CTF Registration

The security summit for researchers / by researchers

INTENT 2022 HIGHLIGHT

Thank you to all who attended INTENT 2022!

On December 18, the cybersecurity community came together for the virtual global summit that's made for researchers, by researchers.

But don’t worry if you missed any sessions-they’re available to watch now, on demand

WATCH ON DEMAND
CAPTURE THE FLAG

INTENT 2022 also hosted our inaugural Capture the Flag competition.

Following the theme of “how research really works”, participants reaced to beat challenges based on problems you could actually face in real life – with the first-place winner receiving $2048 USD!

What will the theme of 2023 be? Make sure you come back next year to find out, and to see if you can get your name in the CTF Hall of Fame!

ON DEMAND SESSIONS

INTENT 2022 featured inspiring speakers from across the global cybersecurity, with varied agenda consisted of sessions, panels, workshops and on-site CFT challenge.

Check out the sessions below to discover the latest insights on some of the biggest security challenges, including the hacking potential of Tesla’s Bluetooth, Blockchain and the promise of DID (Decentralized Identity), the increasing of spear phishing at african financial sector, and hands-on workshop on the risks of physical access control systems.

09:00

x

Registration, Breakfast & Networking

10:00

x

Welcome!

Lavi Lazarovitz (Senior Director of Cyber Research, CyberArk)

Erez Yalon  (Vice President of Security Research, Checkmarx)

10:10

x

Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry System

Martin Herfurt (Security Researcher)

Watch Now

11:00

x

RCEing your way into the [Decentralized Identity] Blockchain

Shaked Reiner (Pricipal Cyber Research, CyberArk)

Watch Now

11:30

x

Coffee Break

12:00

x

RF in The Middle-earth : Fallen 5G

Mehmet Önder Key (Cyber Security Consultant, Turkish Aerospace)
Ozan Yigen (Cyber Security Consultant, Ernst & Young)

Watch Now

12:30

x

Colorful Vulnerabilities

Tal Lossos (Security Researcher, CyberArk)

Watch Now

WORKSHOP #1

Introduction to Physical Access Control System

Valerie Thomas (Security Research & Consultant)

13:00

x

Lunch Break

14:00

x

Embedded Security Research - Expert Panel Discussion

Jiska Classen (Security Researcher)

Gal Zaban (Security Research, Armis)

Shachar Menashe (Senior Director, Security Research, JFrog)

Moderator: Benny Meiseis (Lead Solution Architect, CYMOTIVE Technology LTD)

Watch Now

14:45

x

In line with the Syscalls

Itamar Medyoni (Red Team Operator & Security Consultant, 10Root)

Watch Now

15:00

x

Five easy ways to spoof Contributor / Package reputation

Tzachi (Zack) Zorenshtain (Head of SCS, Checkmarx)

Guy Nachshon (SCS Software Engineer, Checkmarx)

Watch Now

15:30

x

DangerousSavanna: Spear Phishing the French-Speaking African Financial Sector Since 2020

Sam Handelman (Threat Intelligence Analyst, Check Point Research)

Watch Now

WORKSHOP #2

Introduction to Fault Injection on a Budget

Pedro Umbelino (Kripthor)

15:45

x

Closing remarks & CTF Winners announcement & First Hanukah candle-lighting

Lavi Lazarovitz (Senior Director of Cyber Research, CyberArk)

Erez Yalon  (Vice President of Security Research, Checkmarx)

16:00

x

Break - Beer, Snacks & Doughnuts​

16:30

x

TUNA - Live Concert

17:00

x

FIFA World Cup 2022 Live Screening

19:00

x

Goodbye
Powered by
Sponsored by
@INTENTSUMMIT
10:10 | TALK
Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry System

The security of Tesla’s cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure?

This case study sheds light on the inner workings of Tesla’s Passive Entry System and core VCSEC protocol, and reveals possible attack vectors.

11:00 | TALK
RCEing your way into the [Decentralized Identity] Blockchain

The promise of Decentralized Identity (or DID) is to set us free from corporations owning our digital identity (be it Google, Apple, Facebook etc.). **In this talk we’ll learn the fascinating technology behind DID implementations and see how we were able to completely own one of the most popular DID networks currently active.**

First, we will learn the basics of DID – what’s the advantage of it compared to our current identity solutions and how it works under the hood. Then, we’ll spend the majority of our time looking at DID systems from the perspective of an attacker – discussing the attack surface decentralized system introduce, and digging into a vulnerability we found that allowed us to take over any Hyperledger Indy based DID network.

Hyperledger Indy is a Hyperledger Foundation project under The Linux Foundation. It is a ledger designed to support identity operations. It is currently used to run the biggest DID network in production – Sovrin, and also in various other different DID networks like *IBM Verify Credentials* and VON () by the Governments of Canada, Ontario and of British Columbia.

The vulnerability (CVE-2022-31020, CVSS 10) allowed us to take over all the nodes in every Hyperledger Indy network, practically owning the consensus algorithm and being able to impersonate any DID in the network.

12:00 | TALK
RF in The Middle-earth : Fallen 5G

GitHub Actions, the recent (from 2018) CI/CD addition to the popular source control system, is becoming an increasingly popular DevOps tool mainly due to its rich marketplace and simple integration.

As part of our research of the GitHub Actions security landscape, we discovered several pitfalls awaiting developers writing build pipelines, which could cause an entire build compromise due to insufficient input validation and sanitization. Using the latest advanced code search capability of GitHub, we found dozens of open-source repositories with vulnerable workflows, including several popular tools with thousands of stars each.

The cost of such build compromise could be exposing secrets for important assets or an attacker committing to the repository without proper permissions, which can cause a supply-chain incident.

During the talk, we’ll walk you through our journey on how we found and disclosed these vulnerable workflows, delved into GitHub Actions architecture to understand the possible consequences of these vulnerabilities, and present what could be the mitigations for such issues.

 

12:30 | TALK
Colorful Vulnerabilities

Have you ever felt excited about using a brand-new gaming keyboard? Have you dreamed of how you can increase your actions per minute while having many cool bright colors? So far, so good, but what about the software that interacts with it? Often we do not think about the repercussions of the peripheral devices we use, which might be a problem.

In this session, we will outline our research process – analyzing and investigating Razer’s Linux kernel module, followed by finding several 0-day bugs (CVE-2022-29021, CVE-2022-29022, CVE-2022-29023) that are oddly determined by the number of RGB colors you have affecting the kernel itself with a live demonstration of exploiting the bugs. Lastly, we will examine and review modern kernel mitigation that reduces the severity of kernel buffer overflow bugs, show its implementation history with examples, and discuss how developers and attackers might approach Linux kernel bug hunting in the future.

11:00 - 12:30 | Workshop
The Dark Side of Physical Access Control Systems

In the hacking world, physical access is the ultimate goal for attackers. To defend against this threat, sophisticated physical access control systems are installed, but are often misconfigured and not used to their full potential. Even worse, some misconfigurations can turn a multi-million-dollar physical access control implementation into an attacker’s best friend; allowing them to essentially become invisible to traditional detection methods. This session will provide the attendees with a foundational understanding of a traditional physical security environment, trending attacks, hands-on exercises, and resources for further exploration. Laptop with Kali Linux optional.

14:00 | Panel Discussion
Embedded Security Research - Expert Panel Discussion

Embedded devices are all around us. From our home appliances to the computers running our critical infrastructure, we rely on embedded devices for our daily routines. For several years, these embedded devices are becoming more connected, which brings new security challenges to organizations and consumers. Security now impacts privacy, safety and availability in almost any digital product we use.

In this panel, experts from various backgrounds will discuss the latest challenges and developments in embedded security. Why do embedded security “nightmares” keep happening in the real world? How is security improving? How do academia and industry contribute to solutions? How can newcomers get involved?

14:45 | Lightning Talk
In line with the Syscalls

In the endless cat and mouse race between EDR vendors and attackers, malicious adversaries always require new ways to avoid detection. The concept of WinAPI hooking is one issue that malicious adversaries deal with on a daily basis.

In this talk I would like to take you on a journey from a clean WinAPI call, through the hooking process, to how the concept of Direct Syscalls has been born, including a new method to make our syscalls feel as seamless as possible in the user mode while avoiding detection.

15:00 | Talk
Five easy ways to spoof Contributor / Package reputation

Contributor/Package reputation is the main criterion used by developers when choosing what open-source package to ingrate into their application.

The widespread use of open source sparked a new wave of attackers on ways to spoof the Contributor/Package reputation.
In this talk, we will share some of the TTP we have seen and researched that can easily be used to fool developers into choosing malicious packages; we will do a live demo of some of that techniques and share some best practices to detect and avoid those techniques.

15:30 | Lightning talk
DangerousSavanna: Spear Phishing the French-Speaking African Financial Sector Since 2020

Over the last two years, the DangerousSavanna campaign has been targeting financial institutions in French-speaking countries in Africa, including Ivory Coast, Morocco, Senegal, and others. The threat actor spear phished specific employees at targeted companies based on OSINT data from sources, such as LinkedIn, and masqueraded themselves as an employee at other known financial institutions in the region. In this talk, I will discuss how the threat actor’s tools and TTPs evolved over time and how they were able to succeed with a relatively low level of sophistication and use of well-known open-source tools.

14:00 - 15:30 | Workshop
Introduction to Fault Injection on a Budget

This workshop will introduce the attendee to fault injection in hardware, while working with a low a budget, MacGuyver style.