Join INTENT co-founders Erez and Lavi as they introduce INTENT, the security research summit, and welcome the community of researchers to the event. They will share what inspired them to create INTENT, how it happened, and what they hope to see during the event (Glorious failures and spectacular screwups!) and in years to come. And […]
Tag Archives: Track 2
Panel: Glorious Failures and Spectacular Screwups
We love success stories, especially about our research. But honestly, for every tale of triumph, there are sometimes several horror stories. In this panel, we brought together research leaders to reveal some of these stories, think about why we usually hide them, and maybe find some good reasons to share them internally and externally.
ChainJacking – A New Software Supply Chain Attack Vector
We’ve found a method to scan and take over GitHub accounts that lead to package hijacking attack. This has effect on Go, Swift and other popular programming languages. Slipping through the cracks between the designs of GitHub and Go Package Manager could allow an attacker to take control over popular Go packages, poison them and […]
Bypassing Windows Hello for Business and Pleasure
Windows Hello is the most popular passwordless solution that includes authentication by either PIN code or biometric authentication. Windows Hello promises better security – but is it the truth? In this session, we’ll introduce our research that shows how an attacker can bypass Windows Hello.
Eclectic Research, Esoteric Results
In this talk, Pedro will present some of his previous research, ranging from data exfiltration to IoT, from Android apps to back-end servers, exploring the barrier between the enthusiasm of the findings and the external perception of the results. He will talk about research results and their implications, explain the vulnerabilities themselves, the intellectual challenges, […]
Cross-Document Messaging Technology – How to Hack it, and How to Use it Safely
Cross document messaging is a very common communication method. It has been around for a while, and yes, IT IS exploitable if you do not implement it according to its security model. However, the messages sent using the postMessage command will not show up in your standard debugger proxy because they work without networking inside […]
1-Click to Infiltrate your Organization via Vulnerable VS Code Extensions
Attackers have looked all around for means to compromise organizations through developers: malicious 3rd party packages, leaked credentials, unpatched vulnerabilities, and more. But the place that has become the new threat laid under their nose: the IDE.
CTF Winners Announced & Closing Remarks
Drumroll please! Join Shaked and Tomer, INTENT CTF creators, as they announce the CTF winners and provide a few insights on the challenges developed by INTENT founders and partners. Erez and Lavi will then wrap up the summit with some closing remarks and share what you should expect to see at INTENT 2022.