May 28th, 2020
All Offensive Digital Security Conference
Founded in 2018 and held in Seoul, Korea, TyphoonCon focuses on highly technical offensive security issues such as vulnerability discovery, advanced exploitation techniques and reverse engineering. Due to recent developments worldwide relating to COVID-19 and after much thought and deliberation, we are excited to present TyphoonCon 2020 online: An extensive webinar of never seen before technical offensive security talks by industry leaders.
Hear from information security leaders showcasing their expertise and find out how to tackle the latest challenges.
Take part in the conversation
Take part in audience chat, ask questions and participate in speakers' experts Q&A.
Unique network opportunity with attendees & security leaders. Connect with peer security researchers.
TYPHOONCON LIVE 2020 SPEAKERS
TLS Security Researcher. PhD Student @ Ruhr University Bochum
Robert MergetTLS Security Researcher. PhD Student @ Ruhr University Bochum
Recent years have witnessed an increasing number of protocols relying on UDP.
Due to UDP's simplicity and performance advantages over TCP, it is being adopted in Voice over IP, tunneling technologies, IoT, and novel Web protocols. To protect sensitive data exchange in these scenarios, the DTLS protocol has been developed as a cryptographic variation of TLS.
DTLS's main challenge is to support the stateless and unreliable transport of UDP. This has forced the protocol designers to make choices that affect the complexity of DTLS, and to incorporate features that need not be addressed in the numerous TLS analyses.
We present the first comprehensive analysis of DTLS implementations using protocol state fuzzing. To that end, we extend TLS-Attacker, an open source framework for analyzing TLS implementations, with support for DTLS tailored to the stateless and unreliable nature of the underlying UDP layer.
Senior Security Researcher @ Trend Micro
Mohamad MokbelSenior Security Researcher @ Trend Micro
An Exploratory Endeavor in the Reverse Engineering of a Multi-platform Compiler
Reverse engineering software written in a native programming language requires the understanding of different phases of the compilation process in addition to the libraries involved, code optimizations, language standards, file format, generated code, and other intricacies. For malware, they are mostly written in a native programming language such as x86 Assembly, C, C++, Objective-C, Delphi and other similar languages.
In the last couple of years, malware authors started using another native programming language called PureBasic. This language is very powerful and produces native code with extensive library support. Moreover, the compiler generates code for all major platforms including Windows, Linux and MacOS. In this talk, we’ll delve into the inner workings of how the language works, the compiler architecture, reverse engineering of the language libraries, and more importantly, the release of a complete parser for the libraries, IDA FLIRT signatures, and an IDA plugin. This all for the purpose of making reverse engineering of this language easier.
Leading Security Researcher @ Kaspersky Lab
Boris LarinLeading Security Researcher @ Kaspersky Lab
Zero-day Exploits of Operation WizardOpium
In the end of 2019 year we have caught a new unknown exploit that was distributed with waterhole-style injection on a Korean-language news portal. After removing a multiple layers of obfuscation it appeared that we have found a zero-day that was exploiting unpatched vulnerability in one of the recent versions of Google Chrome. The final payload of this attack had no definitive links with any known threat actors and we have called it “Operation WizardOpium”. In this presentation, we would like to focus on analysis of exploits and vulnerabilities used in “Operation WizardOpium” as our further research revealed the use of multiple unpatched vulnerabilities.