Home SPEAKERS & TALKS
Caesar's and Vigenère's ciphers are an excellent exercise for those who want to discover the basics of cryptography and cryptanalysis, without computers. Successful educational experiences with primary school children will be illustrated under two headings: writing a message that can pass the prying eyes of parents; decoding a message written by a classmate. With the metamorphosis from lesson to challenge (and opportunity), meanwhile the students learn the fundamental techniques of cryptography, the activity turns into a pretext to dispel fake myths: from "I have nothing to hide" to "my data already have them anyway", building a bridge between IT and civic education, not at all obvious.
Language of the talk: ITALIAN
The aim of this talk is to share the story of how I became aware of and conducted analyses on the group known as UNC4990, which has a particular focus on victims in Italy, using infected USB drives as their attack vector. Through the interdisciplinary activities of Threat Hunting, Malware Analysis, and Threat Intelligence, the modus operandi of this complex malicious setup will be illustrated. Additionally, the talk will demonstrate the importance of the synergy of these activities, which is essential for examining emerging groups that use innovative and unconventional techniques.
Language of the talk: ITALIAN
Language of the talk: ITALIAN
In this talk, we will explore advanced program tracing techniques on Linux, with a particular focus on tools such as bpfcc, perf, execsnoop, gdb, falco, and lesser-known alternatives. The talk will provide a comprehensive overview of how this ecosystem of tools can be used to monitor and analyze program performance and behavior, identify bottlenecks, resolve complex problems, and aid in reverse engineering – capabilities that were previously lacking in Linux. We will illustrate the key differences between these tools, their ideal use cases, and best practices for their implementation. By the end of the talk, participants will have a clear understanding of the available options for tracing on Linux and how to effectively apply them in their projects. The slogan of the talk is: if you have ever asked yourself "How can I get a list of all the commands that are executed on Linux when I launch Firefox?" or similar questions, this talk is for you!
Language of the talk: ITALIAN
Today, many hackers from the 1990s have become cybersecurity experts, earning substantial pay from companies to protect their systems. One of the most famous was undoubtedly Kevin Mitnick. Through the iconic 1994 Christmas attack on Shimomura, we’ll explore how curiosity, passion, and knowledge shaped the past and will influence the future. By retracing this historic showdown, we aim to uncover and present the original spark that drives something in each of us: those seeking a challenge, those feeling highly skilled or aspiring to be, and those questioning where we're headed, looking back for answers. Born from a generational meeting, we move from the particular to the universal, asking together with the giants who came before us about our future.
Lingua del talk: ITALIANO
Talk tenuto insieme a Riccardo Degli Espositi 'partywave'
Lingua del talk: ITALIANO
IT systems testing is increasingly important, ZAP Attack Proxy is a free and open source tool for researchers and cybersecurity specialists. The project's mission is focused on web apps and web portals through multi-level attack techniques. The Plug-in section of the marketplace expands the possibilities of operating in a cross-functional manner.
Language of the talk: ITALIAN
In an increasingly connected world, protecting the digital perimeter is crucial for organizational security. This talk delves into the importance of External Attack Surface Management (EASM) and Cyber Threat Intelligence (CTI) in monitoring and defending exposed digital assets. We will explore how an effective combination of these approaches can help organizations detect, understand, and mitigate cyber threats, ensuring a robust defense against ever-evolving cyber-attacks.
Language of the talk: ITALIAN
Speech co-taught with Raffaello Parisi
I will guide you on a journey to show you how to accelerate application development with Laravel and Filament. We will explore how Filament, with its powerful admin interface, seamlessly integrates with Laravel, allowing for the creation of complex applications in a simple and rapid manner. Through practical examples and best practices, we will demonstrate how these technologies can reduce development time and enhance productivity.
Language of the talk: ITALIAN
Today, many hackers from the 1990s have become cybersecurity experts, earning substantial pay from companies to protect their systems. One of the most famous was undoubtedly Kevin Mitnick. Through the iconic 1994 Christmas attack on Shimomura, we’ll explore how curiosity, passion, and knowledge shaped the past and will influence the future. By retracing this historic showdown, we aim to uncover and present the original spark that drives something in each of us: those seeking a challenge, those feeling highly skilled or aspiring to be, and those questioning where we're headed, looking back for answers. Born from a generational meeting, we move from the particular to the universal, asking together with the giants who came before us about our future.
Lingua del talk: ITALIANO
Talk tenuto insieme a Christopher Bianchi 'calfcrusher'
The talk explores how LocalAI offers an Open Source, fully locally manageable alternative to closed and proprietary artificial intelligence services such as OpenAI and Claude. In a context where privacy is increasingly paramount, and where processing sensitive data is important, LocalAI stands as a completely free solution that runs on any hardware. LocalAI supports offline execution without expensive hardware and is also fully compatible with the OpenAI API, allowing an easy transition for developers. We will discuss LocalAI's architecture, its capabilities in text generation, workload distribution, speech synthesis and audio transcription, and how to build customised assistants, even with low-cost hardware.
Language of the talk: ITALIAN
We will talk about security in edge computing and Kairos (kairos.io). Kairos is an open source project, now part of the CNCF/Linux foundation to use Kubernetes and Linux in edge computing environments, where security is never a given. Through the implementation of technologies such as Secure Boot, Trusted Boot, TPM and disk encryption, Kairos transforms Linux into an operating system that is resistant to physical attacks (Evil maid attacks) and ideal for handling the challenges of environments that are considered insecure. In this talk we will look at how we can defend against physical attacks to protect the confidentiality of data in edge computing environments.
Language of the talk: ITALIAN
Hello CVEs, my old friends I've come to deal with you again Because a backdoor softly creeping... Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...
Language of the talk: ITALIAN
Speech co-taught with Gregorio Palamà
Language of the talk: ITALIAN
Language of the talk: ITALIAN
With the war in Ukraine, a new type of hacktivism and participation in inter-state cyberwarfare has unfolded. Its model is the Ukrainian IT Army, which for the first time brings together cyber volunteers from all over the world under a (albeit formally indirect) state or government command. That kind of organisation deliberately places itself in an ambiguous terrain, where the state accepts contributions but at the same time distances itself from them. And ambiguous is the status of the participants. But in the Ukrainian conflict there has been no shortage of self-styled hacktivist groups (or cybercrimnals, or both) that seem rather aligned with Russian intelligence, or with the Kremlin's propaganda objectives. There is much confusion under the sky, and it is not even clear how to define all these actors. The only clear fact is that states like to be able to count on cyber armies to support their cyber offensives while maintaining some plausible deniability, or at least not complete accountability. All this within a framework in which private individuals (companies, start-ups, individuals) are assuming an increasingly important role.
Language of the talk: ITALIAN
Lingua del workshop: ITALIANO
This presentation will introduce the topic of Explainable AI, i.e. the ability to explain artificial intelligence models mostly based on neural networks. This topic is becoming increasingly important with the widespread use of Large Language Models, but do we really know how they work and what their limitations are?
Language of the talk: ITALIAN
Speech co-taught with Enrico Zimuel
On 3 June 2021, the European Commission recommended the creation of a ‘toolbox’ (Toolbox) for the development of ‘wallets’ (wallets) to store the digital identities of European citizens (EUDI, European Digital Identity). The tools provided include an Architecture and Technical Reference Framework, a set of common standards and technical specifications and guidelines. The providers of these portfolios will be public authorities or private sector organisations if recognised by Member States. The operation is led by a group of experts chosen by an organisation called eIDAS (electronic Identification, Authentication and Trust Services) whose mission is to update and strengthen digital identity implementations in Europe, such as the SPID in Italy.
In the slow course of this initiative, which was supposed to be completed with usable results by the end of 2023, a document called EUDI ARF (Architecture Reference Framework) evolved that summarised a series of recommendations on how to implement the architecture, evolving through various versions up to the recently published version no. 4.
The document, however, presents many problems for the privacy and security of citizens, perhaps even more serious than its delays...
Language of the talk: ITALIAN
Lingua del talk: ITALIANO
From video signal reconstruction to fault injection on CPUs. This is a bit of the history of satellite hacking. We will discuss what has changed in the last 30 years and try to see if it still makes sense to look for vulnerabilities within Set Top Box.
Language of the talk: ITALIAN
Sonic Vision is an innovative open-source program designed for visual artists, enabling real-time music generation through image analysis. Integrated as a plugin for Krita, one of the most popular digital drawing programs, Sonic Vision interprets color and positional information from the original image as musical events. These events are then rendered as MIDI and can be sent to a synthesizer to create sounds or music that reflect the artist's aesthetic intent while drawing. This approach allows for the exploration of new creative dimensions, combining visual arts and music into a unique synesthetic experience.
Language of the talk: ENGLISH
With this talk you will be guided through the difficulties and challenges merlos has already faced/is facing/will face approaching security in a full cloud environment.
Language of the talk: ITALIAN
In this presentation, we will explore the universe of the TV series C.S.I. and how modern technologies, from computers and smartphones to cars and drones, can reveal a surprising amount of information about past events. We will learn how to effectively collect and present computer data (spoiler: a screenshot is not enough!), examining the process of seizing and analysing devices and discovering what data is unknowingly stored in every moment of our lives. We will analyse some real cases and discuss the potential of artificial intelligence in the field of digital investigation.
Language of the talk: ITALIAN
The worlds of astronomy and cyber security share many striking similarities. Just as we try to recognise constellations in the night sky by drawing imaginary lines between the stars, within the world of cyber security we connect scattered data to identify potential malicious actors or interesting new relationships. Galaxies represent clusters of state-sponsored actors, complex and made up of barely recognisable entities. Stars symbolise ‘as-a-Service’ groups, which disseminate low-cost tools, while comets represent hacktivist groups, visible only for brief moments before disappearing. Working in intelligence, I have often found myself facing unforeseen problems and often insufficient data, constantly questioning the validity of my conclusions. This presentation is intended to shed light on the challenges and emotional impacts one can encounter while dealing with a myriad of information with no apparent logical connection. How can we keep our wits about us and make informed decisions in such a complex and chaotic environment?
Language of the talk: ITALIAN
Fault Injection (a.k.a "glitching") is renown technique for attacking computing devices. Historically, it's been used to bypass security checks or for extracting cryptographic keys (e.g. with DFA, Differential Fault Analysis). Due to the underlying physics, as well as system complexity, Fault Injection outcomes are typically volatile and, to the largest extent, unpredictable. For such reason, attacks have often been carried on in a "glitch 'n pray" fashion In this talk we show how the characterization of a target, along with the visualization and analysis of the obtained data, may indicate behavior emergent at the statistical level, allowing for more precise, reliable and, ultimately, more sophisticated attacks. We will perform a live demo, where an embedded device is characterized and the collected data is visualized and analyzed, showing how Fault Injection can actually be a data driven science, rather than a blind exercise. We will also show how characterization data challenges the widespread belief that "instructions are skipped", yielding results that cannot be explained under such fault model. A different fault model, "instruction corruption" is then discussed along with its implications. We will demonstrate how it then becomes possible to use Fault Injection for achieving full Program Counter (PC) control on any architecture, allowing for arbitrary code execution, by simply controlling the data being transferred by the device. Finally, we will discuss the latest advancements in the field, which allow for arbitrary code execution, even without control on the actual data is not possible. (e.g. attacks to secure boot where firmware is encrypted)
Language of the talk: ITALIAN
Nftables, the system that many Linux distros have started using as a firewall, has been targeted by attackers in recent years due to its high complexity and easy programmability. Many 0-days are identified by manual analysis of the source code and, more frequently, by fuzzing with syzkaller, by writing specific grammars defining how to interact with the various subsystems. While effectively covering the creation of rules, the Nftables grammar seems not to consider many use cases of firewall rules, leaving a large attack surface uncovered. This talk will describe how the network stack coverage was introduced in the fuzzer and then solve the problem of incomplete coverage and test the Nftables rules. It will then show the vulnerabilities found using this technique and related exploitation ideas for obtaining root privileges on Linux.
Language of the talk: ITALIAN
Managing TOR nodes can be fun, but also well annoying, so how to do it in Italy? To explain it, we will tell you a story that starts from the Ruby ter trial, arrives in Syria and ends up in a tiled cellar of the Torino Liberty.
Language of the talk: ITALIAN
Fibonacci + Exploiting + Risk + Protection + Development ‘shaken not stirred’ = combinatorial framework for DevSecOps.
‘Design Shutters: reusable security objects’ proposes an operational model for DevSecOps.
It was created to organise the contents of the course ‘Secure Programming Laboratory’, held at the Politecnico di Bari in the AA 2023-2024, inspired by ‘Design Patterns: Elements of Reusable Object-Oriented Software’.
Design Shutters provides a way of grouping and ordering the 21 elements required to guarantee complete SW protection, through a framework of 21 reusable security objects:
- mapped with the 8 DevOps phases and thus the entire Application LifeCycle.
- managed with the Shewhart cycle (Deming)
- providing operational governance indicators.
Language of the talk: ITALIAN
Hello CVEs, my old friends I've come to deal with you again Because a backdoor softly creeping... Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...
Language of the talk: ITALIAN
Speech co-taught with Luca Di Vita
Native image di GraalVM offre un ottimo modo per ottimizzare le nostre applicazioni scritta per la JVM e trasformarle in un eseguibile nativo, che garantirà bassi tempi startup, basso consumo di risorse, alte prestazioni. Molte librerie e framework non sono ancora pronti per tutto questo, e questo è un male! Vieni a scoprire il mio viaggio personale nella compilazione nativa di un'applicazione basata su JVM. Vedremo sia le cose belle, così come i dolori, le varie vicissitudini e alcuni dei modi che ho trovato efficaci per risolvere i momenti difficili.
Language of the talk: ITALIAN
Nowadays cyber false flag operations have emerged as a sophisticated and deceptive form of cyber warfare. These operations involve malicious actors executing attacks designed to mislead, making it appear that a different group or nation is responsible. By mimicking the tactics, techniques, and procedures (TTPs) of other entities, cyber false flag operations aim to confuse investigators, exploit existing tensions, and manipulate narratives.
The targeting cycle of cyber false flag operations involves gathering intelligence, weaponizing attacks with misleading attributes, delivering these attacks in a manner that reflects another group's style, exploiting vulnerabilities to achieve the operation's objectives, and shaping the narrative to reinforce the deception. This cycle highlights how false flag operations can leverage media manipulation and social platforms to sway public opinion.
To address these challenges, defenders must employ a range of TTPs, including threat intelligence, attribution analysis, incident response, and media strategies. However, these measures can also contribute to confirmation bias and escalation, underlining the need for comprehensive approaches to cyber attribution and international cooperation to mitigate the impact of these deceptive maneuvers.
Language of the talk: ENGLISH
In an increasingly connected world, protecting the digital perimeter is crucial for organizational security. This talk delves into the importance of External Attack Surface Management (EASM) and Cyber Threat Intelligence (CTI) in monitoring and defending exposed digital assets. We will explore how an effective combination of these approaches can help organizations detect, understand, and mitigate cyber threats, ensuring a robust defense against ever-evolving cyber-attacks.
Language of the talk: ITALIAN
Speech co-taught with Marcello Dal Degan
In the latest iterations of Linux, many features have been added regarding the Boot Process, including a new standard called BLS with support in GRUB2 and systemd-boot, Full Disk Encryption using TPM, and having the entire boot process signed, ensuring system integrity.
Another interesting feature is soft-reboot, which is the ability to reboot the entire userspace, without rebooting the hardware or reloading the kernel like kexec does. In this talk we will talk about these features, and why the major actors are collaborating on them.
Language of the talk: ENGLISH
Lingua del talk: ITALIANO
This presentation will introduce the topic of Explainable AI, i.e. the ability to explain artificial intelligence models mostly based on neural networks. This topic is becoming increasingly important with the widespread use of Large Language Models, but do we really know how they work and what their limitations are?
Language of the talk: ITALIAN
Speech co-taught with Leonida Gianfagna
