《Hunting CVEs for fun and profit 》
Flanker, senior researcher of Tencent Cohen laboratory, pwn2own 2016 OS X / mobile pwn2own 2016 Android champion. Black hat, Defcon, cansecwest, Qualcomm security summit, Recon, POC, hitcon, xkungfoo, qcon speaker. Dozens of public thanks for Google / Android / Chrome / Apple security bulletin board.
As the pinnacle of software engineering, modern large-scale operating systems and application software condense the wisdom of hundreds of excellent engineers. But where there are people, there are loopholes. Even with the best security team, these key products can not completely avoid loopholes. This guest flanker will take Android, IOS / Mac OS, qiku and other representative OS / software as examples to introduce the ideas and methods of CVE mining, as well as how to use these vulnerabilities to break through layers of defense, and finally achieve remote code execution + kernel permission enhancement.
For students of technical discussion, you can contact the guests on the Weibo: flanker_017.
----
Analysis and utilization of XNU kernel vulnerability
Zhengmi, Alibaba mobile security expert, doctor of the Chinese University of Hong Kong. Team oversky, blue lotus and insight labs members. Xcodeghost virus and wormhole vulnerability affecting hundreds of millions of users were found and named.
With the enhancement of the user state security of IOS system by apple, the vulnerability through sandbox becomes less and less, but more and more vulnerabilities that can directly attack the kernel in sandbox are discovered. The sharing of steamed rice will analyze the attack chain of two sandboxes that directly attack the kernel. The first attack chain is the OSS serializebinary() kernel information disclosure and use after free that affect IOS 9.3.4. The second attack chain is the kernel heap overflow vulnerability that affects the Mach Ou voucher of IOS 10.2. In addition, this sharing will introduce how to use these vulnerabilities to obtain arbitrary read and write permissions of the kernel, as well as the heap Feng Shui utilization technology in IOS 10.
----
Wonderful data analysis in DNS
Zhang zaifeng, security analyst of 360 Network Security Research Institute, is mainly interested in DNS data analysis and blacklist generation based on DNS data. He has lectured on apnic40 and dns-orac 24 and introduced 360netlab's experience in DNS data analysis.
As a basic protocol of Internet, DNS protocol carries all kinds of upper layer services. Efficient and accurate understanding of DNS data is very important for the analysis of upper business. Especially when it comes to security related business, it is more important to accurately identify data. This topic mainly introduces all kinds of "exotic" data encountered by 360 Network Security Research Institute in the analysis of a large number of DNS basic data, introduces the reasons for their occurrence, and discusses the impact they may have on the accuracy of data analysis process and current threat intelligence.
Guest micro blog: zhangzaifeng1
----
No absolute WAF defense
Calmly, member of Hetu security team, devoted to information confrontation for many years. Web security, penetration testing, personal developers.
In web security, WAF has always had a place, rules in the process of constant updating and iteration also contains the thinking and innovation of security researchers, so WAF is just a commonplace. What this topic brings you is my accumulated skills of testing WAF in the process of researching this field. There is no absolute WAF defense, it is now, and it will be the same in the future.
----
On the loopholes of wonderful flowers
Gr36, the prophet's top white hat, commonly used ID: greg.wu, gr36, has been living in Alibaba cloud prophet and other public testing platforms all year round.
At the conference, gr36 shared his "wonderful loopholes - my public testing experience", pure practical sharing! White hat on the spot is so serious! Experience of senior crowd test players in digging holes.
----
The survival of enterprise safety team
Wang Zhe, information security director and operation and Maintenance Director of Yiren loan, CISSP, is good at web security. From "one person's security team" to a perfect security team, Yiren loan's information security has gradually formed a system and become a key capability of the enterprise. Last year, the launch of yisrc marked that the Internet finance industry began to enter the security construction period.
In the process of building enterprise security team, different stages are faced with different priority issues, as well as different goals and pursuits. From the bottom line of safety to a higher standard, how to carry out safety work in a targeted way, promote the development of the enterprise, protect the business, how to better show the value of safety work, quantify the output of safety work, and how to allocate resources for safety work, etc., the survival of the safety team is full of challenges and wisdom.
----
How to truly and effectively resist blackmail software
Ni Maozhi, author of blackmail software terminator, has some research on anti-virus engine and active defense. He is good at quickly choosing effective solutions in a complex confrontation environment. Proficient in reverse engineering, but also a full stack engineer.
Extortion software is so rampant today, how to effectively defend the scene with real combat experience one by one analysis! This topic starts from all possible security technologies against ransomware, and analyzes the advantages and disadvantages of various technologies against ransomware from multiple perspectives. And how to extract the advantages of various technologies, combined with the particularity of extortion software, deduce and demonstrate a real and effective technical scheme of anti extortion software.
----
"Exploring the development process of mobile application security with program architecture"
Disabled, safety researcher of four leaf grass, member of Yanxing safety team, post-95 white hat, good at penetration testing, web security, with hundreds of safety service project experience, has appeared in domestic top security conferences for many times, such as FSI, OWASP, 0con, etc., and has won awards in Party A's safety emergency response center for many times, such as ant financial, Baidu, Xiaomi, etc.
After the 95th conference, Chai Hao shared the topic "exploring the development process of mobile application security with program architecture". He explained the derivation of mobile application, the security problems discovered by mobile application, and the improvement of mobile application architecture. From the perspective of mobile application security tester, he showed you the iterations of mobile security experience.
----
Overview of DDoS attacks on DNS random domain names
Phunter is the chief data scientist and Ph.D. in physics of nominum company in Redwood City, California. His major research direction is to use machine learning to model DNS data to find potential threats, detect malware and behaviors, and protect against DDoS attacks (including random domain name attacks) against DNS. Nominum is the founder of DNS, which constructs and maintains 90% of the world's DNS codes. In the data science and security research group of nominum, we analyze hundreds of billions of real-time DNS query and resolution response data from all over the world every day, detect threats and cooperate with operators to block threats.
The conference "overview of DDoS attacks on DNS random domain names: characteristics, attack methods, detection and blocking" brought by phunter is very detailed and thorough from the perspective of DNS attack methods - technical details - effective protection measures, through various metaphors and cases. PS, phunter's PPT is very distinctive - a lot of [meow].
Download address:
https://xianzhi.aliyun.com/forum/attachment/big_size/2017_xianzhi_ppt.rar.rar
Unzip password: ABCD
Reprint is prohibited without consent.