SPEAKERS

Welcoming of the Guests

Matt Suiche, (Founder at Comae & OPCDE)

Keynote: China's cheap Xiaomis are low on privacy

Chinese phones are cheap only if your privacy is worthless. With the advent of low cost techonology, phone manufacturers started getting their profit margins from other sources. One such manufacturer is Xiaomi, which sells incredible phones at eye watering prices. Don't be deceived though, because purchasing such devices also giving up your rights to digital privacy. I've dwelved into the rabbit hole in order to expose a company that not only wants your money, but also the entire history of you.

Gabi Cirlig, Independent

Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For a couple of years I’ve shifted gears and started my career as a security researcher while speaking at various conferences (SAS, AVAR, PHDays) in my free time showcasing whatever random stuff I hacked. Fortunately, after joining WhiteOps, I turned this passion into my full time job. With a background in electronics engineering and various programming languages, I like to dismantle and hopefully put back whatever I get my hands on.

Tracking the mobile trackers

In 2014, I started tapping my home internet. Between a couple of unexpected discoveries (see OPCDE Online #2), this also confirmed that, as expected, the noisiest devices in terms of network traffic were my smartphones. Firing up new applications or even thinks like a free picture editor, or weather app, would generate a flurry of domain lookups and connections that had nothing to do with editing photos or the weather. Blocking these with Pihole and Pfsense was trivial, but the question remained – what kind of data do these free smartphone apps send over to their developers, or even further, to third parties? ecently, I reversed a weather forecast application looking to solve a Twitter mystery – how do certain companies track the movement of millions of people, almost in realtime? And how this data, allegedly aggregated and anonymized, can be used unmask the identity of real persons? The user’s privacy has become a powerful currency that is traded around and exchanged between various parties that most likely you’ve never heard of. How come they know where you live, where you work and where you sleep, what is your favorite coffeeshop or restaurant? And can you really do anything to prevent it?

Costin Raiu, (Director of Global Research and Analysis Team at Kaspersky);

Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky that researched the inner workings of Stuxnet, Duqu, Carbanak and more recently, Lazarus, BlueNoroff, Moonlight Maze and the Equation group. Costin’s work includes analyzing malicious websites, exploits and online banking malware. Costin has over 24 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO) and a reporter for the Wildlist Organization International. Before joining Kaspersky, Costin worked for GeCad as Chief Researcher and as a Data Security Expert with the RAV antivirus developers group. Costin joined Kaspersky Lab in 2000 and became the Director of the Global Research & Analysis Team in 2010.

Panel: Mobile Tracking: Xiaomi, Aarogya Setu etc.

TBA

Costin Raiu, (Director of Global Research and Analysis Team at Kaspersky);

Gabriel Cirlig, Independent

Elliot Alderson, fsociety

Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky that researched the inner workings of Stuxnet, Duqu, Carbanak and more recently, Lazarus, BlueNoroff, Moonlight Maze and the Equation group. Costin’s work includes analyzing malicious websites, exploits and online banking malware. Costin has over 24 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO) and a reporter for the Wildlist Organization International. Before joining Kaspersky, Costin worked for GeCad as Chief Researcher and as a Data Security Expert with the RAV antivirus developers group. Costin joined Kaspersky Lab in 2000 and became the Director of the Global Research & Analysis Team in 2010.

Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For a couple of years I’ve shifted gears and started my career as a security researcher while speaking at various conferences (SAS, AVAR, PHDays) in my free time showcasing whatever random stuff I hacked. Fortunately, after joining WhiteOps, I turned this passion into my full time job. With a background in electronics engineering and various programming languages, I like to dismantle and hopefully put back whatever I get my hands on.

N.A

Cleanly Escaping the Chrome Sandbox

We'll explain how we discovered and exploited Issue 1062091, a use-after-free (UAF) in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge. Details include how we made the exploit highly reliable, how we achieved process continuation, and how we made the exploit easily adaptable to other platforms.

Tim Becker, Security Researcher @ Theori

Tim Becker is a security researcher at Theori, currently focused on browser exploitation. Coming from the CTF scene, he has several DEFCON CTF victories as part of the Plaid Parliament of Pwning (PPP). Outside of hacking, Tim has worked on research in cryptography and complexity theory.

Closing Remarks

Matt Suiche, (Founder at Comae & OPCDE)