Daan Keuper is the head of security research at Computest. This division is responsible for advanced security research on commonly used systems and environments.
Daan participated three times in the internationally known Pwn2Own competition by demonstrating zero-day attacks against the iPhone, Zoom and multiple ICS applications. In addition Daan did research on internet connected cars, in which several vulnerabilities were found in cars from the Volkswagen Group.
"SomeApp would like to access files in your Documents folder." Anyone who has used macOS recently will be familiar with these prompts. But how do they work? What happens if you deny the access? Are they an effective defense against malware?
This talk will give an up to date overview of the local security measures of macOS and describe some ways they can be defeated in practice.
Last year we won Pwn2Own by demonstrating remote code execution, using a chain of three vulnerabilities, on the then latest version of the Zoom client. In this talk we would like to share all details of the vulnerabilities we found and how we combined them into a fully working exploit.
Last April we won Pwn2Own Miami by demonstrating five zero-day attacks against software that is commonly used in the ICS world. ICS, or Industrial Control Systems, are systems that are involved with running an industrial process, for example in a factory or power plant. Our targets range from SCADA to HMI systems. During this talk we would like to share details about the competition and the vulnerabilities we found.