The Modern Hacker – From Insight to Impact
The role of hackers is often misunderstood. We break into systems, but we equally desire to improve technology. Since twenty years ago, the corporate attitude towards ethical hackers has flipped from hostility to embrace. At the same time, our hacker community still looks down upon "the management," stuck in an echo chamber where business decisions are mistaken for ignorance. This keynote revisits how far we have already come in co-evolving technology through mutation and hacking "selection" — and considers how we need ever more Robin Hoods to ensure technology evolves securely.
Speaker Bio
Karsten Nohl is a cryptographer and security researcher known for challenging security assumptions in proprietary systems. He serves as the Chief Innovation Officer at Allurity and is the Founder of Security Research Labs in Berlin (srlabs.de) and Autobahn Security in Jakarta (autobahn-security.com). Karsten gained prominence for exposing major vulnerabilities in GSM, SIM cards, payment systems, and the SS7 protocol. He has served as interim CISO for major telecommunications groups including Reliance Jio and Axiata, and holds a Ph.D. from UVA. He regularly presents at major security conferences such as Black Hat and CCC.
Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware
As the Internet evolves from TLS 1.2 to TLS 1.3, it offers enhanced security against network eavesdropping for online communications. However, this advancement also enables malicious command-and-control (C2) traffic to evade malware detectors and intrusion detection systems more effectively. This talk examines the extent to which existing C2 classifiers for TLS 1.2 are less effective when applied to TLS 1.3 traffic, answering: Is it possible to adapt TLS 1.2 detection methodologies for C2 traffic to work with TLS 1.3 flows? New methods for inferring certificate size and filtering handshake/protocol-related records in TLS 1.3 flows are introduced, enabling extraction of key features to enhance traffic detection.
Speaker Bio
Carlos Novo is a Research Engineer at VORTEX CoLab and is pursuing a PhD in Computer Science at the University of Porto. He holds a Master's Degree in Electrical and Computer Engineering, majoring in Telecommunications, Electronics, and Computers. His research interests include cybersecurity, network traffic-based intrusion detection, and adversarial machine learning. He has published multiple conference papers and has been an invited assistant at the University of Porto, teaching courses including Security of Systems and Networks and Computer Security Foundations.
Stealing the keys from the octopus: Exfiltration of git credentials in Argocd
This talk explores a novel technique for exfiltrating Git credentials from ArgoCD, a popular open-source GitOps continuous delivery tool for Kubernetes. By leveraging Kubernetes's default DNS behavior and ArgoCD's certificate management feature, an authenticated attacker can deceive ArgoCD into connecting to a malicious service that mimics a trusted Git server. The technique enables attackers to intercept and extract sensitive credentials — such as personal access tokens, passwords, and GitHub App access tokens — which can compromise entire repositories and organizations, exfiltrate source code and secrets, and potentially set up a malicious CI/CD pipeline.
Speaker Bio
João Marono works at NOS's cybersecurity team as a DevSecOps, working on tools like SOAR, SIEM, CLM, Kubernetes, and cloud. By night, he does security research in open-source projects for the Future Sight Group. His areas of expertise are Kubernetes and web exploitation. He has achieved multiple CVEs in services such as Apache Superset and Flask AppBuilder.
