Hash is reverse engineering smart power meters, everything from undocumented wireless protocols to the firmware used in the microcontrollers and software running on the aggregation devices located within substations. He’s not doing this for the government in a dark underground bunker- he’s doing it publicly in his home office and publishing on YouTube! Reverse engineering […]
Category Archives: Lightning Talk
ChainJacking – A New Software Supply Chain Attack Vector
We’ve found a method to scan and take over GitHub accounts that lead to package hijacking attack. This has effect on Go, Swift and other popular programming languages. Slipping through the cracks between the designs of GitHub and Go Package Manager could allow an attacker to take control over popular Go packages, poison them and […]
Shades of Red: RedXOR Linux Backdoor and its Chinese Origins
New malware targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently. In this talk, we will share a technical analysis of a recently uncovered backdoor we named RedXOR and explain why it is likely attributed to the Winnti umbrella. We will also touch upon […]
Cross-Document Messaging Technology – How to Hack it, and How to Use it Safely
Cross document messaging is a very common communication method. It has been around for a while, and yes, IT IS exploitable if you do not implement it according to its security model. However, the messages sent using the postMessage command will not show up in your standard debugger proxy because they work without networking inside […]