Miesiąc: luty 2025

In a compelling presentation at CONFidence 2024, Szymon Chadam delved into the security vulnerabilities of mObywatel 2.0, Poland’s innovative electronic identity application. This app, intended to revolutionize identity verification processes, comes with promises of convenience but also faces significant risks if not implemented securely. Below, we summarize key insights into the app’s functionality, vulnerabilities, and…
Read more

Caching is a critical mechanism in web applications, designed to optimize performance and reduce server load. However, as Iwona Polak discussed in her insightful presentation from CONFidence 2024, improper cache configuration can introduce significant security risks. This article explores the types of caching, associated vulnerabilities, and best practices for mitigating risks. Read our summary and…
Read more

In a world where ransomware attacks are growing increasingly sophisticated, Or Yair presented an innovative and concerning method for executing ransomware attacks at CONFidence 2024. Named „DoubleDrive,” this attack exploits the synchronization mechanisms of popular cloud storage services – OneDrive and Google Drive – to bypass traditional security measures. Read our summary and watch the…
Read more

Mateusz Jurczyk’s presentation at CONFidence 2024 delves into the complexities and vulnerabilities of the Windows registry, particularly focusing on symbolic links and predefined keys. His research reveals how seemingly outdated features and insufficient mitigations can still expose modern Windows systems to privilege escalation attacks. This article provides an overview of the registry’s fundamentals, its historical…
Read more

Dominik Czarnota’s presentation from CONFidence 2024 showcased a fascinating Capture The Flag challenge that explored the exploitation of arbitrary Model-Specific Registers (MSRs) in Linux systems. This case study illustrates how a small misconfiguration in the Linux kernel can lead to privilege escalation and provides valuable insights into advanced exploitation techniques. Below, we delve into the…
Read more