Here you can find video, slides and other stuff related to RomHack Conference since the beginning (2018). Enjoy!
- Kim Zetter: Sun Stroke: How the SolarWinds hackers pulled off their ingenious operation and scorched the vulnerable underbelly of the software supply chain SLIDES | VIDEO
- Ting-Yu Chen (NiNi): A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE SLIDES | VIDEO
- Alessandro Magnosi (klezVirus): The Bright Side of the Moon: Exploring Novel Techniques for Bypassing Call Stack Analysis SLIDES | VIDEO
- Rajanish Pathak (h4ckologic) and Hardik Mehta (hardw00t): Hacking into the iOS’s VOLTE implementation SLIDES | VIDEO
- Orange Tsai: A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned SLIDES | VIDEO
- Luca Bongiorni (Cyberantani): HandPwning: “Your Hand is your Passport. Verify me. Now let me in! SLIDES | VIDEO
- Round Table with the speakers VIDEO
- The Vendor / Researcher Relationship Needs Improvement (James Forshaw) SLIDES | VIDEO
- Attacking Azure AD by abusing Synchronisation API: The story behind 40.000 USD in bug bounties (Nestori Syynimaa) SLIDES | VIDEO
- Security in a Immutable web3 World: Breaching Smart Contracts (Davide TheZero) SLIDES | VIDEO
- DES-On-Fire: Breaking Physical Access Control (Markus Vervier and Yasar Klawohn) SLIDES | VIDEO | Attack PoC
- Bypassing Anti-Cheats & Hacking Competitive Games (Rohan Aggarwal) SLIDES | VIDEO
- You shall not PassRole! (Edoardo Rosa) SLIDES | VIDEO | DEMOS
- My last Solaris talk (not your average keynote) (Marco Ivaldi) SLIDES | VIDEO
- Fuzzing Apache HTTP Server for fun (and CVEs) (Antonio Morales) SLIDES | VIDEO
- Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set (Christian Folini) SLIDES | VIDEO
- Breaking Azure AD joined endpoints in zero-trust environments (Dirk-jan Mollema) SLIDES | VIDEO
- sigstore, software signing for the masses! (Luke Hinds) SLIDES | VIDEO
- Making your own Stuxnet: Exploiting New Vulnerabilities and Voodooing PLCs (Nicolas Delhaye & Flavian Dola) SLIDES | VIDEO | DEMO
- Windows Privilege Escalations: Still abusing local service accounts to get SYSTEM privilege (Antonio Cocomazzi) SLIDES | VIDEO
- BYOI (Bring Your Own Interpreter) payloads: Fusing the powah of .NET with a scripting language of your choosing (Marcello Salvati) SLIDES | VIDEO
- Falco: runtime security analysis through syscalls (Leo Di Donato) SLIDES | VIDEO
- Serverless security: attack & defense (Pawel Rzepa) SLIDES | VIDEO
- From 0 to Hero - Actionable Threat Intelligence (Raffaele Di Taranto & Vito Lucatorto) SLIDES | VIDEO
- Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it (Samit Anwer) SLIDES | VIDEO
- Infiltrating Corporate Intranet Like NSA Pre-auth RCE on Leading SSL VPNs (Orange Tsai & Meh Chang) SLIDES | VIDEO
- Reverse engineering of IoT devices hack a home router (Valerio Di Giampietro) SLIDES | VIDEO
- Red teaming: from badge to domain (Francesco Perna & Lorenzo Nicolodi) SLIDES | VIDEO
- How to impress your management when you are an Active Directory noob? (Vincent Le Toux) SLIDES | VIDEO
- SAFE: Self Attentive Function Embedding for Binary Similarity (Luca Massarelli) SLIDES | VIDEO
- Adversarial approach to Improve Detection capabilities (Massimo Bozza Pietro Romano) SLIDES | VIDEO
- whoami priv - show me your Windows privileges and I will lead you to SYSTEM (Andrea Pierini) SLIDES | VIDEO
- Windows RID Hijacking Maintaining Access on Windows Machines (Sebastian Castro) SLIDES | VIDEO
- Samurai in the digital age (Zanshin Tech) SLIDES | VIDEO
- Human Users Detection stop bots with Nginx (Andrea Menin) SLIDES | VIDEO
- Cyber Saiyan - LIVE DEMO SLIDES | VIDEO | CODE