Início
Ninjas
Agenda (current)
Local
Ondeficar
Camisetas
Contato
Inscrições

08 de
Novembro
2025

SALVADOR - BA
BRASIL

Faça sua inscrição

7 Palestrantes

100 Participantes

08:00 às 08:50	Credenciamento	Palestrante
18:00	Encerramento

Electron Orbits in The MacOS Universe: The Travel Experience for Red Teamers

Roberto Soares aka Espreto

If you use macOS in your daily life and rely on apps like Slack, Discord, GitHub, or VSCode—among dozens of others—chances are you're using an Electron app that might be vulnerable.Electron applications on macOS are often underestimated, yet they harbor vulnerabilities that can be exploited to significant effect. At the NullByte Conference, we’ll navigate through these risks, offering Red Teamers a unique insight into how these applications can be turned into potent attack vectors.In this session, we’ll explore how Electron apps can be exploited to bypass macOS's Transparency, Consent, and Control (TCC) framework, manipulate app entitlements for unauthorized access to cameras and microphones, and bypass the 'Privacy & Security' mechanisms to implant backdoors, escalate privileges, write in unauthorized locations, and maintain persistence. We'll delve into real-world cases, demonstrating these vulnerabilities in action and discussing how to prevent such attacks.

Improving the Gaspar Framework through Gaspar(Zinho): Expanding a Native Android Argumentation Framework for Android Runtime (ART)

Otavio Silva

By utilizing the LSPosed SDK, Gaspar introduces a fast, reliable, and evasive argumentation framework that operates directly on Android Run Time (ART) through hooking and interposition abstraction. There will also be a public tool release granting access to the turbo features.

Hacking Embedded Devices - From Black Box to UID 0

Zezadas

This presentation covers achieving root access on an embedded device without prior information by combining exploits and reverse engineering techniques.Throughout this presentation, you will learn methods to identify hardware specifications and conduct decompilation and analysis of Android Applications and Linux binaries. This acquired knowledge will be applied to uncover and exploit vulnerabilities within embedded systems.Together, they’ll showcase that hacking embedded devices isn’t as intimidating as it may seem and can be an adventure worthy of a time-traveling DeLorean. This unique approach showcases the ingenuity of hackers who can make the past and present converge in unexpected ways.Throughout the talk, you’ll gain valuable insights into the world of embedded device security, learning practical tips and techniques that can be applied to your own projects. Whether you’re an experienced security professional or intrigued by the blend of technology and time travel, this presentation promises to entertain, educate, and inspire.

Android Native Library Fuzzing Strategies: Insights for Vulnerability Researchers

Thiago Peixoto

In this presentation, we will explore various fuzzing strategies applicable to native libraries in Android applications. We will begin with a theoretical foundation, followed by the preparation of the necessary environment and the initial steps to take. Then, we will discuss different approaches to creating harnesses, as well as provide valuable tips for vulnerability researchers.

Binary Reversing and Exploitation: A Case Study on Egg Hunting

Thayse Solis

In this talk, I will present a step-by-step approach to binary exploitation, including reverse engineering techniques, execution flow analysis, and the identification of a buffer overflow vulnerability. Additionally, I will demonstrate an application of egg hunting technique to locate and execute payloads in memory. The session will conclude with the presentation of a functional exploit for the analyzed case, providing a practical perspective on the subject.

Siga no Instagram
Siga no Twitter

"Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike."

+++The Mentor+++

Patrocinadores:

08 de Novembro2025

SALVADOR - BABRASIL

08 de
Novembro
2025

SALVADOR - BA
BRASIL