Keynotes (45 Minute)
- Richard Thieme - "UFOs and Government: a Case Study in Disinformation, Deception, and
- Abstract: There is no one "government." There are many components of government
that interact and respond to challenging and anomalous events, often
contending with one another - and leaving their disputes on record.
UFOs were challenging and anomalous since the 1940s, when "foo fighters"
trailed planes on bombing runs over Germany and Japan. But strange
flying vehicles did not go away when the war ended. In the 1950s, the
CIA advocated training observers "inside" to learn what they could while
dismissing reports from "outside."
To understand why and how a government responds that way is analogous to
hacking a complex system. One has to do appropriate reconnaissance, then
execute effective counter-measures, then engage in offensive operations.
The proliferation of reliable reports of unidentified flying objects
elicited a response that feels familiar in the days of Assange, Snowden,
and the NSA. UFOs were anomalous, well-documented, and challenging
because, as Major General John Samford said, “credible people have seen
incredible things.” Snowden, too, thought he had seen incredible things
that needed to be brought into the light.
But this talk isn't about Snowden, it's about how governments manage
these challenges. An NSA veteran thinks that Thieme's talk is "perfect
timing - it's about how the government deals with serious yet largely
unknown or not understood potential threats, while trying desperately to
keep the public from knowing what they are doing. What better way to
discuss the current situation at a meta level, without ever getting into
the knee-jerk muddle of response to current events? You can't ask for a
better context for this talk."
Richard Thieme was privileged to be invited to join the UFO History
Group which includes the best researchers in the field. After 5 years of
work, they produced “UFOs and Government: A Historical Inquiry,” an
outstanding work of historical scholarship that reads like a fascinating
detective story. In almost 600 pages and with nearly 1000 citations, the
work illuminates the response of the government since the early 1940s.
how and why policies were set, and how they were executed. Reviewers
say, "this is the best book about the UFO phenomena that was ever
written" and "UFOs and Government is a triumph of sober, conscientious
scholarship unlikely to be equaled for years to come."
Don Quixote said, “Insanity is seeing things as they really are." This
speech uses UFO phenomena as dye in the arteries of "how things really
are." And how governments carry out cover and deception with all of the
best intentions in the world.
- Bio: Richard Thieme is a former priest who became a commentator on technology and culture, founding the consulting firm ThiemeWorks. He is a frequent keynote speaker at government agencies and technology conferences around the world, routinely drawing large audiences, and is described as an "institution" and "father figure" in the hacker convention circuit. He is the author of the syndicated column "Islands in the Clickstream", which was published in 60 countries and in 2004 was turned into a book of the same name. In 2010 he published a book of short stories, Mind Games, and in 2012 he contributed to the peer-reviewed academic work, UFOs and Government, a Historical Inquiry. He has written for multiple publications including Wired, Forbes, and Salon.com. Andrew Briney, editor-in-chief of Information Security magazine, describes Thieme as "a living symbol of the human dimension of technology".
FULL Length (45 Minute)
- David Mortman - "It Ain't Rocket Science"
- Abstract: Information security isn't rocket science and it doesn't have
to cost as much as your typical space program either. Many of the
problems in information security are fairly simple, not to say that
they are easy mind you, they just aren't that complex. I'm going to
talk about the range of security issues that can be done more easily
while spending little to no additional capital expense. Not only will
this make your life easier, but it will free up time and money to work
on the really hard and complex problems that we are also facing day to
- Bio: David Mortman is Chief Security Architect and Distinguished Engineer at Dell/Enstratius. David has been doing Information Security for almost 20 years.
Most recently, he was the Director of Security and Operations at C3.
Previously, David was the CISO at Siebel Systems and the Manager of
Global Security at Network Associates. David speaks regularly at
Blackhat, Defcon, RSA and other conferences. Additionally, he is a
Contributing Analyst at Securosis and blogs at emergentchaos.com,
newschoolsecurity.com and securosis.com. David sits on a variety of
advisory boards, including Qualys, Lookout and Virtuosi. David holds a
B.S. in Chemistry from the University of Chicago.
- Jonathan Claudius && Laura Guay - "Crowdsourcing Your Cisco Firewall Administration... WAT?"
- Abstract: What if I told you that your users had the ability to administer your firewall? With the advent of some new vulnerabilities we discovered in Cisco ASA, your end users can bypass all authorization controls and execute any command on your firewall with full administrative privileges. This presentation will cover how these vulnerabilities were discovered, just how simple they are to exploit, and what you need to do right now to prevent getting owned.
- Bio0: Jonathan Claudius is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 12 years of experience in IT with the last 10 years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division as member of the Vulnerability Assessment Team (VAT) where he develops the core engine for Trustwave's Vulnerability Scanning Services.
- Bio1: Laura Guay is a Platform Engineer at Dell SecureWorks and is focused on the management of Cisco and Imperva security appliances. Before joining SecureWorks, she was a member of the Security and Privacy team at Crowe Horwath and performed penetration testing. Laura has a particular interest in breaking and fixing network security devices.
- Scott Erven - "Just What The Doctor Ordered?"
- Abstract: You have probably heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable pacemaker. But what is the reality of the medical device industry as it relates to Information Security? Join us for an in-depth presentation about a two-year research project which consisted of medical device security testing at a multi-billion dollar healthcare system. This discussion will highlight the fallout from security standards not being a requirement for medical device manufacturers, and our work in identifying and reporting vulnerabilities. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with the FDA and DHS in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference in patient safety for our future.
- Bio: Scott Erven is the Manager of Information Security for Essentia Health. He is also the founder of SecMedic. He has over 14 years’ experience developing information security programs for small independent firms to the Department of Defense. He has been involved in numerous IT certification development efforts as a subject matter expert in information security. While not being paid for his management skills, Scott spends his time on medical device research and consulting, malware analysis and even enjoys picking the occasional lock.
- Brendan O'Connor && Grant Dobbe - "The Perfectly Legitimate Project"
- Abstract: When we can't use the Internet anymore---either because it's gone, or
because we can't trust it---how can we share our cat GIFs, tear gas
remedies, or recipes for Roasted Rodent Ratatouille? The Perfectly
Legitimate Project creates a decentralized, Internet-optional system
of sharing data among a group of nodes without relying on
easy-to-locate mesh networks. PLP uses whatever’s available to move
heavily-encrypted payloads around, including short-range wireless
communications (on license-free VHF, UHF, ZigBee, or WiFi),
sneakernet, or tasty (and nutritious!) carrier pigeons. PLP has four
components: NATASHA and MOOSE provide user-friendly services (such as
email, wikis, and blogs) to any end-user without a need for
specialized hardware or customized software, while BORIS and SQUIRREL
let couriers use any means necessary to ship data with a derivative of
the interplanetary Disruption-Tolerant Networking protocol. The end
result is a system that's OPSEC-capable, easy to use, and can be
deployed when zombies attack---or when you're just tired of having
your adversaries listen through the fillings in your teeth. Our presentation will focus first on the threat model, including the
reasons why standard answers (such as mesh networks), while they might
solve the problems of disaster relief, can't solve for a hostile
adversary. We will then move on to the PLP architecture, including the
end-user services (MOOSE), the DTN creation and routing (NATASHA), the
DTN payload (SQUIRREL), and the optional unified transmission system
(BORIS). Finally, we will demonstrate using the services to share
information between separate darknet nodes, both using mobile devices
for sneakernet, and using radio. Our code is all open source, and we
welcome feedback, criticism, and patches.
- Bio0: Brendan O’Connor is a security researcher and law
student. The former he does through his consultancy, Malice
Afterthought; the latter he does at the University of Wisconsin Law
School in Madison, where he is focusing on Criminal and International
Law. He is set to graduate in May 2014. His research focuses primarily
on enabling access to security and privacy through development of
disposable computing and sensing tools. He’s taught information
warfare, played the violin, transmitted on amateur radio (K3QB), and
tried to convince his cats not to eat him when he dies.
- Bio1: Grant Dobbe is a web developer and nerd wrangler. He
spends his days wearing many hats for his consultancy, Binary
Sprocket; the rest of his time is divided between his very patient
wife, his not-so-patient cat, an ever-growing pile of library books,
and a passion for building rigged steampunk carnival games. He's also
a ham radio operator (KC9WZA), tenor, Returned Peace Corps Volunteer
(Ghana ‘08-’10), homebrewer, and surprisingly decent cook.
- Daniel A. Mayer - "Introducing idb - Simplified Blackbox iOS App PenTesting"
- Abstract: More than ever, mobile apps are used to manage and store sensitive
data by both corporations and individuals. In this talk, we review
common iOS mobile app flaws involving data storage, inter-process
communication, network communications, and user input handling as seen
in real-world applications. To assist the community in assessing
security risks of mobile apps, we introduce a new tool called
'idb' and show how it can be used to efficiently test for a range of
iOS app flaws indicated above.
During our presentation, we will explore a number of vulnerability
classes. Each class will first be introduced and discussed before
demonstrating how idb can enhance the testing for instances of it.
With this we illustrate how apps commonly fail at safeguarding
sensitive data and demonstrate how idb can arm security professionals
and developers with the means necessary to uncover these flaws from a
black-box perspective. Furthermore, we will provide illustration of
how to mitigate each flaw. idb will be made open source and released to
- Bio: Daniel is a consultant with Matasano Security. His experience includes
penetration testing, cryptographic protocol analysis and design,
security research, and system and network administration.
Prior to joining Matasano, Daniel was a researcher at the Stevens
Institute of Technology working on applied cryptography and privacy.
He presented his research at several international security
Daniel holds a Ph.D. degree in Computer Science from Stevens and a
Masters degree in Physics from Rutgers.
- Mark Stanislov - "Eyes on IZON: Surveilling IP Camera Security"
- Abstract: Home IP cameras are becoming increasingly common thanks to sleek designs, WiFi connectivity, and intuitive mobile applications. Previously, such IP cameras were mostly in-use by home security aficionados and small business owners. Now, however, with increasing video quality and ease of use, these cameras are becoming popular for the average homeowner that wants a bit more confidence that all is well when they're absent. This presentation will provide insight into the security mechanisms being used by the IZON camera, some of the weaknesses found during research, and a few recommendations for them (or anyone else developing these sorts of cameras) to benefit from. Attention will be paid to topics such as network protocols, iOS app security, APIs, and other aspects of the camera's platform that has attack surface.
- Bio: Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development.
Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. Mark also holds his CISSP, Security+, Linux+, and CCSK certifications.
- Brandon McCann && Adam Ringwood - "Phishing Frenzy: 7 seconds from hook to sinker"
- Abstract: Phishing attacks are a prevalent threat against organizations large or small. As professionals in the security field we need to be able to give our clients the "look" and feel of what a real "bad guy" may do to attack an organization. Creating a phishing campaigns can often times be a complex and time consuming process. This is why Phishing Frenzy was created to manage phishing campaigns, phishing templates, and generate advanced statistics.
Feast your eyes on the new addition to the open source and infosec community. "Phishing Frenzy" is a feature rich phishing framework written in ruby on rails to help streamline your phishing process. The framework allows for the creation, customization and execution of phishing campaigns. Additionally, Phishing Frenzy now supports SMS and Email phishing so make it your one stop shop for all phishing needs.
- Bio0: Brandon is a Senior Security Assessor at Accuvant LABS with over seven years of experience in the Information Technology field. Brandon is co-founder of pentestgeek.com and currently performs red team attack simulations, network penetration testing, internal vulnerability assessments, social engineering engagements, and various other technology consulting projects.
- Bio1: Adam is a computer science student at Illinois State University.
He is the current leader of the ISUSec, a collegiate information security club.
He enjoys learning about social engineering, mobile device security, and
participating in capture the flag competitions.
TURBO Talks (20 Minute)
- Mike Jackson - "Breaking Bus Tickets – MagStripe Hacks And You"
- Abstract: Magnetic stripes store little data, so often times these are used as references back to a centralized database (as in credit cards). This isn’t always possible or practical, however, so implementations must sometimes store all the data that is needed on magnetic stripe itself. When this is used to store identification data only, this usually isn’t a problem. In those cases, as long as you don’t give the card to the bad guy, he can’t read them. But what about ticketing systems? In ticketing systems (like bus tickets), you are giving all the information to the person who is most interested in subverting that information.
Many of these systems use proprietary data formats. However, with some reverse engineering and selective purchasing of tickets, these can be decoded.
I will discuss not only how to perform this reverse engineering on the tickets, I will display the format the tickets I analyzed (those for the Minneapolis/St. Paul area transit), but also discuss protections to prevent these, and how those protections can fail.
- Bio: Mike is a security researcher in the Minneapolis/St. Paul area. In his day job, he does security testing. Then he goes home and does more security testing. Sometimes, he even has a personal life. Sometimes.
- Grape Ape - "Blurred Lines: Digital Attacks in the Physical Realm"
- Abstract: As the vulnerability landscape evolves, the threat agent changes with it. Where network level vulnerabilities once ruled, the application layer has become one of the most popular and fruitful surfaces to attack. But most breaches are the result of a multi-faceted effort which combines some level of technical hacking with social engineering. During this session, learn how these blurred lines intersect, how vectors of one paradigm often relate to another. In a talk that approaches the social engineering aspect from a different angle, we'll
discuss the OWASP Top 10 list from 2013 and how they can be mapped from web application security to be used to hack the human element. The vulnerabilities found in this Top 10
list are significant in terms of web application security but with the creativity of a composite attacker, learn how they can be used in the physical world and aimed at the weakest
link in the security chain, the people, to cause damage or infiltrate an organization. This advanced session is aimed at penetration testers, management, and workers on the front lines who might fall prey to social engineering attacks as they
interface with the public or an organization's customer base.
- Bio: Phil Grimes is biker, parent, and Information Security Professional with experience in providing security assessments and penetration testing services to organizations ranging from small businesses, financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations. Phil started learning
networking and Internet security as a hobby harassing AOL in 1996, developing his technical skill set independently until joining the professional security industry in 2009. After a
change in career trajectory during 2012, vulnerability research and exploit development became a main focus of attention. Phil’s experience in application security, penetration testing,
mobile/Smart Phone security, and social engineering have proven successful in assessments for high profile customers both domestically and around the globe. An accomplished speaker and presenter, Phil has engaged on various topics for notacon, CUISPA conferences, and at the Central Ohio ISSA InfoSec Summit in addition to various other speaking appearances to a wide range of audiences.
- Parker Schmitt - "Wireless Drone Strikes---doing wireless attaks with drones"
- Abstract: Wireless attacks are easy and rather well known and everyone seems to talk about drones and drone strikes. Chances are many of us have Wifi Pineapples with us right now, or some other wireless device. Public Wifi is amazing: ettercap and SET and you win. No certificate validation? WIN! The downside of many wifi attacks is they require a physical presense---drones can solve these problems; who says missiles and guns are the only way drones can strike?
Small drones can go unnoticed, move quickly, and leave. Many wireless devices are rather light much lighter than missiles. The benefit of this is that smaller and cheaper drones are feasible, it's now possible to land on a roof.
In most corprate environments the easiest way to pwn is to set up a rogue AP and use FreeRADIUS to steal credentials. This is a practical attack for drones, especially if you're ok with multiple fly-bys. First step, find the SSID, there are lots of people connectiong; kismet and fly back. Then set your ssid and configure FreeRADIUS. Fly by and pwn. Another method is to land on the roof with an LTE card and retransmit the Wifi signals. The first method is faster and cheaper though.
Arp poisoning attacks are harder via drone since there is not as much time. But a good public Wifi attack might be to fly a rotocraft or baloon near mobile devices. Arm the aircraft with a 4g uplink (3g or gsm would work but I'd say 4g so the users don't notice anything). Set up a mobile hotspot with ssid of let's say attwifi and you can intercept, ssl strip, use SET and gain shells on phones or laptops.
VPNs are amazing, ssl-stripping is an easy win. Even with two factor authentication the credentials are still good for a period of time. Even if an attack is discovered, if you're moving quickly enough it will be hard to pinpoint even the location of the attacker. If you're sitting at Starbucks sniffing credentials and you use them for a newsworthy attack someone might find you on a security camera. If you use gogoinflight they have a list of who bought tickets. However if you fly a drone by starbucks and fly to another there's almost no trace as long as the drone is recovered. (Biodegradeable baloon fabric is possible, I'll try to find some before the talk).
- Bio: Parker Schmitt is currently working as a penetration tester and is working on some Network/Virtualization Management. He has made various contributions to Gentoo and the Gentoo-Hardened project (mostly in SELinux) and submitted some ebuilds (including Samba 4). In Gentoo he specializes in hardening layers (SELinux, PaX, GRSecurity), Virtualization, and Networking. He also loves mathematics, mathematical modeling, and is a serious crypto nerd. He loves CTF and often plays in them. He became interested in security playing for the Rose-Hulman CCDC team (now he's too old). Outside of security he loves flying airplanes and playing the piano.
- whistlepig - "Pointy Stick: Poking through to the heart of a binary"
- Abstract: License managers and validation routines are typically very small pieces of code, relative to the applications that contains them. However, to bypass software protections, static analysis is an inefficient method of locating code of interest. Traditional dynamic analysis suffers from lack of targeted snapshotting and tracing capabilities. This presentation debuts PointyStick, an application designed to allow targeted dynamic program tracing and memory snapshotting. PointyStick enables code regions of interest to be located rapidly, which can then be further analyzed.
- Bio: Sam has always been passionate about finding ways to break things. Sam initially learned reverse engineering to crack protections on some of his favorite programs, which he of course had a license for. He has worn several hats since then, such as malware analyst, reverse engineer, kernel space developer, and is currently working as a cryptographer. He is also an avid beer fan and loves 312.
- John Bambenek - "How I Turned VPN over DNS Into a Retroactive Wiretapping Mechanism"
- Abstract: Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
- Bio: John Bambenek is a handler with the SANS Internet Storm Center and President of Bambenek Consulting. He has contributed to many of the SANS courses and GIAC certification exams and has over 15 years experience as an information security professional. He is the only known hacker who is also a politician.
- whitehat1969 - "How Much of Your Personal Information Is Online?"
- Abstract: How many times have you heard of an “anonymous” hacker who got arrested because they forgot they put way too much information online, years ago, and law enforcement was able to connect the dots with nothing more than a matching username?
Few people realize the sheer amount of personal information that is stored online, much of it in places you would never imagine. He provides a demonstration of just how easy it is for others to dig up one’s personal information. He will demonstrate how he scrapes information from 70+ sites and finds matches for usernames, emails and more.
- Bio: Whitehat1969 has over 14 years of experience in performing vulnerability assessments, incident response and computer forensics. He is on the Cyber Security Team, responsible for assessing the cyber security of more than 16 government agencies. He has worn many hats including security admin, server admin, white hat, and even a jester hat. He enjoys a variety of hobbies including, coding Python and Perl, cooking Raspberry Pi's, Arduino tinkering, throwing knife making, welding, circus tricks, building tall bikes, and more.
- Whitney Merrill - "Burning Up on Reentry: Searches of Electronic Devices at the U.S. Border"
- Abstract: This presentation will examine the current laws regarding the search of computers and other electronics at the border of the United States. Officials have relied on the border search exception to search, review, copy, and detain cell phones, computers, and other electronic devices without a warrant, probable cause, or any suspicion. Border searches are an exception to the Fourth Amendment’s warrant requirement. Using this exception, the Department of Homeland Security (DHS) has singled out individuals reentering the United States at the border to conduct searches without suspicion or a warrant. During these suspicionless and warrantless searches, DHS has detained and questioned individuals for hours, seized and searched electronic devices, and photocopied credit cards and notes. For the most part, the exception remains broad and undeveloped despite the changes in travel and technology since the passage of the Fourth Amendment in 1789, when Congress, only a month later, passed the law (still in effect today) permitting border officials to conduct warrantless searches, and 1977, when the Supreme Court expanded the doctrine.
In early 2013, the Ninth Circuit reviewed the issue of whether officials needed suspicion to search at the border, and unlike previous courts, held reasonable suspicion is needed to conduct a forensic examination of electronic storage devices when entering the United States. This standard is currently the most protective in the United States.
This presentation will delve into the rationales behind the U.S. border search exception, discuss the broader implications of the recent Ninth Circuit decision, and explore some dos and don'ts if a traveler's electronic devices are seized and searched at the border.
- Bio: Whitney Merrill is a third-year law student at the University of Illinois College of Law focusing on the legal issues surrounding the Internet, technology, and cyber security. Currently, she serves as the Managing Editor of the University of Illinois Law Review, and previously interned for the Electronic Frontier Foundation.
- Joe Cicero - "P.I.S.S.E.D (Privacy In a Surveillance State, Evading Detection)"
- Abstract: In this presentation, Joe Cicero, will start by reviewing how U.S. Government agencies have de-anonymized individuals who were using the Internet. He will then cover TOR, TOR Portable,the TAILS operating system and .onion hidden service sites, that help individuals anonymize themselves on the Internet. He will complete his presentation covering known, presumed and theoretical attacks that can be used to de-anonymize you and how you might use true trade craft techniques to stay completely anonymous on the Internet. Conspiracy theories aren't all that far fetched now are they.
- Bio: Joe Cicero is currently a Network Specialist Instructor for Northeast Wisconsin Technical College and a Columnist for various publications. He specializes in teaching Linux, Network Security, and Computer Forensics Courses. He was originally from Green Bay and in 1985 he joined the Marines. His final duty assignment was as the Operations Chief for Tactical Warfare Simulations Evaluations Analysis Systems where he traveled the world conducting officer training through use of computer simulations.
Joe has had positions covering every aspect of computers including: Help Desk Support, Technician, Programmer, Network Administrator, Director of Technology, Computer Security and Incident Response Team Member, Defense Forensic Examiner and of course Instructor. He is most passionate about teaching and enjoys having the time to "tinker" with all types of technology. Joe has spoken nationally at Defcon, HOPE and the UAT conferences. In 2009 Joe was the recipient of the Information Technology Outstanding Service Award for the state of Wisconsin. In 2013 Joe advised the NWTC team which went on to win the Wisconsin Collegiate Cyber Defense Competition (CCDC).
- Jason Carpenter - "Analyzing Mobile Malware"
- Abstract: I will use one of the latest android malware files to show how malicious files can attack a device, how to reverse the file using both the Android SDK (For behavioral analysis) and static tools. Then show ways that malicious people can use malware as a jumping point to further attack an enterprise.
- Bio: Jason Carpenter has over 14 years experience in both IT and breaking IT. Obsessed with malware, the advent of small computers with cell phone capabilities have provided him with hours of entertainment.
- Lesley Carhart - "Ten Commandments of Incident Response (For Hackers)"
- Abstract: For many information security professionals, a logical career move is to an incident response role; managing security incidents as well as the people working on them. The transition to red tape, bureaucracy, and human chaos can be baffling and very frustrating to the hacker mentality. This can lead to us to burn out, or in the worst case, fail at the job. Instead of discussing incident response methodology, this talk will cover ten essential ‘lessons learned’ about bridging the infosec world with the business world. Topics include triage, communication skills, risk assessment, building professional relationships, business impact, and presenting our ideas and problems in a way that interest an organization.
- Bio: Lesley Carhart is the Incident Response team lead for Motorola Solutions’ Security Operations Center. A forensics specialist, Lesley has been striking fear in the hearts of IT departments since she was hired as a SQL developer at 15. She has held several roles in security, from log analyst to consultant, and has background as a network tech, aircraft mechanic, and tactical comm “guy”. You can find her security blog on motorolasolutions.com’s ‘Fresh Ideas in Public Safety’.
- Alex Muentz - "Yelling at management isn't going to make them
- Abstract: Trying to do infosec or manage infosec requires cooperation, resources
and buy-in from senior management who might not 'get it'. We tend to
get frustrated with management that ignore our recommendations,
believe infosec urban legends, fail to fund us or implement stupid rules.
Yelling will only make it worse. Here's how to more effectively
communicate and work with the nontechnical people that write your
checks, manage your businessess and make your lives difficult.
- Bio: Alex is both an information security professional and lawyer. When
interviewing lawyers for an associate position, he asked them to
solder a circuit board to see if they were a good fit. When he's not
giving legal or technical advice, he teaches an undergraduate class in
Labs (50 Minute)
- Jared DeMott - "Bypassing EMET 4.1"
- Abstract: The goal of this study is to gauge how difficult it is to bypass the protections offered by EMET, a popular Microsoft zero-day prevention capability. We initially focused on just the ROP protections, but later expanded the study to include a real world example. We were able to bypass EMET’s protections in example code and with a real world browser exploit. The primary novel elements in our research are:
1.Deep study regarding the ROP protections, using example applications to show how to bypass each of the five ROP checks in a generic manner.
2.Detailed real world example showing how to defeat all relevant protections. Look for a new technique to bypass the stack pivot protection, shellcode complete with an EAF bypass, and more. These bypasses leverage generic limitations, and not easily repaired.
The impact of this study shows that technologies that operate on the same plane of execution as potentially malicious code, offer little lasting protection. This is true of EMET and other similar userland protections.
- Bio: Jared DeMott is a security researcher for Bromium, Inc. He has spoken at security conferences such as DerbyCon, Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, and GRRCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing. Mr. DeMott has been an invited lecturer at prestigious institutions such as the United States Military Academy, and previously worked for the National Security Agency. DeMott holds a PhD from Michigan State University.
- Joe Klein - "Call Me Maybe, IPv6"
- Abstract: “Hey, I just met you, and this is crazy, but here’s my IP number, and ping me maybe, but what about the security” paraphrases the sentiment of many IT security people as they enter the new world of IPv6.
Focused on providing a security engineering high level of the protocol with technical deep dives to help mitigate common mistakes which have already lead to compromises. Some detailed information will not be covered, but reference to that information will be made available.
- Bio: Joe Klein, Scientific Hooligan & CTO at Longboat LLC: with over 30 years in the industry Joe has played every role in the security domain. He also has over 13 years of IPv6 experience, including serving as security SME for the International IPv6 Forum, North American Task Force, assisting in the development of multiple US government IPv6 standards, and development of the first IPv6 only IDS. Joe also claims that 'before IPv6 came into his life he missed it so bad, and you should know that'. And fear not, he has no intention on singing this song, simply mocking it.
- Timur Duehr && Alex Balducci - "Breaking Encryption with an Oscilloscope: An Introduction to Power Analysis Attacks"
- Abstract: Side channel attacks against hardware targets often appear difficult to software specialists. Power analysis attacks are a class of side channel attacks relying on sampling a devices power consumption during cryptographic operations. This talk will focus on setup and implementation for differential power analysis attacks against DES and include a brief overview of both simple and template power analysis attacks. We begin with an introduction to power analysis attacks, hardware requirements and setup. Then, an implementation of a differential power analysis attack will be shown against a simple target.
- Bio0: Timur Duehr is a Senior Security Consultant at Matasano Security with over eight years computer consulting experience and a Master's degree in Mathematics. His professional experience includes application development, security assessment, and code review.
At Matasano he develops security assessment tools, maintains Ragweed and Buby, performs blackbox and code assisted penetration tests, and source code audits. He has tested applications employing numerous technologies. Previously, he has presented at Blackhat USA, OWASP Chicago, and Black Hat Arsenal.
- Bio1: Alex Balducci is a Security Consultant at Matasano.
- Fosaaen && Gruber - "Building a GPU Cracking Rig (on the Cheap)"
- Abstract: Password cracking has made major advances in recent years with the introduction of GPU-based cracking. Many organizations are turning to GPU cracking to audit passwords and ensure compliance with password complexity policies. In this talk, we will walk you through how we were able to build our own cracking system with high-end gaming parts, for minimal cost. We'll be honest and let you know how we screwed up and how we succeeded. Additionally, there will be demos of our GPU cracking rig's performance along with tips and tricks for building your own cracking box, both the cheap way and the right way.
- Bio0: Karl specializes in network and web application penetration testing. Karl holds a BS in Computer Science from the University of Minnesota, focusing on Network Security. With over five years of consulting experience in the computer security industry, Karl has worked in a variety of industries; financial services, health care, and hardware manufacturing. In his spare time, Karl likes to volunteer at cons, including THOTCON.
- Bio1: Eric has a BS in computer science from the University of Minnesota, focusing on networking, security, and software engineering. He has done work in the education, information technology, and information security industries, designing and developing software, maintaining information systems, and security research. At NetSPI, Eric's primary duties include network, web application, thick application, and mobile penetration testing. He also helps develop applications and scripts for the NetSPI penetration testing team. Eric currently holds the GCIH and GXPN certifications.
- David Shaw - "Androids vs. Android: Synthetic Mobile Malware Analysis"
- Abstract: In today's world of smartphone ubiquity, mobile malware is an increasingly
prevalent (and difficult to mitigate) threat. One problem area for contemporary
malware analysts is determining which apps legitimately need the permissions
they request, and which have nefarious motivations. This presentation
introduces a novel approach to mobile malware analysis at scale: synthetic
sentiment analysis. Leveraging associative models of permissions, analysts can
quickly determine which apps "feel" most suspicious--a huge time saver in a
field with millions of apps to assess.
- Bio: David has extensive experience in many aspects of information security. After
starting his career in perimeter analysis and external threat research, David
joined Redspin in 2009 and has performed several roles within the organization.
David is currently Redspin's Chief Technology Officer, specializing in
application security and managing a team of highly skilled engineers.
- Adam Brand && Scott Erven && Josh Corman - "The Cavalry is Us"
- Abstract: Security issues have grown well beyond our day jobs. Our dependence on software is growing faster than our ability to secure it. In our efforts to find the grown-ups who are paying attention to these risks, one painful truth has become clear: The Cavalry Isn't Coming. Our fate falls to us or to no one. The Cavalry is a global group of concerned citizens who work towards ensuring the trustworthiness of the computerized devices that increasingly surround us. Now that the security of connected and software enabled devices have become public safety issues, The Cavalry is working towards solutions that preserve and improve lives through security. It's time to engage policy conversations, inform decision makers, carry out research and share our successes (and failures) where information security intersects with life, society and culture. We will cover why this is a growing movement, how The Cavalry hopes to effect change and what we are working towards. We will take you from inception to today, as well as where we're going.
- Bio0: Adam Brand is an Associate Director in Protiviti's Security and Privacy practice. A strong advocate for process improvement in Information Security, he has been working on bringing ideas from ITIL and Lean/TOC to improve how we secure our organizations. Adam also is an incident handler for data breaches and enjoys reversing malware in his spare time. Adam has done research and spoken on a variety of topics, including vulnerability management, PCI DSS, personal data privacy, and incident response.
- Bio1: Scott Erven is the Manager of Information Security for Essentia Health. He is also the founder of SecMedic. He has over 14 years’ experience developing information security programs for small independent firms to the Department of Defense. He has been involved in numerous IT certification development efforts as a subject matter expert in information security. While not being paid for his management skills, Scott spends his time on medical device research and consulting, malware analysis and even enjoys picking the occasional lock.
- Bio2: TBA
- Kevin Bong - "Hardware Hacking for Cheap Dummies "
- Abstract: Between the specialized knowledge and potentially expensive equipment required, getting into hardware hacking can seem intimidating. It doesn't need to be. Kevin will share some inexpensive tools and basic knowledge and techniques you can combine with a “figure it out as you go” attitude to start doing your own hardware hacking without an engineering background. Kevin will cover these concepts through a real world example – how to inspect the workings of a $12 RFID lock and turn it into an RFID snooper for EM400 and HID cards.
- Bio: Kevin Bong in an Information Assurance Consultant with SynerComm Inc. of Brookfield, WI, where he performs audits, penetration tests, incident response and forensics. Prior to consulting, Kevin worked as VP Risk & Information Security for Johnson Financial Group. Kevin has a BS in Computer Science and Physics from Carroll University and an MS in Information Security Engineering from the SANS Institute, and holds multiple certifications including GIAC GSE and PMP. Kevin is also an amateur astronomer, beekeeper, author and instructor, creator of the MiniPwner pen testing drop box, and a pretty neat dad.
- wartortell & fuzzynop - "Targeted Malware Final Form (APTrololol)"
- Abstract: Targeted malware is constantly evolving in an attempt to outsmart and outwit incident responders and reverse engineers. However, many pieces of malware currently being used in the field by targeted threat actors are easily reversed and understood with little to no effort. This talk presents our process creating a more advanced "advanced persistent threat". Leveraging our experience in incident response and malware analysis, we created our own malware that attempts to thwart response efforts at every step of the process. While the subject of the talk is about the malware we are writing, the audience will inevitably leave with a handful of tips and tricks from the front lines of reverse engineering and incident response.
- Bio0: Wartortell is a computer that makes malware go backwards. He worked in binary rewriting, x86 disassembly, and binary transparency analysis. He is also really good at casting Ice Punch and going hard in the paint.
- Bio1: FuzzyNop is a computer who knows how to computer. As a child his computers always told him he should do computers. At his day job he’s a penetration tester, reverse engineer, and incident responder, but above all else… computer.