Saluti ai Partecipanti e agli Sponsor
Fine prevista per le 10:45
Coming Soon!
Fine prevista per le 11:30
Il VoIP ha ormai soppiantato la telefonia tradizionale, ma questa migrazione porta con sé un prezzo: la voce diventa un servizio IP, e con essa eredita tutte le fragilità della rete. I protocolli di segnalazione e trasporto non sono nati con la security in mente: intercettazioni e spoofing sono minacce concrete e spesso sottovalutate. Analizziamo i protocolli alla base della telefonia IP, evidenziando le possibili vulnerabilità e quali strategie di hardening permettono di ridurre questi rischi.
Fine prevista per le 12:15
Testing the hardware security of microcontrollers, especially with fault injection and side-channel attacks, requires low-level access to configure targets and verify attack results. Infineon's TriCore Aurix microcontrollers, widely used in automotive applications, implement a proprietary “Debug Access Port” (DAP) protocol with no public documentation; existing tools are closed, expensive, and have limited functionality. This presentation shows the black-box reverse engineering process of the DAP protocol on a TC397 devkit, through analysis of the USB traffic of proprietary tools. These traces provide sufficient information to develop an open-source utility capable of performing simple operations such as flashing, debugging, and unlocking the debug interface (if the correct password is provided). The tools and information presented help security researchers by allowing them to generate triggers for hardware attacks, automate testing, and verify results without having to rely on the manufacturer tools.
Fine prevista per le 13:00
Ci rivediamo tra pochissimo...
Fine prevista per le 14:15
Did you hear about the recent Shai-Hulud npm incident that led to silent exfiltration of secrets from thousands of machines? Or the XZ backdoor? Or the flood of AI-generated malware on PyPI? Let’s admit it: even if your company doesn’t build any commercial SW, you most likely use npm, pip, DockerHub, GitHub Actions, or AI code assistants. Yes, you're consuming open source every day. This talk is a practical, zero-fluff guide to both hacking and defending OSS - with real companies hacks that I witnessed first hand, free tools that actually work, and battle-tested advice from one of the world’s top open-source contributing companies. Whether you're a Pentester, AppSec engineer or working in Dev, Sec, or DevOps - you’ll leave with a concrete toolset, a checklist, and the ability to spot the attackers before they hit your build pipeline.
Fine prevista per le 15:15
L'architettura Apple Silicon ha introdotto nuove sfide per l'acquisizione forense di dispositivi macOS, poiché gli strumenti tradizionali di copia come dd o Disk Utility non possono essere usati, data la crittografia a livello hardware. Questo problema ha ispirato la creazione di Fuji, uno strumento gratuito e open source per l'acquisizione forense dei computer Mac. Fuji sfrutta le utility native di Apple come ASR e Rsync per eseguire un'acquisizione live completa del file system (FFS), funzionando anche su unità criptate. Genera file DMG compatibili con strumenti come FTK Imager e Autopsy. Vedremo cosa è in grado di fare Fuji, le differenze tra le modalità di acquisizione e come è stato sviluppato utilizzando Python.
Fine prevista per le 16:00
Each of us has at least one identification number (ID), which allows government agencies to distinguish one person from another. In many countries, IDs are not generated randomly, but according to a certain algorithm, which is often known. This naturally becomes a vulnerability for the majority of the population. The talk consists of two parts. The first contains research on the topic, as well as a transform that is able to obtain additional information from IDs. In the second part of the talk we will see some specific cases of how this vulnerability was used to help victims of sexual online crimes such as cyberstalking, revenge porn and non consensual sharing of contents.
Fine prevista per le 16:45
Report e Premiazione Squadre HackInBo® Forensic Games
Fine prevista per le 17:15
Saluti ai Partecipanti & agli Sponsor
Fine prevista per le 17:30