Thursday, Aug. 7
Paging SDR... Why should the NSA have all the fun?
Xaphan (JEFF THOMAS)
n00bz (JASON MALLEY)
Remember pagers? Those things the dealers used in the first season of The Wire? Did you know that people still use them? Sure you may have turned off that old pager and put in your desk drawer, but that doesnt mean the back end infrastructure was turned off. This talk will cover the basics of POCSAG/FLEX decoding using cheap SDR dongles and free software. We will also present examples of the kind of unencrypted data that is still being broadcast through the regional and national pager networks.
Anatomy of a Pentest; Poppin' Boxes like a Pro
Are you excited about hacking and want to be a pentester in the next few years? Let this talk be your guide in understanding what is required to effectively assess a network and all of its associated components. We'll review subjects ranging from assessment toolsets, environment configurations, timelines, what to do when you've accidentally brought down the entire finance department, and how to gently handle the situation when you tell the CIO his baby is ugly. These techniques and processes can are geared towards to your typical penetration testing processes. The talk has been structured so that not only veterans can benefit from the processes, but the newer/aspiring pentesters can establish a solid foundation for their own work! Hack on.
Standing Up an Effective Penetration Testing Team
Wiseacre (MIKE PETRUZZI)
Many talks give you information on how to be a better penetration tester. The majority are technical talks on improving techniques or learning new tools. This talk aims to teach the attendees the techniques and pitfalls of putting together a penetration team. It goes beyond identifying the right people to be on the team and the talk explores the concepts of planning, performing and reporting the test. The talk also looks at getting to the root of a client's problem and how to be paid to return.
Oh Bother, Cruising The Internet With Your Honeys, Creating Honeynets For Tracking Criminal Organizations
Bandwidth, computing power, and software advancements have empowered hackers to quickly scan for and exploit services across the Internet. While this is a major issue, it does allow researchers to track criminal activity with strategically placed honeypots that lure and trap criminals, allowing organizations to put that information to use improving network security. This talk will outline how to use DDoS vulnerable services to develop a honeypot network that will extract valuable information from the Internet and produce a data feed that can be used to protect online assets with kibana, elasticsearch, logstash, and AMQP.
Friday, Aug. 8
Oracle Data Redaction is Broken
David Litchfield SECURITY SPECIALIST, DATACOM TSS
The Oracle data redaction service is a new feature introduced with Oracle 12c. It allows sensitive data, such as PII, to be redacted or masked to prevent it being exposed to attackers. On paper this sounds like a great idea but in practice, Oracle's implementation is vulnerable to multiple attacks that allow an attacker to trivially bypass the masking and launch privilege escalation attacks.
Abuse of Blind Automation in Security Tools
Eric (XlogicX) Davisson SECURITY RESEARCHER
Ruben Alejandro (chap0) SECURITY RESEARCHER
It is impossibly overwhelming for security personnel to manually analyze all of the data that comes to them in a meaningful way. Intelligent scripting and automation is key. This talk aims to be a humorous reminder of why the word "intelligent" really matters; your security devices might start doing some stupid things when we feed them. This talk is about abusing signature detection systems and confusing or saturating the tool or analyst. Some technologies you can expect to see trolled are anti-virus, intrusion detection, forensic file carving, PirateEye (yep), grocery store loyalty cards (huh?), and anything we can think of abusing. Expect to see some new open-source scripts that you can all use. The presenters don't often live in the high-level, so you may see the terminal, some hex and bitwise maths, raw signatures, and demonstrations of these wacky concepts in action. We don't intend to present dry slides on "hacker magic" just to look 1337. We want to show you cool stuff that we are passionate about, stuff we encourage everyone to try themselves, and maybe inspire new ideas (even if they're just pranks...especially).
Bypass firewalls, application white lists, secure remote desktops under 20 seconds
Zoltán Balázs CHIEF TECHNOLOGY OFFICER AT MRG EFFITAS
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation. I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance
Dr. Phil Polstra ASSOCIATE PROFESSOR OF DIGITAL FORENSICS, BLOOMSBURG UNIVERSITY OF PENNSYLVANIA
Is someone spying on you? This talk will present several low-tech ways that you can detect even high-tech surveillance. Topics covered will include: detecting surveillance cameras with your cell phone, signs that you are under physical surveillance, detecting active and passive bugs with low cost devices, and detecting devices implanted inside computers, tablets, and cell phones.
Panel - Diversity in Information Security
Jennifer Imhoff-Dousharm INFORMATICS STUDENT, CO-ORGANIZER OF THESUMMIT, NCWIT AFFILIATE MEMBER
Sandy "Mouse" Clark SECURITY RESEARCHER AND PART-TIME PHD. CANDIDATE
Jolly FULL TIME HACKER
Vyrus INDEPENDENT SECURITY CONSULTANT
Scott Martin CIO SPIKES SECURITY
Discussion from the point of view of a diverse panel of leading representatives currently in or thinking of becoming part of the Information Security industry. This panel will give you insight to the evolutionary landscape of diversity in the hacking community. We will present statistical evidence showing the lack of sub-culture representation in the hacking community and while these numbers have been decreasing we can still work to encourage cultural variance. By analyzing how diversity is critical to improving the information security industry we will explore positive approaches to encourage recruiting and retention of deficient subcultures, removing of unconscious bias' and discouraging inclusiveness, and introduce the audience to a wide variety of existing support structures. There will be no witch hunt here, there will be no judgement, only information. All of this and more will be answered with open and honest dialogue into one of the most controversial issues currently within our community.
Saturday, Aug. 9
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!
Jake Kouns CISO, RISK BASED SECURITY
Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY
Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter! Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble? Ultimately, we'll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting.
Cyberhijacking Airplanes: Truth or Fiction?
Dr. Phil Polstra ASSOCIATE PROFESSOR OF DIGITAL FORENSICS, BLOOMSBURG UNIVERSITY OF PENNSYLVANIA
Captain Polly ASSOCIATE PROFESSOR OF AVIATION, UNIVERSITY OF DUBUQUE
There have been several people making bold claims about the ability to remotely hack into aircraft and hijack them from afar. This talk will take a systematic look at the mechanisms others are claiming would permit such cyberhijacking. Each of the most popular techniques will be examined mythbuster style. Along the way several important aircraft technologies will be examined in detail. Attendees will leave with a better understanding of ADS-B, ADS-A, ACARS, GPS, transponders, collision avoidance systems, autopilots, and avionics networking and communications. No prior knowledge is assumed for attendees. The primary presenter is a pilot, flight instructor, aviation professor, aircraft mechanic, aircraft inspector, avionics technician, and plane builder who has also worked on the development of some of the avionics systems found in modern airliners. The second presenter is a former airline pilot with thousands of hours in airliners who is currently an aviation professor in charge of a simulator program.
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring
Alex Pinto CHIEF DATA SCIENTIST, MLSEC PROJECT
We could all have predicted this with our magical Big Data analytics platforms, but it seems that Machine Learning is the new hotness in Information Security. A great number of startups with 'cy' and 'threat' in their names that claim that their product will defend or detect more effectively than their neighbour's product "because math". And it should be easy to fool people without a PhD or two that math just works. Indeed, math is powerful and large scale machine learning is an important cornerstone of much of the systems that we use today. However, not all algorithms and techniques are born equal. Machine Learning is a most powerful tool box, but not every tool can be applied to every problem and that's where the pitfalls lie. This presentation will describe the different techniques available for data analysis and machine learning for information security, and discuss their strengths and caveats. The Ghost of Marketing Past will also show how similar the unfulfilled promises of deterministic and exploratory analysis were, and how to avoid making the same mistakes again. Finally, the presentation will describe the techniques and feature sets that were developed by the presenter on the past year as a part of his ongoing research project on the subject, in particular present some interesting results obtained since the last presentation on DefCon 21, and some ideas that could improve the application of machine learning for use in information security, especially in its use as a helper for security analysts in incident detection and response.
The Monkey in the Middle: A pentesters guide to playing in traffic.
Anch (MIKE GUTHRIE)
Prank your friends, collect session information and passwords, edit traffic as it goes by.. become the Monkey(man)-In-The-Middle and do it all. This presentation will teach you a penetration testers view of man in the middle (MITM) attacks. It will introduce the tools, techniques and methods to get traffic to your hosts. Demonstrations of the tools and methods involved will be presented. Come learn new and interesting ways to prank your friends, experience the all porn internet (redux), learn what mallory is and how to use it, learn how to direct traffic to your proxy, deal with SSL and certificates in interesting ways, and make sure you go (mostly) undetected.
Advanced Red Teaming: All Your Badges Are Belong To Us
Eric Smith SENIOR PARTNER, PRINCIPAL SECURITY CONSULTANT AT LARES
Josh Perrymon SENIOR ADVERSARIAL ENGINEER AT LARES
By definition "Red Teaming" or Red Team testing originated from the military whereby describing a team whose primary objective is to penetrate the security controls of "friendly" institutions while evaluating their security measures. The term is widely used today to describe any form or blend of logical, physical and social based attacks on an organization. Since the early 2000's, LARES' core team members have been presenting on and performing advanced Red Team attacks against all verticals and have a 100% success rate for organizational compromise when performing full scope testing. Fresh out of the think tank of Layer 8 Labs (the R&D division of LARES) and tested in the streets on numerous engagements, this talk will focus specifically on badge access control systems, inherent flaws in their design and demonstrate direct and blended attacks against them. Live demonstrations will be given to show how these flaws lead to facility and system compromise, even against the most secure access control systems and card types being sold to the market today. Custom built tools by the LARES team members will be demonstrated throughout the talk and an interactive discussion will be held at the end of the presentation to discuss current mitigation strategies and industry needs to thwart these attacks going forward.
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin
Metacortex SECURITY RESEARCHER
Grifter SECURITY RESEARCHER
This is an introduction level talk. The talk itself will cover the basics of Tor, Darknets, Darknet Market places, and Bitcoin. I will start by giving the audience an overview of Tor and how it works. I will cover entry nodes, exit nodes, as well as hidden services. I will then show how you connect to Tor on both Linux/OSX and Windows and demo it off. Once we are connected to Tor, I am going to show how to find Tor hidden services and then demo off browsing around some marketplaces. Once the audience has a solid grasp on what the market places offer, I am going to start dealing the process of purchasing something off of it. I will cover bitcoin and bitcoin mining. After we know about how bitcoin works, we will cover purchasing items. I will cover purchasing PO Box's and the pickup of packages. Finally I will finish up with some concerns you may want to be aware of and my recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure.
Sunday, Aug. 10
"Around the world in 80 cons" - A Perspective
Jayson E. Street SENIOR PARTNER OF KRYPTON SECURITY
After spending 15 years in the hacker / InfoSec community, I thought it was time to pause and look back upon all I have seen, everywhere I have been, all the people I met and everything I have learned. And then share some of that knowledge with people to hopefully help them have a leg up moving forward. More importantly, compare and contrast my experiences and perspectives with statistics we commonly see based on attacks and the countries of origin. Statistics tell one story, perspective tells the other. This is a talk on perspectives. Hackers, and hacking, are perceived differently around the world and, in turn, some view our community and what we do with different eyes than ours. I believe most reports/papers we (Americans) see about that topic are skewed and never give an accurate global image. Taking a very small dose of reality and comparing it to what we're subjected to, is interesting. Being a foreign hacker attending a con, or delivering an engagement, in an alien land often led to unexpected situations that I will also share. I will also share while searching for diversity in our global hacking culture I found things that united us more than you would expect. I show how no matter what region of the planet you come from we face a threat we all need to face and overcome.
You're Leaking Trade Secrets
Michael Schrenk BUSINESS INTELLIGENCE SPECIALIST
Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
Empowering Hackers to Create a Positive Impact
In March 2014 I spoke at the annual TED conference about why hackers are a vital part of the information age. I claimed that the world actually needs hackers, and that they play an important social, political and technology role. At first I thought I will encounter objection, but I found out I was preaching to the choir. Surprisingly, many of the smart, powerful, rich people at TED thought hackers were just great. Then I realized: I was preaching to the WRONG choir. It's the hackers who are the change agents, and the only ones who can make a difference when it comes to the future of the net. That's why this talk will speak to the heart of the hacking community about the practical things hackers can do to create a positive impact on the world. Essentially, it's about being a good hacker while staying out of jail and making the world a better place - with things like community outreach projects, crypto parties, voluntary red teams, responsible disclosure and stopping the spread of FUD.