PRESS

PRESENTATION: Demonstrating the CANBus Protector PRESENTER(S): Corey Thuen, Senior Security Consultant for IOActive CONFERENCE: DOT/DHS Automotive Cybersecurity R&D Showcase LOCATION: DOT Volpe Center, Cambridge, MA DATE: October 19, 2016   The CANBus Protector is an open source solution used to address the problem of aftermarket devices, such as insurance OBDII dongles, that provide new avenues for attackers to potentially take over a vehicle. Attackers with access to the OBDII port, which is used by these devices to provide their intended functionality, are able to take control of vehicle functions in…

PRESENTATION: Cloud Security – Zero-day protection with memory integrity based on white lists (aka. Total Cloud Patch Management) PRESENTER(S): Shane Macaulay, Director of Cloud Security for IOActive CONFERENCE: SOURCE Seattle 2016 LOCATION: Seattle, WA DATE & TIME: October 12, 2016 at 11:40AM PT   Patch management is often looked down upon due to its simplicity and relatively short shelf life. However, this talk will demonstrate how if we identify patch management as a way to categorize all known and unknown code in our infrastructure (given clouds can…

PRESENTATION: Beyond the ’Cript: Practical iOS Reverse Engineering PRESENTER(S): Michael Allen, Security Consultant for IOActive CONFERENCE: OWASP AppSec USA LOCATION: Washington D.C. DATE & TIME: October 13, 2016 at 10:45AM ET   Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the…

PRESENTATION: Assessing and Exploiting XML Schemas Vulnerabilities PRESENTER(S): Fernando Arnaboldi, Senior Security Consultant for IOActive CONFERENCE: OWASP AppSec USA 2016 LOCATION: Renaissance Washington, Washington, DC, USA DATE & TIME: October 13, 2016 at 9:30AM ET   Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers. Even though XML schemas are used to define the security of XML documents, they…

PRESENTATION: Converting Cyber Attacks into Successful Cyber-Physical Attacks PRESENTER(S): Cedric Levy-Bencheton, Managing Consultant for IOActive CONFERENCE: 3rd Annual Industrial Control Cyber Security Europe LOCATION: Copthorne Tara Kensington, London, UK DATE & TIME: September 28, 2016 at 9:35 AM   Access to a control network does not itself constitute an attack. Somehow this important fact is often omitted from public documentation. Cédric Lévy-Bencheton will address an attacker’s challenges in designing disruptive assaults on physical infrastructure or operations. This talk draws from Lévy-Bencheton’s extensive experience in offensive cyber-physical security,…