Claroty & Team8 meetup: Hacking developers' mistakes

Join us for a Claroty & Team8 Tech Meetup - hear from Sharon Brizinov (Vulnerability Research Team Leader at Claroty) and Noam Moshe (Security Researcher at Claroty) about some of their most insightful research projects in two technical talks.

Agenda:
⏱ 1830-1900: Drinks & Refreshments

⏱ 1900-1930: The Curious Case of Weird Phone Calls in the Middle of the Night: Pwning Your Intercom (by Sharon Brizinov - Vulnerability Research Team Leader at Claroty)

⏱ 1930-2000: WHO IS YOUR PARSER AND WHAT DOES HE DO: URL Parsing Gone Wrong (by Noam Moshe - Security Researcher at Claroty)

___________________________________________________________________
📌 The Curious Case of Weird Phone Calls in the Middle of the Night: Pwning Your Intercom
Sharon Brizinov - Vulnerability Research Team Leader at Claroty

Not so long ago a good friend of mine complained about a strange phenomenon - since the installation of his newly advanced intercom, he started to receive some weird phone calls in the middle of the night. On top of this, when he answers these strange calls, the associated intercom mobile application in his smartphone is opened and he sees the interior of random offices around the world. Intrigued, I started to investigate further to find out what was going on.

In this talk, I will take you through my adventure to understand what happened that night and how I completed the research with a PWN of the entire intercom system. I will explain how modern intercoms are working, what kind of new features they hold, and how I was able to PWN a popular intercom brand (V-TEC) and bypass their security features to get remote access to the video feed (camera) and door control (lock) of ALL the cloud-connected V-TEC intercoms worldwide.
____________________________________________________________________

____________________________________________________________________
📌 WHO IS YOUR PARSER AND WHAT DOES HE DO: URL Parsing Gone Wrong
Noam Moshe - Security Researcher at Claroty

While URLs are quite simple to understand, parsing them is a whole different story. Over the years, the definitions and specifications of URL syntax have changed significantly, with different RFCs expanding on the definition of URLs and adding extra features. Because of the constant evolution of URL specifications, different libraries and applications have adopted different behavior based on one of the RFC specifications at the time of releasing the software. This issue became even more common when newer URL parsing libraries were released and deliberately chosen to not be RFC compliant to be backward compatible, thus immortalizing URL parsing confusion.

We became curious about URL parsers and compared 15 different parsers across different platforms and programming languages. In our talk, we will discuss a few exploitation techniques that use URL parsing inconsistencies including SSRF, open-redirect, XSS, DoS, filter-bypass, and more. Eventually, based on our research and the code patterns we searched, we discovered eight vulnerabilities in existing web applications and third-party libraries used by many popular web applications.
____________________________________________________________________

We look forward to seeing you all in person. 😎🎉