CUJO AI SPEED HACKING COMPETITION is starting Friday afternoon at the HackCenter (Dome). Eight easy-medium difficulty challenges must be solved in less than 90 minutes to win the CTF. This is interesting because players’ screens will be displayed on a projector. Conference attendees can follow how the best players play CTF in real time. Two commentators will spice up the competition to make things even more exciting. The first one to solve all or the most challenges will win a Playstation 5! Bring your web browser + intercept proxy to hack, or we can also provide a Kali jump box, accessible via browser (noVNC).
SpeedHacking Competition
CUJO AI SPEED HACKING COMPETITION is starting Friday afternoon at the HackCenter (Dome). Eight easy-medium difficulty challenges must be solved in less than 90 minutes to win the CTF. This is interesting because players' screens will be displayed on a projector. Conference attendees can follow how the best players play CTF in real time. Two commentators will spice up the competition to make things even more exciting. The first one to solve all or the most challenges will win a Playstation
Can We Break the Fault Injection Mitigation Bob?
This talk explores the fundamentals of fault injection, delves into the inner workings of such attacks, and examines countermeasures for protection. Talk also goes indepth about various ways to bypass all these software based countermeasures. Additionally, an open-source vulnerable fault injection application will be released, allowing attendees to experiment with and analyze vulnerabilities. Introduction: Fault injection is a powerful Hardware technique used to assess the security and robustness of hardware and software systems. By deliberately introducing hardware faults, it helps identify
API Security Assurance via E2E Testing
E2E testing engineers are the `final frontier` before an change is deployed into production. They could function as a security champion. By introducing API security assurance into E2E testing, while promoting the engineers to come up with security edge cases, typically in the form of a threat modeling activity, an application could be continuously designed and tested to be secure, starting with its MVP release. Can users expect a product to be continuously secure, end-to-end? Mature Continuous Integration (CI) practices
The Art of Cyber Espionage: Unleashing the Power of SCADA and ICS Hacking
In today's digital age, the use of SCADA and ICS systems is widespread across various industries such as oil and gas, energy, manufacturing, transportation, and many others. These systems provide essential functionality in monitoring and controlling critical infrastructure, making them a prime target for cyber attackers. Cyber espionage attacks on these systems can cause severe disruption to critical infrastructure, leading to significant financial losses and potential loss of life. In this practical hacking presentation, we will delve deep into the
Examining the Explanatory Factors of Malicious Hacking Behaviors
In the last few years, malicious hacking is one of the fastest-growing crimes, causing an unpredictable impact on society. Therefore, the present research aims to characterize five malicious hacking behaviors and understand which features are linked to the practice of such actions. Data were collected through an online survey administered to a Portuguese sample (n=680, 61.1% male) with an average age of 28 years. Overall, 60.4% of the participants reported having committed at least one malicious hacking behavior in their
Threat Prompt: AI Security
AI is ushering in a new era of sophisticated cyber attack and defence. In this session, we will explore AI from a hacker's perspective. The first half is about the security of AI and starts with a fast-paced introduction to AI tech. Building on this foundation, we survey the major AI vulnerability classes, attacks and defences, supported by examples. This section concludes with AI policy recommendations help you influence debate on AI within your organisation. The second half is about applying AI
Clashing EV Chargers in The Pentesting Arena
About the Speaker Abdellah Benotsmane is a junior security researcher at PCAutomotive, boasting more than one year of experience in the field. His primary focus lies in penetration testing and security assessment within the automotive sector. Abdellah's deep interest in cybersecurity led him to pursue a master's degree in the subject from ELTE University, where he acquired a comprehensive understanding of the complex challenges faced by the industry. His academic background has equipped him with a solid foundation in cybersecurity principles
CAN Injection Hacking: Unraveling the Veins of Automotive Vulnerabilities
About the Speaker Péter Vágvölgyi, a cybersecurity expert with 12 years of experience in automotive software and system-level development and requirements management. Over the years spent in the automotive industry, I have had the privilege to play a prominent role in software testing and comprehensive system-level development aimed at enhancing vehicle cybersecurity and data privacy. In my work, I closely collaborate with cybersecurity experts from different countries to make future driving safer and more secure against cybercriminals.
It Was Harder to Sniff Bluetooth Through My Mask During the Pandemic…
About the Speaker Prior to working full time on OpenSecurityTraining2 (ost2.fyi), Xeno Kovah worked at Apple designing architectural support for firmware security; and code auditing firmware security implementations. A lot of what he did revolved around adding secure boot support to the main and peripheral processors (e.g. the Broadcom Bluetooth chip.) He led the efforts to bring secure boot to Macs, first with T2-based Macs, and then with the massive architectural change of Apple Silicon Macs. Once the M1 Macs shipped,