- ITSEC Newsletter
- Posts
- Black Hat Europe 2023 - Summary
Dates: 2023-12-04 - 2023-12-07
Location: Excel London, United Kingdom
"We will present two new attacks to leak traffic sent by a VPN client. A rogue Wi-Fi network can abuse these vulnerabilities to make the victim leak IP packets, in plaintext, outside the VPN tunnel. The adversary accomplishes this by manipulating the victim's routing table. Our attacks are independent of the VPN protocol being used, meaning they apply to IPsec, OpenVPN, WireGuard, etc."
"In our presentation, we reverse-engineer the Siemens S7-1500 Software Controller PLC up to the communication protocol and show the violation of fundamental security principles. We show that substantial efforts have been put into obfuscating communication and modifying established cryptography primitives without increasing the effective security level."
"In this talk, I will present two new techniques that can be used to achieve reliable, split-second DNS rebinding in Chrome, Edge, and Safari on hosts with IPv6 access, along with a method to bypass Chrome's restrictions on requests to the local network. I will also walk through a real-world attack against a web application resulting in AWS credentials to demonstrate how achievable rebinding attacks can be."