pwnEd
5
< Edinburgh University's flagship CTF & conference />

About

SIGINT is proud to present pwnEd 5, the fifth edition of our cybersecurity competition for university students. The competition will follow a quals/finals format, where qualifying teams will be invited to the in-person finals hosted at our Edinburgh campus.

Whether you're an expert in hacking or just simply looking to solve a challenge, you won't want to miss it.

pwnEd 5 is now over! Thank you all for participating!

pwnEd 6 is coming next year.
Keep updated on our Discord !

Online Qualifiers

The qualifiers will be an online jeopardy-style CTF with a large variety of challenges covering everything from Binary Exploitation to Cryptography.

When?

Starts: 03/02/2024 15:00
Ends: 04/02/2024 15:00

Where?

Anywhere on Earth.
Online.

Join our Discord

Who?

UK university students.
Maximum of 6 per team.

All skill levels welcome, including beginners!

In-Person Finals and Conference

The event will consist of a Capture The Flag (CTF) followed by a conference which will determine the overall winners of pwnEd 5.

Bringing together industry experts and top students from across the country, the finals present a great opportunity for networking with top notch professionals and diving deeper into cybersecurity.

Our call for speakers is now open! Please fill out the form here if you would like to present a ~50min talk. We are primarily looking for technical presentations, but are open to all topics.

When?

CTF Finals
Date: 16/03/24
Time: 9:00 - 18:00

Conference
Date: 17/03/24
Time: 9:30 - 18:30

Where?

In-person on our
Edinburgh campus

Who?

Qualifying teams only.
Conference tickets available separately.

Talks

Speaker's Image
Electromagnetic eavesdropping: extracting screen content from radio waves
Dimitrije PhD student in the hardware security group at at the University of Cambridge, working on electromagnetic eavesdropping attacks targetting video interfaces. Long-time CTF player, originally with cr0wn (now organizers) and with cheriPi.
Voltage changes in electronic circuits cause them to emit electromagnetic waves. The weak signals emitted by monitors and associated cabling can be captured and processed to recover readable images from a distance. In this talk, I will give an overview of emissions security, the history of these attacks, and explain how and why electromagnetic eavesdropping on computer monitors works (hopefully in a way that doesn't require prior signal processing knowledge).

Speaker's Image
Provably Watertight Hardware: Detecting Side-Channel Leakage with Formal Methods
George Rennie George (he/him) is a master's electronic engineering student at the University of Southampton, focusing on the formal verification of secure hardware. Alongside his academic work, George has employed commercial formal verification tools at Arm to test the security of upcoming CPUs.
How secure is your code? What about the hardware it runs on? Hardware side-channel attacks like Spectre and Meltdown let even seemingly secure software leak information to attackers. We will look at how these attacks manifest in hardware, approaches to specifying the security guarantees required by software and how we can use formal methods to prove that software and hardware uphold these contracts.

Speaker's Image
Samsung + regex = heat - Discovering a new source of Digital Forensic evidence
Ian Ferguson Dr Ferguson gained his PhD in Software Engineering from the University of Sunderland in 1997. Having spent time in the SmartLab research group at the University of Strathclyde, since 2010 he has been a Senior Lecturer in Digital Forensics at Abertay University where he teaches onto the MSc and BSc Ethical Hacking and Cybersecurity degree suite. His research interests are centered upon improving and accelerating the Digital Forensic investigation process (with a particular emphasis on mobile and IoT devices) via Data Visulisation (and other) techniques.
The talk describes how during a live Digital Forensic investigation the need arose to establish whether or not a particular game has been played on a mobile phone at a particular time. Current de-facto standard tools were unable to shed any light on this and the subsequent hunt for evidence lead to the identification of a hitherto unused source of logging information on Samsung phones and the development of the best 16 lines of Python the author has ever written.

Speaker's Image
Bugs Are Shallow: Finding Vulnerabilities in Top GitHub Projects
Laurence Tennant Laurence is an application security consultant with a broad range of interests. He is the co-founder of CryptoHack, a popular cryptography challenge platform. He got addicted to CTFs at university and has been learning as much as he can about web, cryptography, network, and infrastructure security since then. In his spare time he loves going on cycling and hiking trips.
Linus's law posits that "given enough eyeballs, all bugs are shallow". I wanted to put this to the test and efficiently find security bugs in top GitHub projects. In this talk I run through various ways of running queries over a large corpus of open source repos. We'll look at the pros and cons of using the new GitHub CodeSearch, BigQuery, grep.app, CodeQL, or ripgrepping all the cloned code on your local machine. I show how this led to a finding in the #1 most starred GitHub repo, freeCodeCamp, giving me every coding certification in a single request. I conclude by investigating how open source maintainers can benefit from this work.

Speaker's Image
Towards the secure future of web authentication with WebAutn…Or not?
Axton Yao Computer science student at the University of Edinburgh, open-source web developer, WordPress developer, creator of WordPress WebAuthn plugin.
The new web standard, WebAuthn, known as Passkey, is replacing traditional passwords with asymmetric encryption to provide a secure and seamless web authentication experience. While this is the future of web authentication, it is not a silver bullet that solves all security issues. This talk will briefly introduce the technical details of WebAuthn and discuss methods of hacking WebAuthn by combining it with other attack techniques.

Speaker's Image
Your Eyes are my Eyes
Ben R Ben is an Android vulnerability researcher at Interrupt Labs with experience in Linux, Android, and embedded platforms.
IOT cameras are fun, IOT cameras with bugs are even more fun! This talk offers an introduction to vulnerability research, demonstrating the exploitation of multiple vulnerabilities leading to remote code execution on the Wyze Cam 3, a device from the Pwn2Own Toronto 2023 Surveillance Category.

Speaker's Image
How to Not Blow Your Foot Off (Writing Modern C Safely)
Sam Leonard Sam (he/they) is a recent graduate from the University of Manchester with a love for CTFs. Currently playing with 0rganizers. They work as a Software Engineer for Codethink, and are currently on a project to improve system's testing setup.
C (rightly) has a reputation for being a hard language to program correctly. However taking advantage of modern Linux and Compiler features we can make writing C significantly safer. As well as eliminating whole classes of bugs in some cases, e.g. classic TOCTOU filesystem race conditions. This talk will be a tour of these features with some advice from my experience writing C for the systemd project.

Speaker's Image
MTE as Tested
Mark Brand Mark Brand is a software engineer on Google's Project Zero team, which aims to reduce harm caused by targeted attacks on the Internet. His current focus is on web browser security.
This talk will walk through the process of testing pre-production MTE hardware from a researcher's perspective. The technical results of this work have already been published here, so this talk will focus on the research process, the technical setbacks encountered during the testing, and the limits of how thoroughly we can test the behaviour of modern CPUs. We'll give a brief summary of the main results, and then finish with a deep-dive into some of the limitations of MTE when used for security purposes, and a discussion of the way that MTE both enabled discovery of, and impacted exploitability of, a Telegram zero-click vulnerability. (source)

Speaker's Image
Client-Side Attacks in a Post XSS World
Zayne Zhang Zayne is a Computer Science student at the University of Cambridge. He is an avid security researcher and CTF player. He holds industry certificates such as the OSWE and OSCP, and has previously worked in TikTok's security team. In his free time, he hunts for bugs on the HackerOne platform, and plays CTFs with Blue Water, one of the top global CTF teams.
The web platform's openness and composability provide many benefits. Yet, the ability for websites to interact with each other has provided many opportunities for attacks that abuse the core principles of the web. With the evolution of web frameworks and browsers, Cross-Site Scripting (XSS) and Cross- Site Request Forgery (CSRF) have become increasingly rare. In response, new classes of client-side vulnerabilities have emerged - DOM clobbering, XS-Leaks and client-side path traversals are just a few examples. In this talk, we will explore the merits and potential pitfalls of various protections against XSS and CSRF, newer classes of client-side attacks and some real-world examples of their applications.

Speaker's Image
Machine Learning for Traffic Analysis in Security & Privacy
Marc Juarez Dr Marc Juarez is a Lecturer in Cyber Security and Privacy at the University of Edinburgh. His research addresses the privacy and security risks of the widespread application of machine learning techniques. Before joining the University of Edinburgh, Marc was a Postdoctoral Scholar in the Computer Science Department of the University of Southern California, where he studied the privacy issues of deployed machine learning models.
Traffic analysis techniques allow a network observer to learn private information about communications over encrypted and anonymized channels. This lecture will dive into a specific class of traffic analysis techniques to illustrate the challenges of applying machine learning for traffic analysis. The lecture will also cover the basic defensive strategies that most existing countermeasures follow to protect users from traffic analysis.

Many thanks to our event sponsors: