44CON 2024
44CON is the UK's flagship cybersecurity conference, bringing offensive research, reverse engineering, and operational security work to London each September.
→ See editor’s top picks at 44CON 2024
- Entra ID Privilege Escalation to Global Administrator — Eric Woodruff
This article delves into a critical security vulnerability discovered in **Entra ID** (formerly Azure Active Directory) that allowed for privilege escalation to **Global Administrator** within a…
- Embracing Cyber Policy — Beau Woods
- A Brief Intro to Cyber Policy — Jen Ellis
- Bring your own binaries – Train your own Graph Neural Network for Binary Function Search — Will Lyn
Will Lyn, Head of Cyber Intelligence at the National Crime Agency (NCA), delivers a compelling talk that shifts the focus from traditional law enforcement's approach to cybercrime to a more dynamic…
- bin2ml: turning software binaries into machine learning ready training data — Josh Collyer
Josh Collyer, Head of AI Security Group at The Alan Institute, presented `bin2ml`, an open-source tool designed to transform software binaries into machine learning-ready training data. This talk…
- Reverse Engineering Patch Tuesday — John McIntosh
In his 44CON talk, John McIntosh, a Security Researcher at C Labs, delved into the intricacies of "Reverse Engineering Patch Tuesday," offering a method to gain "binary truth" from Microsoft's…
- Threat hunting in the browser — Luke Jennings
In this compelling talk, Luke Jennings, VP of R&D at Push Security, articulates a fundamental shift in the cybersecurity landscape: the transition from network and endpoint-centric defenses to an…
- Simple Machine Learning Techniques for Binary Diffing (in Diaphora) — Joxean Koret
Joxean Koret's presentation at 44CON delves into the practical application of machine learning (ML) techniques to **binary diffing**, specifically within his open-source tool, **Diaphora**. Binary…
- Unprivileged Containers: Shaving Yaks To Get the Toothpaste Back In the Tube — Matt Carroll
Matt Carroll's 44CON talk, "Unprivileged Containers: Shaving Yaks To Get the Toothpaste Back In the Tube," delves into the arduous journey Yelp undertook to secure its containerized development…
- Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 24 — Alex Plaskett, McCaulay Hudson
This talk, "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 24," delivered by Alex Plaskett and McCaulay Hudson from NCC Group's Exploit Development Group, details their successful…
- HL7Magic: Medical Data Hacking Made Easy — Katie Inns
This talk, "HL7Magic: Medical Data Hacking Made Easy," presented by Katie Inns, Head of Attack Surface Management at WISecure, delves into the critical and often overlooked vulnerabilities within…
- Two Fat Men, One Filesystem — Signedness
This talk, "Two Fat Men, One Filesystem," presented by Signedness, delves into a series of "unbelievable" and long-standing server-side vulnerabilities within the Network File System (NFS) protocol…
- Unveiling the Ghosts of Mobile Networks: When Will Old Bugs Die? — Dr Altaf Shaik
Dr. Altaf Shaik's talk, "Unveiling the Ghosts of Mobile Networks: When Will Old Bugs Die?", delivers a sobering assessment of the enduring security vulnerabilities plaguing mobile communication…
- Fooling Experts and Judges – Digital Evidence turns into digital Evil Dance — Eric Filiol
In this groundbreaking talk, "Fooling Experts and Judges – Digital Evidence turns into digital Evil Dance," Eric Filiol, a seasoned expert in mathematics, cryptography, and forensic analysis…