Join INTENT co-founders Erez and Lavi as they introduce INTENT, the security research summit, and welcome the community of researchers to the event. They will share what inspired them to create INTENT, how it happened, and what they hope to see during the event (Glorious failures and spectacular screwups!) and in years to come. And […]
Tag Archives: Track 1
Hacking the Pandemic’s Most Popular Software: Zoom
When the pandemic required everyone to work from home we saw a huge growth on the video conferencing market. It was this movement that made the organisation behind the Pwn2Own competition decide to add an ‘Enterprise Communications’ category to this year’s competition. Demonstrating a zero-day attack against the Zoom client would be rewarded with $200,000. […]
Smart Meter Hacking
Hash is reverse engineering smart power meters, everything from undocumented wireless protocols to the firmware used in the microcontrollers and software running on the aggregation devices located within substations. He’s not doing this for the government in a dark underground bunker- he’s doing it publicly in his home office and publishing on YouTube! Reverse engineering […]
Why Attackers in Code Packages are Getting a Pass
Supply chain attacks are gaining popularity and we wanted to examine, from an attacker’s point of view, the difficulty of poising OSS packages. We found many alarming practices that hold back the security community from detecting those attackers. This is an invitation and a wake-up call for researchers to start examining new developments in the […]
Automated 0-day Discovery in 2021 – Squashing the Low-Hanging Fruit
In past years, publicly available infrastructures such as Ghidra, AFL and Angr have put the “holy grail” of vulnerability research within our grasp: real-world automated 0-day identification, without any reliance on source code and with zero/minimal pre-configuration. After quickly presenting the INFRA:HALT vulnerabilities (affecting HCC embedded TCP/IP stack) and discussing exploitation techniques for the most […]
Shades of Red: RedXOR Linux Backdoor and its Chinese Origins
New malware targeting Linux systems are being discovered on a regular basis. Backdoors attributed to advanced threat actors are disclosed less frequently. In this talk, we will share a technical analysis of a recently uncovered backdoor we named RedXOR and explain why it is likely attributed to the Winnti umbrella. We will also touch upon […]
How to Systematically Find 0-days in Open-Source Packages
In the realm of open-source packages, it’s sometimes easier for an attacker to find many less-sophisticated 0-days that affect many packages, rather than spending weeks or months to find a single hard-core 0-day vulnerability. In this talk, I’ll walk you through the processes we built for that.
CTF Winners Announced & Closing Remarks
Drumroll please! Join Shaked and Tomer, INTENT CTF creators, as they announce the CTF winners and provide a few insights on the challenges developed by INTENT founders and partners. Erez and Lavi will then wrap up the summit with some closing remarks and share what you should expect to see at INTENT 2022.