Offsec Conference 2019

52906933_258729115039444_1050709211604722318_nThird Conference on Modern Achievements of Cyber and Offensive Attacks in IranThe 3rd conference from Offsec (Offensive Security – offsec.ir / offsecresearch.com / offsecmag)

Offsec held the one-day conference on March 16 at Shahid Beheshti University. The conference normally consists of former and current hackers as well as professors from the United States, Ph.D. students from the US (past conferences and this one). Previously sponsored by Black Hat, hackers such as Sc0rpion and Mormoroth, Ali Razmjoo and Abiusx of Zdresearch (along with others in the group who pull double, triple duty, and are on call for creating new proxies for hacking) with direct support from Chinese and Indian hackers. Some attended or teach/taught at universities such as Arizona State, Virginia Tech, Kansas State, Stony Brook, and Carnegie Mellon to name a few. Some have ties to the likes of Mojtaba Masoumpour and Behzad Mesri and worked at organizations such as Viraintel (now defunct) while taking lead roles in OWASP Iran. You will find them operating as ‘independent’ researchers (they protest they are nothing more) with a presence on Telegram, Instagram, Github, Twitter, Linkedin, Facebook, various forums, and under various names/handles. They have presented at Black Hat, been invited to DefCon (with visa-ready applications (2016)), and won competitions for DARPA.

We were able to obtain almost all the presentations (below) and request Offsec make them available since we would like to complete the set (APT attacks against Iran… send via DM, Yasho).

Their work is impeccable and their skill impressive. Many have resumes demonstrating significant achievements from high school through the best Iranian Universities. This provides initial student visa entry to the US and to prestigious Universities in the West where foreign students pay full price for entry. Some may achieve a level of paid scholarship and grants, while others may be directly funded by the Iranian government.

Regardless, the bottom line is their every increasing prowess in cyber operations, hacking, and warfare learning directly from those they seek to attack. We cannot fault them for their efforts and drive. We would behave much the same had we been born in Mershad, Tehran, or the island of Kish.

The old guard of hackers in Iran have largely been retired, taken legitimate jobs, gotten married, had kids, and realized they had to make a few rials along they way. The government has largely pushed the likes of Ashiyane aside and possibly assigned them new tasks should they not spend some time in jail. Something we will discuss very soon.

From teaching how to write exploits and executing SQL-injection attacks to creating firewalls that defeat the above, they should be measured and respected.The one thing that has vexed us at Treadstone 71 for years is the eagerness of the US to openly engage our adversaries in higher education only to suffer at their hands later.We could write much more on the topic, provide in-depth resumes, describe some of the regular activities but the data below should suffice.T71

This slideshow requires JavaScript.

Presentations:

offseconf19-sophisticated-malware-from-the-past-future

offseconf19-smartcard-attacks

offseconf19-os-sidechannel-attacks

offseconf19-ai-securityoffsec_angr_talk

offseconf-alibaba-getting-bounty-from-out-of-scope-domain

This slideshow requires JavaScript.

offseconf19-exploiting-private-cloudsProactive Cyber Defense Solutions

This slideshow requires JavaScript.

This slideshow requires JavaScript.

Yasho’s pre-conference challenge:

Our future and our security – Amir Nazemi – Deputy Minister at Ministry of Communication and Information Technology of I.R.Ira

This slideshow requires JavaScript.

731fbfa7-fef4-49b5-bb5b-14478c9e9bc0

abbas.jpgNice to see black hat supporting the 2018 conference. #boycott?https://www.youtube.com/watch?v=FMKuJcnClVc&feature=youtu.be

This slideshow requires JavaScript.

zdresearchTreadstone 71

This site uses Akismet to reduce spam. Learn how your comment data is processed.