Presented by 김동현 (CEO, Cremit), this talk introduces OWASP's Top 10 security issues related to Non-Human Identities (NHI) such as API tokens, service accounts, and machine identities in cloud and DevSecOps environments.
In this talk, 홍성진 (Staff Security Engineer, Sendbird) shares practical guidance on launching and running a bug bounty program in an organization.
The Outlaw Linux Malware is a persistent yet unsophisticated auto-propagating coinminer package that has been observed across multiple versions over the past few years. Despite lacking advanced evasion techniques, it remains active and effective by leveraging simple tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels.
Detection strategies include monitoring for unusual SSH authentication attempts, unexpected cron job creations, and the presence of unauthorized SSH keys. Implementing SIEM and endpoint detection rules can help identify these activities. :contentReference[oaicite:1]{index=1}
On February 21, 2025, Bybit experienced a significant security breach resulting in the loss of over $1.4 billion in assets, including 401,347 ETH. The attackers compromised the transaction approval process by manipulating what Bybit's signers saw during the authorization of cold wallet transactions, leading to unauthorized fund transfers.
The attackers targeted Safe{Wallet}, a multi-signature wallet solution used by Bybit. By injecting malicious JavaScript code into the Safe{Wallet} user interface through a compromised developer machine, they altered the transaction data presented to the signers. This manipulation caused signers to unknowingly approve transactions that transferred control of the cold wallet to the attackers.
Team82 discovered multiple critical vulnerabilities in Ruijie Networks' cloud-connected IoT devices enabling remote code execution.
| CVE | Risk | CVSS |
|---|---|---|
| CVE-2023-XXXXX | Unauthenticated RCE | 9.8 |
| CVE-2023-XXXXY | Hardcoded Credentials | 8.4 |
| CVE-2023-XXXXZ | API Abuse | 7.9 |
| Device Type | Model Series |
|---|---|
| Smart Switches | RG-SXXXX |
| Wireless APs | RG-APXXX |
| Security Gateways | RG-WGXXX |
| Layer | Protections |
|---|---|
| Cloud | Multi-factor authentication, API rate limiting |
| Device | Secure boot, Firmware signing |
| Network | VLAN segmentation, TLS 1.3 enforcement |
Remote Access Trojan targeting financial data and credentials through sophisticated evasion techniques.
| Stage | Description |
|---|---|
| Initial Access | Phishing emails with ISO attachments |
| Execution | LNK files invoking PowerShell scripts |
| Persistence | Registry Run keys modification |
| Protocol | Pattern |
|---|---|
| HTTP | POST requests to /api/v1/collect |
| DNS | TXT record lookups for C2 IP resolution |
rule DCRat_Loader {
strings:
$s1 = "DC_LOADER_V2" wide
$s2 = { 68 74 74 70 73 3A 2F 2F 61 70 69 2E 74 65 6C 65 67 72 61 6D }
condition:
any of them
}
Using Kali Nethunter's MANA Toolkit to create malicious Wi-Fi access points and intercept unencrypted network traffic.
apt update && apt upgrade -yairmon-ng start wlan0| Command | Description |
|---|---|
| mana start --nl | Start NAT layer |
| mana start --dhcp | Enable DHCP server |
| mana start --ssid "Free_WiFi" | Set rogue AP name |
mana start --verbose
aireplay-ng for target disconnectiontail -f /var/log/mana.log| Tool | Usage |
|---|---|
| tcpdump | tcpdump -i wlan0mon |
| sslstrip | HTTPS downgrade attacks |
The 2023 IoT threat landscape shows significant evolution in attack sophistication targeting connected devices across industries.
| Device Type | Percentage |
|---|---|
| Routers | 31.6% |
| Cameras | 23.4% |
| Smart TVs | 18.9% |
| Layer | Protection |
|---|---|
| Device | Secure boot, Hardware encryption |
| Network | VPNs, Intrusion detection |
| Cloud | API security, Tokenization |