will be filled with talks from leading security professionals, hackers and other interesting people.
will cover practical cyber security, vulnerabilities, exploits and system fortification.
For sure, we will have Disobey parties for you. Perhaps even other casual, off-program activity.
The mechanical pin and tumbler locks we use on our homes, schools, and businesses have not changed much in over 100 years. Sure, there have been some exotic new designs but most are just not fiscally feasible compared to their relatively minor improvements (if any) in security.
A feature desired on large scale deployments is called Master Keying, which allows for many unique key/lock combinations while supporting multiple permission levels commonly referred to as "janitor keys" or "security keys" that can open multiple locks. While these systems are still in use around the globe in medium-to-large scale businesses, schools, and government buildings, they are also susceptible to what some consider to be the original privilege escalation attack. We will talk about an optimization attack against the most common master keyed lock systems in use today, reducing the potential attack surface from 1,000,000 permutations for an SC4 keyway system down to 42 steps to find the highest privilege key.
Web browsers are technologically some of the most interesting pieces of software out there. Because of their complexity and the inherent problem of acting as a platform for untrusted scripting, web browsers are also a security nightmare. Unfortunately for the hackers, all the big names in web browsing are backed by huge orgs, massively popular bug bounty programs, and yearly competitions like Pwn2Own, which make it sure there are no low-hanging fruit to get started with.
Luckily Chrome, Firefox, and Edge aren't the only browsers out there. Have you ever heard of UC Browser of Maxthon? What about 360 Security Browser, QQ Browser, or Sogou? Did you know Baidu makes their own web browser? Google any of them, and the top hits are news of privacy and security issues—yet Maxthon, for example, claims to be "670,000,000 Users’ Default Browser". Perfect!
In this hands-on workshop you'll dive head-first into a pool of Sogou and see if you can swim in it. You might find a steaming pile of RCEs go home empty-handed, but you'll definitely learn a whole lot about browser security and get to see software you probably didn't know even existed.
A little over ten years ago, a friend of ours returned to his hotel room to find that his laptop was gone. The door to his room showed no signs of forced entry; there was no record that the electronic lock had been accessed while he was away; and there was certainly no evidence that this electronic lock, deployed on millions of doors in more than 150 countries worldwide, could have been hacked.
Sometimes hacking boils down to spending more time on something than anyone could reasonably expect. This talk is an ode to that cliché. It is the culmination of a decade-long quest to find out whether the most widely used electronic lock in the world can be bypassed without leaving a trace. And in this adventure, breaking into hotel rooms is only the beginning. But lucky for all of us, unlike most cases of theft from hotel rooms, this story has a happy ending.
Solve the Disobey puzzle and you may win a special discount hacker ticket.