Please select from the menu above
- Application Security Metrics
Speaker: Wong Caroline @carolinewmwong
What’s your current level of confidence in your application security program? Are you tracking any pen test metrics? Maybe you should.
This session will detail several application security metrics used to measure the effectiveness of penetration testing at both program and engagement levels.
The presenter will also share real world data from ~ 100 individual pen test engagements performed in 2016.
- Creating Your Own Customized Metamorphic Algorithm
Speaker: Alvarez Raul @raulr_alvarez
Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet our ultimate goal is to detect them.
- Cryptocurrencies and Anonymity: The Good, The Bad, and The Future
Speaker: Brown Benjamin @ajnachakra
Cryptocurrencies are seeing an enormous uptick in use. While much of that use shows through the media as illicit or crime oriented, cryptocurrencies are seeing widespread legitimate use for transfers without the wiring fees, gifts, remittances, basic retail transactions, and as an alternative to an unstable fiat currency (think Argentina, South Africa, Brazil, Myanmar, Malaysia, and Indonesia). So much business is being done via cryptocurrency that the United States IRS just served a “John Doe” summons to Coinbase (currently the largest cryptocurrency exchange) requesting the identities of United States Coinbase customers who transferred any convertible virtual currency from 2013 to 2015 to ensure proper reporting and compliance under U.S. tax law. In this talk I will explain what cryptocurrencies are and what related blockchains are. Iâ€™ll then give an overview of the current markets and valuations as well as the up and comers. With that foundation we can look at the erroneous claims of cryptocurrency â€œanonymityâ€ and reveal how open transaction ledgers work. I will continue with current research, tools, and techniques for forensic cryptocurrency transaction analysis. Weâ€™ll then turn to techniques transactors use to further obfuscate their transaction trail and what the weaknesses of those techniques are. Finally, weâ€™ll look at the current innovations targeting cryptocurrency privacy concerns, how they work, and what challenges they face.
- Detecting DNS Anomalies with Statistics
Speaker: Buening Jamie @JamieBuening
Defending against attackers has become increasingly difficult. Solutions using signature based detection such as IPS and anti-virus are still needed, but no longer prevent all malware or virus infections. What can be done to improve the ability to prevent attackers from completing their objectives? One option is to proactively look for them.
This talk will discuss options for analyzing DNS logs with a goal of identifying anomalies. DNS is a foundational technology that allows the internet to function and is present in practically every network. Malicious actors are using DNS for command and control as well as data exfiltration. Using some basic statistics it is possible to identify anomalies in DNS traffic. These anomalous events can be evaluated to identify potentially malicious activity.
Come see and hear about specific examples in finding DNS anomalies. Attendees will leave with new knowledge and ideas that can be used with their own data.
- Finding Your Way to Domain Admin Access and Even So, the Game Isn’t Over Yet.
Speaker: Lee Keith @keith55
In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues.
- Leveraging Vagrant to Quickly Deploy Forensic Environmentshi
Speaker: Williams Jeff @blu3wing
As Incident Responders, we’re always on the lookout for tools that will allow us and our investigations to become more efficient. There are already a ton of great tools and pre-configured virtual images that provide us with workable forensics environments. It doesn’t hurt to have more than one trustworthy option when it comes to these resources.
Vagrant is a virtual management platform used to create and deploy virtual environments. Although it’s more commonly used by developers for testing, I thought about how I could leverage it for my DFIR needs. My goal was to provide a quick deployable forensics environment while leveraging the Vagrant platform. Dreamcatcher was born.
The Dreamcatcher project was shaped with a lightweight memory forensics environment in mind, and since then I have added more tools and features to its arsenal. As my contribution to the variety of DFIR “Swiss Army Knives” available, it is a fast, flexible alternative. With a clear list of ingredients – no hidden preservatives! – I will demonstrate why Dreamcatcher is a great DFIR addition to anyone’s toolkit.
- Network manipulation on video games
Speaker: Kot Alex @alex_s_kot
I will go over common misnomers of online cheating methods. Explain the realistic side of why Peer to Peer games can be broken. I will showcase a method I PoC 5 years ago, yet I haven’t seen this type of manipulation displayed online (video demo). I will also describe the benefit of dedicated servers or “Cloud” games. The reason I want to discuss these concepts is due to most FPS are moving from P2P to Cloud which mitigate most of these attacks. At the end will bring up a funny story of social engineering some person on XBL to have him apologize for threatening people.
- Open Sesamee
Speaker: Power Max @dontlook
Resettable combination locks are popular because they can be set to user-chosen codes. Multiple locks can be set alike to one another. Authorized users don’t have to keep track of key or other physical credentials. These locks are often used to control access to construction zones, infrastructure, and sensitive areas (such as utility equipment and cellular towers) across the country. The most popular of these locks is the Master 175. Methods of attacking this lock have been known for some time, however the descriptions and documentation were not readily available. The talk will discuss the best method for decoding this lock and examine the path I took to create my own cutaways and instructional models. In the end, this will hopefully provide people skills both at some home-machining and also help them decode the lock well enough to teach others.
- OSINT For The Win – Tools & Techniques to Maximize Effectiveness of Your Social Engineering Attacks
Speaker: Gray Joe @C_3PJoe
Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. But those attacks are only as good as the information used to create them. This presentation will arm you with the latest open-source intelligence (OSINT) tools and techniques needed for gathering detailed information on your targets, turning your social engineering ops into carefully targeted precision strikes that can greatly improve your results. We’ll also cover steps that you can take to reduce your own OSINT exposure, protecting you and your organization. You’ll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Datasploit and recon-ng.
- Peakaboo – I own you: Owning hundreds of thousands of devices with a broken HTTP packet
Speaker: Serper Amit @0xamit
Imagine that you’ve purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only one broken HTTP packet. Now stop imagining. In the end of 2016, my fellow researcher Yoav Orot and myself published our research paper about a hundreds of thousands of white labeled ip security cameras being vulnerable to a simple attack that allows an attacker to gain complete control of the camera, including code execution as root without any ability to patch. We did not publish any technical details yet since we had to wait for the vendor’s answer. This talk will dive deeply into the product, our research process and into the vulnerabilities themselves. I will walk through all of the steps in our research (from hardware hacking to firmware dumping and just plain ol’ reversing) and demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. There will be root shells, there will be exploits, there will be tears. Attendees of this talk will leave with some insights about IoT security and embedded device hacking.
Speaker: Robertson Chad @chrooted
- Splunking Dark Tools – A Pentesters Guide to Pwnage Visualizationu
Speaker: Bates Nathan @Brutes_
Speaker: Kuntz Bryce @tweetFawkes
A rise in data analytics and machine learning has left the typical pentesters behind in the dust. This talk covers the required tools for consolidating, analyzing and visualizing the dark tools that are used by every red team. This can all be done at scale keeping up with even the most bleeding edge continues integration and deployments environments. We’ll release the required framework for getting the data where it needs to be, the technical add-ons to ensure this data is ingested in usable formats, and dashboards for Spunk to leverage this data for mass pawnage of your target!
- Tales from the Crypt (analyst)
Speaker: Man Jeff @MrJeffMan
As a certified Cryptanalyst for the National Security Agency, the speaker was classically trained in manual cryptography, but also pioneered some of the first computer-based cryptographic systems produced by the agency. Topics discussed will include applications of classic cryptography including one-time pads and various cipher methods to machine-based systems (such as the Enigma) and ultimately to modern computer-based algorithms such as public key cryptography. The talk will also explore the speaker’s experiences in the private sector and how the understanding of cryptography helped numerous times in penetration testing, vulnerability assessment, security architecture, and technical advising. Ultimately, this talk will guide you through a history and evolution of cryptography over the past thirty years using the speaker’s own experiences as a backdrop for a discussion of the migration of cryptography from manual to machine and ultimately to digital. Understanding the history and evolution of cryptography is essential for applying modern cryptographic solutions to solve today’s information security problems, particularly in understanding the residual risks, the shifting attack strategies, and the inherent weaknesses in the implementation or fielding of even the best cryptosystems and solutions.
- Talky Horror Picture Show: Overcoming CFP Fears
Speaker: Sweet Kat @TheSweetKat
I see you shiver with anticipation. For those who have never submitted a talk to an infosec conference, the process can seem nebulous and overwhelming. Fear is driven by uncertainty, so let’s combat that fear with facts. Come hear a reviewer break down what the CFP process actually entails, including what goes on behind the scenes once you’ve hit “submit”. You’ll also learn about resources to help you along the way. Performing a risk analysis of every step of the CFP lifecycle – from developing your initial idea, to writing and submitting a talk proposal, to preparing to speak once you’ve been accepted – we’ll see that the downsides are minimal and the benefits are numerous.
As a certain mad scientist put it: “Don’t dream it. Be it.”
- Trials and Tribulations of setting up a Phishing Campaign – Insight into the how
Speaker: Johnson Haydn @haydnjohnson
Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but once you realize you aren’t getting command and control, that fuzzy feeling wears off quickly. Everyone knows in theory what Phishing is, what Phishing emails looks like, they even may even theoretically know how it all works.
What about executing a Phishing Campaign? This talk will show you the journey of setting up and executing a Phishing Campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish. An important understand in Phishing (like any attack) is the side of the victim; what they see and do in receiving a phishing email; this is referred to as advancing ones tradecraft.
We will go through:
– The main difference between phishing for clicks and phishing for shells
– Choosing and setting up a Phishing Framework
– Actions I take when learning something new
– Testing delivery and bypassing Spam filters with Microsoft Click once
– Testing different user interactions for executing payloads
– Learning different payloads for command and control
– Understanding the email minefield
- Why is the Internet still working?
Speaker: Troutman James @troutman
I have noticed that most InfoSec folks, even those coming from a network engineering background, tend to have a limited understanding of how the modern Internet that we all depend up actually works. This talk will be a primer on how today’s Internet is put together verses in the past, and how it manages to keep on working and scaling, thus far. This presentation won’t make anyone an instant expert, but it will provide you with an overview of Internet history, technical and security challenges, operational best practices, and business issues that you won’t find in any other single presentation. Topics will include a brief Internet history, definitions of Internet Service Provider Tiers, the difference between IP peering and IP transit, how Internet traffic distribution and costs have changed over time, the rise of Internet Exchange Points and Content Distribution Networks around the world, and post IPv4 exhaustion issues. Also discussed will be how technologies and techniques such as geo-targeting, Anycast DNS, and remote triggered black-holes help keep the Internet functioning during DDoS attacks, including the ones delivered via the dreaded fiber seeking backhoe.
- You’re not old enough for that: A TLS extension to put the past behind us
TLS evolves rapidly. We don’t all have the luxury of upgrading with it, unfortunately; new versions, extensions, cipher suites, and protocols require mutual support. This poses a serious problem for those who have legacy systems that cannot be upgraded (think IoT, or any device that needs certification). Accepting the risk of using a weak (but still sufficient, or better than nothing) protocol with those systems on an interim basis shouldn’t imply accepting the risk everywhere. I offer an alternative.
I propose a TLS extension that endorses certificates with certain supported features, and then performs a sanity check at the end of establishment or renegotiation. This can be used to detect and prevent downgrade attacks, and doubles as a policy enforcement tool.