Conference:  Defcon 31

Authors: David Leadbeater Open Source Engineer, G-Research

2023-08-01

It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s. Like anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability. In this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically haven't had strong terminal support didn't escape a CVE. In order to exploit these vulnerabilities they often need to be combined with a vulnerability in something else. I'll cover how to exploit these vulnerabilities in multiple ways. Overall this research found multiple remote code execution vulnerabilities across nearly all platforms and new unique ways to deliver the exploits.

Conference:  Defcon 31

Authors: Michael Stepankin Security Researcher at GitHub

2023-08-01

Although x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return. In this talk, we’ll deep dive into some novel attacks on mTLS authentication. We won’t bother you with heavy crypto stuff, but instead we’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation and information leakages. We present some CVEs we found in popular open-source identity servers and ways to exploit them. Finally, we’ll explain how these vulnerabilities can be spotted in source code and how the safe code looks like.

Conference:  Cloud Native SecurityCon North America 2022

Authors: Stefano Chierici, Lorenzo Susini

2022-10-25

The presentation discusses how Falco, an open-source project for runtime security, can be extended to monitor capabilities and detect potential malicious behavior in Kubernetes clusters.

• Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
• Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
• The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
• Falco only monitors runtime security and does not consider configuration changes in the YAML files.
• Falco can be deployed on Kubernetes using official charts and packages.

Conference:  OWASP 20th Anniversary Event

Authors: Grant Ongers

2021-09-24

The presentation discusses the importance of scaling application security through education and defines application security as product security. It also highlights the ISO IEC 25010 system and software quality model and the impact of technical debt on quality.

• Application security is a crucial aspect of cybersecurity that involves building secure software systems.
• ISO IEC 25010 system and software quality model prioritizes security as an intrinsic quality system.
• Technical debt can lead to a drop in non-functional qualities, including security.
• Scaling application security through education is essential to ensure developers are equipped with the necessary skills to identify and address security issues during code review.