Dates: 2023-05-19 - 2023-05-20

Location: Hilton Berlin

https://www.offensivecon.org/

Information Security Is an Ecology of Horrors and You Are the Solution

"OffensiveCon23 Keynote."

https://www.offensivecon.org/speakers/2023/dave-aitel.html

The Print Spooler Bug that Wasn’t in the Print Spooler

"It all started with a “Print Spooler” 0-day privilege escalation, CVE-2022-41073, on investigation the fix in the spooler was almost trivial. However, based on issues Project Zero has discovered in the past it was clear the real vulnerability was inside the Windows DLL loader. To understand the fix a deeper dive into the internals of the loader and the role CSRSS plays in handling side by side assemblies was necessary, leading to the discovery of a series of not quite complete patches."

https://www.offensivecon.org/speakers/2023/maddie-stone-and-james-forshaw.html

Your Mitigations Are My Opportunities

"Every modern Windows mitigation can be bypassed. Mitigations can have unintentional bugs, design choices that create known gaps, or just good old backwards compatibility. And while these protections may succeed in killing older exploit primitives, they also sometimes introduce entirely new ones. This talk will provide a whirlwind tour through exploitation on a modern Windows system and introduce advanced techniques for the modern attacker."

https://www.offensivecon.org/speakers/2023/yarden-shafir.html