From BruCON 2015
Jump to: navigation, search
(Presentations)
(BruCON 0x07 Line-Up)
 
(220 intermediate revisions by 6 users not shown)
Line 1: Line 1:
=Keynote Speakers=
+
__NOTOC__
 +
{| border="1" width="100%" style="text-align:center;"
 +
| The completed schedule is available on '''http://sched.brucon.org/grid-full'''
 +
|-
 +
|}
  
'''Haroon Meer (Thinkst.com, South-Africa) -- You and your research'''
+
=General Information=
  
Haroon is a well-known security researcher who has recently started his own venture with Thinkst.com, an applied research company. He is also involved with ZACON, a security conference in South-Africa.
+
* '''Registrations start at 8h30!'''
Haroon is a frequent speaker at conferences such as Blackhat, Defcon, etc.
+
* Typically workshops run for 2 consecutive speaking slots (ca. 2 hours), but some of them are even longer
 +
* Workshop rooms in the location '''Novotel Ghent (Orval, Chimay, La Trappe)''' are 5 minutes walking from the main venue
 +
* Workshop seats are limited. '''Reserved seats get in until 5 min before the workshop. After that it is first come, first in.'''
 +
* Read our important instructions on [[how to use SCHED.org]]!
 +
* This schedule is subject to change, check back regularly.
  
What does it take to do quality research? What stops you from being a one-hit wonder? Is there an age limit to productive hackery? What are the key ingredients needed and how can you up your chances of doing great work? In a talk unabashedly stolen from far greater minds we hope to answer these questions and discuss their repercussions.
+
=BruCON 0x07 Line-Up=
 
 
 
'''Alex Hutton (Verizon Business, United States)'''
 
  
Alex is a principal in the Verizon Business RISK intelligence team and has been one of the driving forces behind the VERIS (Verizon Risk Information Sharing) Framework and their yearly Databreach Investigations Report (DBIR). He is involved with the SIRA podcast and frequently presents on risk management and data-driven security at conferences such as Blackhat and Source.
+
'''Keynotes'''
 +
* Dave Kennedy, Co-founder of TrustedSec and Binary Defense Systems. Co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery
 +
* Shyama Rose is an accomplished Information Security visionary strategist with a 15-year track record for assessing risks and building ground-up security initiatives for Fortune 100 companies.
  
'''Jaron Lanier (Microsoft, United States)'''
 
  
Jaron is a pioneer in the realm of virtual reality and currently works as a principal architect for Microsoft’s Extreme Computing lab. He is the author of the 2010 bestseller “you are not a gadget” and has given talks at conferences around the world on virtual reality and the impact of social networks and web 2.0.
+
'''Talks'''
 +
* Willi Ballenthin and Jon Tomczak - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
 +
* Alexandre Dulaunoy and Pieter-Jan Moreels - cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
 +
* L. Grecs - Creating REAL Threat Intelligence ... with Evernote
 +
* Alejandro Hernandez - Brain Waves Surfing - (In)Security in EEG (Electroencephalography) Technologies
 +
* Mark Hillick - Levelling Up Security @ Riot Games
 +
* Ryan Kazanciyan and Matt Hastings - Desired state: compromise
 +
* Dhia Mahjoub and Thomas Mathew - Unified DNS View to Track Threats
 +
* David Mortman - SSO: It's the SAML SAML Situation (With Apologies to Mötley Crüe)
 +
* Rushikesh Nandedkar and Amrita Iyer - The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */
 +
* Chris Nickerson - Nightmares of a Pentester
 +
* Kuba Sendor - OSXCollector: Automated forensic evidence collection & analysis for OS X
 +
* Richard Thieme - Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live
 +
* Mathy Vanhoef - Advanced WiFi Attacks using Commodity Hardware
  
'''Due to time constraints Jaron will not be able to attend the conference. Instead we are organizing for him to deliver his keynote talk through a video link. We're still privileged to have Jaron on-board for our 2011 edition!'''
 
  
=Workshops=
+
'''5by5'''
  
 +
This edition, there will not be a 5by5, but we will revive the project next edition
  
'''Agnitio: the security code review Swiss army knife (David Rook - Security Ninja)'''
 
  
Its static analysis, but not as we know it
+
'''Workshops'''
 +
* Pieter Danhieux and Erik Van Buggenhout - Hands-on Incident Response Workshop
 +
* Sergei Frankoff and Sean Wilson - Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
 +
* Prateek Gianchandani - iOS application pentesting
 +
* Chris Lytle - Hands-On Old School Cryptography
 +
* Chris Lytle and Matt Jakubowski - BrewCon
 +
* Nathan Magniez - Wireless Assessment Bootcamp 101
 +
* Vito Rallo - Kernel Tales: Security Testing of aarch64 Android Kernels
 +
* Arnaud Soullie - Pentesting ICS 101 (@ICS Village)
 +
* Didier Stevens - A Hands On Introduction To Software Defined Radio
 +
* Javier Marcos and Ted Reed - Intrusion detection on Linux and OS X with osquery (https://osquery.io)
 +
* Ocean Lam, Count Ninjula and Keith Myers - DJ workshop
  
'''Collective Malicious PDF Analysis (Brandon Dixon - x0ner)'''
 
  
Going beyond one sample at a time
+
'''Villages'''
 +
* ICS Village
 +
* Hak4kidz - Hacking conference for children (Sunday 4-Oct)
  
'''Script Kiddie Hacking Techniques (Ellen Moar & Colin McLean)'''
 
  
How a script kiddie can copy and paste their way to effective hacks
+
'''Sounds'''
 
+
* Ocean Lam (Hong Kong)
'''The Web Application Hacking Toolchain (Jason Haddix - jhaddix)'''
+
* Count Ninjula (Los Angeles)
 
+
* Keith Myers (Los Angeles)
web hacking made better
+
* keroSerene (Serene Han, pianist)
 
 
'''White Hat Shellcode: Not for Exploits (Didier Stevens)'''
 
 
 
Learn to use shellcode for defense
 
 
 
'''Beer brewing (TBD)'''
 
 
 
'''Lockpicking (TBD)'''
 
 
 
'''VOIP (TBD)'''
 
 
 
'''RFID (TBD)'''
 
 
 
=Presentations=
 
 
 
 
 
''' Ripping Out Code: Practical Attack Surface Reduction for Open Source Systems (Craig Balding)'''
 
 
 
This talk is about how the software choices we make (or tacitly accept) on our desktops, have  greatly increased our attack surface.  In the case of OSS, we'll look at practical metrics for measuring code complexity and attack surface along with a "hall of shame" where some OSS projects you know, use and love will be "weighed in".  In "the what you can do about it" section, I'll show ways to bring back simplicity and security through highlighting "lighter options" and ripping out code (for non-programmers).
 
 
 
'''Abusing Locality in Shared Web Hosting (Nick Nikiforakis - nikifor)'''
 
 
 
The increasing popularity of the World Wide Web has made more and more individuals and companies to identify the need of acquiring a Web presence. The most common way of acquiring such a presence is through Web hosting companies and the most popular hosting solution is shared Web hosting. In this presentation we investigate the workings of shared Web hosting and we point out the potential lack of session  isolation between domains hosted on the same physical server. We present two novel server-side attacks against session storage which target the logic of a Web application instead of specific logged-in users. Due to the lack of isolation, an attacker with a domain under his
 
control can force arbitrary sessions to co-located Web applications as well as inspect and edit the contents of their existing active sessions. Using these techniques, an attacker can circumvent authentication mechanisms, elevate his privileges, steal private information and conduct attacks that would be otherwise impossible. Finally, we test the
 
applicability of our attacks against common open-source software and evaluate their effectiveness in the presence of
 
generic server-side countermeasures.
 
 
 
'''Botnet Identification and remediation (Barry Irwin)'''
 
 
 
Modern botnet trends have become increasingly sophisticated  both in terms of the techniques used to avoid detection on compromised endpoints, but also in their varied communication channels. The use of IRC as the communications medium of choice for Command & Control (C2) activities has been replaced with sophisticated  use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques largely bypass traditional network security detection and mitigation  approaches  such as blacklists and intrusion detection systems.
 
 
 
In the ongoing defence against these networks, a number of novel approaches are presented in order to allow an organisation to perform near realtime analysis of network traffic with very low system load.  The intention of these is that an organisation or ISP could use the tools as a means of early identification of compromised hosts participating in the botnet.  This paper is comprised of three components, the first two relating to detection mechanism, and the final one providing a console which can be used to tracking  and information aggregation.
 
 
 
The first detection technique utilises passive analysis of DNS traffic collected from the network. Due to its tight integration with  the TCP/IP suite, it serves as an ideal transport mechanism for communications. Using a combination of classifiers, a high degree of accuracy is obtained in the identification of fast flux domains, using at most a single DNS packet query. This is in contrast to work done by other researchers which required multiple queries.  The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low
 
false positive rates. This can be combined with a more heavyweight scoring system which utilises other metadata such as registrar, domain age and ASN data to further support scoring.
 
 
 
The second component  applies a lightweight mathematical classification to observed URLs contained in network traffic. This can either be via  a network tap, or integrated into a proxy server solution such as squid. The methods used are able to identify malicious urls with a high degree of accuracy, while maintaining a low false positive rate.  This lightweight solutionc an be further supported by active queries relating to target ASN, Domain registrar, and other existing blacklists and dnsbl systems.
 
 
 
The final component provides a web based management and visualisation system providing integration between the above two classes in order to allow for ease of notification of malicious activity. The anticipated target for theses solutions are Academic networks, ISPs and to a lesser extent corporate networks.  The intention being that by providing suitable monitoring and analysis of traffic egressing ones network,  re-mediation can be carried out by the organisation closest to the infection – in effect cleaning up ones own back yard. A role that this can play other than the operational one described, is to provide researchers with access to suitable data (either live networks or even malware labs) to have an automated means of identifying potentially malicious activity, with very low resource requirements.
 
 
 
'''Botnets and Browsers - Brothers in a Ghost Shell (Aditya K Sood)'''
 
 
 
'''iOS Data Protection Internals (Andrey Belenko)'''
 
 
 
'''The 99¢ heart surgeon dilemma (Stefan Friedli)'''
 
 
 
How to fix penetration testing
 
 
 
'''Pushing in, leaving a present, and pulling out without anybody noticing (Ian Amit)'''
 
 
 
Data Exfiltration in highly secure environments
 
 
 
'''Social Engineering Like In The Movies (Dale Pearson)'''
 
 
 
The reality of awareness and manipulation
 
 
 
'''Smart Phones – The Weak Link in the Security Chain (Nick Walker - tel0seh)'''
 
 
 
Hacking a network through an Android device
 
 
 
'''Enterprise Wi-Fi Worms, Backdoors and Botnets for Fun and Profit (Vivek Ramachandran)'''
 

Latest revision as of 07:38, 3 October 2015

The completed schedule is available on http://sched.brucon.org/grid-full

General Information

  • Registrations start at 8h30!
  • Typically workshops run for 2 consecutive speaking slots (ca. 2 hours), but some of them are even longer
  • Workshop rooms in the location Novotel Ghent (Orval, Chimay, La Trappe) are 5 minutes walking from the main venue
  • Workshop seats are limited. Reserved seats get in until 5 min before the workshop. After that it is first come, first in.
  • Read our important instructions on how to use SCHED.org!
  • This schedule is subject to change, check back regularly.

BruCON 0x07 Line-Up

Keynotes

  • Dave Kennedy, Co-founder of TrustedSec and Binary Defense Systems. Co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery
  • Shyama Rose is an accomplished Information Security visionary strategist with a 15-year track record for assessing risks and building ground-up security initiatives for Fortune 100 companies.


Talks

  • Willi Ballenthin and Jon Tomczak - Shims For The Win: Case study and investigative techniques for hijacked Application Compatibility Infrastructure
  • Alexandre Dulaunoy and Pieter-Jan Moreels - cve-search - A free software to collect, search and analyse common vulnerabilities and exposures in software
  • L. Grecs - Creating REAL Threat Intelligence ... with Evernote
  • Alejandro Hernandez - Brain Waves Surfing - (In)Security in EEG (Electroencephalography) Technologies
  • Mark Hillick - Levelling Up Security @ Riot Games
  • Ryan Kazanciyan and Matt Hastings - Desired state: compromise
  • Dhia Mahjoub and Thomas Mathew - Unified DNS View to Track Threats
  • David Mortman - SSO: It's the SAML SAML Situation (With Apologies to Mötley Crüe)
  • Rushikesh Nandedkar and Amrita Iyer - The .11 Veil, Camouflage & Covert!!! /*Invisible Wifi, Revealed */
  • Chris Nickerson - Nightmares of a Pentester
  • Kuba Sendor - OSXCollector: Automated forensic evidence collection & analysis for OS X
  • Richard Thieme - Hacking as Practice for Transplanetary Life in the 21st Century: How Hackers Frame the Pictures in Which Others Live
  • Mathy Vanhoef - Advanced WiFi Attacks using Commodity Hardware


5by5

This edition, there will not be a 5by5, but we will revive the project next edition


Workshops

  • Pieter Danhieux and Erik Van Buggenhout - Hands-on Incident Response Workshop
  • Sergei Frankoff and Sean Wilson - Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad
  • Prateek Gianchandani - iOS application pentesting
  • Chris Lytle - Hands-On Old School Cryptography
  • Chris Lytle and Matt Jakubowski - BrewCon
  • Nathan Magniez - Wireless Assessment Bootcamp 101
  • Vito Rallo - Kernel Tales: Security Testing of aarch64 Android Kernels
  • Arnaud Soullie - Pentesting ICS 101 (@ICS Village)
  • Didier Stevens - A Hands On Introduction To Software Defined Radio
  • Javier Marcos and Ted Reed - Intrusion detection on Linux and OS X with osquery (https://osquery.io)
  • Ocean Lam, Count Ninjula and Keith Myers - DJ workshop


Villages

  • ICS Village
  • Hak4kidz - Hacking conference for children (Sunday 4-Oct)


Sounds

  • Ocean Lam (Hong Kong)
  • Count Ninjula (Los Angeles)
  • Keith Myers (Los Angeles)
  • keroSerene (Serene Han, pianist)