xorl %eax, %eax

OffensiveCon 2018 conference

leave a comment »

This was the first ever OffensiveCon and it took place last week in Berlin, Germany. Really nice conference which I definitely recommend to anyone interested in offensive security. Here is a very quick overview of the event from my point of view. Note that I did not attend any of the training sessions, so my opinion is based solely on the conference.

The event was dedicated to exploitation, I want to clarify this since offensive security is not just the exploitation, it is also the reconnaissance, building the Command & Control infrastructure, data exfiltration, lateral movement, etc. So, just to be clear, OffensiveCon is about exploitation. To get a better understanding of the content, here is a list of all of the talks of the event.

  • Day 1 keynote by Rodrigo Branco
  • Advancing the State of UEFI Bootkits: Persistence in the Age of PatchGuard and Windows 10 by Alex Ionescu
  • Field Report on a Zero-Day Machine by Niko Schmidt, Marco Bartoli and Fabian Yamaguchi
  • The Smarts Behind Hacking Dumb Devices by Maddie Stone
  • Linux ASLR and GNU Libc: Address Space Layout Computing and Defence, and ‘Stack Canary’ Protection Bypass by Ilya Smith
  • Oh No, Where’s FIDO? – A Journey into Novel Web-Technology and U2F Exploitation by Markus Vervier and Michele Orru
  • L’art de l’évasion: Modern VMWare Exploitation Techniques by Brian Gorenc, Abdul-Aziz Hariri and Jasiel Spelman
  • Robin Hood vs Cisco ASA AnyConnect- Discovering and Exploiting a Vulnerability in your Firewall by Cedric Halbronn
  • Windows 10 RS2/RS3 GDI Data-Only Exploitation Tales by Nick Sampanis

  • Day 2 keynote by Jörn Schneeweisz // joernchen
  • From Assembly to Javascript and back: Turning Memory Corruption Errors into Code Execution with Client-Side Compilers by Robert Gawlik
  • Concolic Testing for Kernel Fuzzing and Vulnerability Discovery by Vitaly Nikolenko
  • New and Improved UMCI, Same Old Bugs by James Forshaw
  • Betraying the BIOS: Going Deeper into BIOS Guard Implementations by Alex Matrosov
  • The Evolution of CFI Attacks and Defenses by Joe Bialek
  • Dissecting QNX – Analyzing & Breaking QNX Exploit Mitigations and Secure Random Number Generators by Jos Wetzels and Ali Abbasi

I attended all of them and the quality was excellent. As you can easily guess the presentations were scheduled in a single track. This is great because you don’t have to worry about what to attend and what to miss. It wasn’t a huge event in terms of people but everyone seemed really interested in exploitation. So, overall a very nice atmosphere.

The location, snacks, lunch, and all of the organizing components were amazing. Very high quality and everything worked exactly as planned (apart from the_grugq’s keynote that didn’t happen but that wasn’t organizers’ fault). So, congrats to everyone involved in this because it made the entire event a very pleasant experience where you didn’t have to care about anything apart from learning and sharing knowledge. Well done guys!

For the people that were not there, the organizers said that all the videos will be published on YouTube unless the speakers don’t want to, so keep an eye for them because all of them were very interesting.

See you next year! :)


Written by xorl

February 23, 2018 at 00:11

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s