The Security Research Summit. For researchers. By researchers.

Thank you to all who attended INTENT 2021!

On November 16, the cybersecurity community came together for the virtual global summit that’s made for researchers, by researchers.

But don’t worry if you missed any sessions-they’re available to watch now, on demand.

On Demand Sessions

INTENT featured over 20 inspiring speakers from across the global cybersecurity community.

Check out the sessions below to discover the latest insights on some of the biggest security challenges, including the hacking potential of Zoom, 0-days in open-source packages, 1-click attacks designed to infiltrate organizations, and more.

Key

Talk
Lightning Talk
Workshop
Tools
Track 1
Track 2
Track 3

Introduction Talk & Keynote Alyssa Miller: Making Security a Business Function

Join INTENT co-founders Erez and Lavi as they introduce INTENT, the security research summit, and welcome the community of researchers to the event.

They will share what inspired them to create INTENT, how it happened, and what they hope to see during the event (Glorious failures and spectacular screwups!) and in years to come.

And don’t worry… it will be nice and short… Not like other conference keynotes!

 

In her keynote, Alyssa examines how security can go beyond managing risk and truly demonstrate the value we bring to the business itself. Regardless of whether you’re early in your career as an individual contributor or a seasoned veteran in a high-level leadership role, you’ll discover a new way to present security as a business accelerator. You’ll hear examples of how security can drive product agility, encourage innovation, improve business viability, and ultimately enhance profitability. We’ll even discuss how the emerging role of Business Information Security Officer can be leveraged to make this possible.

auth

Lavi Lazarovitz

Head of Research | Cyberark

auth

Erez Yalon

Head of Research | CheckMarx

auth

Alyssa Miller

Business Information Security Officer (BISO) | S&P Global Ratings

Hacking the Pandemic’s Most Popular Software: Zoom

When the pandemic required everyone to work from home we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the Pwn2Own competition decide to add an ‘Enterprise Communications’ category to this year’s competition. Demonstrating a zero-day attack against the Zoom client would be rewarded with $200,000. We started researching, which resulted in a working exploit against the then latest version of Zoom that would give the attacker full control over your system. Now that Zoom has fixed all the vulnerabilities we found; we can share the details of our research.

auth

Thijs Alkemade

Security Researcher | Computest

Thijs Alkemade works at the security research division of Computest. This division is responsible for security research on commonly used systems and environments. Thijs is a Pwn2Own winner by demonstrating a zero-day attack against Zoom. In previous research he demonstrated attacks against the macOS and iOS operating systems.

Panel: Glorious Failures and Spectacular Screwups

We love success stories, especially about our research. But honestly, for every tale of triumph, there are sometimes several horror stories.

In this panel, we brought together research leaders to reveal some of these stories, think about why we usually hide them, and maybe find some good reasons to share them internally and externally.

auth

Erez Yalon

Head of Research | CheckMarx

auth

Ari Eitan

VP Research | Intezer Labs

auth

Sharon Brizinov

Principal Vulnerability Research | Claroty

auth

Eran Shimony

Senior Vulnerability Researcher | Cyberark Labs

auth

Irena Damsky

Director of Research | Palo Alto Networks

Kubesploit: A Post-Exploitation Framework, Focused on Containerized Environments

Kubesploit is a post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments, and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g).

It supports Go modules and has container breakout modules, kubelet attack, and scanning modules.

auth

Eviatar Gerzi

Senior Security Researcher | CyberArk

Eviatar Gerzi is a cybersecurity researcher at CyberArk Labs where he focuses on researching and discovering the latest attack techniques and applying lessons learned to improve cyber defenses. Gerzi’s primary research areas are network defense and DevOps.

Smart Meter Hacking

Hash is reverse engineering smart power meters, everything from undocumented wireless protocols to the firmware used in the microcontrollers and software running on the aggregation devices located within substations. He’s not doing this for the government in a dark underground bunker- he’s doing it publicly in his home office and publishing on YouTube!

Reverse engineering is a rocky journey- the destination is known (total pwnage), but the road there is full of twists and turns. Hash shares the voyage and takes feedback from everyone in a “choose your own adventure” format. Come see where he’s at!

auth

Hash Salehi

Reverse Engineer

Only those who will risk going too far can possibly find out how far one can go. This quote from T.S. Eliot sums up Hash’s philosophy. He’s constantly striving to learn something new, from metalworking and decapping microchips in the garage to software defined radio and circuit analysis.

ChainJacking – A New Software Supply Chain Attack Vector

We’ve found a method to scan and take over GitHub accounts that lead to package hijacking attack. This has effect on Go, Swift and other popular programming languages.

Slipping through the cracks between the designs of GitHub and Go Package Manager could allow an attacker to take control over popular Go packages, poison them and infect developers and users.

We have identified several highly popular open-source Go packages that are susceptible to be vulnerable to a new technique dubbed ChainJacking. Some of these vulnerable packages are embedded in popular admin tools.

auth

Alik Koldobsky

Senior Software Engineer | Checkmarx

Alik has a strong security background from positions as offensive security researcher both from his military service and the private sector.

auth

Dr Joakim Kennedy

Security Researcher | Intezer

Dr Joakim Kennedy is a Security Researcher for Intezer. On a daily basis he analyzes malware, tracks threat actors, and solves security problems. His work is mainly focused on threats that target Linux systems and cloud environments. Prior to joining Intezer, Joakim managed Anomali’s Threat Research Team.

Tool Demo: reNgine: An automated reconnaissance framework, how and why!

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless. This tool demonstration will give an in-depth view of reNgine, how individuals and companies can use reNgine for continuous monitoring of their assets. This demonstration will be a complete guide on using reNgine, right from installation to tips and tricks of reNgine.

auth

Yogesh Ojha

TRG Research and Development | TRG

Creator of reNgine and a Research Engineer at TRG, Yogesh’s research focuses on building solutions for Crime and Terror. Passionate about security, Yogesh has delivered several talks at TEDx, Defcon, BlackHat, HITB Cyberweek, etc. When not in front of computers, he is probably spending time with his dog Jasper or reading more on space, dreaming to be interplanetary.

Why Attackers in Code Packages are Getting a Pass

Supply chain attacks are gaining popularity and we wanted to examine, from an attacker’s point of view, the difficulty of poising OSS packages. We found many alarming practices that hold back the security community from detecting those attackers.

This is an invitation and a wake-up call for researchers to start examining new developments in the field of OSS. This field is wide open and susceptible for almost anyone who would want to take advantage of the current state of affairs. For researchers, it is unchartered territory with the possibility to make major advancements with small tools and practices to improve the ecosystem’s ability to face these threats that will most certainly grow and develop.

auth

Tzachi Zorenshtain

Head of CxDustico | Checkmarx

Tzachi Zorenshtain is the Head of CxDustico, Checkmarx. Prior to Checkmarx, Tzachi was the Co-Founder and CEO of Dustico, a solution that detects malicious attacks and backdoors in open source software supply chains, which was acquired by Checkmarx in August 2021. Tzachi is armed with more than a decade’s worth of experience in cyber-security, specializing in building advanced malware research systems and hunting for advanced Cyber-attack groups. Prior to Dustico, Tzachi’s tenure at Palo Alto Networks, Symantec and McAfee deepened his passion towards contributing to the cybersecurity space.

Bypassing Windows Hello for Business and Pleasure

Windows Hello is the most popular passwordless solution that includes authentication by either PIN code or biometric authentication. Windows Hello promises better security – but is it the truth? In this session, we’ll introduce our research that shows how an attacker can bypass Windows Hello.

auth

Omer Tsarfati

Cyber Security Researcher | CyberArk

Omer Tsarfati is a Cyber Security Researcher at CyberArk Labs. He focuses on discovering new research techniques and beating difficult security challenges while implementing them into the cybersecurity area, either from the attacker’s or the defender’s point of view. Omer’s primary research areas are network defense, cloud security, android applications, web applications, and windows internals. Prior to CyberArk, Omer served in the Israeli Army in an elite unit.

Code Obfuscation through Mixed Boolean-Arithmetic Expressions

A Mixed Boolean-Arithmetic (MBA) expression is composed of both integer arithmetic and bitwise operators. Such expressions can be leveraged to obfuscate the data-flow of code by iteratively applying rewrite rules and function identities, complicating its syntax while preserving its semantic behavior. This possibility is motivated by the fact that combinations of operators from these different fields do not interact well together: we have no rules (distributivity, factorization…) or general theory to deal with this mixing of operators.

Through this workshop, attendees will receive a comprehensive introduction to the study, analysis and implementation of code obfuscation mechanisms relying on MBA expressions.

auth

Arnau Gàmez i Montolio

Founder and Security Researcher | Fura Labs

Catalan hacker, reverse engineer and mathematician, with an extensive background in code (de)obfuscation research and MBA expressions, as well as industry experience as a senior malware reverse engineer. Founder of Fura Labs (@FuraLabs), a research & education firm on software security. Speaker and trainer at several international security conferences.

Automated 0-day Discovery in 2021 – Squashing the Low-Hanging Fruit

In past years, publicly available infrastructures such as Ghidra, AFL and Angr have put the “holy grail” of vulnerability research within our grasp: real-world automated 0-day identification, without any reliance on source code and with zero/minimal pre-configuration. After quickly presenting the INFRA:HALT vulnerabilities (affecting HCC embedded TCP/IP stack) and discussing exploitation techniques for the most critical ones from the batch, we will treat them as a case study to present a myriad of contemporary techniques for vulnerability detection by using binary firmware image static analysis. This will include data flow analysis, symbolic execution and standard library function detection through emulation.

auth

Shachar Menashe

Sr. Director Security Research | JFrog

Shachar has more than 15 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research. He currently leads the security research division in JFrog, specializing in automated vulnerability research techniques. Shachar holds a BSc in Electronics Engineering and Computer Science from Tel-Aviv University.

Eclectic Research, Esoteric Results

In this talk, Pedro will present some of his previous research, ranging from data exfiltration to IoT, from Android apps to back-end servers, exploring the barrier between the enthusiasm of the findings and the external perception of the results. He will talk about research results and their implications, explain the vulnerabilities themselves, the intellectual challenges, research process, bounties, rewards and media exposure. We all have pet bugs, interesting back stories and usually a slightly different view of our findings than the rest of the world. More often than not, we can only find true understanding amongst our fellow peers.

auth

Pedro Umbelino

Principal Security Researcher | BitSight

Security Researcher by day, Hackaday writer by night. He started tinkering with computers on a Spectrum, saw BBS being exchanged over the Internet and still roams around on IRC. Known as “kripthor”, he likes all kind of hacks, hardware and software. Spoken at various conferences, such as DEFCON, RSA, HackLU, Bsides.

Dissecting and Comparing Different Binaries to Malware Analysis

Demonstration of different kinds of structures in the binaries as a PE (header and your sessions), ELF (header and your sessions), PDF (header/ body/cross-reference table/trailer), explaining how each session works within a binary, techniques used such as packers, obfuscation with JavaScript (PDF) and more. Filipi will also explain some anti-disassembly techniques, demonstrating the action of these malware and where it would be possible to include a malicious code.

By the end of this talk, this will be clear to everyone: differences in binaries structures, how the researcher should conduct each of these kinds of analyses; and, of course, to seek more basic knowledge on file structures, software architecture and programming language.

auth

Filipi Pires

Principal Security Engineer and Security Researcher | Senhasegura

I’m a Principal Security Engineer and Security Researcher at senhasegura…I’m a Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Staff team of DEFCON Group São Paulo-Brazil, and have spoken internationally in Security and New Technologies events in many countries such as US, Canada, Germany, Poland and others. I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges. In addition, I’m the Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis – Fundamentals (HackerSec).

Shades of Red: RedXOR Linux Backdoor and its Chinese Origins

New malware targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently. In this talk, we will share a technical analysis of a recently uncovered backdoor we named RedXOR and explain why it is likely attributed to the Winnti umbrella. We will also touch upon the Linux threat landscape and how Linux malware find their way to compromised servers.

As well as understanding RedXOR malware, which is among the most sophisticated Linux malware discovered in the past year, attendees of this talk will gain knowledge about Winnti Linux TTPs and ELF malware analysis.

auth

Avigayil Mechtinger

Security Researcher | Intezer

Avigayil is a Security Researcher at Intezer specializing in malware analysis and threat hunting. During her time at Intezer, she has uncovered and documented different malware targeting both Linux and Windows platforms.

auth

Dr Joakim Kennedy

Security Researcher | Intezer

Dr Joakim Kennedy is a Security Researcher for Intezer. On a daily basis he analyzes malware, tracks threat actors, and solves security problems. His work is mainly focused on threats that target Linux systems and cloud environments. Prior to joining Intezer, Joakim managed Anomali’s Threat Research Team.

Cross-Document Messaging Technology – How to Hack it, and How to Use it Safely

Cross document messaging is a very common communication method. It has been around for a while, and yes, IT IS exploitable if you do not implement it according to its security model. However, the messages sent using the postMessage command will not show up in your standard debugger proxy because they work without networking inside the browser’s memory. Watch Enso’s Chief Architect Chen Gour-Arie explain cross-document messaging technology, how to hack it, and how to use it safely.

Chen and a team of AppSec professionals had released a free open-source project named Posta ( https://github.com/benso-io/posta ) a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities and includes features such as replaying messages sent between windows within any attached browser.

auth

Chen Gour Arie

Chief Architect & Co Founder | Enso Security

With over 15 years of hands-on experience in cybersecurity and software development, Chen demonstrably bolstered the software security of dozens of global enterprise organizations across multiple industry verticals. An enthusiastic builder; he has focused his career on building tools to optimize and accelerate security testing and all related workflows.

HTTP Request Smuggling

HTTP request smuggling is difficult to understand (payloads can be confusing at first sight) and the exploitation is no different. What better way to understand this trending new vulnerability than by seeing it from an attacker perspective. It will be an overview of the latest research on the topic.

Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx play a crucial role in website performance, and they all have a different HTTP protocol parser implemented. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests ending by HTTP request parsers. What might be considered the end of one request for your load balancer might not be considered as such by your web server.

We will see how an attacker can abuse several vulnerable configurations. HTTP Request Smuggling (HRS) enables multiple attack vectors, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect and persistent XSS. For each of these vectors, a payload will be showcased and explained in-depth. Also, a live demonstration will be made to see the vulnerability in action. Aside from exploitation, we will show how developers and system administrators can detect such faulty configurations using automated tools.

auth

Philippe Arteau

Security Researcher | GoSecure

Philippe is a security researcher at GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.

How to Systematically Find 0-days in Open-Source Packages

In the realm of open-source packages, it’s sometimes easier for an attacker to find many less-sophisticated 0-days that affect many packages, rather than spending weeks or months to find a single hard-core 0-day vulnerability. In this talk, I’ll walk you through the processes we built for that.

auth

Alex Livshiz

AppSec & Research Group Lead | Checkmarx

Alex is a tech-savvy, cyber enthusiast, and writer. He serves at Checkmarx as the AppSec and Research group lead for the CxSCA solution. As an 8200 alumni from the IDF Intelligence Corps, he brings vast experience in cybersecurity, both on the offensive and defensive side of the map.

1-Click to Infiltrate your Organization via Vulnerable VS Code Extensions

Attackers have looked all around for means to compromise organizations through developers: malicious 3rd party packages, leaked credentials, unpatched vulnerabilities, and more. But the place that has become the new threat laid under their nose: the IDE.

auth

Kirill Efimov

Security Research Team Leader | Snyk

Security research team leader, open source contributor, security enthusiast. Originally from Saint-Petersburg, Russia. Now living in Tel Aviv, Israel.

auth

Raul Onitza-Klugman

Security Researcher | Snyk

Security researcher at Snyk. Electrical engineer turned embedded developer turned hacker. Interested in all things web/binary and growing vegetables.

CTF Winners Announced & Closing Remarks

Drumroll please! Join Shaked and Tomer, INTENT CTF creators, as they announce the CTF winners and provide a few insights on the challenges developed by INTENT founders and partners.

Erez and Lavi will then wrap up the summit with some closing remarks and share what you should expect to see at INTENT 2022.

auth

Shaked Reiner

Principal Researcher | Cyberark Labs

Shaked Reiner is a principal security researcher at CyberArk focused on vulnerability research, OS security and malware. In his free time, Shaked likes to reverse engineer random pieces of software, solve CTF challenges and make cocktails.

auth

Tomer Zait

Head of Security Research | F5

Tomer Zait (Head of Security Research at F5) has worked in a range of professions in the security industry (Web Application Firewall Integrator, Penetration Tester, Application Security Engineer, Security Researcher, Etc.). During this time, he developed open-source projects (most of them are security tools). His projects include: x64dbgpy, ReDTunnel (Presented In BlackHat Arsenal ASIA/US 2019), PyMultitor (Presented In BlackHat Arsenal ASIA/US/EU 2017), and more. Tomer writes regularly for online security magazines and is an 8-time winner of Israeli CTFs.

Capture the flag!

INTENT 2021 also hosted our inaugural Capture the Flag competition.

Following the theme of “how research really works”, participants raced to beat challenges based on problems you could actually face in real life—with the first-place winner receiving $2048 USD!

What will the theme of 2022 be? Make sure you come back next year to find out, and to see if you can get your name in the CTF Hall of Fame!