• Speaker at m0leCon:”The Talented Mr. RiPPLey” (19 November)

    During the last twenty years Microsoft heavily invested in Windows OS security: both in exploit mitigations, security by design and enforcing security boundaries. Protected Process (PP) and its lightweight cousin, Protected Process Light (PPL), have increased their field of application and are nowadays actively used across various sectors (e.g., DRM and EDR protection, to “shield” main OS functionalities).
    As a result, PP/PPL bypasses have also become a hot topic in the industry. This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technology, including past and novel vulnerabilities as well as attack vectors.
    As part of the presentation, we will discuss the implementation of PP/PPL processes. The security model of PP/PPL processes will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
    A special focus will be on subverting and bending the technology to our will in order to disarm or counter EDR products. While the topic of PP/PPL processes has been shared before at major security conferences in the past, this talk will extend these aspects to include Early Launch AntiMalware (ELAM) and reverse engineering/debugging protected processes.

During the last few years, SCADA quickly gained the major news headlights with different frightening articles: from STUXNET to breaches like the electrical power supply grid in Ukraine (December 2015). Since SCADA systems are actively used across various industries (oil & gas, pharma, power plants, critical infrastructures) to perform critical operations on daily basis, SCADA security has also become a hot topic in the industry.

This talk will provide a comprehensive overview of the most common SCADA components, known malware and incidents as well as security issues affecting this technology, including existing vulnerabilities in different modules. As part of the presentation, we will disassemble and reverse engineer a PLC and its protocol. This model will be used to demonstrate some aspects of discovered security vulnerabilities.

Il crescente trend dei cyber attacchi pone, a chiunque lavori nel campo IT, un’importante quesito: siamo pronti? L’obiettivo di questo breve articolo è cercare di sensibilizzare e indirizzare l’attenzione del pubblico verso alcune attività che possono identificare sistemi vulnerabili, rivelare vulnerabilità ignote, gestioni errate dei processi di sicurezza, configurazioni di sistema e applicativi non corrette; tutto questo prima che il sistema venga compromesso dai malintenzionati.I rischi sono reali, vediamo quindi assieme quali sono le “armi” a nostra disposizione.