reveal.js

# Forewords
---
Lightning talks the day after the team dinner?

Well planned Matthieu!
---
# Security
---
## Definition
---
Absence of security issues
---
## Solution?
---
Remove all security issues
---
## Problem is solved
Thanks for attending
---
Defining security directly is difficult
---
## Another definition
« Absence of exploitable security issues »
---
More things to define!
---
## Exploitable
« The ability to actually take advantage of a security issue. »
---
## Security issue
« An unintended way for an attacker to conduct operations he wouldn't be able to do otherwise. »
---
That's even more...
---
 « unintended »

« attacker »

« conduct operations »

« wasn't already able »
---
<img src="071014rabbitholeEIG.jpg"><img>
---
## Let's stop with definitions and try to grok the topic
---
## Wide range in severity
* DoS
* Privilege escalation (privesc)
* Data or privacy loss (think "GDPR")
* (Remote) Code Execution
* Persistance
---
## Threat actors / resources
* script kiddie
* hacktivist
* disgruntled (ex-)employee
* law enforcement
* criminal group
* state actor
---
## Threshold
Is the cost higher than the (potential) gains?
---
Applies to attackers as well as defenders
---
## Securing systems
* Exponentially more expensive (money and time)
* Layered defense is only linearly more expensive
---
# Exploit chains
---
## Pwn2Own 2023 - Adobe Reader on MacOS
* AbdulAziz Hariri
---
## Pwn2Own 2023 - Adobe Reader on MacOS
* AbdulAziz Hariri chained _ bugs
---
## Pwn2Own 2023 - Adobe Reader on MacOS
* AbdulAziz Hariri chained 6 bugs
---
## Pwn2Own 2023 - Adobe Reader on MacOS
* AbdulAziz Hariri chained six bugs
* Escaped the sandbox
---
## Pwn2Own 2023 - Adobe Reader on MacOS
* AbdulAziz Hariri chained six bugs
* Escaped the sandbox and the API allow-list
---
## Pwn2Own 2023 - Tesla's Gateway
<img src="pwn2own_2023_tesla.svg"><img>
---
## Phineas Fisher's hackback
A good (long) read of an actual high-profile attack
---
## Layered defenses work!
* AbdulAziz Hariri needed 6 bugs
* Synacktiv went through at least 4 components, used at least a dozen bugs
* Phineas Fisher required months of work
---
## Layered defenses work!
Slight improvements to any layer help
---
# Consequences for us
---
## Secure coding practices
* memory-safe languages
* high-level languages (logic mistakes)
* reviews
* simple designs (along with langsec)
---
## At privilege boundaries
« wasn't already able »
* checks
* not lenient on inputs
* privileges separation and dropping/sandboxes (see openssh)
---
## Hardening in toolchains
* 99% due to how unsafe C is
---
## Safe defaults
* permissions
* cryptography
* Users aren't dumb; these isn't a trivial topic
* compatibility with legacy is a common issue
---
## Sanboxes/containers
« conduct operations »
---
## Plenty others
* Read-only systems
* Secure boot
---
## Goals
* Make attackers' lives more difficult
* Make users' lives simpler...
* ... or at least not more difficult
* Be at the forefront rather than trailing
---
### Questions?