PoC Con Seoul 2016

Recently I had the pleasure to join the PowerOfCommunity conference in Seoul. Florian and Felix attended the conference in the past and enjoyed it a lot, so I took the opportunity to join this year. From what I had heard the conference is highly technical, offensive security and community focused (surprise ๐Ÿ˜‰ ). Boy did they deliver!
Located in a hotel next to a nice park and close to the famous Gangnam district in Seoul we came together to feel the power of community. The conference was planned for two days and offered two tracks per day. Several key talks were presented for everyone.
I really liked the topics a lot. Some contributions I found particularly interesting were:
Petr ล venda with โ€œThe Million-Key Question โ€“ How RSA Public Key Leaks Its Originโ€, where he presented his research of fingerprinting RSA public keys. By analyzing the RSA keys from smartcards and software sources he was able to find similarities between them, which allowed fingerprinting the generating source for some cases. With this information it could be possible gather some potentially important details from simple keys. He is currently expanding his work, please send him an E-Mail if you have RSA keys from an exotic resource. ๐Ÿ˜‰

Ben Gras with โ€œFlip Feng Shui: Hammering a Needle in the Software Stack”, in which he explained how it is possible to attack a co hosted VM from an other VM via rowhammering. The idea here is that in order to save memory space, the hypervisor will try to merge identical areas into one shared memory page between two VMs. Normal writing access would trigger the creation of two separate memory pages per VM. A malicious VM however could now trigger a bit flip on the memory area and cause the “shared” memory to be manipulated without the hypervisor detecting the change as a write operation. This means an attacker which can mimic the memory content of a particularly interesting victim VM (e.g. an authentication code area or key material) is able to attack an other VM on a shared hypervisor. Neat! ๐Ÿ˜‰

Pangu with โ€œAnalysis of iOS 9.3.3 Jailbreak & Security Enhancements of iOS 10โ€, where he explained in detail and on a low level, how the Jailbreak for iOS 9.3.3 was done. It was particularly interesting since it was based on a vulnerability which allowed a normal user app to attack the kernel due to a heap buffer overflow. On the defense side sandbox enhancements such as checks for more functions, bug fixes, race conditions and many more were explained. He also predicted that iOS kernel exploits would become much harder from now on and will potentially be more valuable.

All the talks were great, but the best aspect of this conference for me was getting to know many new people and meeting some well known faces of our community (I’m looking at you, Michael Ossman ๐Ÿ˜‰ ). We had a blast during the drinking hell and days after the conference, when we went to the DMZ as a field trip, enjoyed local food and shared dinner.
Thanks a lot to all the new people I got to know and especially to my Korean friends (you know who you are ๐Ÿ˜‰ ) who spent some time with me during my extended vacation after the conference! ๐Ÿ™‚

PoC truely lets you feel the power of community!

I hope to see some of you at TROOPERS17ย (or other conferences) in the future.

Until then: Thanks a lot and have a good time. ๐Ÿ™‚