I was at Syscan again this year as a volunteer.
As usual, all the talks are very interesting. I’ll write about the few that stood out.
The very first talk of the conference had a really interesting title. Car Hacking for Poories by Charlie Miller and Chris Valasek. It is essentially about how they setup a test bench simulating the environment of a car to test against so that people do not have to purchase a brand new car to perform security research. Very interesting stuff.
Anton Sapozhnikov had a really interesting talk about how to recover the password of the user you compromised on a Windows machine without gaining access to admin privileges through flaws in the Windows SSPI implementation.
Dean Carter and Shahn Harris had a really hilarious skit about the various infosec fails. One of them was dressed up as failymonster. Did I mention this took place in a bar?
The first day concluded with good food and plenty of beer.
The next day, Joxean Koret had an amazing talk about Breaking Anti-Virus software. He spoke about how the results of his fuzzing research against anti-virus software revealed plenty of holes in them. This included gems like injecting non-ALSRed DLLs in processes system-wide, downloading updates over HTTP and a particular AV that ran
exec() with user supplied inputs. This talk was really the highlight of the conference.
m0nk Thomas had a really good talk about breaking the SnapDragon SoCs through regulating the power sent to it. Really interesting stuff but most of it sadly went over my head.
Alex Ionescu gave a talk filled with technical details about the RPC, LRPC, ALPC and LPC implementations in Windows. He showed us how the various *PC servers can be exploited to heap-spray and DoS a Windows system. Great talk choked full of information.
The final talk of the day was by Snare who talked about exploiting DMA with Thunderbolt. Really nice stuff as well.
All in all, it was a great conference with nice food and lots of beer. The slides are already available if anyone is interested!