2025-08-12 –, Cassiopeia
Language: English
What happens when an attacker controls time on a Linux system? This talk looks at how system clocks work, and what breaks when they’re manipulated. From bypassing delays to triggering subtle logic errors, we’ll explore how unstable time can subvert assumptions, break security controls, and cause software to behave in unexpected or unsafe ways.
This talk explores the consequences of full control over time on a Linux system. We’ll start with a brief overview of how system clocks work, highlighting common assumptions made by applications and security mechanisms. The focus will be on local manipulation of the system clock — jumping forward, rewinding, or freezing time — and the unexpected ways software can break when time becomes unreliable.
Through practical examples, we’ll see how time-based defences and logic can be bypassed, exposing vulnerabilities that often go unnoticed. Not every issue leads to a full exploit, but many reveal fragile trust assumptions rarely tested in real environments.
This talk is for hackers, tinkerers, and developers who’ve ever relied on sleep(1) as a defence mechanism. You might rethink your assumptions about time-based security after attending.
Daniels is a cybersecurity specialist with four years of professional experience in the field. His work focuses on developing and delivering technical training for a wide range of audiences, from beginners to professionals. To stay sharp, he actively engages in penetration testing and red team projects. Daniels is also one of the lead organizers of "Mārtiņa-CTF" — one of Latvia’s largest Capture the Flag competitions, known for being beginner-friendly while still offering a solid technical challenge.