Presented at
Kernelcon 2023,
April 15, 2023, 1:30 p.m.
(60 minutes).
We rely on a variety of security tools to do our jobs, but is it safe to run these tools on code or applications we do not trust or is it “Toxic” (In the Zone, 2003)? Over the last few years we have uncovered a variety of exploits in popular security tools including Code QL, Burp, Zap, and even humble SCA / SBOM tools like OWASP Dependency Check.
Dealing with unsafe and untrusted code is not easy, you got to "Work B****" (Britney Jean, 2013). We hope to make you “Stronger” (Oops!... I Did It Again, 2000) by taking a closer look at how these tools work, and provide steps to minimize the risk posed by these exploits.
Presenters:
-
Michael Kunz
Mike is a UNO alumni, former speaker at Kernelcon, former winner of the Kernelcon CTF, and holds an Eternal Kernel badge.
-
Matt Austin
Matt is a husband, a dad, and a hacker with 13 years in security research and moonlighting BugBounty. Also fan of the video game Stray.
Similar Presentations: