Key learning objectives
Understanding of web applications and organizational networks
Overview of common weaknesses and how they can be exploited
Understanding how to defend against these vulnerabilities
Key learning objectives
Learn about the basic understanding of vehicular networks
Gain better understanding of vehicular communication protocols
Explore the attack surfaces in vehicles
To ensure wireless security, one needs to have a comprehensive understanding of the technology, threats, exploits, and defensive techniques along with experience in evaluating and attacking wireless technology. Not limiting one’s skill-set to WiFi, we also need to evaluate the threat from other standards-based and proprietary wireless technologies as well. This session takes an in-depth look at the security challenges of many different wireless technologies, exposing one to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, we’ll navigate our way through the techniques attackers use to exploit RF networks. The session will introduce one how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.
25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.
What?
A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.
Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).
In this talk we provide fault injection insights, potentially overlooked in presentations and likely unknown to the masses. Such insights are distilled from our experience with fault injection attacks, performed with multiple techniques on a wide-variety of devices during the last decade. In our talk we refer to public research, some of which we were involved with, for supporting our claims. A significant portion of such research is rather domain specific, not easy to find or stumble upon and therefore often not referred to and discussed by researchers. In this talk we leverage such research and share our understanding of the fault injection fundamentals with the audience. In the process, we debunk myths and clarify misconceptions. Getting such myths and misconceptions out of the way allows us to discuss and reason about new powerful attacks, which can be also be performed using affordable tooling.
This presentation shares techniques how an organization can build an effective threat intelligence and SOCMINT collection program by monitoring social media. Many things are worth to look on Social Media, from threat actors maintaining social bots to promote content, to malware samples using social media as a hidden communication channel. Through our research we have build a set of tools to look for anomalies on social media traffic to detect these kinds of abnormal behaviour. But it is not only the malicious content we look for on Social Media. We also want to see how the social media can be used as a "situational awareness" tool by ingesting information about disclosed vulnerabilities, on-going exploitation campaigns and more. Whether we discuss weaponization of recent CVEs or disclosure of new n-day vulnerabilities we want to know, at which stage threat actors now, how long it take to weaponize particular CVE, what threats this activity brings to particular Critical infrastructures and Geographical regions. We have built tools to visualize, process and automatically aggregate this kind of information.
The presentation is illustrated with a number of demonstrations and detailed case studies showing our discoveries including correlation of recent attacks and activities in social media, practical approaches, how to estimate most important twitter accounts and threads, related to InfoSec events in particular period of time. Examples of malware campaigns where social media has been used as a part of malware infrastructure.
This session will provide information on the current data breach landscape and behind the scenes look into cyber liability from a former insurance professional with no sales spin. The talk will discuss how the coverage works and what types of breaches can be covered. Further, the session then will discuss how cyber insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.
To practically test our hypothesis we applied dumb fuzzing and smart fuzzing concurrently to major command line tools from the Linux and MacOS world (oh git). With well chosen input corpora it was possible to find formerly unknown security relevant bugs in these tools. The race is currently open ended, while the dumb fuzzing tools have currently (six weeks before HITB) found more bugs in these tools than AFL. However this may change until we meet in Abu Dhabi, so stay tuned.
But we are all researchers, what keeps our minds happy are the primarily the bugs, and not the history and approach how they were found. Therefore to wrap up the talk about a dozen of interesting scenarios will be shown as well as the coding skills that led towards those.
However few people understand & explain how such machines & technologies work. Even fewer people trying to build one. I’m one of this crazy people.
In this talk, we aim to explain how this new type of much powerful digital processing works and how we build our own Quantum computer …without a Phd in quantum physic. We will describe our plan to build the Quantum computer's hardware with hacker’s style. Through our own experiments, we will discuss our failures, our success, our progress around this challenging goal !
Come to see Live demonstration of part of the hardware we build at the moment. We use the "Trapped ion technology". We trap atoms to make powerful calculation & computing task! Be prepared to unlock your quantum brain as this new domain is really different for classical computation 😉 but it can enhance the Cybersecurity world
The classical network vulnerability assessment and penetration testing involves scanning an IP, identifying vulnerabilities and attempting to exploit a vulnerable service. Such a kind of assessment often fails to identify how a real attack would occur on a network. This workshop is meant for security enthusiasts and security consultants that want to expose themselves to enterprise infrastructure penetration testing and red teaming. In this workshop, we shall cover the basics of a penetration testing of an enterprise network utilizing Windows Infrastructure i.e, identify low hanging fruits, extract credentials from a windows system and elevate to windows domain administrator.
Technical Contents:
i. Footprint with Nmap - Nmap - basic execution methods - port scan, ping scan, no ping scan
ii. Foothold an infrastructure - Tomcat Exploitation - Password Spraying with crackmapexec - Group policy passwords
iii. Windows Post exploitation - Credential extraction with mimikatz - Hash extraction techniques added contents if time permits - Pass the hash - active directory hunting users(Powersploit - Invoke-UserHunter)
Tools:
i. Nmap ii. CrackMapExec iii. Metasploit iv. Get-GPPassword.ps1 v. Mimikatz
In this talk, I will guide the audience through the design and development of a behavioral ransomware detonation and detection framework, test the framework against a few well-known ransomware families, and detail a thorough automated testing methodology. I will also be releasing the framework source code to the public on the day of the talk.
25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.
What?
A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.
Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).
The Telecom ecosystem has been evolving (e.g. 2G, 3G, 4G and 5G) with the needs of connectivity of embedded systems and introducing security features to increase mainly the privacy and resilience of the infrastructures. Nevertheless, challenges remain as security researchers have demonstrated that various security flaws remains due to the gaps in both specifications and implementations.
Our workshop will take the audience through some of these issues from the concept level to the implementation of various attacks. The main objectives of this short course enriched with demos are to provide attendees the required background to understand the criticality of threats and the possible mitigation.
Topics covered during the workshop:
1) Telecom network Infrastructure: • Overview of the Telecom architectures and the modifications/improvements made with each technology implementation
2) Attack surfaces: • Discuss various entry points to the network along with exposures from the attacker’s view • Provide sample attack scenarios
3) Privacy issues: demos on IMSI/ TMSI and related attacks: • Demo of IMSI/ TMSI catching using RTL;SDR and OsmocomBB • Discussing practical attacks using IMSI/ TMSI for further attacks
4) Existing mitigations in 5G for issues in previous technologies • Discuss 5G 3GPP specifications with a focus on the mitigation of issues identified in 2G, 3G and 4G • Discuss 5G architecture and how it is different from 2G, 3G and 4G
5) Security flaws in 5G : • Security flaws discovered in the 5G specifications and implementation
In this presentation, we first talk about the background knowledge of ICS/SCADA, and what kinds of security threats and attack vectors in ICS/SCADA. And then, we analyze an Industrial communication protocol, and write Lua plugin for Wireshark and exploit code as a hacker. In this part, we provide demo which shows hackers hack LC with Industrial communication protocol and PLC’s service to compromise ICS/SCADA. After hacking demo, we demonstrate the rotection strategy to secure ICS/SCADA. When we know how hackers attack ICS/SCADA, we know how to defend and deploy our protection strategy to achieve the most effective results.
Is the impact of these changes good or bad? Some nations are resisting the changes because they perceive the loss of sovereignty over their information and monetary systems. Others are embracing it to achieve independence and autonomy from larger economic powers. It impacts sanctions regimes, balance of power, national competitiveness and many, many more.
Come and discover how blockchain and crypto currencies are impacting the future of money, governance and the law, here and around the world!
Web browsers are incredibly complex and because of its huge code base, contain a wide attack surface.
This 2-hour workshop will give attendees an introduction to the world of Browser exploitation. We begin with an introduction to the Browser architecture and the different security mitigations in place. We will then learn how to set up a test environment using the open source builds of different browser engines. We will then learn how to identify, analyze and exploit vulnerabilities in the WebKit browser engine.
We will focus mostly on JavascriptCore, understand how objects are allocated and stored in the memory followed by an understanding of how JIT Compilers work, and then learn how a Type-confusion vulnerability can be exploited to get initial addrof() and fakeobj() primitives followed by shellcode execution on an unpatched Safari instance.
Despite the prevalence of other secure messengers, there has yet to be a secure instant messaging platform for hackers by hackers - that is until the release of BCM; the first blockchain messenger built with the sole purpose of having the highest level of security, privacy and efficiency. BCM Messenger was built and designed from the ground up with security as its core focus and employs end-to-end encryption, off-the-gird communications, MITM prevention and more.
In this talk, we will cover the background of how we built BCM messenger and take you through the inner workings of how we built a secure and reliable communications messenger on the blockchain.
This presentation will go through the various tasks I undertook to implement a working tooling including:
* Assessing the best approaches to implementing an RPC client in .NET.
* Reverse engineering the APIs to identify the low-level ALPC implementation.
* Implementing NDR parsing and serialization
* PowerShell Integration.
The presentation will finish up with some details one of the bugs I discovered with the new tooling. The tooling itself will be available to all.
25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.
What?
A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.
Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).
The problem is made worse in modern embedded system implementations when many parties become involved in different aspects of a CPU's design. This leaves room for bugs, implementation errors, and undocumented features to creep into a real world computing system. In an effort to better communicate how a CPU is supposed to work, ARM recently began releasing the ARMv8-A Architectural Reference Manual in a machine parsable format designed specifically to be read and understood by both a computer program and a human programmer. This offers promising potential to bridge the gap between a CPU’s intended design, a CPU’s implementation, and the humans that program software for that design. This presentation will analyze how these manuals can be leveraged as a tool for implementing model-based fuzzing and verification techniques for ARM CPUs. I will discuss how you can use these manuals to programmatically search for behaviors that violate an intended CPU specification by introducing a new open-source tool named Scapula for accomplishing this task. Techniques, findings and results will be discussed for a couple of ARM based platforms, along with some technical challenges and future direction for improvement.
We will explore 3 differents scenarios:
- First, we will exploit a self XSS and a lack of CSRF token, two low impacts bugs. But, chained together and with the usage of JS services workers allow an attacker to take persistant control of a victim browser even after the bug is fixed.
- Then I will demonstrate how a to get a root access on a server running docker using only a SSRF attack. The server will be running NodeJS and Axios as an http client.
- Finally, we will use a template injection on a flask application to exfiltrate private data from a readonly server by injecting a backdoor directly into memory. This will include a demonstration of a new tool made to help hunters exploit this kind of vulnerability. This tool will allow to log, redirect and modify the incomming traffic.
In this workshop, you will have the opportunity to learn how to identify security weaknesses in mobile apps that may exist on the world’s most popular mobile platform, Android. In this 2 hour technical session, we will begin by analyzing Android app components, following shortly by performing basics static analysis techniques with the guidance of various state-of-the-art reverse engineering tools. The attendees will then obtain the knowledge of advanced topics such as analyzing obfuscated code by performing dynamic instrumentation, bypassing client-side protection mechanisms, and manually exploiting vulnerable components of applications.
This workshop aims to help beginners to intermediate level security professionals to feel comfortable with conducting Android App security assessments by utilizing modern security tools and techniques available on the market.
Following are the list of concepts that we will cover in this workshop:
1. Static Reverse Engineering
2. Dynamic Binary Instrumentation
3. Jailbreak Detection and Bypass
4. Intercepting Application Traffic
5. SSL Pinning Bypass
6. Manual Patching
7. APK Signing
8. Platform Components Exploitation
Prerequisites: The workshop is aimed at an audience with a basic to intermediate application-security skill level. It is expected that attendees are familiar with basic web application security testing methodology and are comfortable with Linux/Unix like command-line tools.
Materials: The setup to cover all exercises is a Linux/Mac OS X laptop with Android Studio, Burp Suite Community Edition and Google Chrome installed. All exercises can be done using the Android simulators. A physical mobile device is not necessary.
We destroy these mitigations by taking a skeptical look at their assumptions, and reveal that unprivileged userspace applications can steal data by simply ignoring security boundaries, after all, what do address spaces and privilege levels mean to Intel's CPU pipeline? Using our RIDL attacks (also known under the PG-13 Intel designation: MDS -- Microarchitectural Data Sampling), we'll steal in-flight secrets from SGX using just a bit of JavaScript in a web browser, grab /etc /shadow from another VM without even thinking about the hypervisor in the middle, and despair about our speculatively executed future.
The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools, we'll demonstrate four simple radios that can be home-built using commonly available parts for little to no cost.
It is possible to perform all types of Aviation cyber security research and to report the results while getting proper credit and recognition from both, the Aviation industry and the cyber security community, it just has to be done properly and in this workshop attendees will learn how.
Over the last 3 months, Semmle Security Research Team has been triaging all open source CVEs and engaging on a subset of those performing variant analysis trying to uncover what it was missed.
During this talk we will present some of these cases where we used QL to perform variant analysis, in addition to some others where we performed the full research (seed vulnerability and variant analysis) such as u-boot.
Most of known electronic communication environments, social networks, online media ecosystems, marketplaces and unmanaged transactional system such as blockchains easily host scam and manipulation campaigns targeting individual wallets, corporate assets and public security. Even the rating systems being employed in most of marketplaces are vulnerable for reputation gaming attacks with different strategies.
We discuss our proposition for flexible “liquid rank” reputation assessment system based on graph theory and “liquid rank” implemented as open source. We present how different configurations of the reputation system may reduce loss to scam for honest participants and increase costs of scam for dishonest ones, with examples for real blockchains and simulations of marketplaces. We also discuss possible design and implementation options for such system.
In the end, the weakest chain in computer security is a human, so the social engineering may crack what is not cracked exploiting software and hardware vulnerabilities. To address this, we present the notion of personal security assistant based on the cognitive model of the human mind and intended to defend human users from manipulation and negative impacts.