Vangelis Stykas
CTO
Thessaloníki, Greece
Actions
Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
He currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
Badges
Area of Expertise
Topics
Stalking the Stalkers
So-called "spouseware" (or "stalkerware"), is a million-dollar market that is actively used by abusers to monitor, control, and blackmail vulnerable people. Unscrupulous companies advertise their software as parental monitoring solutions to operate within the law and avoid prosecution.
During this talk, we will give you some insight into this industry, and demonstrate that a lot of these platforms suffer from pretty basic issues that can result in unauthorised access to all monitored devices, and leakage of sensitive data of both the victims and the perpetrators.
What would you do if you knew you could monitor devices that where actively being stalked? Would you commit a crime and listen to them too or would you report the vulnerabilities to the vendor? The same vendor who is actively helping bad actors snoop into other people's devices. The ethical dilemma and the best approach to this situation is way more complex than finding the vulnerabilities of those platforms!
Nowadays most of our digital lives are tightly connected to our mobile phones. Anyone having control over these devices could have complete access of somebody's digital life and be able to track their location in real time.
In this talk, we will show how white labelled vulnerable APIs are used on several platforms and enable multiple abusers to use them to monitor vulnerable people.
Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security
In this talk, we delve deep into the increasingly interconnected world of electronic vehicles (EVs), photovoltaic (PV) solar systems, and the broader power grid infrastructure—a nexus that is becoming a fertile ground for potential large-scale cyber disruptions. As we navigate through this complex interplay of technology and infrastructure, we will uncover the critical vulnerabilities lurking within the API connections that bind these systems together. Our exploration will not only highlight these weaknesses but will also demonstrate, through real-world scenarios and potential attack vectors, how they can be exploited to launch sophisticated cyber-attacks, emphasizing the urgent need for robust security frameworks and proactive cybersecurity measures to safeguard our collective future.
The advent of PV inverters and EV charging systems has been marred by the industry's "rush to market" mentality, leading to overlooked security considerations.
Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security
In this talk, we delve deep into the increasingly interconnected world of electronic vehicles (EVs), photovoltaic (PV) solar systems, and the broader power grid infrastructure—a nexus that is becoming a fertile ground for potential large-scale cyber disruptions. As we navigate through this complex interplay of technology and infrastructure, we will uncover the critical vulnerabilities lurking within the API connections that bind these systems together. Our exploration will not only highlight these weaknesses but will also demonstrate, through real-world scenarios and potential attack vectors, how they can be exploited to launch sophisticated cyber-attacks, emphasizing the urgent need for robust security frameworks and proactive cybersecurity measures to safeguard our collective future.
The advent of PV inverters and EV charging systems has been marred by the industry's "rush to market" mentality, leading to overlooked security considerations. These critical weaknesses potentially allow remote attackers unprecedented control, with the ability to fully commandeer or even incapacitate these devices. Our investigation will reveal how targeting cloud platforms used by installers could unlock elevated access not just to PV inverters but also to EV chargers. This access includes functionalities usually restricted from the systems' proprietors, thereby opening a pandora's box of vulnerabilities.
Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels
Ransomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.
I will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups' web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreack havoc
Charge my car for free! FOREVER!
Current trends show that electric cars and green energy, especially photo-voltaic energy, are being widely adopted in both commercial and home user markets. During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them. This could lead to free charges for car chargers, to them being used as a pivot point to get access to your internal network. This talk will also discuss the possibility of a grid attack by using these vulnerabilities in conjunction.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top