Open Luck indexes DEFCON, Black Hat, BSides, and more — so you can find the exact talk about WPA3 cracking, Log4Shell exploitation, or Cobalt Strike evasion in seconds, not hours.
Professional penetration testing and vulnerability assessments by the Kuboid Secure Layer team. Securing your infrastructure at every layer.
This talk details the FBI's Operation Trojan Shield, a massive undercover operation where the agency operated a secret encrypted phone company called Anom to intercept communications from organized crime syndicates. The operation involved the distribution of modified mobile devices with a hidden backdoor that carbon-copied all messages to an FBI-controlled server. The presentation highlights the use of metadata analysis and automated translation to monitor criminal conspiracies on a global scale. It also discusses the implications of such operations for the ongoing 'going dark' debate regarding law enforcement access to encrypted communications.
This talk details the investigation and exploitation of a dark web 'murder-for-hire' site, revealing it to be a sophisticated scam network. The researcher demonstrates how to identify and exploit vulnerabilities such as insecure direct object references (IDOR), open directories, and SQL injection to gain remote code execution (RCE) on the underlying server. The presentation highlights the use of OSINT and technical analysis to map the scam's infrastructure and expose the perpetrators. The talk concludes with a discussion on the challenges of coordinating with law enforcement to address criminal activity on the dark web.
This talk demonstrates techniques for interacting with and exploiting Apple's proprietary USB-C port controller (ACE) to gain low-level access to Apple Silicon devices. The researcher details how to use Vendor Defined Messages (VDM) and custom hardware to achieve serial console access and eventually arbitrary memory read/write capabilities. The presentation highlights the use of fault injection, specifically Electro-Magnetic Fault Injection (EMFI), to bypass security mechanisms and dump firmware from locked production devices. The researcher also releases custom tools for interacting with the ACE controller and performing fault injection.
This talk demonstrates a hardware and software security analysis of the IPVideo HALO 3C smart sensor, an IoT device commonly deployed in schools for vape and aggression detection. The researchers performed a hardware teardown, revealing a Raspberry Pi Compute Module 4, and identified critical vulnerabilities including an insecure firmware update mechanism and a hardcoded administrative backdoor. The presentation shows how these flaws allow an attacker to gain root access, disable sensors, and repurpose the device as a covert audio surveillance tool. The findings highlight the significant privacy and security risks associated with deploying opaque, network-connected surveillance hardware in sensitive environments.
This talk demonstrates techniques for minimizing personal data exposure and mitigating tracking by third-party services. It covers practical methods for protecting PII, such as using email aliases, VoIP services, and virtual credit cards to prevent cross-site profiling. The speaker emphasizes the importance of data minimization and operational security to maintain digital privacy in an era of pervasive data collection.
This talk provides a practical, entry-level methodology for identifying and exploiting vulnerabilities in commercial IoT devices. The speaker demonstrates how to locate and interface with hardware debug ports, specifically UART, to gain shell access and extract firmware. The presentation emphasizes the use of low-cost tools and basic Linux command-line utilities to perform reconnaissance and identify potential security flaws like command injection. The session concludes with guidance on responsible disclosure and the importance of analyzing firmware for hardcoded credentials and insecure configurations.
This talk analyzes the economic and technical mechanisms behind platform degradation, which the speaker terms 'inshittification'. It explores how digital platforms manipulate user experience, pricing, and search algorithms to extract value for shareholders at the expense of end-users and business customers. The presentation provides a critical perspective on the intersection of platform architecture, anti-trust policy, and digital privacy.
This talk explores the principles of deception and counter-deception, drawing on military doctrine to analyze how these techniques are applied in modern information security. It examines how human cognitive biases, such as confirmation bias and selection bias, are exploited by attackers to manipulate perceptions and influence decision-making. The presentation provides a framework for counter-deception, emphasizing the need for critical analysis, information triangulation, and the development of tools to detect and mitigate deceptive narratives. The speakers highlight the importance of maintaining mental discipline and utilizing diverse, credible data sources to defend against sophisticated disinformation campaigns.
This talk demonstrates how Wi-Fi Positioning Systems (WPS) can be exploited to perform large-scale geolocation and tracking of Wi-Fi access points. By querying Apple's WPS API with known or guessed BSSIDs, an attacker can retrieve the precise geographic coordinates of those access points, enabling mass surveillance and longitudinal tracking of devices. The research highlights significant privacy risks associated with persistent BSSID identifiers and provides a proof-of-concept tool for querying these systems. The speaker also discusses remediation strategies, such as BSSID randomization and opt-out mechanisms, which have been partially adopted by vendors like SpaceX and GL.iNet.
This talk demonstrates techniques for extracting sensitive information from AI models and vector databases, specifically focusing on training data extraction, system prompt leakage, and vector embedding inversion. The research highlights how RAG (Retrieval-Augmented Generation) workflows and fine-tuned models can inadvertently expose private data through prompt injection and inference attacks. The speaker provides practical examples of how these vulnerabilities manifest in real-world SaaS applications and discusses mitigation strategies such as application-layer encryption and tokenization. The presentation includes live demonstrations of extracting credentials and PII from AI systems using open-source tools.
This talk analyzes the threat posed by quantum computing to current cryptographic standards, specifically focusing on the vulnerability of RSA and ECC to Shor's algorithm and the impact of Grover's algorithm on symmetric encryption. It evaluates the evolving qubit requirements for breaking these algorithms, highlighting how recent optimizations have significantly reduced the estimated resources needed for such attacks. The presentation emphasizes the urgent need for organizations to transition to post-quantum cryptographic standards and adopt crypto-agility to mitigate future risks.
This talk demonstrates the use of laser-based optical side-channel attacks to exfiltrate data from air-gapped systems and perform keystroke logging. By measuring the physical vibrations of a target device using a laser reflected off its surface, the speaker reconstructs keystrokes and monitors system activity. The research highlights the vulnerability of physical hardware to remote optical surveillance and provides a methodology for signal processing to extract information from these side channels. The presentation includes a practical demonstration of a laser microphone setup and the use of software-defined radio for signal demodulation.
This talk explores the practical challenges of maintaining the Tor network, focusing on interactions with government entities, law enforcement, and the impact of censorship. It details how Tor handles various network-level attacks, including DDoS, traffic analysis, and protocol-specific blocking techniques. The speaker highlights the importance of community-driven infrastructure and the necessity of robust, privacy-preserving design in the face of adversarial network conditions.
This talk details a multi-year, sophisticated campaign by threat actors targeting edge network devices, specifically firewalls, to gain unauthorized access to customer networks. The research highlights the use of various exploits, including SQL injection and buffer overflows, to deploy custom rootkits and backdoors like 'Snoopy' and '2own' for data exfiltration and persistence. The presentation emphasizes the importance of radical transparency in the security industry, demonstrating how shared threat intelligence can help defenders identify and mitigate complex, multi-platform attacks.
The speaker demonstrates an insecure direct object reference (IDOR) and broken access control vulnerability within a major ISP's customer management API. By manipulating API requests and exploiting an internal service integration layer, the researcher was able to access and modify settings for arbitrary customer devices. This research highlights the risks of centralized management platforms and the potential for large-scale impact when internal APIs lack proper authentication. The talk includes a demonstration of using Burp Suite to perform account enumeration and device configuration changes.
This talk details the discovery of a critical vulnerability in the TeleMessage mobile archiving application, which was used by high-level US government officials. The researcher demonstrates how a misconfigured Spring Boot Actuator endpoint allowed unauthorized access to Java heap dumps containing sensitive, unencrypted chat logs. The analysis highlights the risks of using third-party 'secure' messaging wrappers that fail to maintain end-to-end encryption and the dangers of improper server configuration. The talk also provides a methodology for extracting and analyzing sensitive data from heap dumps using custom scripts.
Demonstrates techniques for exploiting hidden HTTP attack surfaces by targeting reverse proxies, load balancers, and backend auxiliary systems like analytics and crawlers. The research focuses on HTTP request misrouting and SSRF through the manipulation of headers such as Host, X-Forwarded-For, and X-Wap-Profile, often bypassing security perimeters. It introduces the concept of OAST (Out-of-band Application Security Testing) to identify these vulnerabilities at scale and shows how to escalate XSS into full SSRF via pre-emptive caching. Significant tools released include Collaborator Everywhere and Hackability.
This talk explores the systemic issues and ethical challenges within the bug bounty ecosystem, specifically focusing on the exploitation of researchers by platforms and clients. It highlights how AI-driven threat intelligence, cloud-based WAFs, and unfair triage practices are used to devalue and mismanage vulnerability reports. The speaker provides actionable advice for researchers to protect their work, improve report quality, and navigate the power dynamics of bug bounty programs.
This talk demonstrates how to weaponize Microsoft 365 Copilot by leveraging prompt injection and RAG (Retrieval-Augmented Generation) poisoning to achieve unauthorized data exfiltration and lateral movement. The researcher shows how to bypass security controls like Data Loss Prevention (DLP) and sensitivity labels by manipulating the AI's context and search queries. The presentation highlights that once an AI agent can act on a user's behalf, traditional security boundaries are insufficient, effectively equating a successful jailbreak to Remote Code Execution (RCE). A new tool, PowerPwn, is released to automate these attack vectors against the Microsoft Power Platform.
This talk demonstrates a hardware-level vulnerability in SecuRam electronic safe locks that allows for unauthorized access by extracting the master code via the debug port. The researchers reverse-engineered the lock's firmware and identified that the master code and encryption keys were stored in plaintext or easily decryptable flash memory. The attack, dubbed 'CodeSnatch', enables an attacker with physical access to bypass security controls and reset the safe's codes in seconds. The presentation highlights the critical failure of using insecure hardware design and outdated security standards in high-security physical products.
The researchers demonstrate a vulnerability in dormakaba Saflok hotel locks that allows unauthorized access to rooms by cloning and manipulating RFID key cards. By reverse-engineering the proprietary key derivation function and data encryption, they developed a method to forge master keys that can open any door in a property. The attack leverages the insecure implementation of MIFARE Classic cards and the ability to resequence locks using a forged card. The presentation includes a practical demonstration of the attack using a Proxmark3 and a Flipper Zero.
