March 29 ~ 30, 2018
In Windows 10 Anniversary Edition Microsoft introduced Desktop Bridge, originally known as Project Centennial. This technology allows normal Win32 applications to be converted to run as self contained Windows Store applications, redirecting file and registry access to allow the application to easily be uninstalled leaving no remaining footprint. To support Desktop Bridge Microsoft had to change a number of different parts of the OS including the Kernel and system services. This presentation will be an in-depth look at how Desktop Bridge works as well as a look at some of the bugs I’ve discovered in the various components which make up the technology.
This talk starts by reviewing all the countermeasures utilized by
Apple to discourage exploitation. It then explains why all of them are
essentially futile for a determined attacker with sufficient knowledge
of system internals. It explores a freely available post-exploitation
library provided by the author, which enables researchers or
jailbreaking hobbyists to code a functional jailbreak in about 20
lines of code.
An unusual way to exploit Windows Insider Preview via an interesting binary in windows folder called HTML Help Executable; hh.exe.
- Windows Media Player Information Disclosure vulnerability that I triggered via hh.exe and its idea behind bypassing prompt to avoid user interaction.
- The interesting trick that allows you to escape from Microsoft Edge's AppContainer Sandbox.
- Multiple vulnerability cases that he found in hh.exe
As well as a look at Firefox browser Remote Code Execution + Windows Elevation of Privilege exploit to achieve SYSTEM-level Code Execution on latest Windows 10 Operating System.
In this talk, I will be explaining about macOS exploitation by using browser/kernel 1-day vulnerability
Defining the exploit process from 1-day vulnerability analysis to macOS / safari exploitation including bypassing mitigation
This talk takes a deep dive into XNU's IOKit, discussing its architecture, security features and
significance in Apple's operating systems. It shows how to interface with, probe, reverse, and
finally exploit IOKit components, touching down on common patterns and convenient exploit
strategies. Lastly it takes a look at previous IOKit vulnerabilities and does a detailed case study on
the "IOHIDeous" exploit.
Zer0Con registration is a four-step process:
∙ first, you register here ,
∙ then we check if you are eligible or not,
∙ and finally you will receive a link to pay.
∙ It may take 2 or 3 days.
∙ if you pay, we will send you your ticket.
You should bring your ticket to get your badge.
(Exchange Rate: $1 = KRW 1,083.33)
The training courses of Zer0Con focus on bug hunting and exploitation.
- Training course fee does not include a Zer0Con conference ticket.
- Training course includes hotel lunch.
- Zer0Con issues CISSP CPE certificate, etc.
- After your registration, you will see the detailed information about payment.
- A training course may be canceled if the number of the registered is less than a trainer specifies
If you want to run your training course, send us email with the followings.
- Self introduction, Abstract, Curriculum, ETC.
- zer0con@ pocsec.com (PGP public key)
- ADDRESS: 70, Baumoe-ro 12-gil, Seocho-gu, Seoul, Korea
- TEL: +82-2-571-8100
- WEB: http://thek-hotel.co.kr/e_seoul/main.asp
- If you want more information, click the map below.
“There seems no empty room now in the venue hotel.
So, we recommend attendees to book other hotels in Gangnam area.
this file for your hotel rooms.”
If you have any questions, contact us.
* We recommend you to use the pgp key (PGP KEY)
Also, we are looking for sponsors. There are several benefits for sponsors, so please feel free to contact us.
Organizer & Sponsor
Copyright(c) Zer0Con All rights reserved.