HITB Armory

WHEN:

15th - 17th OCT
9:00 - 17:00

WHEre:

Exhibition Area

who:

Opposing Force

Overview

The HITB Armory is where you can see your favourite security tools. You will access an exhibit area in which tools’ developers will conduct demostrations for up 2 hours per day!

Come, meet, ask questions! They are here for you! The goal is to create a easy and relaxed environment to speak about features and tricks of your daily security tools, or to find new ones! Moreover, you can also vote for your favourite tool! The most voted ones will receive a donation of $500,00 to support the development of the tool!

The event is organized by HITB in collaboration with Opposing Force.

 

Diversity Matters!

HITB Armory Board is committed to creating a conference that is as inclusive as possible. We want to showcase the best security tools available around the world.

We are also committed to ensure the conference is a place where ideas are exchanged, old friends get together, new friends meet and harassment is not tolerated. We expect speakers, attendees and sponsor representatives to be professional and courteous to each other. We reserve the right to remove, without refund, ANY attendee (speaker or otherwise) who is unable to adhere to this policy.

Agenda

Day 1

Morning Session (11:30 – 12:30)

  • Booth 1: graudit – rought source code auditing tool
  • Booth 2: NAU Tools: unlocking network access
  • Booth 3: LAF: LoRaWAN Auditing Framework 

 

13:00 – 14:00 Lunch Break

 

Afternoon Session (15:30 – 16:30)

  • Booth 1: graudit – rought source code auditing tool
  • Booth 2: SASTRI: VM for in-house static application security testing
  • Booth 3: LAF: LoRaWAN Auditing Framework
  • Booth 4: VyAPI: Cloud-based hybrid vulnerable Android App
 

Day 2

Morning Session (11:30 – 12:30)

  • Booth 1: graudit – rought source code auditing tool
  • Booth 2: SASTRI: VM for in-house static application security testing
  • Booth 3: LAF: LoRaWAN Auditing Framework
  • Booth 4: VyAPI: Cloud-based hybrid vulnerable Android App
 

13:00 – 14:00 Lunch Break

 

Afternoon Session (15:30 – 16:30)

  • Booth 1: NAU Tools: unlocking network access
  • Booth 2: VyAPI: Cloud-based hybrid vulnerable Android App
  • Booth 3: LAF: LoRaWAN Auditing Framework
  • Booth 4: Fault Injection: Having fun with visualizing fault attacks using low-cost tooling!
 

Day 3

Morning Session (11:30 – 12:30)

  • Booth 1: NAU Tools: unlocking network access
  • Booth 2: SASTRI: VM for in-house static application security testing
  • Booth 3: Fault Injection: Having fun with visualizing fault attacks using low-cost tooling!
  • Booth 4: VyAPI: Cloud-based hybrid vulnerable Android App
 

13:00 – 14:00 Lunch Break

 

Afternoon Session (15:30 – 16:30)

  • Booth 1: SASTRI: VM for in-house static application security testing
  • Booth 2: graudit – rought source code auditing tool
  • Booth 3: NAU Tools: unlocking network access

Tools Details:

  • graudit – rought source code auditing tool (by Eldar Marcussen)

Want to find bugs quickly? graudit is a static source code analysis tool that uses signatures to detect vulnerabilities. It supports multiple languages and is easy to script and extend.

graudit has been used by several large commercial entities from telecommunication and finance to the defense sector. It has been a steady source of CVE numbers and advisories for several researchers for over a decade. This demonstration will show several of the ways graudit can be used to find vulnerabilities with minimal false positives, very quickly, at a large scale.

It will coincide with a new release of the tool that incorporates several additional scripts that have been privately used to find remotely exploitable bugs int he past, several rule updates (including C/C++), improved taint analysis and new capabilities for detecting secret data such as private keys and other high entropy strings.

  • NAU Tools:  unlocking network access (by Tanoy Bose)

There are two types of device based attacks that could occur. Passive device implants like star lan tap pro and active network device implants like pwnie express and pwnplug. During red teaming engagements, we would generally require to implant a piece of active working hardware like pwnie express or pwnplug, which is often high priced and could be easily detected and prevented with network access control solutions (like IP Stickey, 802.1X). While a device like star lan tap pro is a great utility to passively tap a network connection and analyze network traffic, it in incapable of doing active network injections.

To actively bypass 802.1X, there are utilities like Fenrir and silentbridge that aren’t realistic to use during red teaming engagements. For this reason we built the utility NauTools that could be utilized during red teaming engagements and penetration testing assessments.

NauTools is a open source project (to be released at HitB) initially built to bypass 802.1X port security with a easy to use interaction interface. This tool is an active device in the middle tool, built on Raspberry Pi 3B+ and Kali that has the capability of performing attacks using tools like Metasploit and Responder and open a side channel (over Wi-Fi) for an attacker to actively test utilizing their own machine.

  • VyAPI: Cloud based vulnerable hybrid Android app (by Riddhi Shree)

VyAPI is a hybrid Android app that’s vulnerable by design. We call it VyAPI, because it’s flaws are pervasive and it communicates not just via IPC calls but API calls, too.

Amazon Cognito has been used to handle authentication, authorization and user management. AWS Amplify Console has been used to consume the Authentication APIs provided by AWS Amplify Authentication module. Room persistence library has been used to handle data in the local SQLite database. Glide API has been used to load images. AndroidX libraries and JAVA programming language have been used to develop the business logic of VyAPI Android app.

We know how to attack activities, but, what could change with fragments coming into the picture? There might be a case where we just have one activity, but multiple fragments (each rendering a different functionality) in our Android app. VyAPI will allow you to experience this behavior of our modern-day Android apps.

Modern technologies are eliminating security risks by blocking vulnerable features by default. However, not all vulnerabilities could go away that easily. Also, with new technologies come new security vulnerabilities. Security misconfigurations, business logic flaws, and poor coding practices are evergreen vulnerabilities. VyAPI is the vulnerable hybrid Android app which can be used by our security enthusiasts to get a hands-on experience of a variety of modern and legacy Android app vulnerabilities.

  • LAF: LoRaWAN Auditing Framework (by Cesar Cerrudo & Matias Sequeira)

IoT deployments just keep growing and one part of that significant growth is composed of millions of LPWAN (low-power wide-area network) sensors deployed at hundreds of cities (Smart Cities) around the world, also at industries and homes. One of the most used LPWAN technologies is LoRa for which LoRaWAN is the network standard (MAC layer). LoRaWAN is a secure protocol with built-in encryption but implementation issues and weaknesses affect the security of most current deployments.

This project intends to provide a series of tools to craft, parse, send, analyze and crack a set of LoRaWAN packets in order to audit or pentest the security of a LoraWAN infrastructure

  • Having fun with visualizing fault attacks using low-cost tooling! (by Niek Timmers & Cristofaro Mune)
Fault injection is awesome, but complex at the same time! Or is it? See how much you can learn about what happens during your glitching runs with our visualization/analysis tooling. We’ll demonstrate our do-it-yourself, low-cost, voltage fault injection tooling which will become open source once sufficiently mature. During our session you’ll be able to break, touch and play!
 
  • SASTRI: VM for in-house static application security testing (by Rushikesh Nandedkar & Lalit)

Abiding by the new hot concept “Secure By Design”, SASTRI actually is project carved out of the experiences||struggles||conflicts of product security engineers. It is an in house SAST capability (plug and play VM) we are proposing, to make security engineer’s inputs more receivable and reachable to the product developers and indeed the decision makers in the process of making our products more and more secure. This will save a lot of time of security engineers, DevOps experts to setup and fine tune the SAST tools.

 

About The Organizer

The first Italian company specialised in offensive security to challenge your physical, hardware, cyber and human security. Challenging your security.

https://www.opposingforce.it

There are loads of other villages and contests for you to check out!

See You At HITB+ CyberWeek!

October 12th – 17th @ emirates palace, abu dhabi