Version 2

Events


Tuesday 10:00


Welcome to BsidesTLV

Opening Notes - Bar-Shira

Opening Notes by the BsidesTLV crew

Tuesday 10:30


Unblockable Chains

Is Blockchain the ultimate malicious infrastructure? - Bar-Shira

Unblockable Chains - Is Blockchain the ultimate malicious infrastructure? In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fu...

Tuesday 11:15


Breaking into my 3D Printer's firmware

Bar-Shira

A few month ago, I got my new 3D Printer. As a Kickstarter project, it came as half-baked product - its firmware topped with many annoying bugs. In hope to fix some of them, I went to look into the firmware, but alas - it was encrypted with some s...

Tuesday 12:00


We love containers

Bar-Shira

We love containers, and even more we love the open source orchestration platform Kubernetes! But Kubernetes has significant security vulnerabilities. Let's take a whirlwind tour of the ways to secure your Kubernetes cluster - and see examples of t...

Tuesday 13:00


CoinMiner Are Evasive

A deep dive into the uncharted of CoinMiners stealth tactics - Bar-Shira

CoinMiner are Evasive CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of use...

Tuesday 13:30


Pwned in Translation

From Subtitles to RCE - Bar-Shira

What if I told you, that when you're watching a movie on your PC or streamer - someone might also be watching you? And he might be doing so - using subtitles.

Yes, subtitles, those innocent looking text lines at the bottom of your screen. Millions of people use them without a second thought – never wondering where they come from, where they're parsed or how they are rendered. You might be surprised to find that there are actually more than 25 subtitle formats out there, most of which support exotic features such as HTML tags, raw images or even freeform binary (What?). Moreover, there is usually no standard library designed to parse subtitles, which leaves this task to be independently implemented by the various media players. What can go wrong? Well, basically - everything. We will pioneer the uncharted subtitles attack vector and demonstrate its disastrous potential, and unravel the numerous vulnerabilities we found involving subtitles. There will be unsanitized JavaScript running on native web applications; files being manipulated; heaps being corrupted; and full RCE on the most common streaming platforms including VLC, Kodi (XBMC) and PopcornTime. It seems there is no limit to what can be achieved by using these supposedly minor text files. But wait, the plot thickens. Our presentation will delve even further into...

Tuesday 14:15


Abusing WMI Providers For Persistence

Bar-Shira

Do you like to use COM hijacking for persistence but hate actually hijacking existing COM objects? Would you like to just load an arbitrary COM object you've created right after the machine boots? Play with WMI providers enough, and you can do it!...

Tuesday 14:30


The Spies Who Didn't Love Me

Using the intelligence life cycle to profile foreign actors in any situation - Bar-Shira

Cyber espionage is both a small and large playing field. There is a limited number of highly specialized Intelligence operatives and an abundance of potential targets in both heterosexual and homosexual sexualities that can be blackmailed. Everyon...

Tuesday 15:30


Deep hooks

monitoring native execution in WoW64 processes - Bar-Shira

There are several benefits for hooking native (64-bit) API calls in WoW64 processes, both malicious and benign. Malware can use them to achieve “stealthy” hooks and code execution, while security products can use them to gain much more visibility ...

Tuesday 16:15


IsraBye - The First Anti-Israeli Wiper

Bar-Shira

*** PECHA KUCHA *** At the beginning of August we got our hands on a sample of the first anti-Israel and pro-Palestinian data wiper called IsraBye. This specific wiper was aimed to hit Israeli victims -- replacing the content of the files on the ...

Tuesday 16:30


The road to iOS sandbox escape

How I gained arbitrary code execution in most of the iOS daemons - Bar-Shira

Apple’s sandbox may seem the “safest”, We decided to research interesting and not well known IPC. Among the history of iOS vulnerabilities, many vulnerabilities were discovered mostly on XPC, we decided to reveal the mach messages mechanism Apple ...

Tuesday 17:15


swimming IoT

how to hack a yacht - Bar-Shira

Modern vessels and yachts are equipped with many communication systems and connected to Internet. Due to my background, i wanted to know how modern vessels navigate and how the ship electronic is working. Quickly i found out that several attack ...

Tuesday 18:15


Invoke-NoShell

Running Powershell without powershell.exe - the (too) easy way. - Bar-Shira

For defenders Powershell is a major challenge when for attackers it is an opportunity (if it is enabled). This talk will open with a quick explanations and examples for Powershell abuse by malware in the wild and why it is so common. Then, the ...

Tuesday 18:30


Mystery Talk

Surprise Surprise ;) - Bar-Shira

Tuesday 19:00


Pipiot - the double-arch shellcode constructor

Novel approach that allows constructing a single payload to run on two different CPU architectures - Bar-Shira

When compiling shellcode - it is always constrained to what architecture you are intended it to run on. So with that thought in mind - I started my latest challenge/research/journey into assembly polyglotism - focusing on the two top main architec...

Tuesday 19:30


Closing Keynote

Yet another surprise ;) - Bar-Shira