Deserialization Vulnerabilities: From Theory to Practice

In this talk we provide an overview of the insecure object deserialization in Java and .NET and provide an indepth look at 2 different cases of these vulnerabilities. In first part of the talk, we delve into the basics of object serialization and provide insight into why deserialization attack surfaces exist is applications built on 
Read more

Your Phone Is Using TOR and Leaking Your PII

As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi BSSID, and general keys typed by the user. In some cases, we were able to build a complete user profile from physical movements to

Read more

Amplify Your Threat Hunting with the SOC Triad

Threat hunting is a critical and necessary operation to increase the chances of detecting threats that can otherwise slip through existing preventative and detective controls. Many organizations currently perform or are planning to start their threat hunting practices — but what can they do to identify and establish the requirements for

Read more

Toward 5G, Toward vulnerabilities

During this talk, I will review traditional security flaws in the telecommunication industry and all possible mitigations developed by top industry vendors in radio, signaling and packet data. After that, I will demonstrate how we can detect and bypass these security mechanisms to exploit and foothold inside mobile service providers as well as

Read more

The Decade Behind and the Decade Ahead

In this age of exploration, we have finally established a growing colony in Planet Cyberspace. The landscape is vastly different than what we are built for. This keynote, while keeping user centric cybersecurity as the central focus, explores four areas – Evolution, Asymmetry, Laws of Planet Cyberspace and Trust. I shall be sharing my

Read more