BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.recon.cx//recon-2026//talk//ECTXZH
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-recon-2026-ECTXZH@cfp.recon.cx
DTSTART;TZID=EST:20260619T160000
DTEND;TZID=EST:20260619T170000
DESCRIPTION:We leveraged a novel code injection to a PPL process we call 
 ‘Bring Your Own Vulnerable WerFaultSecure’ and then abuse Microsoft Sy
 stem Guard for privileged primitives in the kernel. We’ll explain how to
  make WerFaultSecure run arbitrary code and the vulnerabilities we found i
 n a Microsoft driver.
DTSTAMP:20260612T170511Z
LOCATION:Grand Salon Opera
SUMMARY:Chaining Microsoft binaries to get privileged primitives in Windows
  kernel - Angelo Frasca Caccia\, Alejandro Pinna
URL:https://cfp.recon.cx/recon-2026/talk/ECTXZH/
END:VEVENT
END:VCALENDAR