Conference:  Defcon 31

Authors: Maxime Clementz Cybersecurity Senior Manager, PwC Luxembourg

2023-08-01

VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunnelled. We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software and... bypass them with ridiculously complex exfil methods but also with unexpectedly trivial tricks. We will exploit design, implementation and configurations issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by untrusted networks.

Conference:  Defcon 31

Authors: Wojciech Reguła Principal Security Consultant @ SecuRing

2023-08-01

MacOS is known for an additional layer of privacy controls called TCC - Transparency, Consent, and Control (TCC) that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent. Despite many vulnerabilities in that mechanism found in the past, using 0-days during red teaming engagements is impractical. Apple fixes TCC vulnerabilities but red teams still have to get access to files saved on the victim’s desktop or be able take a screenshot. What if I tell you that there are many open doors to resolve all the TCC problems that are already installed on your target machines?! Electron apps are everywhere. And you probably heard the joke that: ‘S’ in Electron stands for security. In this talk I will share a new tool that, by abusing Electron default configuration, allows executing code in the context of those Electron apps and thus inherit their TCC permissions. The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. The part of the audience interested in macOS red teaming will also get to know my new, free and open source tool. Blue teams on the stage will also see some ideas regarding detections.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Heather Joslyn, Alex Williams, Liz Rice, Viktor Farcic, Saad Malik, Aeris Stewart

2022-10-27

The conference presentation discusses the challenges faced by CERN in dealing with Large Hadron Collider data rates and how they built a platform to automate and scale their infrastructure. They also talk about their move towards containerized environments to simplify deployments and make it easier for physicists to focus on their work.

• CERN faced challenges in dealing with Large Hadron Collider data rates
• They built a platform to automate and scale their infrastructure
• They moved towards containerized environments to simplify deployments and make it easier for physicists to focus on their work