BSidesTLV 2023

To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.

09:00

Opening Words

09:30

Opening keynote - Fighting Stupidity and Malice in the Wild, Wild Web

As this brave new digital world evolves, we keep making the same mistakes over and over again. We get excited about the possibilities, but we forget to plan for misuse and abuse. Is there a design and governance model for every layer and every kind of technology that works better than either centralization or decentralization -- and if so, how do we implement it safely?

10:05

How to take cookies from the Cookie Monster: Genesis Market Takedown

In April 2023, a global law enforcement task force disrupted the infamous Genesis Market, the largest browser cookie marketplace. This talk analyzes how cybercriminals used the marketplace to bypass multi-factor authentication, fake victims' identities. Attendees will gain insight into the work Trellix did to assist Law Enforcement in the global takedown.

10:35

Sealing the Leaks: Incident Response Stories about Breaches Caused by Leaked Code

Shaked Klein Orbach, Arik Nachmias

In this talk, we'll share incident response stories of mitigating breaches caused by leaked code. We've noticed a growing trend of code leakage entry points in incidents. We'll provide valuable tips for identifying and managing these incidents to protect sensitive information.

10:50

One Device to Rule Them All

By infiltrating a device manufactured by a big IoT OEM, we gained full control of thousands of devices across the globe. By exploiting vulnerabilities that we discovered, we were able to not only control the device, but also to use it as a pivot for infiltrating corporate networks.

11:20

(In)secure Boot - finding and exploiting vulnerabilities in Renesas's boot implementation

In this talk, we will discuss the discovery and exploitation of vulnerabilities in Renesas's secure boot implementation. The presentation will cover the importance of secure boot in protecting against attacks and provide an overview of the ARM TF-A and Renesas implementation.
We will then dive deep into the vulnerability itself and its unique exploitation technique.

12:05

Break #1 Break #1

12:20

It's Duck Season: Forensic Detection of BadUsb Attacks

Georgios Karantzas

During this study we explore deep parts of Windows systems and tryo to "excavate" useful logs so that we can behaviorally detect rubber duckies post-mortem. This study focuses on upper filter drivers, ETW, detection engineering and forensic logic.

12:45

The dark side of cloud-based database engines

Ofir Balassiano, ofir shaty

Cloud migration has revolutionized the way we work with databases, But the cloud provider's changes to popular database engines have created new attack vectors. Our presentation will explore the evolving database attack landscape in the cloud, showcasing a case study of a critical CloudSQL (GCP) vulnerability we recently found and advanced lateral movement and PE techniques.

13:15

Lunch Lunch Lunch

14:20

Barcode scanners are disguised windows to your Windows

This talk is about probing and attacking a host computer using barcode scans. I will demonstrate the ability to upload a file to the host computer and execute it using multiple 2D barcode scans. The attacks were tested on popular barcode scanners using their default settings. No barcode scanner programming is required. No cooperative software is required. No internet connection is required.

14:50

Uh-OAuth! - Breaking (and fixing) OAuth Implementations

We dove into the world of OAuth (open standard for authorization and authentication) and its various implementations. By applying advanced attack techniques, we managed to gain control of accounts on popular applications and websites – household brand names – each with more than 100 million users.
At the end of the day, our research gave us (potential) access to one billion accounts.

15:40

Hacking Harry Potter: The Untold Story of Fantastical Social Engineering

Hidden inside the story of Harry Potter is a most subtle of social engineering attacks. Explore how J.K. Rowling hid the world's greatest villain in plain sight.

15:50

Decoding the Black Magic of Radio Waves

Radio is one of those natural phenomena that we take for granted when things magically communicate over the air. The past decade has seen an explosion of Software-Defined Radio (SDR) devices that enabled a new era of exploration and exploitation of radio frequencies. In this approachable talk we will demystify how radio waves work and how they can be manipulated with software.

16:15

Break #2 Break #2

16:30

The Missing Piece: Adding Automated RBAC Checks for Authorization in Your Pipelines

Secure your SaaS platform with Nuclei, an open-source tool designed for a different purpose. Automate RBAC checks, catch authorization issues early in the CI and promote better collaboration between R&D and product teams. Join us for a lightning talk on using Nuclei to streamline RBAC testing and enhance SaaS security.

16:40

Google Workspace Forensics – Insights from Real-World Hunts & IR

Ariel Szarf, Doron Karmi

In this talk, we share our knowledge & expertise on how to hunt and perform IR investigation over Google Workspace logs based on real-world threat hunt focused on data exfiltration from Google Drive. In this presentation, we will show the work of forensic investigator in Google Workspace domain.

We believe this knowledge is necessary for those who want to investigate Google Workspace logs.

17:10

(Lady|)Lord Of The Ring0

(Lady|)Lord Of The Ring0 is a talk inspired by my blog series: Lord Of The Ring0 and will discuss offensive windows kernel development, secure kernel development, explaining basic kernel mitigations (PatchGuard, DSE) and various ways to load a driver.

18:00

CTF Summary CTF Summary

19:00

Closing words