| BRIEFING HIGHLIGHTSAll times are Pacific Time (GMT/UTC-7h) Hacking the Supply Chain – The Ripple20 Vulnerabilities Shlomi Oberman Wednesday, August 5 | 10:00am-10:40am This is the story of how we found and exploited a series of critical vulnerabilities (later named Ripple20) affecting tens or hundreds of millions of IoT devices across all IoT sector conceivable - industrial controllers, power grids, medical, home, networking, transportation, enterprise, retail, defense, and a myriad of other types of IoT devices, manufactured and deployed by the largest American and international vendors in these fields. Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities Yonghwi Jin Thursday, August 6 | 12:30pm-1:10pm In this talk, we will share our Safari exploit submitted to Pwn2Own 2020. Combining six different vulnerabilities, our exploit successfully compromises the macOS kernel starting from the Safari browser. It breaks every mitigation in macOS including ASLR, DEP, sandbox, and even System Integrity Protection (SIP). MORE |
