1. Bypassing Moodle Account Lockout 2. Emerging Security Implications of MCP

Bypassing Moodle Account Lockout (CVE-2022-30600): First Public POC on GitHub - Boonjune

In this talk, I’ll recount my journey as the first to publicly develop a proof-of-concept exploit for CVE-2022-30600—a critical (CVSS 9.8) vulnerability in Moodle that bypasses account lockout restrictions.

Plug, Play, Prey: MCP - Emerging Security Implications of Model Context Protocol - Frenchie - Ensignia Security

What happens when prompt injection spans sessions? When your context gets leaked, fuzzed, or subtly poisoned? This talk dives into the guts of MCP, how it works, how it breaks, and what it opens up for red teamers and defenders alike. From prompt smuggling to tool substitution attacks, you’ll leave with a clearer view of how this emerging functionality is a double-edged sword — and how to start thinking about securing it.

Drinks

The Ruxmon attendees go to The Last Jar (616 Elizabeth St, Melbourne VIC 3000) to socialise after the talks. See you there.

Streaming

If you can't attend the event in person the talks will be streamed in the "ruxmon-stream" voice channel in the Ruxcon Discord in the day of the event! (join now by clicking here: https://discord.gg/g2CpEbkXmM