ZeroNights X, In Retrospect
ZeroNights X took place in Saint Petersburg on August 25, 2021. It gathered information security officers, analysts, pentesters, and programmers from all over the world.
The conference was hosted at a trendy location right at the Gulf of Finland, offering a breathtaking panoramic view of the city and the sunset.
The unofficial entourage of the event helped colleagues and like-minded professionals come together. The obscure lightning of the main stage and the designs of the stands in the second hall created an incredible atmosphere. Our friends and past speakers who could not come this time left video greetings for the participants shown in between the talks.
Here’s a recap of ZeroNights 2021:
• data-only attacks on UEFI BIOS and vectors that are almost impossible to counter;
• vulnerabilities in Secure Bootloader (S-Boot), Hypervisor (RKP), and TrustZone applications (TEEGRIS) on Samsung Galaxy phones with Exynos SoCs and new approaches to vulnerability search;
• advanced method of firmware dumping that works on devices with WXN (shown on T2);
• Intel Atom microcode structure; interception of x86 instructions; reverse engineering of microcode and Intel Atom internal structure;
• new results of research of various reverse proxies and HTTP/2 capabilities;
• exploit to bypass Linux Kernel Runtime Guard (LKRG);
• ways to record console input and output with real examples and their pros and cons;
• KaiOS offensive security, attack vectors including RCE, privilege escalation, and new vulnerability research;
• Security problems of keypad phones sold in Russian retail;
• Apache+Modsecurity critical vulnerability allowing to read the source code of any PHP file on a server;
• URL shorteners that will enable you to track user activity.
The conference also has other tracks: Defensive Track dedicated to secure development, DevSecOps, incident detection; Web Village, and Hardware Zone.
There were workshops, thematic activities, quests, and CTFs. The winners got memorable prizes.
The speakers of Web Village talked about anomalous cases of working with digit values, vulnerability exploitation, modern attack vectors for web applications, and what a hacker could do on a dating website.
The talks will be published on the conference website in two-three weeks, and the photos will be up by next week.
We want to thank our sponsors – Sber Cyber Security, CFT, Bitaps, Digital Security, DEF CON group DCG7812 – for their support of ZeroNights 2021.
Follow us for updates, and we’ll see you in June 2022, at the 11th ZeroNights!