Description of the security vulnerabilities that affected the Steam lobbies and all the games using the Steam Matchmaking functionalities.

Summary: A single attacker was able to easily deny the online experience of many multiplayer games sold on Steam.

How a malware or an exploit can use the Steam local service to escalate its privileges.

Summary: Unpatched local privilege escalation issues in the Steam Client Service.

Overview and details about the security issues found in the Steam voice framework.

Summary: Description of various remote security vulnerabilities that affected the voip API used by Steam and various games.

Video showing a design vulnerability affecting all the 2013 models of Philips SmartTV (6/7/8/9xxx), where the WiFi Miracast feature is enabled by default with the fixed password "miracast" and no PIN or request of permission for the new incoming WiFi connections.

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing.

• Video: CryEngine 3 Remote Code Execution

Security research conducted against a set of online poker solutions, highlighting the current status of this lucrative industry.

"Online Gaming (also known as Online Gambling and iGaming) is a successfully growing market, and Online Poker is its main sector with millions of players all around the world betting with real money..."

• Proof-of-concept video: An Overview Of Online Poker Security

In this paper we will detail a remote code execution vulnerability in Battlefield Play4Free exploitable via web browser on some Operating Systems. The vulnerability was first presented by REVULN at Black Hat Europe 2013, as part of a talk covering several interesting aspects related to games security.

White paper of the presentation given at Black Hat Europe 2013

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as attack vector against remote systems.

In this paper we describe a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

In this paper we will uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam platform as attack vector against remote systems.

• Proof-of-concept video: Steam LoadTGA, Team Fortress 2, Sanctum, APB, MicroVolts

Presented at Critical Infrastructure Protection Directorate in Malta.

It provides an overview of the attack scenarios against HMI/SCADA with some examples and resources.

Presented at Hack In The Box Europe 2014.

Focused on bypassing defensive mechanisms adopted against hardened Java exploits.

Presented at PHDays IV 2014, from page 45 are available the full details of various vulnerabilities affecting Samsung and Philips SmartTV models.

• Video: Samsung D6000 series - 8 Dec 2012
• Video: Philips Miracast - 26 Mar 2014
• Video: Presentation

Presented at S4 (SCADA Security Scientific Symposium) 2014

Overview of the time necessary for deploying patches in HMI/SCADA products, it also covered a 0-day affecting Ecava IntegraXor reported during the conference.

Presented at CounterMeasure 2013

Focused on bypassing defensive mechanisms adopted against hardened Java exploits.

Presented at NoSuchCon 2013

Focused on vulnerabilities affecting game engines (Source, CryEngine, Unreal Engine, idTech), fragmented packets, compressed integers, obfuscated opcodes, command-line options abused by Origin and Steam, master servers and various examples.

• Video: Mastering the Masters (Game Servers)

Presented at Black Hat Europe 2013

Overview of attack scenarios against multiplayer games, fragmented packets, master servers, encryption and compression algorithms in network packets, bitstreams and index numbers, vulnerabilities in anti-cheating systems, opcodes and some classes of attacks against games.

• Video: Battlefield Play4Free Arguments Injection
• Video: EA Origin code execution against Crysis 3
• Video: Presentation

Presented at Suits and Spooks DC 2013

Overview of vulnerability research and analysis, scenarios and downsides.

Presented at Power of Community 2012

Overview of attack scenarios of multiplayer games, reverse engineering and analysis of game packets, understanding opcodes and showing real examples of game vulnerabilities.

• Video: Call of Duty Modern Warfare 3 1.9.453 Steam SendP2PPacket NULL pointer

Hack In The Box 2014

29 May 2014 - Amsterdam, Netherlands

Reloading Java Exploits: Long Live Old JRE!

Positive Hack Days (PHDays)

21 May 2014 - Moscow, Russia

Smart TV Insecurity

SCADA Security Scientific Symposium 2014

14 January 2014 - Miami, USA

Securing ICS Applications When Vendors Refuse Or Are Slow To Produce a Security Patch

Countermeasure 2013

07 November 2013 - Ottawa, Canada

Smashing Exploit Detectors: The Java Exploits Case

NoSuchCon 2013

15 May 2013 - Paris, France

Exploiting Game Engines For Fun And Profit

Suits&Spooks 2013 DC

08 Feb 2013 - Washington DC, USA

A 0-days life: Offense as Defense

Black Hat Europe 2013

12 Mar 2013 - Amsterdam, Netherlands

Multiplayer Online Games Insecurity

SCADA Security Scientific Symposium 2013

16 Jan 2013 - Miami, USA

Experimental Project for SCADA/HMI Defense

Power Of Community 2012

08 Nov 2012 - Seoul, South Korea

Owning Multiplayer Online Games