BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2026//ELMXKH
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-ZZWHUC@cfp.nsec.io
DTSTART;TZID=EST:20260515T100000
DTEND;TZID=EST:20260515T123000
DESCRIPTION:In the rush to adopt modern cloud architectures\, organizations
  often prioritize velocity over security\, leaving critical gaps in their 
 infrastructure. This workshop bridges the gap between offensive exploitati
 on and defensive engineering\, using a real-world scenario deployed on Goo
 gle Cloud Platform (GCP).\n\nParticipants will be given access to a "produ
 ction-grade" environment managed with InfraStream\, a manifest-driven infr
 astructure platform. Inside this environment lies a set of microservices w
 ritten in Go\, which appear functional but contain a critical flaw: a Serv
 er-Side Template Injection (SSTI) vulnerability. However\, the infrastruct
 ure is hardened: The server runs in a scratch-based container with some ve
 ry restrictive network rules that prevents both bind and reverse shell fro
 m being effective.\n\nThe workshop is divided into two phases:\n\nThe Red 
 Team Phase: Attendees will get their hands dirty analyzing the Go applicat
 ion code and crafting payloads to exploit the SSTI vulnerability. The goal
 ? Get a fully interactive shell on the underlying container and attempt to
  pivot through the default GCP network to compromise adjacent services. Wh
 ile the initial vulnerability is pretty simple to exploit\, the real chall
 enge here lies in leveraging it through the hardening\, which will involve
  hooking the server's code and advanced shellcoding to implement a backdoo
 r.\nThe Blue Team Phase: Once the compromise is confirmed\, we will switch
  gears to remediation. We will modify InfraStream's manifests to apply pra
 ctical defense-in-depth strategies. Participants will learn how to impleme
 nt hardened docker runtime deployments\, enforce strict network policies\,
  and enable mTLS within the service mesh—effectively restricting the imp
 acts of the RCE and limiting lateral movement. We will also fix the root c
 ause that allowed the process hooking step to take place.\n\nBy the end of
  this session\, attendees will understand the mechanics of Go template inj
 ection\, advanced techniques to leverage vulnerabilites in hardened infras
 tructure and how to leverage infrastructure-as-code to enforce security ba
 selines that make even vulnerable applications resilient to attack.
DTSTAMP:20260507T204142Z
LOCATION:Workshop 1
SUMMARY:Breaking and Hardening the Cloud: Advanced Hooking and Shellcoding 
 in a Hardened Environment - Ashley Manraj\, Philippe Dugre(zer0x64)
URL:https://cfp.nsec.io/2026/talk/ZZWHUC/
END:VEVENT
END:VCALENDAR