Conference:  Defcon 31

Authors: Allan Cecil keeper of TASBot, Liam "MLink" Taylor, Sauraen

2023-08-01

How can a Use After Free exploit in Ocarina of Time lead to a cute robot taking over an entire N64 to put the future (and the Triforce) in the game using only button presses? This talk dives into the technical details of how a Use After Free exploit, Arbitrary Code Execution, and multiple bootstrap stages allowed TASBot to take full control of an original, unmodified cart and console in front of a live audience during SGDQ 2022 with the help of Sauraen and Savestate, helping raise more than $228k for charity. This talk uses engaging explainer graphics courtesy of RGME to dig into how a Use After Free vulnerability can be exploited as well as a live demo showing the significant social impact of the exploit Here Together, in the past year and into the future.

Conference:  Cloud Native SecurityCon North America 2022

Authors: Adrian Mouat

2022-10-24

The talk discusses techniques and tooling to address security concerns in building images for the secure supply chain.

• Provenance and reproducibility are major issues in the current state of security in IT.
• The distroless philosophy and using smaller base images can save from scan report purgatory.
• Updating images and dependencies is crucial.
• Using apko to build container images with SBOMs and complete reproducibility.
• Signing images with Sigstore.
• Cutting down dependencies by using smaller base images and keeping them up to date.
• Verifying signatures and using policy management tools to check for vulnerabilities.
• The vulnerability exploitability exchange can help filter vulnerabilities and cut down noise.
• Google container tools and digital images are small and perfect for running statically compiled binaries.
• The drawbacks of using Google container tools include a hard-to-extend list and difficulty in installing apps.
• Cutting down images to the minimum set of dependencies can drastically reduce noise in vulnerability reports.

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Brad Geesaman, Ian Coldwater, Duffie Cooley, Rory McCune

2021-10-13

When the hacker crew of geese collectively known as “SIG-Honk” read about a new CVE in the Kubernetes ecosystem affecting the runc project (CVE-2021-30465), they flew into action. With just a few details in the initial advisory notes as guidance, they were able to collaborate and generate a proof-of-concept exploit for Kubernetes, iterate and validate it against multiple types of clusters, and kick off a renewed coordinated disclosure process to help keep users safer. Join Ian Coldwater, Brad Geesaman, Rory McCune, and Duffie Cooley as we bring our expertise and experiences to share the details of our methodology, walk through our approach, and demonstrate the exploit and its effectiveness live on stage. Attendees will learn about the process of exploit development and disclosure, find out how to stay informed about vulnerabilities in open source dependencies that may affect the security of their clusters, and walk away with a new perspective on how to honk.