Vs com.apple.security.sandbox (CanSecWest 2019)
On March 20th 2019 I presented at the 2019 CanSecWest conference a talk on reverse engineering the Apple iOS sandbox kernel extension entitled Vs com.apple.security.sandbox. I really enjoyed the conference, traveling to Vancouver, and meeting a lot of people interested in my research.
Straight outta VMware (Microsoft BlueHat v18, Black Hat Europe 2018)
This post provides a short summary of my conference presentations at Microsoft's BlueHat v18 (Redmond, USA) and at Black Hat Europe 2018 (London, UK) on VMware workstation exploitation,
Windows 10 RS2/RS3 GDI data-only exploitation tales (OffensiveCon 2018)
Hello, I'm Nikos Sampanis, a security researcher working at CENSUS. On February 16th, 2018 I presented at OffensiveCon a talk with the title "Windows 10 RS2/RS3 GDI data-only exploitation tales". The presentation focused on a mitigation introduced in the Win32k component of Microsoft Windows to prevent the exploitation of memory corruptions in the session heap (due to GDI object abuse).
The Known Beacons Attack (34th Chaos Communication Congress)
The recent key reinstallation attacks (KRACK) against the WPA2 protocol revealed how an adversary can easily eavesdrop, and in some cases tamper, a Wi-Fi connection secured by the WPA2 protocol. At the same time, Wi-Fi automatic association attacks achieve a similar result (man-in-the-middle position) not by attacking the WPA2 protocol directly but by enforcing Wi-Fi clients to join a rogue Access Point.