Reading time ~3 min

Posted by Leon Jacobs on 28 November 2023

Arguably one of the largest hacking conferences in South Africa, BSides Cape Town 2023 is around the corner and the SensePost Team is there with a jam packed agenda demonstrating our latest research (with five talks), challenges and more! In this post, I’ll summarise what you can expect. For timing related information, check out the schedule here. Be sure to come and say hi at our stand in the chill area too.

talks

Opening BSides Cape Town 2023 is @singe with a Keynote “Impose Cost: Our defences eventually fail and we need to take the fight to the criminals” where he will argue that the only way to effectively and realistically succeed in defending our networks is to take the challenge to the real criminals and not just wait for them to come.

Next we have Reino Mostert in a talk “LPE in enterprise software” demonstrating a Local Privilege Escalation vulnerability he found which was made possible by extending James Forshaw‘s directory junction work, but chaining them to effectively bypass a mitigation the vendor implemented.

Following that, @leonjza will present a talk titled “Attacking Microsoft Exchange: Fusing LightNeuron with Cobalt Strike” where he will reflect on a Russian threat actor known as Turla. Leon will dive into the details and a reimagination of an Exchange backdoor that Turla used, called LightNeuron while fusing it with Cobalt Strike to interact with a beacon over email.

Next, @shifttymike will present “Noooooooooo touch!” where he will walk through the journey of researching “no touch” sensors commonly used to allow people to exit buildings by opening doors after moving your hand past one of these sensors. Michael will demonstrate how he bypassed these sensors allowing him to open doors (for example) from the wrong side of a door, and at a significantly larger distance. He may even have a nifty little portable version of the gear required for this…

Finally, @singe will deliver a talk titled “Performance Hacking – how to hack your tools to go faster” where he will dive into performance details of building an efficient password cracking tool, how to perform performance analysis and more, to ultimately get a tool that works faster using computer science and not just more hardware.

challenge – vending machine

Last year, together with @elasticninja we tried to have a vending machine challenge up and running for conference participants to hack at with a bunch of prizes up for grabs. It was a lot of fun (even though a lot of stuff went wrong), and learning from those lessons, we’re back with the vending machine this year, with new and improved hardware, challenges and more. Be sure to come and visit the machine to learn how to hack it to win some prizes!

volunteers

Not everything is obviously visible like talks and challenges. In fact, some of the hardest work goes into organising the event. We’re proud to have Isak, Geoffrey and Roberto from the SensePost team form part of the organising team helping make BSides Cape Town what it is!