Keynotes (50 Minutes)
- Eric Hughes - "Log in, Key up, and Drop out: Back to Cypherpunks Basics"
- Bio: Eric Hughes is an American mathematician, computer programmer, and cypherpunk. He is considered one of the founders of the cypherpunk movement. He is notable for founding and administering the Cypherpunk mailing list, authoring A Cypherpunk's Manifesto, creating and hosting the first anonymous remailer, and coining the motto, "Cypherpunks write code".
- Abstract: If Tim and I were starting cypherpunks today with the same
sensibilities we had before, what would we do? We would be more ambitious
about both the larger problems and the larger opportunities of today. I'll
on elaborate two concepts, illegibility and metis, as James C. Scott uses
them in his book _Seeing Like a State_ (1998, Yale University).
Illegibility encompasses privacy, and metis is necessary for creating
illegibility. Cryptographic secrecy remains a central tool, but is now in
service of illegibility rather than an end in itself.
If you don't have time to read the whole book beforehand, focus on the
introduction, on chapter 1, which focuses on state legibility and popular
resistance against it, and on chapter 9, which is about metis. Chapter 4,
on city architecture, has the most direct analogies to software design.
I'll have supplementary bibliography after the talk.
FULL Length (50 Minutes)
- Jesse McGraw (GhostExodus) - "Insider Revelations: DOJ Machinations Against Hackers"
- Bio: Jesse is the first person in US history that was convicted for hacking industrial control systems. Today, he is a freelance cybersecuriy writer.
- Abstract: My name is GhostExodus, activist and founder of the hacktivist group, the Electronik Tribulation Army. If you've ever wondered what happens when a hacker finds themsleves in the cross-hairs of an FBI investigation, then this is what you've been waiting for. From the moments leading up to my arrest. The take-down. Confined to jail. Given a public defender, while the entire courtroom proceeds to represent and prosecute a cybercrime they hardly comprehend. I will explain the circumstances leading up to my arrest, my interactions with the government, and ultimately, reveal how they maneuver their criminal cases. This presentation will cover the ways the media will misrepresent your case, and how vague DOJ press releases filled with semantics shape public perception, which make the factual nature of these case difficult to understand by people who don't know Legalese. Furthermore, the goal of this presentation is to reveal the nature of the Justice System from my own experiences as the first person in recent US history convicted for corrupting industrial control systems, and ultimately the DOJ's war on hackers and how they're caught. Most people don't know what the government can and can't do regarding crininal hacking cases or what they know or don't know about hackers and their activities. Therefore, I will explain every point of contact the FBI was able to make to connect the dots that led to my arrest. From the courtroom to a prison cell, I will show you how to survive it, and explain some of my experiences as I was thrown into a violent prison culture, with no way out except straight through it all.
- Sam Curry (zlz) - "Web Hackers v.s. The Automotive Industry"
- Bio: Sam Curry is a Staff Security Engineer at Yuga Labs and the founder of Palisade.
- Abstract: In early September 2022, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles. We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications. We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!
- Steffen Robertz - "Self-Labeling Electronic Shelf Labels"
- Bio: Steffen Robertz is a Security Consultant at SEC Consult who specializes in embedded systems and takes an interest in RF systems.
- Abstract: Electronic Shelf Label (ESL) tags are increasing in popularity. More and more stores switch their price tags to digital ones for various reasons, such as competing with online wholesalers. In this talk, we analyzed the 433MHz connection of a popular ESL tag and identified multiple security flaws that allowed us to spoof the RF signal and display arbitrary content on the displays. Furthermore, the original manufacturer of the E-Tag labeled microcontrollers was discovered. This talk will give an overview of analyzing unknown hardware with an unknown RF protocol without any prior known research.
- Allison Wikoff - "Index of/ gold mine /open directories"
- Bio: Allison is a lead for PwCs global TI practice. She has 20 years of experience including network defense, IR and researching "kittens."
- Abstract: This talk walks through the treasure trove that is threat actor-owned open directories. A series of case studies will cover findings from open servers belonging to criminal and espionage-motivated threat actors including how PwC regularly finds some of these directories. Attendees will leave with an appreciation for how simple OPSEC mistakes by not-so-infallible-but-sometimes-well-known threat actors can not only provide insight on how to better defend against these threats but also in some cases, identify the organization likely tasking the threat actor.
- Mr. B3an - "Consumer Electronic Security Systems: Not that secure...still"
- Bio: Mr. B3an is presently working as a Senior Information Systems Security Researcher and has completed the MBA, MSA, JD, LLM, and PhD.
- Abstract: Our homes provide a place to store our personal belongings and secure them against theft. That's one of the reasons why we have locks and security devices. Since these are protecting our belongings, and our families, these should be secure from most people being able to break in and act in a criminal manner. Many of the Professional Security Systems are exceptionally vulnerable to very simple attacks. The presentation will show how to render moot these professional security systems using four different sample systems and $110 of equipment easily purchased online. The procedure is so easy, even a caveman can do it. Also, we re-tested an updated system for one manufacture, which was still a failure. The manufacturers have been contacted several times as part of the responsible disclosure protocol.
- redteamwynns - "Physical Security Bypasses"
- Bio: Principal Consultant @ Coalfire specializing in physical security. Unlawfully arrested on the job in Iowa. Improve things, learn, help!
- Abstract: From building your own bypass tools to remediation, come learn how the red team breaks into buildings. We'll put the basic lock picking tutorial aside as we dive into the rest of the physical penetration process. This is your chance to learn practical techniques which can get you inside most buildings in the United States.
- Zummo - "Going Undercover in the Underground - a practical guide on how to safely infiltrate and engage"
- Bio: Michael-Angelo Zummo is a Cyber Threat Intelligence Specialist at Cybersixgill. He is a US Marine Corps veteran and served at the NSA.
- Abstract: The dark web is filled with threat actors planning nefarious crimes. Cybersecurity professionals know that threat hunting in these underground environments is necessary, but they don't know the most crucial step to beginning the process. 'How do you access the deep and dark web?' and 'How do you gain a threat actor's trust?' These are the most commonly asked questions of cybersecurity professionals preparing a proactive threat hunt. Navigating the underground requires dedication to persona management and setting up a safe and secure environment to ensure one does not expose themselves to malicious actors. Senior Threat Intel Specialist at Cybersixgill, Michael-Angelo Zummo, will demonstrate how to set up a secure environment (dirty machine) using Tails, how to find sources in the dark web, best practices when creating your first persona, communicate with threat actors, and of course, how to seek out threats once you gain access to the sources where threat actors plan, play, and profit. All while using real examples that attendees can try for themselves.
- todb && Tony Porterfield - "When VDPs and Bug Bounties Collide in EduTech"
- Bio1: Todb is a shmethical Hacker, CVE mucker-abouter, election judge, Metasploit collaborator, Rapid7 research director, podcaster.
- Bio2: Tony is a Rapid7 principal cloud security architect, education-tech hacker and defender, NY Times cited researcher, conference speaker and panelist.
- Abstract: In this ripping yarn of hackery and derring-do, Tod and Tony will first cover a pair of recent cloud-based vulnerabilities Tony discovered in a popular education SaaS vendor which could allow students to impersonate other students, teachers, and administrators. Then, we'll relate the instructive tale of how disclosure of these issues shook out with the vendor. We'll be covering issues of coordinated vulnerability disclosure (CVD), working with the edutech vendor, their bug bounty vendor (and importantly, the bounty NDA), the weirdness today around CVEs and the cloud, and ultimately published 0day without going to jail. Attendees will come away from this talk better prepared to a) investigate cloud services for vulnerabilities, possibly for bounties, possibly for glory, and b) get a crash course on the ""soft-skills"" involved in disclosing vulnerabilities without being a total jerk and also without getting tripped up by restrictive NDAs.
- Jared Peck - "Attribution Lost and Found"
- Bio: Jared Peck is a Senior Threat Researcher at Proofpoint where he focuses on phishing kit research and LATAM banking actors.
- Abstract: In this presentation I will discuss the basic process for real actor attribution, how this process was used to identify a phishing as a service (PhaaS) actor, how the Ukraine war botched my plans to achieve "official" attribution, and finally, how that disruption drove me to find a new financially motivated threat actor group targeting Portuguese and Spanish speaking victims with many interesting malware and phishing operations.
TURBO Talks (25 Minutes)
- Jonathan Bar Or - "The Achilles heel of the macOS Gatekeeper"
- Bio: Jonathan Bar Or ("JBO") is the Microsoft Defender research architect for cross platform and an all around offensive security researcher.
- Abstract: In recent years, Apple has significantly hardened macOS, making it harder for attackers to run arbitrary code on the system. One of the strictest hardening mechanisms completely stops non notarized downloaded binaries from executing on the system. This is known as the "Gatekeeper". In this talk, we will discuss how Gatekeeper works, review recent Gatekeeper bypasses and show our very own novel Gatekeeper bypass 0day reported to Apple this year. Lastly, we will examine heuristics for detection offered by Microsoft Defender for Endpoint on macOS.
- Martin Zugec - "Homograph Phishing Attacks - WYSI NOT WYG"
- Bio: Martin has > 20 years of IT experience. PowerShell lover since 2005. Slovakia -> Czechia -> Dubai -> South Florida (current home).
- Abstract: Homograph phishing attacks are based on the idea of using similar characters to pretend to be another site - for example g00gle.com. However, when combined with international domain names, they are much more powerful. While this issue was fixed for web browsers, there are other applications where this attack technique can be weaponized.
- Yael Grauer - "Ask And Ye Shall Receive: Answers to Your Burning Questions About Tech Journalism, Digital Security Guides, And More"
- Bio: Yael Grauer works at Consumer Reports managing Security Planner, has done investigative tech reporting, and really likes spreadsheets.
- Abstract: We all know that journalists sometimes get things wrong. Hackers have called out journalists for years, pointing to misconceptions about not just hacking but technology in general. This happens so often that I give a talk every single year roasting the worst cybersecurity reporting. But did you know that this phenomena is not limited to a single profession? In fact (gasp!) a lot of hackers have some grave misconceptions about how journalism works, too. I spent a decade working in journalism covering cybersecurity (among other things), working on everything from hard-hitting investigative features to product reviews to profiles, roundups, and pithy blog posts. Now I work for Consumer Reports managing managing Security Planner, a free, customized, easy-to-use guide to staying safer online. I have written a textbook, am working on a book, and have a Masters degree in journalism, which was a fun way to kill time between Def Cons. In this talk I will draw upon all of my experience as a producer, consumer, and critic of tech journalism for the spiciest Q+A. I can also answer questions about digital security guides, different business models for journalism (hint: it's probably not clickbait if it's a subscriber-model), the fact-checking process, and why the journalist is probably not the person leaking that secret you posted in your 50,000-person Slack. Bring your burning questions and let's get into it.
- Jonathan Fischer - "Cruisin' by your office with my C2, poppin' those shells, leavin' no clues"
- Bio: Jonathan Fischer is a hardware, RF, and IoT security enthusiast and industry professional with six years in the security industry.
- Abstract: "Have you ever bought a new toy, only to discover once you got it home that it fell short of expectations? Well, we have too. It's time that our tools, and not just their marketing, evolved with the times. This was the driving force behind the development of our new HID exploitation hardware implant project, Injectyll-HIDe. Rather than focusing on a single target like most commercial solutions, we opted to think larger. We developed this implant from the ground up to be customizable, covert, and scalable. Along with our custom C2, our implants communicate over a covert RF mesh network capable of having a thousand endpoints, evading detection. That's a thousand keyboards relaying, storing, and recording keystrokes! But wait, there's more! We can also pop shells and exfil data over our mesh network, leaving no record of network traffic to monitor on the target infrastructure. Reviews for this implant range from 'oh no, please, this is bad' to 'yeah we'll never detect that' and even sometimes 'just yikes' or '#!&%'. Attendees will learn how to create and customize their own implant using our open-source plans and how to deploy our implant anywhere a keyboard can go. Audience participation is a highly encouraged.
- Henry Markarian - "Compiling, but Backwards: what you can find under the Ghidra FID microscope."
- Bio: Henry Markarian is a student researcher at UIUC who focuses on identifying vulnerable functions in embedded systems with decompilation.
- Abstract: It is estimated that 98% of all microchips belong to embedded systems, the application-specific computers which enable much of our digital lives. Layers of physical, virtual, and programmatic isolation make the identification and exploitation of vulnerabilities in these systems infeasible for many adversaries. The last of these layers is now threatened by the proliferation of software like the NSA's Ghidra, which allow for functions and data to be recovered from the stripped binaries stored on embedded hardware. Ghidra alone is not suited to large-scale vulnerable function detection, but can exist as a base to build further tools upon. We propose to build a crowd-sourced code semantics inference system which uses code fingerprints to provide functional semantic information to users. Our aim is to identify existing vulnerabilities in firmware and provide future research with a functioning tool for specific analysis of firmware binary function signatures and code execution schemas.
- Jibran Ilyas - "Anatomy of a Ransomware Attack"
- Bio: Jibran is Managing Director at Mandiant (part of Google Cloud), Crain's 40 under 40, Adjunct Professor at NU, Speaker at DEFCON, Black Hat RSA, and THOTCON"
- Abstract: This talk intends to give a Ransomware Attack 101 lesson to the folks who don't understand the intricate details of what goes on in a real ransomware attack. Since we see all phases of the kill chain/attack life cycle, the goal of this talk is to demo the technical parts of the attack and also share anecdotes on common human reactions on major events from the discovery of ransom note and systems outage due to ransomware attack. The demos will be on infiltration, internal reconnaissance, privilege escalation, lateral movement, tunneling tools for persistent access, data reconnaissance and data exfiltration. The human stories would be around the reactions on major events from discovery of ransom note to hiring outside counsel, forensics firm and ransom negotiators, to major decision making based on forensic findings and comms with the threat actor. After listening to this session, the audience would have a greater understanding of the attack lifecycle of a ransomware attack and what they might want to prepare for in light of a potential ransomware attack.
- Gary Lobermier - "Evading EDR by DLL Sideloading with C#"
- Bio: My name is Gary Lobermier and I'm a Red Teamer and Penetration Tester for Northwestern Mutual.
- Abstract: Modern EDR systems will treat unknown exe files with a degree is skepticism. We'll spend time finding an MS Signed exe that is vulnerable to a DLL sideloading, and then search for the functions within the expected DLL to determine how to build a working PoC. For added spice, we'll write this DLL in C#, and explain why this managed bytecode from C# will still be executed within unmanaged code binaries.
- Alexa Thomsen - "Threat Hunter Playbook for ICS: Identify defender tactics for DETT&CT-ion in ICS Threat Hunting"
- Bio: Threat Hunter for ICS. Host-based analysis/analytic development for better/faster hunting. Always looking for bad in the web of 'normal'.
- Abstract: Every 39 seconds there is a cyber-attack and 43% of cyber-attacks target small business. It takes an average of 6 months to detect a data breach and more than 77% of organizations do not have an incident response plan. There are many guides, threat intelligence, and detection methods put together for threat hunting on standard enterprise networks, but it becomes more limited when looking at Industrial Control System (ICS) networks. When hunting on ICS, the network needs to be approached differently, and not all tools work the same way that you would normally use them. Nmap is a good example of this, where it is relatively safe to use in an enterprise environment but can have catastrophic effects in an ICS environment if not used properly. Some companies have created very thorough products that can highlight problems in a network, identify entry methods, and provide recommendations for remediation. But what if you are unable to have one of those products connected all the time, or didn't previously have one connected when called to respond to an incident? This talk presents methodology for ICS-based threat hunting and the creation of an open-source Threat Hunter Playbook that identifies both exploitation and detection methods for ICS/SCADA networks and MITRE T-codes, that uses only open-source tools to search for and identify malicious cyber actors. You never know where an incident might occur, and you might get called to investigate something, where a larger company does not already have a product in place. Some of the smaller local networks may not be able to afford a large company but are still at risk of being targeted. This playbook would help both local defenders and incident response teams. The detection methods that are listed capture ways to identify if that MITRE T-Code shows any evidence of a malicious cyber actor utilizing that technique, and the exploitation methods capture ways to test the security of your network, by being able to apply mitigations. While some detection methods for enterprise overlap, that is not always the case when it comes to detection on ICS. The playbook (when complete) will have two main parts. The first part will use open-source threat intelligence to map threats to MITRE, as well as include an overlay of detection capabilities for each T-Code. This then allows an intelligence person to highlight the most likely avenue for certain threat actors/groups based on environment type, which feeds the creation of a threat hunt plan. The Hunt Plan, is displayed in a table format showing the exploitation methods, detection methods, Analytics for Detection, and finally defense or mitigation/items. Each T-code can be selected for more information, including a description of the T-code, the affected platforms, and the data sources that should be pulled by the operator. Future features would include the ingest of logs and PCAPs to filter detection capabilities further based on actual environment data. I will also provide resources for tools, scripts, YARA or Snort rules, and ICS exploitation tools.
- nyxgeek - "Scraping Corporate America and the World: An Adventure in User Enumeration"
- Bio: Three things I love: Cracking passwords, user enumeration, and password spraying. Hacker at TrustedSec. Got two good CVEs and one lame one.
- Abstract: Microsoft M365 is ripe for user enumeration. Over the last
12 months, I passively enumerated more than 20 million users at Fortune 500 companies, government entities, and educational institutions around the world. This talk will compare M365 user enumeration methods and reliability, wordlist creation, and scraping operations. In addition, we will examine the 10m users identified in this M365 census, popularity of username formats, the associated domains, and their parent organizations.
- effffn - "it's not you, it's the vendor"
- Bio: Security Enthusiast, Con organizer, Runner, Beer lover https://about.me/effffn
- Abstract: You either spent time and effort looking for that one vulnerability on that product you love (or hate), or you just happened to stumble upon it while at customer engagement. You want to do what is right. And obviously be recognized for your work. Vendor's security contact? Disclosure policy? Check. You collected all the information needed to demonstrate the issue. The vendor acknowledged the submission. They STILL had a couple of questions. You clarified them. They finally got it. And, assuming you sent it via the bug bounty program, they paid the reward. Two weeks later they published a patch, issued an advisory, assigned a CVE so you can add it to the list and, done! You might even present it at your favorite hacker con later this year, right? Ha! Obviously not! Things beyond your control vary, and just like vulnerabilities, vendors usually share the same 'classes of' hurdles that can make this whole process suck. This presentation will give you a tour of the 'back of the house' and show some of the reasons why things usually don't go as (you have) planned: number of products, number of supported versions for a given product, software-release cycle, priorities, other vulnerabilities, other security researchers, product misconfiguration, etc. It will also cover some of the things researchers do that contribute to the process to suck. In the end, we hope you will have a better experience the next time you submit a vulnerability to a vendor.
- Lee Kushner - "Taking Back Monday - Rethinking Your Cyber Security Career"
- Bio: Lee has been helping CyberSecurity professionals make good career decisions for the past 25 years
- Abstract: While talented information security professionals are in short supply and high demand, they often do not receive the requisite benefits that they should command. The traditional recruitment machines and employment models slant disproportionately to the firms doing the hiring, versus the information security professionals themselves. The presentation will utilize real world examples on why these current models are suboptimal and favor employers. Attendees will come away with a logic based playbook for rethinking how they handle their career choices and how to gain maximum benefit for their highly sought after talents. The presentation will propose solutions for both information security professionals and the leaders who hire them (management) to create more successful and balanced recruitment processes and inspire retention and job satisfaction. The presentation primary goal is to encourage personal reflection and thought to their own career - both in their current position and as they think about their pursuit of future opportunities. The goal is to point out some of the ineffectiveness and inefficiencies of the traditional employment system and recruitment processes- as it pertains to their career as an cyber security professional, and provide the audience with both a thought framework and tangible takeaways that they can personally apply.
- Jay Smith && Jan Nunez - "Mainframe Hacking for CICS and Giggles"
- Bio1: Jay Smith is a lead security researcher with 25 years of experience across system/network engineering, development and offensive security.
- Bio2: Jan Nunez is a senior security researcher with a background in software development, regulatory compliance, and DAST testing.
- Abstract: Mainframe systems continue to drive global economic activity despite the "legacy" label they are often associated with. In fact, mainframes are responsible for business-critical functions across 70 percent of Fortune 500 companies. If you have ever withdrawn cash at an ATM, done your taxes online, or booked a flight for your next holiday, you have likely interacted with a mainframe. As with all business-critical systems, ensuring they are secure is imperative. One of the core components of many mainframe shops is the use of CICS, a platform for hosting applications. This component is something that has been largely overlooked in previous talks, which tend to focus on the z/OS operating system. Attendees will learn about how CICS applications work, how to adequately test and secure them as well as the numerous vulnerabilities that exist in poorly developed CICS applications.
- Eliad Kimhy - "The History of Ransomware: From Floppies to Droppers, and Beyond"
- Bio: Eliad is the head of Akamai Security Research CORE Team, and co-creator of the Malicious Life podcast.
- Abstract: Modern ransomware has become synonymous with some of the most devastating cyber attacks of our time.. But it hasn't always been so. 30 years ago, ransomware was born as a wild scheme, devised by a man armed with 10,000 floppy disks and a virus. How has this evolved into the most impactful form of cybercrime today, and what can this surprising, untold history teach us about our present and future?
- bemodtwz - "Injecting Personable Malware into Dating Sims with Pickles"
- Bio: Professional magician with love of mathematics who turned to hacking to make ends meet.
- Abstract: Load the wrong save file into Doki Doki Literature Club and you will get rooted. Not just DDLC but any game made with Ren'Py. This talk we cover how to create, modify and reverse python pickles and what you can do with them.
- Jordan Cyr - "School Assembly"
- Bio: My name is Jordan Cyr and I'm a cyber security Researcher for GRIMM.
- Abstract: Software reverse engineering can be daunting if you don't know what you're looking at. Most people getting started in their reverse engineering paths get frustrated with assembly language and what it actually means combined with how to actually read it. This talk is a brief introduction to assembly language and what the heck actually happens to all that electricity when you plug your computer into the wall. How does electricity turn it into cool computery stuff? This talk will give you an idea and how to mess with it yourself.
Track X - Mini Workshops (120 Minutes)
- Strikeout && Jesse Victors - "When Athletic Abilities Just Aren't Enough - Scoreboard Hacking"
- Bio1: Strikeout loves hacking all the thingz. From radio signals to kernel drivers to web applications. Give him something and he'll pwn it.
- Bio2: Jesse is a radio nerd. From HAM radio to Honda Car signal analysis, the world of radio is the most exciting place to be. Find me in the air.
- Abstract: No matter how much heart you bring to a sport, at the end of the game one thing determines the winner. In this talk, we will give out the undeniable secret to winning any sporting event: hacking the scoreboard. This talk covers the first ever publicly described wireless hack of a scoreboard, starting from reverse engineering the hardware, cracking encryption on wireless signals, and of course getting root. Then we'll cover novel attacks on the perception of time, arbitrarily changing the score, and DoS (denial of sports) attacks. Own the scoreboard, own the game.
- Price McDonald && Justin Berry - "Software Defined Radios: The Invisible Attack Vector"
- Bio1: Price is a perpetually curious person with interests in Hardware Hacking, Penetration Testing, Digital Forensics and Reverse Engineering.
- Bio2: Justin Berry is a principal consultant and does stuff. While not breaking corporate networks, Justin enjoys 8-ball and walks on the beach.
- Abstract: This hands on workshop will show attendees how to get started using software defined radios (SDRs) in a low cost fashion. In addition to learn how to use the SDR attendees will also be walked through some of the more popular SDR options for transmitting in addition to some of the most common applications for Personal, Research, and Security Testing.
- Qasim Ijaz && Ross Merritt - "Penetration Testing for Systems and
- Bio1: Qasim is Director of Offensive Security at Blue Bastion Security
and specializes in Active Directory and Healthcare penetration testing.
- Bio2: With 20 years of professional experience across multiple industries including DoD, Investigations, and Retail Management Ross brings a unique perspective to his role as an Associate Security
Consultant. With specialization in real world reconnaissance and surveillance, he also conducts social engineering, network vulnerability assessments, and external penetration testing. Outside of work Ross entertains as a comedian, plays video games, and tickles the ivories.
- Abstract: "The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to: 1. Perform a comprehensive penetration test against Active Directory environments. AND 2. Spot a bad penetration test. We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
- Marcelle Lee && Cory Kujawski - "Let's Get Cooking with CyberChef!"
- Bio1: Marcelle is a security researcher and adjunct professor. She specializes in cybercrime, digital forensics, and threat
- Bio2: Founding member of cisco ninjas, Co-founder of Darpanet, in association with dialtone ninjas, dopehouse ninjas, and ppchq.
Peanuter comes from a long online lineage of degenerate friends. Please don’t tell my employers what I have done.
- Abstract: CyberChef is an amazing web application for security practitioners - there are so many things that you can do with it! CyberChef features operations from cryptography to forensics to networking and more. In this workshop I will cover how to configure a local instance of CyberChef and then will step through numerous examples of how you can use it to perform functions such as analyzing malicious PowerShell scripts to extraction of EXIF and metadata to managing a laundry list of indicators sourced from a report. Participants will be provided with sample files and "recipes" to use in the workshop and will come away with the knowledge of how to use CyberChef in their environments.
- Gabi Cirlig - "One SMALI step for man, one giant step for researchers"
- Bio: Gabi is a software developer turned rogue, Gabriel went from developing apps for small businesses
to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For a couple of years he has shifted gears and started his career as a security researcher while speaking at various conferences (SAS, AVAR,
PHDays) showcasing whatever random stuff he hacked. With a background in electronics engineering and various programming languages, Gabi likes to dismantle and hopefully put back whatever he gets his hands on.
- Abstract: With more and more people using their phones as the primary device, mobile malware's prevalence skyrocketed. People nowadays store their money, memories and digital identities in their pockets, making their phones a ripe avenue for attackers. From the high level threat landscape, down to the nitty gritty of every specific actor, understanding the basics of Android reverse engineering can give an analyst the necessary cutting edge. This is what this workshop wants to deliver: taking people from zero to hero in order to give them a more thorough understanding of the Android malware landscape. The talk will cover the basics of Android, its malware ecosystem, APK structure, DEX file internals and how this can be exploited in order to decompile and deobfuscate malware. In addition, we will solve hands-on exercises with fresh malware samples where I will demonstrate how the knowledge gained can be put to good use in extracting C2s and other interesting information.