The Security Research Summit. For researchers. By researchers.
Thank you to all who attended INTENT 2021!
On November 16, the cybersecurity community came together for the virtual global summit that’s made for researchers, by researchers.
But don’t worry if you missed any sessions-they’re available to watch now, on demand.
On Demand Sessions
INTENT featured over 20 inspiring speakers from across the global cybersecurity community.
Check out the sessions below to discover the latest insights on some of the biggest security challenges, including the hacking potential of Zoom, 0-days in open-source packages, 1-click attacks designed to infiltrate organizations, and more.
Key
Track 1
Track 2
Track 3
- Uncategorized
Introduction Talk & Keynote Alyssa Miller: Making Security a Business Function
Join INTENT co-founders Erez and Lavi as they introduce INTENT, the security research summit, and welcome the community of researchers to the event.
They will share what inspired them to create INTENT, how it happened, and what they hope to see during the event (Glorious failures and spectacular screwups!) and in years to come.
And don’t worry… it will be nice and short… Not like other conference keynotes!
In her keynote, Alyssa examines how security can go beyond managing risk and truly demonstrate the value we bring to the business itself. Regardless of whether you’re early in your career as an individual contributor or a seasoned veteran in a high-level leadership role, you’ll discover a new way to present security as a business accelerator. You’ll hear examples of how security can drive product agility, encourage innovation, improve business viability, and ultimately enhance profitability. We’ll even discuss how the emerging role of Business Information Security Officer can be leveraged to make this possible.
- Talk
Hacking the Pandemic’s Most Popular Software: Zoom
When the pandemic required everyone to work from home we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the Pwn2Own competition decide to add an ‘Enterprise Communications’ category to this year’s competition. Demonstrating a zero-day attack against the Zoom client would be rewarded with $200,000. We started researching, which resulted in a working exploit against the then latest version of Zoom that would give the attacker full control over your system. Now that Zoom has fixed all the vulnerabilities we found; we can share the details of our research.

Thijs Alkemade
Security Researcher | Computest
Thijs Alkemade works at the security research division of Computest. This division is responsible for security research on commonly used systems and environments. Thijs is a Pwn2Own winner by demonstrating a zero-day attack against Zoom. In previous research he demonstrated attacks against the macOS and iOS operating systems.
- Uncategorized
Panel: Glorious Failures and Spectacular Screwups
We love success stories, especially about our research. But honestly, for every tale of triumph, there are sometimes several horror stories.
In this panel, we brought together research leaders to reveal some of these stories, think about why we usually hide them, and maybe find some good reasons to share them internally and externally.

- Tools
Kubesploit: A Post-Exploitation Framework, Focused on Containerized Environments
Kubesploit is a post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments, and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g).
It supports Go modules and has container breakout modules, kubelet attack, and scanning modules.

Eviatar Gerzi
Senior Security Researcher | CyberArk
Eviatar Gerzi is a cybersecurity researcher at CyberArk Labs where he focuses on researching and discovering the latest attack techniques and applying lessons learned to improve cyber defenses. Gerzi’s primary research areas are network defense and DevOps.
- Lightning Talk
Smart Meter Hacking
Hash is reverse engineering smart power meters, everything from undocumented wireless protocols to the firmware used in the microcontrollers and software running on the aggregation devices located within substations. He’s not doing this for the government in a dark underground bunker- he’s doing it publicly in his home office and publishing on YouTube!
Reverse engineering is a rocky journey- the destination is known (total pwnage), but the road there is full of twists and turns. Hash shares the voyage and takes feedback from everyone in a “choose your own adventure” format. Come see where he’s at!

Hash Salehi
Reverse Engineer
Only those who will risk going too far can possibly find out how far one can go. This quote from T.S. Eliot sums up Hash’s philosophy. He’s constantly striving to learn something new, from metalworking and decapping microchips in the garage to software defined radio and circuit analysis.
- Lightning Talk
ChainJacking – A New Software Supply Chain Attack Vector
We’ve found a method to scan and take over GitHub accounts that lead to package hijacking attack. This has effect on Go, Swift and other popular programming languages.
Slipping through the cracks between the designs of GitHub and Go Package Manager could allow an attacker to take control over popular Go packages, poison them and infect developers and users.
We have identified several highly popular open-source Go packages that are susceptible to be vulnerable to a new technique dubbed ChainJacking. Some of these vulnerable packages are embedded in popular admin tools.

Alik Koldobsky
Senior Software Engineer | Checkmarx
Alik has a strong security background from positions as offensive security researcher both from his military service and the private sector.

Dr Joakim Kennedy
Security Researcher | Intezer
Dr Joakim Kennedy is a Security Researcher for Intezer. On a daily basis he analyzes malware, tracks threat actors, and solves security problems. His work is mainly focused on threats that target Linux systems and cloud environments. Prior to joining Intezer, Joakim managed Anomali’s Threat Research Team.
- Tools
Tool Demo: reNgine: An automated reconnaissance framework, how and why!
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless. This tool demonstration will give an in-depth view of reNgine, how individuals and companies can use reNgine for continuous monitoring of their assets. This demonstration will be a complete guide on using reNgine, right from installation to tips and tricks of reNgine.

Yogesh Ojha
TRG Research and Development | TRG
Creator of reNgine and a Research Engineer at TRG, Yogesh’s research focuses on building solutions for Crime and Terror. Passionate about security, Yogesh has delivered several talks at TEDx, Defcon, BlackHat, HITB Cyberweek, etc. When not in front of computers, he is probably spending time with his dog Jasper or reading more on space, dreaming to be interplanetary.
- Talk
Why Attackers in Code Packages are Getting a Pass
Supply chain attacks are gaining popularity and we wanted to examine, from an attacker’s point of view, the difficulty of poising OSS packages. We found many alarming practices that hold back the security community from detecting those attackers.
This is an invitation and a wake-up call for researchers to start examining new developments in the field of OSS. This field is wide open and susceptible for almost anyone who would want to take advantage of the current state of affairs. For researchers, it is unchartered territory with the possibility to make major advancements with small tools and practices to improve the ecosystem’s ability to face these threats that will most certainly grow and develop.

Tzachi Zorenshtain
Head of CxDustico | Checkmarx
Tzachi Zorenshtain is the Head of CxDustico, Checkmarx. Prior to Checkmarx, Tzachi was the Co-Founder and CEO of Dustico, a solution that detects malicious attacks and backdoors in open source software supply chains, which was acquired by Checkmarx in August 2021. Tzachi is armed with more than a decade’s worth of experience in cyber-security, specializing in building advanced malware research systems and hunting for advanced Cyber-attack groups. Prior to Dustico, Tzachi’s tenure at Palo Alto Networks, Symantec and McAfee deepened his passion towards contributing to the cybersecurity space.
- Talk
Bypassing Windows Hello for Business and Pleasure
Windows Hello is the most popular passwordless solution that includes authentication by either PIN code or biometric authentication. Windows Hello promises better security – but is it the truth? In this session, we’ll introduce our research that shows how an attacker can bypass Windows Hello.

Omer Tsarfati
Cyber Security Researcher | CyberArk
Omer Tsarfati is a Cyber Security Researcher at CyberArk Labs. He focuses on discovering new research techniques and beating difficult security challenges while implementing them into the cybersecurity area, either from the attacker’s or the defender’s point of view. Omer’s primary research areas are network defense, cloud security, android applications, web applications, and windows internals. Prior to CyberArk, Omer served in the Israeli Army in an elite unit.
- Workshop
Code Obfuscation through Mixed Boolean-Arithmetic Expressions
A Mixed Boolean-Arithmetic (MBA) expression is composed of both integer arithmetic and bitwise operators. Such expressions can be leveraged to obfuscate the data-flow of code by iteratively applying rewrite rules and function identities, complicating its syntax while preserving its semantic behavior. This possibility is motivated by the fact that combinations of operators from these different fields do not interact well together: we have no rules (distributivity, factorization…) or general theory to deal with this mixing of operators.
Through this workshop, attendees will receive a comprehensive introduction to the study, analysis and implementation of code obfuscation mechanisms relying on MBA expressions.

Arnau Gàmez i Montolio
Founder and Security Researcher | Fura Labs
Catalan hacker, reverse engineer and mathematician, with an extensive background in code (de)obfuscation research and MBA expressions, as well as industry experience as a senior malware reverse engineer. Founder of Fura Labs (@FuraLabs), a research & education firm on software security. Speaker and trainer at several international security conferences.
- Talk
Automated 0-day Discovery in 2021 – Squashing the Low-Hanging Fruit
In past years, publicly available infrastructures such as Ghidra, AFL and Angr have put the “holy grail” of vulnerability research within our grasp: real-world automated 0-day identification, without any reliance on source code and with zero/minimal pre-configuration. After quickly presenting the INFRA:HALT vulnerabilities (affecting HCC embedded TCP/IP stack) and discussing exploitation techniques for the most critical ones from the batch, we will treat them as a case study to present a myriad of contemporary techniques for vulnerability detection by using binary firmware image static analysis. This will include data flow analysis, symbolic execution and standard library function detection through emulation.

Shachar Menashe
Sr. Director Security Research | JFrog
Shachar has more than 15 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research. He currently leads the security research division in JFrog, specializing in automated vulnerability research techniques. Shachar holds a BSc in Electronics Engineering and Computer Science from Tel-Aviv University.
- Talk
Eclectic Research, Esoteric Results
In this talk, Pedro will present some of his previous research, ranging from data exfiltration to IoT, from Android apps to back-end servers, exploring the barrier between the enthusiasm of the findings and the external perception of the results. He will talk about research results and their implications, explain the vulnerabilities themselves, the intellectual challenges, research process, bounties, rewards and media exposure. We all have pet bugs, interesting back stories and usually a slightly different view of our findings than the rest of the world. More often than not, we can only find true understanding amongst our fellow peers.

Pedro Umbelino
Principal Security Researcher | BitSight
Security Researcher by day, Hackaday writer by night. He started tinkering with computers on a Spectrum, saw BBS being exchanged over the Internet and still roams around on IRC. Known as “kripthor”, he likes all kind of hacks, hardware and software. Spoken at various conferences, such as DEFCON, RSA, HackLU, Bsides.
- Workshop
Dissecting and Comparing Different Binaries to Malware Analysis
Demonstration of different kinds of structures in the binaries as a PE (header and your sessions), ELF (header and your sessions), PDF (header/ body/cross-reference table/trailer), explaining how each session works within a binary, techniques used such as packers, obfuscation with JavaScript (PDF) and more. Filipi will also explain some anti-disassembly techniques, demonstrating the action of these malware and where it would be possible to include a malicious code.
By the end of this talk, this will be clear to everyone: differences in binaries structures, how the researcher should conduct each of these kinds of analyses; and, of course, to seek more basic knowledge on file structures, software architecture and programming language.

Filipi Pires
Principal Security Engineer and Security Researcher | Senhasegura
I’m a Principal Security Engineer and Security Researcher at senhasegura…I’m a Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Staff team of DEFCON Group São Paulo-Brazil, and have spoken internationally in Security and New Technologies events in many countries such as US, Canada, Germany, Poland and others. I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges. In addition, I’m the Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis – Fundamentals (HackerSec).
- Lightning Talk
Shades of Red: RedXOR Linux Backdoor and its Chinese Origins
New malware targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently. In this talk, we will share a technical analysis of a recently uncovered backdoor we named RedXOR and explain why it is likely attributed to the Winnti umbrella. We will also touch upon the Linux threat landscape and how Linux malware find their way to compromised servers.
As well as understanding RedXOR malware, which is among the most sophisticated Linux malware discovered in the past year, attendees of this talk will gain knowledge about Winnti Linux TTPs and ELF malware analysis.

Avigayil Mechtinger
Security Researcher | Intezer

Dr Joakim Kennedy
Security Researcher | Intezer
Dr Joakim Kennedy is a Security Researcher for Intezer. On a daily basis he analyzes malware, tracks threat actors, and solves security problems. His work is mainly focused on threats that target Linux systems and cloud environments. Prior to joining Intezer, Joakim managed Anomali’s Threat Research Team.
- Lightning Talk
Cross-Document Messaging Technology – How to Hack it, and How to Use it Safely
Cross document messaging is a very common communication method. It has been around for a while, and yes, IT IS exploitable if you do not implement it according to its security model. However, the messages sent using the postMessage command will not show up in your standard debugger proxy because they work without networking inside the browser’s memory. Watch Enso’s Chief Architect Chen Gour-Arie explain cross-document messaging technology, how to hack it, and how to use it safely.
Chen and a team of AppSec professionals had released a free open-source project named Posta ( https://github.com/benso-io/posta ) a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities and includes features such as replaying messages sent between windows within any attached browser.

Chen Gour Arie
Chief Architect & Co Founder | Enso Security
With over 15 years of hands-on experience in cybersecurity and software development, Chen demonstrably bolstered the software security of dozens of global enterprise organizations across multiple industry verticals. An enthusiastic builder; he has focused his career on building tools to optimize and accelerate security testing and all related workflows.
- Workshop
HTTP Request Smuggling
HTTP request smuggling is difficult to understand (payloads can be confusing at first sight) and the exploitation is no different. What better way to understand this trending new vulnerability than by seeing it from an attacker perspective. It will be an overview of the latest research on the topic.
Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx play a crucial role in website performance, and they all have a different HTTP protocol parser implemented. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests ending by HTTP request parsers. What might be considered the end of one request for your load balancer might not be considered as such by your web server.
We will see how an attacker can abuse several vulnerable configurations. HTTP Request Smuggling (HRS) enables multiple attack vectors, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect and persistent XSS. For each of these vectors, a payload will be showcased and explained in-depth. Also, a live demonstration will be made to see the vulnerability in action. Aside from exploitation, we will show how developers and system administrators can detect such faulty configurations using automated tools.

Philippe Arteau
Security Researcher | GoSecure
Philippe is a security researcher at GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.
- Talk
How to Systematically Find 0-days in Open-Source Packages
In the realm of open-source packages, it’s sometimes easier for an attacker to find many less-sophisticated 0-days that affect many packages, rather than spending weeks or months to find a single hard-core 0-day vulnerability. In this talk, I’ll walk you through the processes we built for that.

Alex Livshiz
AppSec & Research Group Lead | Checkmarx
Alex is a tech-savvy, cyber enthusiast, and writer. He serves at Checkmarx as the AppSec and Research group lead for the CxSCA solution. As an 8200 alumni from the IDF Intelligence Corps, he brings vast experience in cybersecurity, both on the offensive and defensive side of the map.
- Talk
1-Click to Infiltrate your Organization via Vulnerable VS Code Extensions
Attackers have looked all around for means to compromise organizations through developers: malicious 3rd party packages, leaked credentials, unpatched vulnerabilities, and more. But the place that has become the new threat laid under their nose: the IDE.

Kirill Efimov
Security Research Team Leader | Snyk

Raul Onitza-Klugman
Security Researcher | Snyk
Security researcher at Snyk. Electrical engineer turned embedded developer turned hacker. Interested in all things web/binary and growing vegetables.
- Uncategorized
CTF Winners Announced & Closing Remarks
Drumroll please! Join Shaked and Tomer, INTENT CTF creators, as they announce the CTF winners and provide a few insights on the challenges developed by INTENT founders and partners.
Erez and Lavi will then wrap up the summit with some closing remarks and share what you should expect to see at INTENT 2022.

Shaked Reiner
Principal Researcher | Cyberark Labs

Tomer Zait
Head of Security Research | F5
Tomer Zait (Head of Security Research at F5) has worked in a range of professions in the security industry (Web Application Firewall Integrator, Penetration Tester, Application Security Engineer, Security Researcher, Etc.). During this time, he developed open-source projects (most of them are security tools). His projects include: x64dbgpy, ReDTunnel (Presented In BlackHat Arsenal ASIA/US 2019), PyMultitor (Presented In BlackHat Arsenal ASIA/US/EU 2017), and more. Tomer writes regularly for online security magazines and is an 8-time winner of Israeli CTFs.
Capture the flag!
INTENT 2021 also hosted our inaugural Capture the Flag competition.
Following the theme of “how research really works”, participants raced to beat challenges based on problems you could actually face in real life—with the first-place winner receiving $2048 USD!
What will the theme of 2022 be? Make sure you come back next year to find out, and to see if you can get your name in the CTF Hall of Fame!
