com/media/avatars/G9R83H_DEubUpD.webp", "biography": "Rik has over 10 years of experience in offensive security area working as a penetration tester. Next to his work assessing the security of infrastructures, he spends time researching trends within IT security and on developing defensive measures.", "public_name": "Rik van Duijn", "guid": "7b86688e-709f-5b7b-98bc-98d79535cdbd", "url": "https://pretalx.com/orangecon-2024/speaker/G9R83H/"}, {"code": "CAUSAR", "name": "Wesley", "avatar": null, "biography": null, "public_name": "Wesley", "guid": "7e0ac9e6-ddc1-5238-88b0-f36e4541cbb6", "url": "https://pretalx.com/orangecon-2024/speaker/CAUSAR/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/ZEXPCK/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/ZEXPCK/", "attachments": []}, {"guid": "79fe3b33-7b3a-551e-8b70-61a178aee409", "code": "CTQP8R", "id": 52206, "logo": null, "date": "2024-09-05T14:00:00+02:00", "start": "14:00", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-52206-offensive-development-in-modern-languages", "url": "https://pretalx.com/orangecon-2024/talk/CTQP8R/", "title": "Offensive Development in Modern Languages", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "As an (offensive) security professional, building tools to support your operations is no longer optional. Not only do you need custom malware to stay undetected on your target, the large scope of modern environments requires many different variants of automation to stay ahead. This talk will discuss what having an \"Offensive Development\" capability means, how modern languages like Rust or Go can help (or work against you), and how to take your code beyond PoC with some good development practice.", "description": "As a security professional, building tools to support your operations is no longer optional. Offensive specialists need to build advanced and custom malware to effectively stay under the radar and simulate threats, and effectively automate full attack workflows to cover large scopes and ensure repeatable results.\r\n\r\nIn this talk, Cas will explore the concept of \"Offensive Development\", how it differs from malware development, and how choosing the right language from modern programming languages such as Rust, Golang, Python and Nim can significantly impact your tools (and your sanity). \r\n\r\nCas will provide insights into the strengths and weaknesses of each language, supported by case studies that highlight their practical, real-world applications in offensive security. These case studies will also highlight the importance of good developer practice to ensure your next repository doesn't have to contain a disclaimer that says \"POC CODE - DON'T RUN IN PRODUCTION\" ;)\r\n\r\nThis talk is designed for both seasoned offensive security professionals and beginners with a foundational technical understanding. It will provide valuable insights not only for red teamers but for the broader security industry, emphasizing the importance of automation and a development mindset in today's complex security landscape.", "recording_license": "", "do_not_record": false, "persons": [{"code": "KPM3TE", "name": "Cas van Cooten", "avatar": "https://pretalx.com/media/avatars/KPM3TE_Q94hL7W.webp", "biography": "Cas van Cooten is an offensive security enthusiast and Red Teamer at ABN AMRO Bank in The Netherlands. He is a champion for \"offensive development\" - building solid tools to support every aspect of offensive operations. Particularly, he likes evading defenses by developing offensive security tooling and malware that utilize modern features of languages like Rust, Golang or Nim. He loves sharing knowledge and responsibly open-sourcing tooling via his Twitter and Github to ultimately promote the collaboration between Red and Blue.", "public_name": "Cas van Cooten", "guid": "efb57ad5-e5da-58f4-8d80-ba2dab2b57ad", "url": "https://pretalx.com/orangecon-2024/speaker/KPM3TE/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/CTQP8R/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/CTQP8R/", "attachments": []}, {"guid": "9ee9e3c7-f17f-5e4b-a893-9ce6cb5f382d", "code": "GMGBGE", "id": 54472, "logo": null, "date": "2024-09-05T14:30:00+02:00", "start": "14:30", "duration": "00:45", "room": "Main track", "slug": "orangecon-2024-54472-attacking-primary-refresh-tokens-using-their-macos-implementation", "url": "https://pretalx.com/orangecon-2024/talk/GMGBGE/", "title": "Attacking Primary Refresh Tokens using their MacOS implementation", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "While Microsoft Entra Primary Refresh Tokens remain mostly undocumented, on Windows there has been quite some research in how they work and how they can be attacked or protected. Despite several hiccups (read: vulnerabilities) in getting there, the implementation is now mostly secure if you have a Trusted Platform Module (TPM). On other platforms, the Primary Refresh Token is also used but its implementation is undocumented. We decided to investigate how Microsoft implemented Primary Refresh Tokens on MacOS, how they are protected and how hard (or easy) it is for attackers to steal them. During the investigation, we encountered more undocumented protocol features, leading to the discovery of deviceless Primary Refresh Tokens (PRTs). These deviceless PRTs, which as the name implies are only tied to a user and not a device. In some environments this might already be enough for an attacker to achieve their goal, since these PRTs could be obtained during phishing. \r\n\r\nIn this session, we will talk about the PRT internals, their protection on MacOS, and on the current and new PRT implementation Microsoft introduced using the Platform SSO capabilities.", "description": "While Microsoft Entra Primary Refresh Tokens remain mostly undocumented, on Windows there has been quite some research in how they work and how they can be attacked or protected. Despite several hiccups (read: vulnerabilities) in getting there, the implementation is now mostly secure if you have a Trusted Platform Module (TPM). On other platforms, the Primary Refresh Token is also used but its implementation is undocumented. We decided to investigate how Microsoft implemented Primary Refresh Tokens on MacOS, how they are protected and how hard (or easy) it is for attackers to steal them. During the investigation, we encountered more undocumented protocol features, leading to the discovery of deviceless Primary Refresh Tokens (PRTs). These deviceless PRTs, which as the name implies are only tied to a user and not a device. In some environments this might already be enough for an attacker to achieve their goal, since these PRTs could be obtained during phishing. \r\n\r\nIn this session, we will talk about the PRT internals, their protection on MacOS, and on the current and new PRT implementation Microsoft introduced using the Platform SSO capabilities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "JQFF7C", "name": "Olaf Hartong", "avatar": null, "biography": "Olaf is a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.", "public_name": "Olaf Hartong", "guid": "5e235dd9-74e7-5388-bc12-2adf2ea6ee71", "url": "https://pretalx.com/orangecon-2024/speaker/JQFF7C/"}, {"code": "NLNLGT", "name": "Dirk-jan Mollema", "avatar": "https://pretalx.com/media/avatars/NLNLGT_xqEqUZd.webp", "biography": "Dirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft\u2019s Most Valuable Researchers multiple times.", "public_name": "Dirk-jan Mollema", "guid": "57daa98d-9158-5822-811e-9ccdd074bf0c", "url": "https://pretalx.com/orangecon-2024/speaker/NLNLGT/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/GMGBGE/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/GMGBGE/", "attachments": []}, {"guid": "b0f38e0a-3ef5-50de-96a9-edaa9ad5b3d8", "code": "YZRPBK", "id": 53442, "logo": null, "date": "2024-09-05T15:45:00+02:00", "start": "15:45", "duration": "00:40", "room": "Main track", "slug": "orangecon-2024-53442-confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server", "url": "https://pretalx.com/orangecon-2024/talk/YZRPBK/", "title": "Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "Apache HTTP Server, as a cornerstone of the entire World Wide Web, accounts for about one-third of the web server market share worldwide. It's not an overstatement to say that its security is synonymous with the security of the Internet. However, while delving into the source by chance, we discovered that the coding style of this open-source project seemed a little bit... open? This research was thus born!\r\n\r\nThe Apache Httpd is comprised of dozens of different modules, which are coupled together. When a new HTTP request arrives, all modules uphold and maintain a colossal structure, collaborating in harmony to complete the request. While this cooperation might sound ideal, the reality reveals a significant challenge: the modules are not entirely familiar with each other, especially regarding the implementation details. However, they are asked to collaborate to fulfill the task. If any module has an incorrect understanding of any fields of this huge structure, it could potentially lead to fatal issues.\r\n\r\nThis observation led us to focus on interactions between modules, and discover this new attack surface. Let's see how a seemingly harmless structure modification can be passed through layers, amplifying the impact and affecting other modules to become vulnerabilities. This novel attack surface unearthed 3 distinct types of Confusion Attacks and 8 vulnerabilities, which allow us to navigate easily between Httpd modules, generating various attacks based on the different functionalities of modules: from the simplest arbitrary source code disclosure to misinterpreting a normal image as malicious scripts, bypassing ACL, and enabling unlimited SSRF. Of course, we won't forget about RCE, we will demonstrate how a long-underestimated bug type can be transformed into code execution by leveraging Httpd's internal features!\r\n\r\nBy understanding this talk, attendees won't be surprised at how we've managed to teach an old dog new tricks. Developers will understand how to avoid writing problematic Httpd modules. Server Admins can utilize this knowledge to examine their sites for potential vulnerabilities, and security researchers are able to explore more hidden issues along this direction. It's a scenario where everyone wins!", "description": "## 1. Methodology and Our New Attack Surface\r\n\r\nWe focus on exploring the interactions between Apache Httpd modules, as mentioned in the abstract. Apache Httpd is a world constructed of modules, even the official documentation highlights that:\r\n\r\n*URL: https://httpd.apache.org/docs/2.4/mpm.html*\r\n\r\n> Apache HTTP Server 2.0 extends this modular design to the most basic functions of a web server.\r\n\r\nHttpd modules are free to register hooks to the phases they're interested in. An HTTP request will **walk through** all modules, and at each stage, it's up to the modules to decide whether to ACCEPT or REJECT the current request. An issue arises from the fact that:\r\n\r\n> Modules do not fully understand each other's implementation details. However, they are asked to collaborate to complete the entire HTTP process.\r\n\r\nFor an HTTP request, all modules share and maintain an internal data structure `request_rec` with nearly a hundred members. If there is an ambiguity in understanding the same structure member among modules, it can easily lead to problems. Similarly, if a module mistakenly modifies a member that is insignificant to it but crucial to another module in this shared structure, it might affect other modules' decisions and cause problems, too!\r\n\r\n\r\n## 2. Proposed THREE Attacks and EIGHT New Vulnerabilities\r\n\r\nBased on the concept mentioned above, we have created 3 distinct types of Confusion Attacks on Apache HTTP Server:\r\n\r\n1. **Filename Confusion Attack**: For a same HTTP request, some modules treat `r->filename` as a URI, while others treat it as a filesystem path. This inconsistency causes security issues such as source code disclosure or ACL/Authentication Bypass.\r\n2. **DocumentRoot Confusion Attack**: For any RewriteRule Mapping, Httpd would try to access both the relative path and absolute path. This leads to unintended files accessing outside the DocumentRoot.\r\n3. **Handler Confusion Attack**: For the same `request_rec` structure, under certain conditions, `r->content_type`, `r->handler`, and `r->filename` are interconnected and can be transformed into each other, leading to security issues such as SSRF or RCE.\r\n\r\nThese Confusion Attacks can be transformed into different types of vulnerability classes. So far, we have uncovered 8 vulnerabilities in Apache HTTP Server, including:\r\n\r\n1. **CVE-2024-38477 - important**: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request\r\n2. **CVE-2024-38476 - important**: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect\r\n3. **CVE-2024-38475 - important**: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path\r\n4. **CVE-2024-38474 - important**: Apache HTTP Server weakness with encoded question marks in backreferences\r\n5. **CVE-2024-38473 - moderate**: Apache HTTP Server proxy encoding problem\r\n6. **CVE-2024-38472 - important**: Apache HTTP Server on Windows UNC SSRF\r\n7. **CVE-2024-39573 - moderate**: Apache HTTP Server: mod_rewrite proxy handler substitution\r\n8. **CVE-2023-38709 - moderate**: Apache HTTP Server: HTTP response splitting\r\n\r\nYou can check the [Apache HTTP Server website](https://httpd.apache.org/security/vulnerabilities_24.html) for details!\r\n\r\nOur presentation will focus mainly on vulnerabilities #2, #3, #4, #5 and #7. The impacts include, but are not limited to:\r\n\r\n- Sensitive Information Leakage\r\n- Denial-of-Service Attack\r\n- ACL and Authentication Bypass\r\n- Arbitrary Server-Side Source Code Disclosure\r\n- Arbitrary File Read\r\n- SSRF (Server-Side Request Forgery)\r\n- RCE (Remote Code Execution)\r\n\r\n\r\n## 3. Demo\r\n\r\nWe will demonstrate how a long-underestimated bug type can be transformed into powerful exploits, including Info-Leak, SSRF, and RCE by leveraging Httpd's internal features.\r\n\r\nThis breakthrough is powered by our innovative Confusion Attack technique, enhancing our capability to intricately navigate and manipulate Httpd modules.\r\n\r\n\r\n## 4. Previous Work\r\n\r\nAs far as I know, attacks that specifically target the inconsistencies within Httpd's internal structure have been rare. The only closest discussion on this topic was presented by Max Dmitriev at ZeroNights 2021:\r\n\r\n*Title: Apache 0day bug, which still nobody knows of, and which was fixed accidentally*\r\n*Slide: https://tinyurl.com/bdxdfk8j*\r\n\r\nHowever, the discussion did not extensively explore this avenue. The publicly available bug description suggests that the real issue was not precisely identified.\r\n\r\n> \"...a lack of control over an Apache error when using php-cgi and ModSecurity...\"\r\n\r\nIn reality, any handler based on `Content-Type` should be vulnerable, indicating that not only php-cgi but also the widely utilized mod_php could be at risk.\r\n\r\n\r\n## 5. Notes\r\n\r\nThe issues we have identified are present in the core modules of Apache Httpd, not in third-party modules that are rarely or never installed. :)", "recording_license": "", "do_not_record": false, "persons": [{"code": "MKLPFH", "name": "Orange Tsai", "avatar": "https://pretalx.com/media/avatars/MKLPFH_mbWgl5N.webp", "biography": "Orange Tsai, is the principal security researcher of DEVCORE and the core member of CHROOT security group in Taiwan. He is the champion and the \"Master of Pwn\" title holder at Pwn2Own Vancouver 2021 and Toronto 2022. In addition, Orange has spoken at several top hacker conferences such as Black Hat USA (5 times), DEF CON (5 times), HITCON (11 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!\r\n\r\nCurrently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for \"Best Server-Side Bug\" in 2019/2021 but also secured 1st place in the \"Top 10 Web Hacking Techniques\" for 2017/2018. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.\r\n\r\nYou can find Orange on X [@orange_8361](https://x.com/orange_8361) and [https://blog.orange.tw/](https://blog.orange.tw/)", "public_name": "Orange Tsai", "guid": "a41319f0-e81c-5d8b-802d-7ad31f79814b", "url": "https://pretalx.com/orangecon-2024/speaker/MKLPFH/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/YZRPBK/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/YZRPBK/", "attachments": []}, {"guid": "4c12b5a7-c41b-54e9-83cd-e84b3c732903", "code": "DKGN93", "id": 54456, "logo": null, "date": "2024-09-05T16:25:00+02:00", "start": "16:25", "duration": "00:30", "room": "Main track", "slug": "orangecon-2024-54456-closing-keynote-u-matter", "url": "https://pretalx.com/orangecon-2024/talk/DKGN93/", "title": "Closing Keynote: U-matter", "subtitle": "", "track": "Main track", "type": "Talk", "language": "en", "abstract": "To be announced/It's gonna be a surprise.", "description": "To be announced/It's gonna be a surprise.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8XSJV7", "name": "Inge Bryan", "avatar": "https://pretalx.com/media/avatars/8XSJV7_060SGx3.webp", "biography": "Inge Bryan, chair of the Dutch Institute for Vulnerability Disclosure, former CEO of Fox-IT, is a trusted advisor to boards and policymakers. Her career spans two decades of intelligence and criminal investigations, mainly tech and data related. She has vast experience in leading investigations, leading change in organizations and managing crises. She is intimately familiar with all sides of cybercrime, espionage and warfare. After leaving law enforcement in 2016, she has led cyber security programs in large organizations primarily in the public sector and critical infrastructure.\r\n\r\n\r\nInge\u2019s ancillary positions are: Board member of Royal Holland Society for the Sciences \u2013 Chair of the Supervisory Board of Datenna, Supervisory board member at the Clingendael Institute \u2013 Advisory board member at the National Archives \u2013 Chair of the Anti-Abuse Network - Supervisory Board Member of the Victim Support Fund - Member of the evaluation committee for the Data Protection Authority.", "public_name": "Inge Bryan", "guid": "89f9c353-4a8a-5cdb-9303-d36aabdfcaaf", "url": "https://pretalx.com/orangecon-2024/speaker/8XSJV7/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/DKGN93/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/DKGN93/", "attachments": []}], "Second track": [{"guid": "39059ae6-79e5-5eb0-877c-4ae64654c14b", "code": "8QBSMA", "id": 54415, "logo": "https://pretalx.com/media/orangecon-2024/submissions/8QBSMA/photo_4994831697648398911_y_pxM6JkD.jpg", "date": "2024-09-05T11:00:00+02:00", "start": "11:00", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-54415-securing-devices-or-profits-examining-the-device-security-of-a-network-appliance-vendor", "url": "https://pretalx.com/orangecon-2024/talk/8QBSMA/", "title": "Securing devices or profits? Examining the device security of a network appliance vendor", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "This talk is about the hidden devices that connect you, which are not often in the spotlight but frequently in many places: SMB network appliances. Specifically, my research has focused on Cisco Meraki wired routers and wireless access points.\r\n\r\nSecure boot is the most widely used technology to ensure the integrity of a device\u2019s boot chain. Adversaries, both criminal and state-sponsored, are moving down the software stack and closer to firmware to gain persistence and evade detection. However, secure boot is only as strong as its weakest link, which is often the vendor implementing it.\r\n\r\nRecently, it has become apparent that some vendors have not been adequately securing, or even changing the example keys used to sign their firmware; the so-called PKFail.\r\n\r\nThe talk will focus on the following:\r\n* The current state of Cisco Meraki\u2019s device security model, spanning multiple devices and product generations\r\n* Mistakes made in implementing secure boot, allowing for execution of unsigned code on devices employing secure boot\r\n\r\nCome and find out if the teleworker gateway, or the wireless router used in your child\u2019s school, are really as secure as the manufacturer claims they are. And is the intent behind securing these devices really to prevent adversaries from compromising them, or more to protect the profits of the manufacturer selling them?", "description": "This talk will focus on Cisco Meraki's efforts to secure their recent devices against unsigned code execution, the specific steps they've taken, and details on the mistakes made that allow users to run an open-source firmware like OpenWrt on their device. You can expect photos of hardware disassembly, C code, and disassembler screenshots.\r\n\r\nI will also go over what steps you can take if you plan to ship an embedded device and want to prevent tampering. Finally, I will discuss over the moral and ethical issues surrounding secure boot, device re-use, and e-waste.", "recording_license": "", "do_not_record": false, "persons": [{"code": "XB39PS", "name": "Hal Martin", "avatar": "https://pretalx.com/media/avatars/XB39PS_CG8Vw04.webp", "biography": "Hal studied Computer Systems Engineering and works as a software developer. One of his many hobbies is asking companies for their GPL source code, and reverse engineering embedded devices. Hal is the main developer behind the postmerkOS open-source firmware for several Meraki switch models.\r\n\r\nYou can find more information on his blog \u00abWatchMySys\u00bb : https://watchmysys.com/blog/", "public_name": "Hal Martin", "guid": "d8e442e4-e2e2-5094-b0ff-3e53ced7bff7", "url": "https://pretalx.com/orangecon-2024/speaker/XB39PS/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/8QBSMA/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/8QBSMA/", "attachments": []}, {"guid": "111276af-e2b7-5a0d-b0cb-a022d261b38d", "code": "XFDFLL", "id": 53192, "logo": "https://pretalx.com/media/orangecon-2024/submissions/XFDFLL/test_4oOcuZe.png", "date": "2024-09-05T11:30:00+02:00", "start": "11:30", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-53192-elevate-your-skills-from-com-object-fundamentals-to-uac-bypasses", "url": "https://pretalx.com/orangecon-2024/talk/XFDFLL/", "title": "Elevate Your Skills: From COM object fundamentals to UAC bypasses", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "When did you last use or analyze a UAC bypass? And did you fully understand its internals? \r\n\r\nUser Account Control (UAC) is a security feature in Windows that limits the set of privileges available to users. And so, bypassing UAC enables threat actors to utilize privileges otherwise not available. A lot of the publicly available UAC bypasses exist, and most of them abuse functionality in COM objects to achieve their goal. However, COM is a largely undocumented part of Windows, making it difficult to truly understand how this process technically works.\r\n\r\nIn 30 minutes, I will teach you the basics of UAC and COM. Largely visualized, I explain how UAC works, what COM is, and how you can communicate with COM objects. As we progress, I explain in an easy-to-follow way how you can exploit COM objects to bypass UAC.\r\n\r\nLastly, I demo the exploitation of UAC through COM, and I share the code so you can start experimenting with UAC and COM by yourself.", "description": "n/a", "recording_license": "", "do_not_record": false, "persons": [{"code": "RPR9TR", "name": "Tijme Gommers", "avatar": "https://pretalx.com/media/avatars/RPR9TR_Rl3kCCZ.webp", "biography": "As Reverse Engineer & Red Teamer, Tijme ([@tijme](https://x.com/tijme)) supports in the development of Adversary Simulation services to conduct ART & TIBER. He facilitates teams with knowledge, tools & techniques used to simulate nation-state actors as accurately as possible, ultimately increasing cyber resilience of critical organisations and infrastructure throughout Europe. Furthermore, with his polyglot software engineering background, he works on the development of malware and zero-day exploits. This is once again used to realistically train blue teams in repelling nation-state cyber-attacks.", "public_name": "Tijme Gommers", "guid": "ed607656-50c1-5e8a-afa1-89bdea60a438", "url": "https://pretalx.com/orangecon-2024/speaker/RPR9TR/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/XFDFLL/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/XFDFLL/", "attachments": []}, {"guid": "e1c2d41c-ee13-52a8-b737-294f403c8daf", "code": "LN3EPV", "id": 54200, "logo": null, "date": "2024-09-05T12:00:00+02:00", "start": "12:00", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-54200-exploiting-the-core-a-deep-dive-into-kernel-driver-vulnerability-hunting", "url": "https://pretalx.com/orangecon-2024/talk/LN3EPV/", "title": "Exploiting the Core: A Deep Dive into Kernel Driver Vulnerability Hunting", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "In a world where user-mode security is often prioritized, vulnerabilities in kernel drivers pose significant risks and can lead to privilege escalation and other severe system compromises. This presentation offers a thorough guide to identifying and analyzing these vulnerabilities. We will examine the impact of kernel driver vulnerabilities, including their exploitation in real-world attacks and their use by red teams. We will demonstrate methods for building a driver database from diverse sources while filtering for only the most promising drivers.\r\n\r\nWe will then delve into the most important technical features of kernel drivers such as user-to-kernel communication, driver architecture, and essential functionionality. Finally, we will elaborate on identifying and assessing many common vulnerability types such as heap overflows, handle leaks, and race conditions. Additionally, we will provide some practical advice on setting up research environments, debugging, and automated analysis to get you set up right away. By the end of the presentation, you'll be equipped to start your own kernel driver vulnerability research. Based on our current results, we expect many vulnerabilities are still to be found!", "description": "In this talk, we will explore the crucial aspects of finding and exploiting vulnerabilities in kernel drivers, a key area in cybersecurity research. Kernel drivers are core system components, and vulnerabilities in these components can have a large impact on systems. The talk will begin by highlighting the importance of kernel driver vulnerabilities and the impact they can have, demonstrated through real-world examples of malware and threat actor activities.\r\n\r\nWe will share insights from our own research, revealing the prevalence of vulnerabilities in various drivers and the types of vulnerabilities we've encountered. Attendees will learn about all aspects needed to kick-start vulnerability research in this area. This includes building a driver database, understanding different driver types, knowing which ones are most likely to contain exploitable vulnerabilities and recognizing common vulnerability classes.\r\n\r\nThe talk will also cover practical aspects of interacting with drivers, including methods for loading them and understanding the communication interfaces between user and kernel space. This knowledge is critical for understanding the attack surface of drivers. Additionally, we will discuss setting up a research environment and several automated tools to streamline the process of vulnerability discovery.\r\n\r\nOverall, this talk aims to equip participants with the skills and knowledge needed to start their journey in finding kernel driver vulnerabilities, enhancing their ability to contribute to cybersecurity defenses. Whether you're a beginner or looking to refine your techniques, this session will provide valuable insights into this complex and impactful area of research.", "recording_license": "", "do_not_record": false, "persons": [{"code": "Y9RJHG", "name": "Jan-Jaap Korpershoek", "avatar": "https://pretalx.com/media/avatars/Y9RJHG_FDXpjkc.webp", "biography": "Jan-Jaap Korpershoek is an experienced ethical hacker working at the Adversary Simulation team of Northwave. He blends his experience in the areas of reverse engineering, red teaming and penetration testing to find new and creative ways to test infrastructure and applications. Jan-Jaap has a bachelor in technical computer science and a master in Cyber Security. He has a broad interest in all things computer science related and is always up for an interesting challenge.", "public_name": "Jan-Jaap Korpershoek", "guid": "1f6e8cbc-4c46-5f1a-8566-b23e3a944305", "url": "https://pretalx.com/orangecon-2024/speaker/Y9RJHG/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/LN3EPV/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/LN3EPV/", "attachments": []}, {"guid": "e0db1ac5-4b47-5110-8014-8af27f9652c8", "code": "8ZA3CU", "id": 53087, "logo": null, "date": "2024-09-05T13:30:00+02:00", "start": "13:30", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-53087-an-angel-python-root-and-config-walked-into-a-bar", "url": "https://pretalx.com/orangecon-2024/talk/8ZA3CU/", "title": "An angel, python, root and config walked into a bar...", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "How many times do we need to kill the NsaRescueAngel? What's up with this messed up python webserver? Why the hell did this command injection get reimplemented?! Those were my words whilst digging into ZyXEL's NAS326 firmware from which I found multiple zeroday vulnerabilities earlier this year, which this talk will use for a case study and discuss the consequences of bad design and subpar patching.", "description": "The talk will begin with a short story on how the entire process started before proceeding into details on the NsaRescueAngel backdoor (CVE-2024-29972). Once there is a basic understanding of the core requirements set to exploit it we will move along into the authentication mechanisms present. It's flaws, consequences and results (CVE-2024-29974, CVE-2024-29972, CVE-2024-29976). Further on the talk will investigate a python code injection caused by the architectural design of a CherryPy webserver present on the machine (CVE-2024-29973), how the framework design caused the developers to first fix one zeroday found by IBM (CVE-2023-27992) and in a future update reimplement it once more. Finally previous patches performed on the code injection will receive a brief investigation and conclusions for the set questions will be drawn.\r\n\r\n# Key questions the talk intends to address\r\n* What were the actual vulnerabilities I found?\r\n* Insight into patterns and trends observed in past CVEs \r\n* Can we expect to see more of them?", "recording_license": "", "do_not_record": false, "persons": [{"code": "8QDY3N", "name": "Timothy Hjort", "avatar": "https://pretalx.com/media/avatars/8QDY3N_uEKZm6Q.webp", "biography": "I'm the type of guy who finds it funny when my car engine is full of glitter or when my home router runs a minecraft server. I entered the computer security field due to movies (HACKERS) and youtube videos before proceeding to study for a master of science in engineering: computer security degree. My professional experience includes being the head of IT for the student union at BTH along with part-time and now full-time work at Vulnerability Research in Outpost24. My primary interest is focused on computers, hardware, software architecture and cars.", "public_name": "Timothy Hjort", "guid": "dcd222b9-6530-561a-acbf-d346f3eef6ae", "url": "https://pretalx.com/orangecon-2024/speaker/8QDY3N/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/8ZA3CU/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/8ZA3CU/", "attachments": []}, {"guid": "15081406-6fde-5f5b-8691-b1a095c563fc", "code": "YWRH7X", "id": 53229, "logo": "https://pretalx.com/media/orangecon-2024/submissions/YWRH7X/tetraburst_HGzmunm.svg", "date": "2024-09-05T14:00:00+02:00", "start": "14:00", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-53229-all-cops-are-broadcasting-breaking-tetra-after-decades-in-the-shadows", "url": "https://pretalx.com/orangecon-2024/talk/YWRH7X/", "title": "All cops are broadcasting: Breaking TETRA after decades in the shadows", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "This talk will present details of the TETRA:BURST vulnerabilities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio). This European standard for trunked radio is used globally by government agencies, police, military, and critical infrastructure, for applications ranging from voice communications to SCADA telecontrol of energy distribution, oil rigs and train safety systems. \r\n\r\nAuthentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had previously remained secret for over two decades through the use of restrictive NDAs. Last year, we presented the result of a two-year research project, and disclosed both open-source implementations of the secret primitives as well as a first public security assessment of the technology. Several critical vulnerabilities were identified, including a deliberate backdoor.", "description": "This talk is an overview of the most important of the five uncovered issues, collectively dubbed TETRA:BURST. \r\n\r\nFirst, we uncover the presence of a deliberate backdoor in the TEA1 cipher, which is used in critical infrastructure. This backdoor reduces the effective key strength from 80 to 32 bits, rendering it vulnerable to an exhaustive search attack. The demonstrated attack is fully passive, and runs in under a minute. \r\nSecond, we present a keystream recovery attack which works regardless of the cipher employed, affecting all encrypted TETRA networks. \r\nFurthermore, we discuss a de-anonymization attack with counter-intelligence implications and a flaw in the authentication protocol. \r\n\r\nAdditionally, we provide the attendee with background information on TETRA's role in critical infrastructure as a SCADA telecontrol link, and how the TEA1 backdoor proliferated throughout Europe, exposing our critical infrastructure as well as several European military and police users to very severe risks.\r\n\r\nSee [https://midnightblue.nl/tetraburst](https://midnightblue.nl/tetraburst) for more details.", "recording_license": "", "do_not_record": false, "persons": [{"code": "KHRNRS", "name": "Wouter Bokslag", "avatar": "https://pretalx.com/media/avatars/KHRNRS_ci6kH44.webp", "biography": "Wouter Bokslag is a co-founding partner and security researcher at Midnight Blue. He is known for the reverse-engineering and cryptanalysis of several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world's fastest public attack against the Hitag2 cipher. He holds a Master's Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e) and designed and assisted in teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years. \r\n\r\nHe co-authored the TETRA:BURST research and currently provides security consultancy services for clients ranging from government agencies and critical infrastructure to IT and OT companies across industry verticals.", "public_name": "Wouter Bokslag", "guid": "904ea075-8908-56ae-85d1-be268e947ee3", "url": "https://pretalx.com/orangecon-2024/speaker/KHRNRS/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/YWRH7X/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/YWRH7X/", "attachments": []}, {"guid": "4584c8c1-f4c2-5a23-b034-b2f38ee57aed", "code": "VBC9AB", "id": 54460, "logo": null, "date": "2024-09-05T14:30:00+02:00", "start": "14:30", "duration": "00:30", "room": "Second track", "slug": "orangecon-2024-54460-how-to-crack-seven-billion-passwords", "url": "https://pretalx.com/orangecon-2024/talk/VBC9AB/", "title": "How to crack seven billion passwords?", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "Free Taylor Swift tickets. DNA data breached. A $150 million fine for Uber. Phone records of nearly all users of a large US telco stolen. What do these incidents have in common? Stolen passwords. Off course all OrangeCon attendees use multi factor authentication and password managers. But most people don\u2019t. Incidents caused by stolen password are (still) on the rise. According to research, stolen password are used in over 80% of recent IT security incidents. Launching a basic attack is within financial and technical reach of school kids. How to protect against account takeover attacks? Do what the bad guys are doing. And do it better! We have recovered over seven billion unique email/password pairs in the past years. In this presentation we dive into the details of password cracking at scale, and how this data can help you to keep your accounts safe.", "description": "In this presentation we dive into the process of cracking billions of passwords, and how this data can be used to protect organizations against account takeovers. Covered topics:\r\n    \u2022 Introduction. Many well-known attacks started using credential stuffing and account takeovers. Think about for example TicketMaster and Uber. But what exactly happened? What motivated hackers? What went wrong at the victims? What\u2019s the scale of the problem?\r\n    \u2022 Password blacklisting, email breach notification, password breach notification, what are the differences? Explanation of techniques that power well-known services like HaveIBeenPwnd and products from the tech giants. They might look similar, but they are not.\r\n    \u2022 Why do most well-known defenses do not protect against account takeover attacks? Techniques like rate limiting and anomaly detection are typically not effective. More complex password policies can even work contra-productive.\r\n    \u2022 How to get raw data? For free? Without TOR? Getting raw data is easy. The amount of (semi-)publicly available data is overwhelming. Processing the data is more challenging. \r\n    \u2022 Passwords: how did it all start? History of password storage and password cracking. Lessons (not) learned over the decades.\r\n    \u2022 What\u2019s the right tools for the job? Different password hashing algorithms have different characteristics. Some algorithms were not designed for storing passwords at all. Some other algorithms were specifically designed to not work well on generic cost effective hardware, making cracking extremely slow. How to overcome this? We have built FPGA-based crackers based on ex-Bitcoin miners, to achieve an orders of magnitude speed advantage over conventional hardware.\r\n    \u2022 How to use recovered credentials to protect accounts? So now we\u2019ve got over seven billion email/password pairs. How to use this unique dataset to disrupt cybercrime?\r\n    \u2022 Results and conclusion.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FQWCHA", "name": "Jeroen van Beek", "avatar": "https://pretalx.com/media/avatars/FQWCHA_Ge5Em32.webp", "biography": "Jeroen van Beek is a penetration tester & IT security consultant at Dexlab, and dataleak expert at Scattered Secrets. Besides cracking passwords, he likes fast red Italian motorcycles and red wine.", "public_name": "Jeroen van Beek", "guid": "c6b4304f-e55d-5a58-b196-08292ca31e09", "url": "https://pretalx.com/orangecon-2024/speaker/FQWCHA/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/VBC9AB/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/VBC9AB/", "attachments": []}, {"guid": "e99ff0d6-3fb0-54dd-b5aa-8689042cadfc", "code": "PGAYXE", "id": 53945, "logo": null, "date": "2024-09-05T15:00:00+02:00", "start": "15:00", "duration": "00:20", "room": "Second track", "slug": "orangecon-2024-53945-graph-api-mastery-logs-to-real-world-attacks", "url": "https://pretalx.com/orangecon-2024/talk/PGAYXE/", "title": "Graph API Mastery - Logs to Real World Attacks", "subtitle": "", "track": "Track 2", "type": "Talk", "language": "en", "abstract": "In this presentation, we will explore the potential of Microsoft Graph API logs, focusing on its use for enhancing security, insights, and real-world attack scenarios within M365 environments. We begin by detailing the process of obtaining logs. We'll talk about fields which are critical for monitoring and analysis, correlatable fields and useful KQL functions that help. A comparison of delegated vs. application permissions to help attendees understand their distinct attack use cases and best practices. \r\n\r\nThe discussion will move to common attack patterns using Graph API, offering strategies for threat hunting and detection. Real-world stories from the frontlines will illustrate how organizations have successfully utilized Graph API to mitigate security incidents. Additionally, we will also highlight significant contributions from researchers and authors who've done great research in this field. The presentation will conclude with a summary of best practices and actionable insights for leveraging Microsoft Graph API logs to its fullest potential. This session aims to equip security professionals with the knowledge to effectively use Microsoft Graph API logs.", "description": "Graph API Mastery: From Logs to Real-World Impact\r\n\r\nIntroduction\r\n\r\nMicrosoft Graph API provides a unified endpoint to access Microsoft 365 services, enabling developers to build powerful applications that integrate deeply with the Microsoft ecosystem. This presentation will explore how to leverage Graph API LOGS for enhanced operational security.\r\n\r\nObtaining the Logs\r\nWe will discuss methods to access and retrieve logs from Graph API, focusing on setting up appropriate permissions and using relevant endpoints to gather valuable data.\r\n\r\nCorrelatable Fields & Useful Functions\r\nLearn about fields that can be correlated across different logs and systems to create a comprehensive view of user and application activities. We will also cover useful KQL functions for data analysis.\r\n\r\nDelegated vs Application Permissions\r\nUnderstand the differences between delegated and application permissions, their use cases, and best practices for managing permissions to ensure security and compliance.\r\nAttack Patterns and Hunting/Detection Opportunities\r\nExplore common attack patterns targeting Microsoft Graph API and discover strategies for threat hunting and detection. We will highlight specific indicators of compromise and techniques to identify malicious activities.\r\n\r\nFrom the Frontlines \u2013 Real World Stories\r\nReal-world examples and case studies illustrating attacks observed on the frontlines, highlighting how organizations could have used Graph API logs to prevent/monitor security incidents.\r\nHighlighting other researchers and their work:\r\nHighlight contributions from other researchers and authors who have done great work on Microsoft Graph API research. This will include a snippet of who to follow and what they\u2019ve done.\r\n\r\nConclusion\r\nA summary of key takeaways and best practices for leveraging Microsoft Graph API in your organization. Emphasis on the importance of continuous monitoring and the potential for future enhancements. This session aims to equip security professionals with the knowledge to effectively use Microsoft Graph API logs.", "recording_license": "", "do_not_record": false, "persons": [{"code": "8GV3LG", "name": "Shiva P", "avatar": "https://pretalx.com/media/avatars/8GV3LG_UDZ6HbL.webp", "biography": "Shiva is currently working as a Sr. Security Researcher at Dart Microsoft.\r\n\r\nWith a background in engineering and operational security, he has over 9 yrs of experience working in various parts of security operations specializing in Threat Hunting, Incident Response, Detection Engineering and helping build SOC's from ground up.\r\n\r\nApart from work, he loves visiting trekking and is an avid gamer.", "public_name": "Shiva P", "guid": "55e19522-b188-5108-88cd-51b738fa5898", "url": "https://pretalx.com/orangecon-2024/speaker/8GV3LG/"}, {"code": "FJ39RH", "name": "Parthiban R", "avatar": "https://pretalx.com/media/avatars/FJ39RH_OV1TUVc.webp", "biography": "Parthiban is working as a Sr. Threat Intelligence Analyst at Atlassian, with around 10 years of experience in the cybersecurity domain, and holds a Master's degree in Information Security & Cyber Forensics. Previously he worked as a Threat Researcher at Anomali as part of the Threat Research Team. He was responsible for researching and tracking threat actors, writing threat intel blogs, and analyzing actor infrastructure. He also worked as an Incident Handler at Symantec and Microsoft, handling various security incidents and attacks on Fortune 500 companies. Outside of work he enjoys traveling and exploring different food cuisines.", "public_name": "Parthiban R", "guid": "5ae5c63c-2822-5e92-9acd-5a22a1122436", "url": "https://pretalx.com/orangecon-2024/speaker/FJ39RH/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/PGAYXE/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/PGAYXE/", "attachments": []}], "Workshop track 1": [{"guid": "327aa51f-4b81-532e-95c1-90a477a9e0ba", "code": "FKFSX9", "id": 51300, "logo": null, "date": "2024-09-05T11:00:00+02:00", "start": "11:00", "duration": "01:00", "room": "Workshop track 1", "slug": "orangecon-2024-51300-detect-and-reverse-engineer-quick-wins-for-defenders", "url": "https://pretalx.com/orangecon-2024/talk/FKFSX9/", "title": "Detect and Reverse engineer - Quick wins for defenders", "subtitle": "", "track": "Workshop track 1", "type": "Workshop", "language": "en", "abstract": "In this workshop we will use Ghidra and some famous public samples to identify quick detection engineering wins.", "description": "If you are interested in Reverse Engineering and Detection engineering, and you want to have a workshop where we learn from eachother in making valuable detection on public samples, than you should look no further! In this workshop we will use Ghidra and some famous public samples to identify quick detection engineering wins.", "recording_license": "", "do_not_record": false, "persons": [{"code": "FCCXAW", "name": "Yassir Laaouissi", "avatar": "https://pretalx.com/media/avatars/FCCXAW_9agrv1c.webp", "biography": "Senior Security Researcher @ PaloAltoNetworks-Unit42\r\nBlog: https://verysecret.agency\r\nTwitter: @kladblokje_88 or @UnflippedBit", "public_name": "Yassir Laaouissi", "guid": "6256dfaf-45e1-5c3b-88ba-a93fe360a7ae", "url": "https://pretalx.com/orangecon-2024/speaker/FCCXAW/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/FKFSX9/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/FKFSX9/", "attachments": []}, {"guid": "e0c0498c-132e-558a-acf6-44804ca1f878", "code": "7YRCCN", "id": 52005, "logo": null, "date": "2024-09-05T13:30:00+02:00", "start": "13:30", "duration": "02:00", "room": "Workshop track 1", "slug": "orangecon-2024-52005-getting-familiar-with-desfire", "url": "https://pretalx.com/orangecon-2024/talk/7YRCCN/", "title": "Getting familiar with DESFire", "subtitle": "", "track": "Workshop track 1", "type": "Workshop", "language": "en", "abstract": "MIFARE DESFire is the stronger, slightly more expensive sibling of the MIFARE family of smartcards. This workshop aims to cover the basics of the card's functions as well as how the most important crypto works. After a short lecture, it is up to you to analyze captured DESFire traces of vulnerable reader implementations with a Proxmark3 and program your own DESFire card to bypass the reader's security.", "description": "This workshop dives into the basics of the MIFARE DESFire smartcard - a popular smartcard for high-security access control and ticketing systems. The workshop will start with a short lecture covering important concepts of the DESFire standard:\r\n\r\n- What standards DESFire is built on top of\r\n- DESFire logical structure\r\n- DESFire authentication & cryptography\r\n- Analyzing DESFire with Proxmark3\r\n- Possible pitfalls.\r\n\r\nAfterwards, the hands-on portion of the workshop starts. A set of traces of communication between a DESFire card and a card reader with implementation defects will form the basis of the challenges. Each participant will get access to a Proxmark3 and a blank DESFire card during the workshop, with the goal of \"cloning\" the card used in the trace and trick the card reader to let you through.\r\n\r\n**IMPORTANT**: This workshop requires you to bring your own laptop with Proxmark3 (Iceman fork) v4.18589 client software installed (https://github.com/RfidResearchGroup/proxmark3/releases/tag/v4.18589). Instructions on how to prepare the environment can be found under the \"PROXMARK3 INSTALLATION AND OVERVIEW\" section of the README. A working Proxmark3 and DESFire card will be provided for use during the workshop. This can be done on a VM with a USB3 controller configured, but expect occasional communication timeouts if you choose to do so.", "recording_license": "", "do_not_record": false, "persons": [{"code": "C7SJYC", "name": "Sebastiaan Groot", "avatar": null, "biography": "Sebastiaan is an Ethical Hacker at KPN with an interest in binary analysis and exploitation, system security and breaking programs in general. Before that, he worked as an incident responder and forensic analyst at KPN-CERT. Whenever opportunity arises, he can be found at CTF events. Free time consists of GMing D&D campaigns, playing board games, traveling, cooking and daydreaming legitimized as worldbuilding for D&D sessions.", "public_name": "Sebastiaan Groot", "guid": "50b1d9c7-3a7e-50b9-8359-3b6dc4e3e5c8", "url": "https://pretalx.com/orangecon-2024/speaker/C7SJYC/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/7YRCCN/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/7YRCCN/", "attachments": []}], "Workshop track 2": [{"guid": "fb391082-b6f9-5d7c-b64a-d542efac4c1e", "code": "TTMYBL", "id": 52455, "logo": "https://pretalx.com/media/orangecon-2024/submissions/TTMYBL/Naamloos-1_YubzhCF.png", "date": "2024-09-05T11:00:00+02:00", "start": "11:00", "duration": "01:00", "room": "Workshop track 2", "slug": "orangecon-2024-52455-hackthebox-ctf-methodology-hands-on-workshop", "url": "https://pretalx.com/orangecon-2024/talk/TTMYBL/", "title": "HackTheBox & CTF Methodology - Hands-on workshop", "subtitle": "", "track": "Workshop track 2", "type": "Workshop", "language": "en", "abstract": "Learn how getting better at cybersecurity can be both fun and educational using CTFs and practice machines!", "description": "Join Remco van der Meer and Jorian Woltjer, for a unique and hands-on workshop where we'll explore the following points:\r\n- Introduction to HackTheBox & Capture The Flag (CTF)\r\n- Link to real penetration tests\r\n- Live Walkthrough of an easy HackTheBox challenge", "recording_license": "", "do_not_record": false, "persons": [{"code": "XHLWJJ", "name": "Remco van der Meer", "avatar": "https://pretalx.com/media/avatars/XHLWJJ_jp2MW4z.webp", "biography": "Ethical Hacker, CTF player & student", "public_name": "Remco van der Meer", "guid": "45ec7df7-ec62-5bd2-bc89-9373d325bb4e", "url": "https://pretalx.com/orangecon-2024/speaker/XHLWJJ/"}, {"code": "SRZYXJ", "name": "Jorian Woltjer", "avatar": "https://pretalx.com/media/avatars/SRZYXJ_V00AA00.webp", "biography": "-", "public_name": "Jorian Woltjer", "guid": "5514f777-71aa-527b-b22b-8a6fcf1d0a10", "url": "https://pretalx.com/orangecon-2024/speaker/SRZYXJ/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/TTMYBL/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/TTMYBL/", "attachments": []}, {"guid": "ba11c748-a887-51d9-8e42-87920e4c9592", "code": "3HFRVB", "id": 54039, "logo": null, "date": "2024-09-05T13:30:00+02:00", "start": "13:30", "duration": "01:00", "room": "Workshop track 2", "slug": "orangecon-2024-54039-be-lazy-like-a-cat-making-pentesting-fun-again", "url": "https://pretalx.com/orangecon-2024/talk/3HFRVB/", "title": "Be lazy like a cat, making pentesting  fun again", "subtitle": "", "track": "Workshop track 2", "type": "Workshop", "language": "en", "abstract": "Effective pentesting is labor-intensive, especially when it comes to validation and reporting. Standardization can help, but it may also inadvertently increase the workload. In this workshop, you will receive practical tools and strategies to reduce the workload by making standardization a part of the solution. \r\n\r\nJoin us and discover how to streamline your pentesting processes, enhance efficiency, and achieve superior results without the added stress.", "description": "Join us for an engaging workshop designed for security enthusiasts eager to improve their vulnerability assessment and reporting skills. \r\n\r\nIn this session, you'll learn how to accurately describe vulnerabilities, detail reproduction steps, assess impact, and provide effective remediation advice. We'll introduce an advanced methodology that significantly reduces the time required for these tasks.\r\n\r\nParticipants will gain access to specialized templates that streamline the vulnerability reporting process, making it more efficient and less time-consuming. After a brief explanation of the methodology, you will have the opportunity to apply the templates in practical exercises, gaining firsthand experience and enhancing your cybersecurity skills.\r\n\r\nThis workshop is perfect for anyone passionate about security, looking to enhance their technical skills, and seeking efficient methods for vulnerability assessment and reporting.", "recording_license": "", "do_not_record": false, "persons": [{"code": "UTLHLR", "name": "Brenno de Winter", "avatar": "https://pretalx.com/media/avatars/UTLHLR_RfAwF2A.webp", "biography": "Brenno de Winter has been involved in security since his early years. For 15 years he was a renowned Dutch investigative journalist. Born on December 6, 1971, in Ede, Netherlands, de Winter has made significant contributions to the field of information security and privacy. He is best known for his work in uncovering vulnerabilities in public and private sector IT systems, often bringing to light the importance of cybersecurity.\r\n\r\nDe Winter started his career as a programmer, but had several roles. In 2001 he became a journalist and quickly gained a reputation for his thorough investigative techniques and commitment to transparency and public accountability. His notable works include exposing security flaws in the Dutch public transport chip card (OV-chipkaart) and various governmental IT systems, which prompted widespread public discourse and policy changes.\r\n\r\nIn addition to his journalism, de Winter is a sought-after speaker and educator on topics related to cybersecurity, privacy, and digital rights. He has authored several articles and books, sharing his extensive knowledge and advocating for stronger security measures and better data protection practices.\r\n\r\nThroughout his career, Brenno de Winter has received numerous accolades for his contributions to the field, cementing his status as a leading figure in cybersecurity and investigative journalism in the Netherlands and beyond.\r\n\r\nHe is the 'catfather' of the OpenKAT-project and currently leads the effort of standardizing penetration testing.", "public_name": "Brenno de Winter", "guid": "37e36f84-089b-541e-8f0b-dfee8239be6d", "url": "https://pretalx.com/orangecon-2024/speaker/UTLHLR/"}, {"code": "QPFYVT", "name": "Mischa van Geelen", "avatar": "https://pretalx.com/media/avatars/QPFYVT_DAuwf0J.webp", "biography": "I am a security researcher, speaker and entrepreneur. Do you rely upon your own IT network, applications or website(s) and are you unsure about its technical security status? As a specialist in information security, I will help you to regain control over your IT environment and infrastructure, investigate what is going on and solve it! 24 Hours a day, 7 days a week.\r\n\r\nIn my spare time, I report security vulnerabilities to organizations in an effort to make the digital landscape safer. I also take care of workshops, presentations and lectures on the dangers of the Internet for more and better awareness within organizations.\r\n\r\nI am frequently asked by the media to explain the dangers of the digital landscape. In 2017 I was featured in the New Revu, explaining the new dangers for organizations, such as Ransomware, Internet-of-Things and other digital threats.\r\n\r\nI am currently focusing on these subjects:\r\n- Implementing CIS, performing CIS Benchmarks \r\n- Implementing and endorsing open security standards (OWASP WSTG, OWASP MSTG, PTES, Norea DigiD, CVSSv3.1)\r\n- Penetration testing\r\n- Incident Response (IR)\r\n- Root-cause analysis & Failure mode and effects analysis (FMEA)\r\n- Threat Hunting\r\n- Threat Intelligence\r\n- Automated Intelligence Gathering\r\n- Open-Source Intelligence (OSINT)", "public_name": "Mischa van Geelen", "guid": "f05d9a22-668f-52d8-86ff-1a35fcef9fce", "url": "https://pretalx.com/orangecon-2024/speaker/QPFYVT/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/3HFRVB/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/3HFRVB/", "attachments": []}, {"guid": "0e890e70-ae1c-573a-8ea3-7504b14d8d07", "code": "F7Q7ZG", "id": 54474, "logo": "https://pretalx.com/media/orangecon-2024/submissions/F7Q7ZG/security_research_with_CodeQL_VQEL42g.png", "date": "2024-09-05T14:30:00+02:00", "start": "14:30", "duration": "01:00", "room": "Workshop track 2", "slug": "orangecon-2024-54474-finding-vulnerabilities-with-codeql", "url": "https://pretalx.com/orangecon-2024/talk/F7Q7ZG/", "title": "Finding vulnerabilities with CodeQL", "subtitle": "", "track": "Workshop track 2", "type": "Workshop", "language": "en", "abstract": "It is a truth universally acknowledged, that finding and reporting vulnerabilities in software may be a daunting task. However little known, there are tools and techniques that may assist on this journey.\r\n\r\nCodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. We can use it to find vulnerabilities in software at scale, in thousands of projects at once.\r\n\r\nJoin me in this beginner-friendly primer about finding vulnerabilities in software with CodeQL. Perhaps, by the end of this session, you might get inspired and learn how to find your own.", "description": "This session will introduce fundamentals of security research when looking for vulnerabilities in software via source code review. We will use an example of a simple vulnerability, walk through how CodeQL could detect it, and provide examples on how the audience could use CodeQL to find vulnerabilities themselves. We will also introduce how we could scale our security research to thousands of projects at once using multi-repository variant analysis.\r\n\r\nIf you can, please set up the workshop codespace before the workshop by following the instructions in the workshop repository: http://gh.io/orangecon-2024-ws\r\nThe codespace is basically a virtual machine from GitHub, which you can use for free for up to 120 hours, and this one will automatically set up everything you need for running CodeQL. After you are done remember to go to https://github.com/codespaces, select the three dots next to the codespace and choose \u201cStop codespace\u201d so you don\u2019t use up your hours.\r\nWe are also going to set it up together during the workshop, so feel free to wait until the workshop day with setup.", "recording_license": "", "do_not_record": false, "persons": [{"code": "CDSVUM", "name": "Sylwia Budzynska", "avatar": "https://pretalx.com/media/avatars/CDSVUM_7GcJQsQ.webp", "biography": "Sylwia is security researcher at GitHub Security Lab, where she works with finding vulnerabilities in open source software. See hers, as well as other Security Lab researchers' advisories at securitylab.github.com/advisories.\r\nIn her free time, she enjoys Magic The Gathering and other TCGs, reading, and playing JRPGs.", "public_name": "Sylwia Budzynska", "guid": "d5827d36-af62-5c11-9a0d-b9fb04e76134", "url": "https://pretalx.com/orangecon-2024/speaker/CDSVUM/"}], "links": [], "feedback_url": "https://pretalx.com/orangecon-2024/talk/F7Q7ZG/feedback/", "origin_url": "https://pretalx.com/orangecon-2024/talk/F7Q7ZG/", "attachments": []}]}}]}}}