BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:65e2be27-b4f9-4a53-ab4f-20decf3fca0c DTSTAMP:20260422T172029Z SUMMARY:Am I Exploitable? (MI-X) - Ofri Ouzan &\; Yotam Perkal DESCRIPTION:Am I Exploitable? (MI-X)\n\nSaturday August 12\, 12:00 – 13:5 5\, Council Boardroom\, Forum\n\nOfri Ouzan & Yotam Perkal\n\nAddressing s ecurity vulnerabilities begins with verifying the impact on an environment . Merely having a vulnerable package installed does not guarantee exploita bility\, as several conditions must align for the vulnerability to be appl icable and exploitable. For example: is the operating system in question s usceptible to the vulnerability? is the vulnerable component loaded to mem ory? is the required configuration in place? is there a patch installed? A nd more... Standard vulnerability scanners simply do not take these factor s into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable ?’ (MI-X)\, is an open-source tool aimed at effectively determining whet her a local host or running container is truly affected by a specific vuln erability by accounting for all factors which affect *actual* exploitabili ty. MI-X also prints out the logical steps it takes in order to reach a de cision and can also provide a graphical representation of the validation f low. The tool can therefore help practitioners understand what are the fac tors that affect exploitability for each of the supported vulnerabilities. \n\nOfri Ouzan is an experienced Security Researcher who has been working in the cybersecurity field for over four years. She specializes in conduct ing security research on Windows\, Linux\, Cloud Platforms\, and container ized applications with an emphasis on vulnerabilities. Her expertise lies in finding and solving complex problems in the cyber field\, developing au tomation and open-source tools.\n\nYotam leads the vulnerability research team at Rezilion\, focusing on research around vulnerability validation\, mitigation\, and remediation. Prior to Rezilion\, Yotam filled several rol es at PayPal Security organization\, dealing with vulnerability management \, threat intelligence\, and Insider threat. Additionally\, Yotam takes pa rt in several OpenSSF working groups around open-source security as well a s several CISA work streams around SBOM and VEX and is also a member of th e PyCon Israel organization committee. He is passionate about Cyber Securi ty and Machine Learning and is especially intrigued by the intersection be tween the domains\, whether it be using ML in order to help solve Cyber Se curity challenges or exploring the challenges in securing ML applications. \n\nAudience - Defense and Offense​ URL:https://forum.defcon.org/node/246341 DTSTART:20230812T200000Z DTEND:20230812T215501Z LOCATION:Council Boardroom\, Forum END:VEVENT END:VCALENDAR