Events Hub



on demand talks

Watch our on demand talks, and view the corresponding slide decks.

red coding nodes

Monitoring Solutions: Attacking IT Infrastructure at its Core | TROOPERS

In this talk, we have a look at monitoring solutions from an attacker’s point of view. We present the basic architecture of modern monitoring solutions and talk about the derived attack surface. Based on this, we outline how important the choice of attack vector is and describe the approach we used to find critical vulnerabilities in popular monitoring solutions. We deep-dive into these findings and explain how they were found, how they can be exploited, and what we can learn from them.



Explore Other Talks

Talk | WeAreDevelopers

The Clean as You Code Imperative, by Sonar CEO Olivier Gaudin

In this talk given during We Are Developers, Olivier Gaudin talks about how Clean Code empowers developers and enable organizations to consistently deliver high-quality, secure code. He explains why the Clean As You Code methodology has to become an organizational imperative for a sustainable edge in the marketplace.

Topics: Clean As You Code, DevOps

Watch Now
Talk | Hexacon

You've Got Mail! And I'm Root on Your Zimbra Server

Zimbra, an enterprise-level email solution, has recently been the target of a 0-day campaign likely conducted by a state actor. As demonstrated by the Microsoft Exchange vulnerabilities, enterprise mail servers are a gold mine for attackers. In this talk we break down how we approached a complex enterprise web target from the viewpoint of a sophisticated attacker.

Topics: Code Security, Enterprise

Download Presentation
Talk | Insomni’hack

A Common Bypass Pattern to Exploit Modern Web Apps

During our vulnerability research, we broke the defenses of some of the most popular open-source web applications. We realized that many code vulnerabilities we discovered share a common theme. In this talk, we express this common denominator as a simple, abstract methodology that seems to have gone unnoticed in the industry. To turn our theoretical pattern into an entertaining presentation, we explain and demo related vulnerabilities that we discovered in applications such as Magento2, WordPress, and Zimbra.

Topic: Code Security

Download Presentation
Talk | Insomni’hack

Two Bugs to Rule Them All: Taking Over the PHP Supply Chain

This talk presents the technical details of the vulnerabilities that allowed us to compromise the infrastructure behind the two PHP package managers, Composer (twice!), and PEAR.  Together, they serve more than a billion monthly package downloads. We also present how we could reduce the impact of such an attack and the actions package managers could take to protect themselves.

Topics: Code Security, Supply Chain, Developer Tools

Download Presentation