Join INTENT co-founders Erez and Lavi as they introduce INTENT, the security research summit, and welcome the community of researchers to the event. They will share what inspired them to create INTENT, how it happened, and what they hope to see during the event (Glorious failures and spectacular screwups!) and in years to come. And […]
Tag Archives: Track 3
Kubesploit: A Post-Exploitation Framework, Focused on Containerized Environments
Kubesploit is a post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments, and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g). It supports Go modules and has container breakout modules, kubelet attack, and scanning modules.
Tool Demo: reNgine: An automated reconnaissance framework, how and why!
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of […]
Code Obfuscation through Mixed Boolean-Arithmetic Expressions
A Mixed Boolean-Arithmetic (MBA) expression is composed of both integer arithmetic and bitwise operators. Such expressions can be leveraged to obfuscate the data-flow of code by iteratively applying rewrite rules and function identities, complicating its syntax while preserving its semantic behavior. This possibility is motivated by the fact that combinations of operators from these different […]
Dissecting and Comparing Different Binaries to Malware Analysis
Demonstration of different kinds of structures in the binaries as a PE (header and your sessions), ELF (header and your sessions), PDF (header/ body/cross-reference table/trailer), explaining how each session works within a binary, techniques used such as packers, obfuscation with JavaScript (PDF) and more. Filipi will also explain some anti-disassembly techniques, demonstrating the action of […]
HTTP Request Smuggling
HTTP request smuggling is difficult to understand (payloads can be confusing at first sight) and the exploitation is no different. What better way to understand this trending new vulnerability than by seeing it from an attacker perspective. It will be an overview of the latest research on the topic. Load balancers and proxies, such as […]
CTF Winners Announced & Closing Remarks
Drumroll please! Join Shaked and Tomer, INTENT CTF creators, as they announce the CTF winners and provide a few insights on the challenges developed by INTENT founders and partners. Erez and Lavi will then wrap up the summit with some closing remarks and share what you should expect to see at INTENT 2022.