Overview
SIGINT is proud to present pwnEd 4, the fourth iteration of our cybersecurity competition for university students. The competition will run in a quals / finals format, with qualifying teams being invited to the in-person finals on our Edinburgh campus.
Whether you're a hacking hot-shot, or simply enjoy a challenge, you won't want to miss it.
pwnEd 4 is now over! Thank you all for coming!
pwnEd 5 is coming next year. Keep an eye on our discord!
Online Qualifiers
The qualifiers will be an online jeopardy-style CTF with a large variety of challenges covering everything from Binary Exploitation to Cryptography.
In-Person Finals
The finals will comprise a conference followed by a CTF which will decide the overall winners of pwnEd 4.
Bringing together industry experts and top students from across the country, the finals will present a great opportunity for networking and learning more about cybersecurity.
Our call for speakers is now open! Please get in touch with us at [email protected] if you would like to present a ~50min talk. We are primarily looking for technical presentations, but are open to all topics.
Where?
In-person on our
Edinburgh campus!
Who?
Qualifying teams only.
Conference tickets available
separately.
Talks
| Speaker | Title | Abstract |
|---|---|---|
| Georgi G | When Harry Met Sammy... | Your phone is more than just a phone. It's an incredibly well developed OWASP Mobile Top 10 training platform. Georgi G from Interrupt Labs will discuss how Interrupt Labs pwned the Samsung Galaxy S22 phone at last year's Pwn2Own competition in Toronto. |
| Hyperreality | CTFs vs Real World Exploitation | CTFs are fun and a great way to improve your infosec knowledge. CTFs were how I first got into the field and led to an exciting job in application pentesting. But how does playing CTFs compare to the actual work of being a pentester and finding bugs in software? You might be surprised! |
| Marc Juarez | Website Fingerprinting Attacks in Practice | Website fingerprinting is a family of traffic analysis techniques that allow a network observer to learn information about the web pages visited over encrypted and anonymized channels. In this talk, I will give an overview of the state of the research on website fingerprinting, I will dive into the technical details of the implementation of some known website fingerprinting attacks, and discuss the deployment and practicality of such attacks in the real world. |
| Harvey S | Breaking Out of Parallels | This talk will dive into some of the attack surface of Parallels on Mac, including a guest-to-host VM escape and several privilege escalation vulnerabilities. |
| Esrever | CTF + Maths = SageMath | SageMath is to cryptography as pwntool is to pwn. SageMath is a free open source software application that contains a rich maths library. It provides an easy way to translate abstract mathematical concepts into numbers, code, and flags. In this talk, I will give examples of some frequently used maths in CTF, translate them to SageMath, and demonstrate some attacks that build on top of them. |
| Victor | Hacker's Guide to Apple Devices | Join us for a deep dive into macOS and iOS from a security perspective. We will cover fundamental differences from other platforms, the security model and restrictions, and all mainstream ways to work around these restrictions to manipulate apps and the system. The talk will cover app dumping and decryption, analysis and patching, signing and sideloading, jailbreaking, and all the tricky details along the way. |
| Leeky | An Overview of Software Obfuscation | In the recent years more and more commercial applications (especially in the mobile market) are applying obfuscation methods on their programs. Malware has been doing this for decades but as research and tooling in these areas advanced most simple techniques are no longer hindering analysis or are easy to remove. Instead more formal techniques are used and in this talk we will explore some of those, their weaknesses, methods of strengthening them and the trade offs involved. |
| Yuvraj Patel | Exploring Competitive Aspects of Synchronization in Shared Environments | In shared environments such as operating systems, multiple tenants with varied requirements compete to access the shared resources, making strong performance isolation necessary. Locks are widely used synchronization primitives that provide mutual exclusion in such environments. In this talk, we will emphasize the competitive aspects of synchronization in such shared environments. We will start by introducing the notion of lock usage — a new lock property that deals with the time spent in the critical section. Then, we will see how unfair lock usage in shared environments leads to a new problem of adversarial synchronization resulting in poor performance and denial-of-services. Next, using the inode cache in the Linux kernel, we introduce two new class of attacks – synchronization and framing attacks that exploit kernel synchronization to harm application performance. Lastly, we will discuss the design of Trātṛ — a Linux kernel extension that can detect and mitigate synchronization and framing attacks with low overhead, prevent attacks from worsening, and recover by repairing data structures to their pre-attack state. We will briefly examine the evaluation to understand how Trātṛ can handle such attacks efficiently and effectively. |
Many thanks to our event sponsors:
