All your math are belong to us

Presented at DEF CON 26 (2018), Aug. 11, 2018, 3 p.m. (45 minutes).

First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends.

Wait, no, not really.

It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room, installing the trial. And that's when the hacking started...

Believe me, there were a lot to hack in this case! Several gigabytes of installed materials, a few web servers, cloud integration, clustering capabilities, you name it. These software are bloated, they are basically their own little operating systems.

Yup, I used plural. Because I thought why discriminate MATLAB? I should really give a chance to Maple and Mathematica to fail too!. I did, and they did fail, and these failures gave the material for my talk. Basically this will be a dump of exploits (RCEs, file disclosures, etc.), and if you use any of those software and you are at least a bit security conscious, you should definitely listen to it.

Presenters:

• sghctoma - Lead security researcher @ PR-Audit Ltd., Hungary
  Toma is the lead IT security researcher at PR-Audit Ltd., a company focusing mainly on penetration testing and SIEM software development. Previously he participated in a cooperation between ELTE Department of Meteorology and the Paks Nuclear Power Plant Ltd., the goal of which was to develop TREX, a toxic waste emission simulator using CUDA. The scene from RoboCop where Nikko defeats the ED-209 with just a laptop and a serial cable made a huge impression on him, and after seeing the movie, his path was set: he was bound to be a hacker. His first experiences in this field involved poking around various copy protection schemes, and to this day his favorite areas of expertise are the ones that require some mangling of binary files. Besides computer security he also loves mountain biking, flight simulators, and builds and flies acro quadcopters.

Links:

• https://defcon.org/html/defcon-26/dc-26-speakers.html#Sghctoma
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - sghctoma - All Your Math are Belong to Us.mp4
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - sghctoma - All Your Math are Belong to Us.srt (subtitles)
• https://www.youtube.com/watch?v=w-jVUSw_7ko

Similar Presentations:

• DEF CON 20 (2012) / Socialized Data: Using Social Media as a Cyber Mule
• BSidesDC 2014 / Why I Sold Out, Why You Should Too...
• CactusCon 11 (2023) / Securing Your Home Network/Homelab... Yes, it's still relevant in the 2020s!