DemoLabs List


DEF CON Demolabs

Brief demonstrations for people to show off their project.
DEF CON All Demolabs Forum page



Abusing Microsoft SQL Server with SQLRecon – Sanjiv Kawa

Demolabs DC Forum Page

Abusing Microsoft SQL Server with SQLRecon

Saturday August 12, 12:00 – 13:55, Caucus Boardroom, Forum

Sanjiv Kawa

SQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.

Sanjiv Kawa (@sanjivkawa) is a Senior Managing Security Consultant on the IBM X-Force Red Adversarial Simulation team with over ten years of experience performing offensive security assessments. As part of the IBM X-Force Red Adversarial Simulation team, Sanjiv spends his days breaking into the largest organizations in the world by emulating adversary tactics, techniques and procedures to reach target objectives. He then advises these organizations on ways they can improve their security posture by implementing or tuning controls. Sanjiv is an active member in the security community. He has developed a variety of tooling and presented at large conferences, such as BSides and Wild West Hackin’ Fest and frequently contributes to projects on GitHub.

Audience – Offense and Defense​StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationCaucus Boardroom, Forum


Am I Exploitable? (MI-X) – Ofri Ouzan & Yotam Perkal

Demolabs DC Forum Page

Am I Exploitable? (MI-X)

Saturday August 12, 12:00 – 13:55, Council Boardroom, Forum

Ofri Ouzan & Yotam Perkal

Addressing security vulnerabilities begins with verifying the impact on an environment. Merely having a vulnerable package installed does not guarantee exploitability, as several conditions must align for the vulnerability to be applicable and exploitable. For example: is the operating system in question susceptible to the vulnerability? is the vulnerable component loaded to memory? is the required configuration in place? is there a patch installed? And more… Standard vulnerability scanners simply do not take these factors into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect *actual* exploitability. MI-X also prints out the logical steps it takes in order to reach a decision and can also provide a graphical representation of the validation flow. The tool can therefore help practitioners understand what are the factors that affect exploitability for each of the supported vulnerabilities.

Ofri Ouzan is an experienced Security Researcher who has been working in the cybersecurity field for over four years. She specializes in conducting security research on Windows, Linux, Cloud Platforms, and containerized applications with an emphasis on vulnerabilities. Her expertise lies in finding and solving complex problems in the cyber field, developing automation and open-source tools.

Yotam leads the vulnerability research team at Rezilion, focusing on research around vulnerability validation, mitigation, and remediation. Prior to Rezilion, Yotam filled several roles at PayPal Security organization, dealing with vulnerability management, threat intelligence, and Insider threat. Additionally, Yotam takes part in several OpenSSF working groups around open-source security as well as several CISA work streams around SBOM and VEX and is also a member of the PyCon Israel organization committee. He is passionate about Cyber Security and Machine Learning and is especially intrigued by the intersection between the domains, whether it be using ML in order to help solve Cyber Security challenges or exploring the challenges in securing ML applications.

Audience – Defense and Offense​StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationCouncil Boardroom, Forum


Attack Surface Framework – Prajwal Panchmahalkar & Mike Henkelman

Demolabs DC Forum Page

Attack Surface Framework

Friday August 11, 14:00 – 15:55, Council Boardroom, Forum

Prajwal Panchmahalkar & Mike Henkelman

Attack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs. The Attack Surface Framework (ASF) is a modular, extensible, and customizable framework designed to help organizations manage their public attack surface risks. ASF will auto-discover assets such as network subnets, domains including subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible, attacking and alerting framework, leveraging another layer of support. ASF provides modules for attack surface management including asset discovery and management, asset enumeration, vulnerability scanning, and vulnerability testing. ASF is equipped with a set of CLI tools and an API, enabling users to interact with the framework and integrate it with other tools and processes. Additionally, ASF includes a web-based user interface for visualizing an organization’s attack surface and managing vulnerabilities.

Prajwal Panchmahalkar is a Technical Director, Red Team at VMware Inc., He has contributed to public security research and has been the Development Lead for Matriux since 2009. In the past he was a Research Assistant at Texas Tech University working on Security of Critical Infrastructure and Smart Grid Energy Systems, with a journal published on Elsevier. A Finalist for America’s Information Security Leadership Award 2012 (AISLA) by (ISC)2. Previously Prajwal was a speaker at BlackHat Arsenal, c0c0n, BSidesLV and GrrCon. Currently on review board for c0c0n, India. He was a chapter lead for n|u, Hyderabad an open security community. Prajwal holds a Masters degree in Computer Science from the Texas Tech University, Lubbock.

Mike Henkelman is a Sr Manager, Vulnerability Management Global at VMWare Inc. He began his career as a MCSE certified systems administrator in the mid 90’s before joining Cisco Systems and working in the IPABU on the edge development team for the 2600 series router and 3500 series switch and authoring white papers on CEF. Going on to manage several enterprise data centers, he later began focusing on information security and managed Vulnerability Management programs for companies that include Pivotal Software before joining VMWare where his team mitigates risk for one of corporate America’s largest asset libraries with audit attestations that include FedRAMP IL5 High, CE+. I24, IRAP, PCI-DSS among nearly two dozen others.

Audience – Defense and Offense


StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationCouncil Boardroom, Forum


BBOT (Bighuge BLS OSINT Tool) – TheTechromancer (Joel Moore) & Paul Mueller

Demolabs DC Forum Page

BBOT (Bighuge BLS OSINT Tool)

Saturday August 12, 12:00 – 13:55, Accord Boardroom, Forum

TheTechromancer (Joel Moore) & Paul Mueller

BBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command.
Features include:
– multiple targets
– automatic dependencies w/ ansible
– python API
– subdomain enumeration
– email enumeration
– cloud bucket enumeration
– port scanning
– web service enumeration
– web screenshots
– web spidering
– vulnerability scanning (with nuclei and more)

TheTechromancer is a hacker at Black Lantern Security (BLS). He loves coding in Python, and is the creator of several security tools including ManSpider, TrevorSpray, and BBOT (Bighuge BLS OSINT Tool). He has also made contributions to other open-source projects such as Spiderfoot.

Paul Mueller is a Principal Operator at Black Lantern Security (BLS). He specializes in web application testing and application security. He loves finding complex hard-to-find web bugs, especially when they involve cryptography. He is also one of the developers for the BLS tools Writehat and BBOT (Bighuge BLS OSINT Tool). Prior to working with BLS, he spent over a decade as a DoD contractor providing both penetration testing and security analysis/incident handling. He got his start in the field as a systems administrator and later as a Signals Intelligence Analyst with the US Marine Corps.

Audience – BBOT is useful to both Offensive (for automating recon / bug bounties) and Defensive (for attack surface mapping).


StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationAccord Boardroom, Forum


BLE CTF – Ryan Holeman & Alek Amrani

Demolabs DC Forum Page

BLE CTF

Saturday August 12, 14:00 – 15:55, Unity Boardroom, Forum

Ryan Holeman & Alek Amrani

BLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, trainings, and conferences have utilized it as an educational platform and CTF. As an open source, low cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.

Ryan Holeman resides in Austin, Texas, where he works as the CISO for the peer-to-peer payment platform Strike. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

Alek Amrani – bad at expense reports

Audience – Offensive & Hardware


StartsAugust 12, 2023 14:00EndsAugust 12, 2023 15:55LocationUnity Boardroom, Forum


Build Inspector – A modern Javert on the trail of CI/CD Anomalies and Intruders – Jeremy Banker

Demolabs DC Forum Page

Build Inspector – A modern Javert on the trail of CI/CD Anomalies and Intruders

Friday August 11, 12:00 – 13:55, Caucus Boardroom, Forum

Jeremy Banker

In the ever evolving landscape of software development, maintaining the integrity and security of your build, test and deployment pipelines is paramount. Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs. Watch as the inspector turns piles of plaintext logs into structured data, perfect for automated analysis, correlation and alerting. With simple containerized deployment and self-documenting REST API, it has never been easier to ensure your build logs are always being watched.

A lifelong learner and broad technology enthusiast, Jeremy Banker holds a Masters degree in Information Security and is a founding member of the Security Product Engineering, Automation and Research (SPEAR) team at VMware. He has designed, built and implemented solutions to ensure that VMware’s software supply chain remains secure. When not looking for new ways to keep software safe, he can usually be found tinkering with all manner of gadgets, working to bring amateur radio software into the modern era, or enjoying the peace of nature in his native Colorado.

Audience – DevSecOps, Compliance, Threat Management, Vulnerability Management


StartsAugust 11, 2023 12:00EndsAugust 11, 2023 13:55LocationCaucus Boardroom, Forum


CNAPPGoat – Noam Dahan, Igal Gofman

Demolabs DC Forum Page

CNAPPGoat

Friday August 11, 12:00 – 13:55, Accord Boardroom, Forum

Noam Dahan & Igal Gofman

CNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention. CNAPPGoat is an extensible modular tool that deploys environments with more complex scenarios – vulnerable VMs, multi-stage lateral movement attacks, IaC misconfigurations, and vulnerable IAM misconfigurations.

Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. Noam was a competitive debater and is a former World Debating Champion.

Igal Gofman is a Head of Security Research at Ermetic. Igal has a proven track record in cloud security, network security, research-oriented development, and threat intelligence. His research interests include cloud security, operating systems, and active directory. Prior to Ermetic Igal worked at Microsoft, XM-Cyber, and Check Point Software Technologies. Igal has spoken at various leading security conferences including Black Hat and DEF-CON. |
Audience – Primary audience: Defense, Cloud Security, Secondary audience – Offense​StartsAugust 11, 2023 12:00EndsAugust 11, 2023 13:55LocationAccord Boardroom, Forum


Dracon – Spyros Gasteratos

Demolabs DC Forum Page

Dracon

Friday August 11, 12:00 – 13:55, Council Boardroom, Forum

Spyros Gasteratos

Dracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture. Dracon can run a wide range of security tools against any target, and it can deduplicate and enrich the results of those tools with contextual or regulatory information. Dracon can then send the enriched results to any visualization or data processing tool. Here are some of its key features: Automated security workflows: Dracon can automate the execution of security tools and the aggregation of results, which saves both time and effort. Scalable and flexible: Dracon is both scalable and flexible with a wide array of existing integrations and more on the way, Dracon integrates seamlessly with any exisitng toolset. Open source: Dracon is open-source platform, which means that it is free to use and modify.

Spyros is a Security Engineer with over a decade of experience in various organisations. Currently, he is helping Fintechs mature their AppSec programmes through automation. He maintains several Open Source projects including Dracon, opencre.org and others. Also, he is heavily involved with the OWASP foundation helping with outreach and diversity efforts.

Audience – Offense, Defense, AppSec, CloudSec​StartsAugust 11, 2023 12:00EndsAugust 11, 2023 13:55LocationCouncil Boardroom, Forum


Ek47 – Payload Encryption with Environmental Keys – Kevin Clark, Skyler Knecht

Demolabs DC Forum Page

Ek47 – Payload Encryption with Environmental Keys

Friday August 11, 12:00 – 13:55, Committee Boardroom, Forum

Kevin Clark & Skyler Knecht

Ek47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the absence of these environmental keys, Ek47 payloads will not decrypt and execute. This creates a strong resistance to automated/manual analysis and reverse engineering of payloads. Ek47 supports many different environmental keys such as current user, domain, computer name, installed programs, and more. Additionally, Ek47 supports packing payloads of .NET assemblies, unmanaged DLLs, and raw shellcode. Ek47 payloads are themselves .NET assemblies and can be uploaded to disk or executed reflectively via any execute-assembly method. By default, a standard AMSI/ETW bypass is executed before the main payload is executed, but Ek47 makes it easy to add custom bypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management, PE header stomping, and generation of service executables.

Kevin Clark is a Software Developer turned Penetration Tester at TrustedSec. He focuses on initial access and Active Directory exploitation. He contributes to open-source tools such as PowerShell Empire and Metasploit. He also writes his own custom security tools such as Badrats and Ek47. Kevin has a passion for education and volunteers on the Midwest Collegiate Cyber Defense Competition (CCDC) red team. He teaches courses with BC-SECURITY at BlackHat and other venues about Evasion, Red Teaming, Empire Operations, and Active Directory. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.

Skyler Knecht is a Information Security Specialist who performs a variety of security assessments including, phishing, internal/external penetration tests and red teaming. Skyler Knecht worked as a consultant for three years and has recently pivoted to an internal team at Navy Federal Credit Union. Skyler Knecht is continually researching all fields of study but is primarily focused developing offensive tooling such as command and control frameworks and implants.

Audience – Offense, Red Team


StartsAugust 11, 2023 12:00EndsAugust 11, 2023 13:55LocationCommittee Boardroom, Forum


EvilnoVNC: Next-Gen Spear Phishing Attacks – Joel Gámez Molina

Demolabs DC Forum Page

EvilnoVNC: Next-Gen Spear Phishing Attacks

Friday August 11, 14:00 – 15:55, Committee Boardroom, Forum

Joel Gámez Molina

EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim’s actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.

Systems administrator with more than ten years of experience, he currently works as a security consultant at Deloitte Touche Tohmatsu, where he develops adversarial simulation exercises (Red Team Operations). Previously, he was Chief Technology Officer (CTO) of the startup Cyberguard. He also teaches courses and masters in ethical hacking, pentesting and PowerShell for high-level organizations and universities. Creator of the blog darkbyte.net and speaker at renowned national and international conferences, such as Black Hat USA (2020/2021) and Black Hat Europe (2022). Programmer of hacking tools in his spare time, he has developed tools of all kinds, such as: AutoRDPwn, Cloudtopolis, EvilnoVNC, Invoke-DNSteal, PyShell or PSRansom among others.

Audience – Offense & Social Engineering.​StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationCommittee Boardroom, Forum


FlowMate – Florian Haag, Nicolas Schickert

Demolabs DC Forum Page

FlowMate

Friday August 11, 12:00 – 13:55, Society Boardroom, Forum
Florian Haag & Nicolas Schickert

Imagine pentesting a large web application with hundreds of pages and forms, as well as user roles and tenants. You discover that your chosen username is reflected in many locations inside the application, but you don’t have a detailed overview. You want to test whether the chosen username is handled properly or allows for injection attacks, such as Cross-Site Scripting or Server-Site Template Injection. Now you face the challenge of finding all locations where your payloads appear when injecting into the username. In large applications, you’ll likely miss some, potentially leaving vulnerabilities undetected. This is where FlowMate comes into play, our novel tool to detect data flows in applications for enhanced vulnerability assessments. FlowMate consists of two components: A BurpSuite plugin and a data flow graph based on Neo4j. It records inputs to the application as you go through the pages exploring the application and searches for occurrences of the captured inputs in the responses. This results in a graph that can be visualized and searched for parameters of interest and where they’re occurring on the site. Understanding the data flows of an application helps to significantly improve the test coverage and bring your pentesting to the next level.

Florian Haag is a senior security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In previous scientific work, he worked on novel approaches to application-level data flow analysis to improve penetration testing coverage. In addition, he analyzed website clones used in phishing campaigns and the frameworks that are used by fraudsters to create and operate cloned websites.

Nicolas Schickert is security researcher and penetration tester at usd AG, an information security company based in Germany. He is in charge of SAP specific penetration tests at the usd HeroLab. In this role, Nicolas is responsible for the collection of SAP related knowledge and the development of new analysis tools. He is interested in reverse engineering and vulnerability research and has published several zero-day vulnerabilities, not only in the context of SAP.

Audience: Offense, AppSec​StartsAugust 11, 2023 12:00EndsAugust 11, 2023 13:55LocationSociety Boardroom, Forum


Glyph – Corey Hartman

Demolabs DC Forum Page

Glyph

Friday August 11, 14:00 – 15:55, Society Boardroom, Forum

Corey Hartman

Reverse engineering is an important task performed by security researchers to identify vulnerable functions and malicious functions in IoT (Internet of Things) devices that are often shared across multiple devices of many system architectures. Common techniques to currently identify the reuse of these functions do not perform cross-architecture identification unless specific data such as unique strings are identified that may be of use in identifying a piece of code. Utilizing natural language processing techniques, Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.

Corey Hartman served 6 years active duty in the United States Air Force, later obtaining a Bachelor of Science degree in Software Development, and a Master of Science degree in Computer Science. Corey is now a student at Dakota State University pursuing a PhD in Cyber Operations with his dissertation focused on behavioral analysis of malware through machine learning, and works as a software developer and reverse engineer out of San Antonio, Texas.

Audience – Reverse engineers​StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationSociety Boardroom, Forum


HardHat Command & Control Framework – Jonathan Owens

Demolabs DC Forum Page

HardHat Command & Control Framework

Saturday August 12, 14:00 – 15:55, Committee Boardroom, Forum

Jonathan Owens

HardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing. HardHat aims to improve the quality-of-life of operators by providing an easy-to-use but formidable C2 framework by incorporating robust features, ease of data access, and modern UI upgrades to a high-level language that is easily extensible.

Jonathan Owens is a red team operator on the Adversary Simulation team at SpecterOps, where he conducts advanced offensive engagements, such as red teaming exercises, penetration tests, and tool creation. He enjoys C# development and learning new programming languages with a specific focus on command & control framework and agent development. He maintains a tool repo at https://github.com/dragoqcc.

Audience – Offensive​StartsAugust 12, 2023 14:00EndsAugust 12, 2023 15:55LocationCommittee Boardroom, Forum


ICS Forensics tool – Maayan Shaul & Ori Perez

Demolabs DC Forum Page

ICS Forensics tool

Saturday August 12, 14:00 – 15:55, Society Boardroom, Forum

Maayan Shaul & Ori Perez

Microsoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.

Maayan Shaul is a Malware Analyst and Security Researcher in Section52 at Microsoft Defender for IoT (formerly CyberX). Experienced in the fields of malware analysis, reverse engineering and the IoT/OT landscape.

Ori Perez is a Malware Analyst and Reverse Engineer with vast experience in dealing with Nation-sponsored cyber attacks as an ex-officer at the IDF’s CERT. Ori is manager at Microsoft Defender for IoT research team (formerly CyberX) and research IoT/OT protocol research for IoT/OT tools .

Audience – Defense, forensics folks, ICS/OT enthusiastic​StartsAugust 12, 2023 14:00EndsAugust 12, 2023 15:55LocationSociety Boardroom, Forum


Katalina – Gabi Cirlig

Demolabs DC Forum Page

Hello!

I’m Gabi and I’ll slowly be releasing bits and pieces of what Katalina can do while we get closer to the conference. Since I’ll be launching the tool live when the conference starts, it’s gonna be a bit more until y’all can play with the tool 😀 For now, please find attached some funny strings that I’ve deobfuscated from a Xenomorph sample!

Click image for larger versionName:	image.pngViews:	109Size:	85.2 KBID:	246643

This is how the original function for the string "hq.json" looked like:

Click image for larger versionName:	image.pngViews:	60Size:	149.3 KBID:	246644

Katalina automatically found an entrypoint that called this string obfuscating function, executed it and spit out the generated string! As you can see, the tool is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android bytecode automatically or one function at a time, but more on that in a later post. For more questions feel free to post here or DM me on Twitter (@hookgab) or Mastodon (hookgab@mas.to).


Kraken, a modular multi-language webshell for defense evasion – Raul Caro

Demolabs DC Forum Page

Kraken, a modular multi-language webshell for defense evasion

Saturday August 12, 12:00 – 13:55, Society Boardroom, Forum

Raul Caro

Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python. Kraken follows the principle of "avoiding command execution" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.

Raul Caro Teixido (OSCP, CRTE) is an Offensive Security Engineer at Telefonica Tech. He is the co-author of Mistica (your friendly data smuggler) presented in BlackHat Arsenal USA 2020, and the creator of Kraken (a modular multi-language webshell).

Audience – offensive (red team) and defensive (blue team and threat hunting) profiles


StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationSociety Boardroom, Forum


Lambda Looter – Doug Kent & Rob Ditmer

Demolabs DC Forum Page

Lambda Looter

Saturday August 12, 10:00 – 11:55, Accord Boardroom, Forum

Doug Kent & Rob Ditmer

Organizations can have thousands of lines of code that are stored in Lambda on AWS. This application was built to help reduce the amount of time it takes to review that code. On our last Pen Test, we had so much Lambda code to review it was impossible to parse through all of it in the short amount of time assigned to our test. This lack of time created a necessity to automate the review of that lambda code for secrets. Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory. Even though this tool can generate a number of false positives it makes looking for secrets much faster than scanning the code manually.

Doug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pen Testing team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.

Rob has been on the State Farm PenTesting Team for 2 years. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant – enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the PenTesting team, ultimately to better the protections around State Farm data.

Audience – Penetration Testers, Red Teamers, AWS Admins, AWS Developers, Threat Hunters​
StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationAccord Boardroom, Forum


Lupo: Malware IOC Extractor – Vishal Thakur

Demolabs DC Forum Page

Lupo: Malware IOC Extractor

Saturday August 12, 10:00 – 11:55, Caucus Boardroom, Forum

Vishal Thakur

Lupo is a dynamic analysis tool that can be used as a module with the debugger.

Vishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, FIRST, SANS DFIR Summit) and has also run training/workshops at BlackHat and FIRST Conference. Vishal is currently working as Manager, Threat Operations Center at Huntress. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia.

Audience – Defense, Malware Analysis, Reverse Engineering


StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationCaucus Boardroom, Forum


OpenSSF Scorecard – Naveen Srinivasan & Neil Naveen

Demolabs DC Forum Page

OpenSSF Scorecard

Friday August 11, 14:00 – 15:55, Caucus Boardroom, Forum

Naveen Srinivasan & Neil Naveen

Introducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project’s adherence to security best practices, assigning a score based on the results. The scores and detailed analysis are readily accessible via a comprehensive API (https://api.securityscorecards.dev), empowering developers to easily integrate security checks into their workflows. Additionally, Scorecard provides a CLI for individual use and a GitHub action that allows repository owners to continuously monitor and improve their project’s security posture. Whether you’re a seasoned developer or an open-source enthusiast, Scorecard gives you the power to make the software supply chain safer for everyone.

Naveen Srinivasan is a contributor and maintainer of multiple http://github.com/ossf/ projects, a member and contributor to the http://github.com/sigstore organization. His contributions have earned him recognition with Google Peer Bonus awards in 2021 https://twitter.com/snaveen/status/1422921438764453897 and 2022 https://twitter.com/snaveen/status/1563194155333222400. He has consistently contributed to the open-source community for an extended period, with no gaps in activity for the past two years.In addition to his technical contributions, He is a sought-after speaker at conferences, discussing topics related to supply chain security and mitigating risks in open-source software. He can be found on Twitter (@Naveen_Srini) at https://twitter.com/Naveen_Srini_

Neil Naveen is an 8th grader in the US who is passionate about jiu-jitsu, solving Leetcode puzzles, and book author. OSS contributor.

Audience – AppSec, DevSecOps​StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationCaucus Boardroom, Forum


OWASP crAPI: Completely Ridiculous API – Jayesh Ahire and Roshan Piyush

Demolabs DC Forum Page

OWASP crAPI: Completely Ridiculous API

Friday August 11, 14:00 – 15:55, Accord Boardroom, Forum

Jayesh Ahire, Roshan Piyush

OWASP crAPI is an intentionally vulnerable API designed to teach and demonstrate common API security flaws. It serves as a playground for security enthusiasts, developers, and penetration testers to learn about API vulnerabilities and practice exploiting them in a safe environment. This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.

Jayesh Ahire is a passionate security professional and open-source contributor with a strong background in application and API security. They have experience working with numerous organizations to design and implement secure API architectures and integrate security practices into their development processes. Jayesh has been actively involved in the OWASP community and enjoys sharing their knowledge through presentations, workshops, and mentorship.

Roshan Piyush is Security Research Engineer, solving API Security using the powers of Machine Learning and Distributed Tracing. He has 8+ years of research experience mainly focusing on API Security for the last 5+ years. He loves building security stacks, tools, and solutions. He is also a core member of the Owasp Coraza WAF team and a leader of the Owasp crAPI project.

Audience – Offense, Defense, AppSec, and Mobile

StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationAccord Boardroom, Forum


Pcapinator: Rise of the PCAP Machines – Mike Spicer & Henry Hill

Demolabs DC Forum Page

Pcapinator: Rise of the PCAP Machines

Saturday August 12, 12:00 – 13:55, Unity Boardroom, Forum

Mike Spicer & Henry Hill

Pcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis. Inspired by the Terminator, Pcapinator is designed to relentlessly analyze, decode, and filter network packets using all of the resources a system makes available to it, making it a formidable asset for diving deep into PCAPs. Leveraging the robust capabilities of Wireshark’s TShark tool, Pcapinator parses and extracts vital information from pcap files, while Python’s extensive libraries and scripts offer advanced processing and automation options. Pcapinator is built to handle extremely large PCAP files, search for anomalies in those files, and uncover the hard-to-find information in network traffic, making it an essential tool for PCAP analysis.

Mike Spicer, known as d4rkm4tter, is a cybersecurity expert and innovative hacker with an affinity for pushing the boundaries of both hardware and software. With an unquenchable curiosity for all things wireless, Mike’s passions have propelled him to build and explore much of the wireless spectrum. Armed with a degree in computer science, Mike has harnessed his skills to build and break a diverse range of systems. His expertise covers web application penetration testing, wireless monitoring and tracking, and reverse engineering. As the designer of the renowned #WiFiCactus, Mike has brought his projects from idea to reality in the cybersecurity world. His unique take on wireless has garnered significant attention, where he has presented and demonstrated his work at conferences such as BlackHat, DEF CON and others around the world.

Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.

Audience – Offense for Recon, Defense for threat identification and forensics.​StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationUnity Boardroom, Forum


ProjectDiscovery Nuclei – Brendan O’Leary & Pj Metz

Demolabs DC Forum Page

Use this Thread to put any questions you might have for us about Nuclei or our other tools. We will try to use these while planning our demo to make sure we’re being helpful.


Red Wizard: user-friendly Red Teaming infrastructure – Ben Brücker

Demolabs DC Forum Page

Red Wizard: user-friendly Red Teaming infrastructure

Saturday August 12, 12:00 – 13:55, Committee Boardroom, Forum

Ben Brücker

In this demo I will introduce our new open-source tool called Red Wizard. Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments. Additionally, the infrastructure is self-documenting, making the sharing of all relevant details to your team of operators a breeze. The tool is build to make sure to provide you with a resilient setup that is OPSEC-safe. By retrieving all critical key material from the deployed servers, you will be able to rebuild and keep receiving your shells even if one of your servers crashes and burns. The technology used for Red Wizard is mainly based on Ansible and Docker.

Ben, Secura’s Red Teaming lead, has more than 9 years of experience in the field. With a strong passion for Social Engineering, he enjoys employing initial access techniques and has played a pivotal role in creating Secura’s user friendly and OPSEC-safe Red Teaming infrastructure. In addition to his Red Teaming responsibilities, Ben also serves as a trainer for various courses and frequently shares his expertise as a public speaker at conferences. Having gained invaluable knowledge from the infosec community, he now aims to contribute back by open sourcing a number of tools and delivering presentations at conferences.

Audience – Offense, Red Teamers, Penetration testers, Social Engineers​StartsAugust 12, 2023 12:00EndsAugust 12, 2023 13:55LocationCommittee Boardroom, Forum


RuleProcessorY & Gramify – Rule Optimization & Password Analysis tools – Niels Loozekoot

Demolabs DC Forum Page

RuleProcessorY & Gramify – Rule Optimization & Password Analysis tools

Saturday August 12, 14:00 – 15:55, Caucus Boardroom, Forum

Niels Loozekoot

The RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime. Additionally it can process rules as hashcat would with an additional support for multi-byte/multi-character rules (inserts & replace primarily). Gramify offers an easy method to create base words and candidates to utilize with wordlist and combination attacks by splitting data by words, characters, or character-set. This can help with password phrases, quotes, sentences, combinator attacks, and extracting base-words from passwordlists.

Working as Pentester Niels has an extensive background in the security field. Niels has a background in web-development and knows his way around C, C++, C#, and Python and is active in the password cracking/research communities of Hashcat, Hashkiller, and HashMob. Winning in the CrackTheCon password cracking contest, and achieving 3rd place in both the CrackMeIfYouCan 2021 & 2022.

Audience – Offense​StartsAugust 12, 2023 14:00EndsAugust 12, 2023 15:55LocationCaucus Boardroom, Forum


Saturday – Joshua Herman

Demolabs DC Forum Page

Saturday

Saturday August 12, 10:00 – 11:55, Council Boardroom, Forum

Joshua Herman

This tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone. It is preprogramed with tools that it can intelligently use to accomplish certain tasks such as performing a search on shodan given an IP address.

I am a release engineer specializing in compliance of information security vendors for post trade currencies. Previously I was a software engineer with experience with distributed computing and UI / UX using Python and Javascript in the same department . I have a decade of professional experience in software engineering in various industries such as insurance, CRM, Trade Show applications, recommender systems and cryptocurrency . I also have contributions to open source projects such as CPython documentation, triaging and features.

Audience – Offensive / Defensive / AppSec​StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationCouncil Boardroom, Forum


Shufflecake, AKA Truecrypt on Steroids for Linux – Tommaso Gagliardoni & Elia Anzuoni

Demolabs DC Forum Page

Because we do not want to let you down at DEF CON, we just released a major upgrade of Shufflecake!


## [0.4.0] – 2023-07-24

### Added
– Benchmark suite with testing tools for Shufflecake, LUKS, and VeraCrypt.
– `changepwd` action to change an existing password.
– `checkpwd` action to check if a given password is correct.
– Improved documentation in `README.md` on using `init` non-interactively.
– `doc` section which for now includes figure of Shufflecake header structure.

### Refactored

– Implemented reference slice allocation algorithm with much faster performance.

### Fixed

– Fixed a bug that made `–skip-randfill` option not work.
– Fixed a bug that made action `close` not work.

### Changed

– BREAKING CHANGE: slightly modified header field format, removing redundant MAC field and making it adherent to documentation.
– Action `init` now reads password from secure interface (not echoing characters, etc).
– Updated instructions in `SECURITY.md`.




Strix Interceptor – Lexie Thach

Demolabs DC Forum Page

Strix Interceptor

Friday August 11, 10:00 – 11:55, Unity Boardroom, Forum

Lexie Thach

The development of unmanned aerial vehicles (UAVs) has revolutionized data collection, but security challenges have emerged. In response, Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations. It utilizes software analysis to detect and track unauthorized UAVs, predicting their flight path without compromising itself. Strix also encompasses ground-based support systems for enhanced mission effectiveness. The ground-based robots and drones can perform tasks such as reconnaissance, target identification, and data analysis to enhance the effectiveness of Strix’s mission.The drone can detect RF anti-drone systems and, if identified, utilize multi-RF spoofing technology to disrupt or block their signals. This allows Strix to enter protected airspace undetected, while staying within legal bounds when required. Strix was designed to identify other UAVs and attempt to jam or possibly control their signals to their flight operators. Its hardware includes sensors, a robust communication system, and the Pixhawk autonomous flight module, which provides open-source flexibility and customization options.Strix’s small and agile design enables high-speed flight and maneuverability in confined spaces. Advanced encryption ensures data security during collection and transmission. As an open-source project, Strix encourages customization and collaboration, making it an invaluable tool for securing airspace and mitigating UAV threats. Its interception capabilities and defensive measures, including multi-RF spoofing, contribute to UAV-driven security systems while respecting legal considerations. This makes it a powerful tool for securing airspace and preventing unauthorized UAVs from posing a threat. Its ability to detect and intercept UAVs in flight, coupled with its defensive capabilities against anti-drone systems, including the ability to employ multi-RF spoofing technology, makes Strix an essential component of any security system that relies on UAVs for data collection and analysis. Strix aims to showcase the potential of UAVs in a lawful and responsible manner, promoting safety, innovation, and ethical practices within the drone industry.

Lexie Thach is a dedicated cybersecurity professional who has spent nearly a decade honing her skills in various roles within the industry. Throughout her journey, she has had the privilege of gaining invaluable experience in diverse cybersecurity domains, including ICS/SCADA and avionics security. Driven by an insatiable thirst for knowledge, Lexie has developed a genuine passion for electrical engineering, programming, and robotics engineering, despite not having a conventional academic background. She is currently working towards completing her studies, constantly striving to expand her knowledge and capabilities.Lexie’s journey began at a young age when she made the decision to serve her country in the US Airforce. For a period of eight years, she had the opportunity to contribute her expertise in cyber security and tactical networks for aircraft missions and operations. It was during this time that she was exposed to the complexities of intercepting aircraft, particularly drones, and learned valuable lessons from observing the tactics and techniques employed by state actors, hacker groups, and organizations. Drawing from her diverse experiences and the challenges she faced, Lexie has embarked on projects centered around securing and assessing the security of autonomous systems. Her passion is rooted in the desire to share the techniques she has learned and to contribute to the advancement of secure autonomous systems.

Audience – I hope to attract other drone enthusiasts, drone researchers, aerospace industry professionals, and other open-source community driven developers to my demo.​StartsAugust 11, 2023 10:00EndsAugust 11, 2023 11:55LocationUnity Boardroom, Forum


SucoshScanny – Mustafa Bilgici, Tibet Öğünç

Demolabs DC Forum Page

SucoshScanny

Friday August 11, 10:00 – 11:55, Caucus Boardroom, Forum

Mustafa Bilgici & Tibet Öğünç

SucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.

Mustafa Bilgici has been doing cyber security and application security research for 4 years. It conducted vulnerabilities in many applications and reported these vulnerabilities to companies. He also works as a cyber security researcher and developer in various cyber security companies.

Tibet Öğünç has been doing cyber security and application security research for 4 years and has discovered vulnerabilities in many web applications and helped organizations to protect themselves from attackers. As a developer in web coding languages such as Node Js., Python, Php Javascript, he works as a software developer and team leader for the development of many products.

Audience – Offense, Defense and AppSec​
StartsAugust 11, 2023 10:00EndsAugust 11, 2023 11:55LocationCaucus Boardroom, Forum


T3SF (Technical TableTop Exercises Simulation Framework) – Federico Pacheco, Joaquin Lanfranconi

Demolabs DC Forum Page

T3SF (Technical TableTop Exercises Simulation Framework)

Friday August 11, 10:00 – 11:55, Council Boardroom, Forum

Federico Pacheco & Joaquin Lanfranconi

T3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, WhatsApp, Teams, etc.) which allows the events to be presented in the input channels as messages in the platform. It supports different use cases for single or multiple organizations.

Federico – Cybersecurity professional with background in electronics engineering and several industry renowned certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. Published 4 books and several research whitepapers. Has worked for the public and private sector, including regional roles in global companies.

Joaquin – Offensive cybersecurity professional with extensive programming skills, currently working as Cybersecurity Researcher. He is among the first positions of the Argentinean ranking in the main CTFs platforms, and stands out in the global rankings, besides contributing to the security community by writing posts and write-ups.

Audience – Defense & Incident Response.​StartsAugust 11, 2023 10:00EndsAugust 11, 2023 11:55LocationCouncil Boardroom, Forum


The Metasploit Framework – Spencer McIntyre

Demolabs DC Forum Page

The Metasploit Framework

Friday August 11, 10:00 – 11:55, Committee Boardroom, Forum

Spencer McIntyre

Active Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication. The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.

Spencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.

Audience: Offense


StartsAugust 11, 2023 10:00EndsAugust 11, 2023 11:55LocationCommittee Boardroom, Forum


The Wifydra: Multiheaded RF Panopticon – Lozaning

Demolabs DC Forum Page

The Wifydra: Multiheaded RF Panopticon

Saturday August 12, 10:00 – 11:55, Society Boardroom, Forum

Lozaning

The Wifydra is open source hardware and software used to locate wireless access points for wardriving. The project is a continuation of the work done previously by Mike Spicer (@d4rkm4tter) and his WiFi Cactus and Kraken. It’s designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons. By utilizing strictly off the shelf embedded components, the Wifydra is able to keep costs extremely low (~$90) and its footprint extremely small (250 square cm). More importantly, minimal power consumption is maintained, requiring only a USB C battery capable of putting out 10 watts. The Wifydra is modular in nature and supports a multitude of GNSS (Global Navigation Satellite System) options for location tagging. The ESP32-C5 for 5Ghz channel monitoring will also be supported once the hardware becomes available. The version of The Wifydra demoed consists of 14 ESP8266 called sub nodes, an additional ESP32 called the dom node, SD card holder, GNSS module, OLED screen, as well as the Wifydra carrier board that connects all these components. The firmware, BOM, and gerbers are all available in The Wifydra’s Github repo: https://github.com/lozaning/The_Wifydra

Lozaning (they/them) has been wardriving for over 10 years and enjoys designing, building, and assembling unorthodox network observation platforms such as: The Wifydra (presented here), The International Wigle Space Balloon, and turning an Amtrak roomette into a mobile radio observation lab. Currently ranked as the 84th best wardriver in the world on Wigle.net, Lozaning loves all things wifi and high precision GNSS related.

Audience – The target audience is anyone interested in WarDriving or RF site surveys, as well as those looking to get started designing their first custom PCB​StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationSociety Boardroom, Forum


ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal – Aaron Morath & Dr. Scott Graham

Demolabs DC Forum Page

ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal

Saturday August 12, 14:00 – 15:55, Accord Boardroom, Forum

Aaron Morath & Dr. Scott Graham

VirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.

Captain Aaron "AJ" Morath, CEH/CompTIA Pentest+, is a graduate student at the Air Force Institute of Technology, where he is involved in researching malware identification and propagation. His thesis work concentrates on developing innovative strategies to combat evolving cybersecurity threats and enhance security measures. AJ has served as the Defensive Cyber Operator (DCO) Officer in Charge (OIC) of the NASIC DCO team for three years. He oversaw the security and defense of an enterprise network comprising over 6,000 connected devices.

Dr. Scott Graham is a Professor of Computer Engineering at the Air Force Institute of Technology. His research interests center on cyber physical systems, looking at the intersection between real physical systems and the computers that control them. Specific areas of interest include cyber physical systems security, computer architecture, embedded computing, critical infrastructure protection, and vehicular cyber security.

Audience – Offensive and Defensive Cyber​StartsAugust 12, 2023 14:00EndsAugust 12, 2023 15:55LocationAccord Boardroom, Forum


USBvalve – Expose USB activity on the fly – Cesare Pizzi

Demolabs DC Forum Page

USBvalve – Expose USB activity on the fly

Saturday August 12, 10:00 – 11:55, Unity Boardroom, Forum

Cesare Pizzi

USB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an "untrusted" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for "BADUSB" (HID) on USB keys before inserting them into our own systems. The best part is that it’s as compact as a keychain, making it convenient to carry with us at all times!

Cesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast at Sorint.lab. He develops software and hardware, and tries to share this with the community. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related and sometimes not. Doing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni’hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, etc) and CTF player.

Audience – Malware analysts, Digital Forensic investigator, Security Practitioners​StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationUnity Boardroom, Forum


Vacuum Robot Hacking – Dennis Giese

Demolabs DC Forum Page

Vacuum Robot Hacking

Friday August 11, 14:00 – 15:55, Unity Boardroom, Forum
Dennis Giese

In this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself. Learn why you should not trust your robots cameras and microphones. Pick up a free PCB that allows you to root your vacuum robot easily.

Dennis Giese is currently a PhD student at Northeastern University and focuses on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. His current vacuum robot army consists of over 45 different models from various vendors.

Audience – hardware tinkerers and users of vacuum robots
StartsAugust 11, 2023 14:00EndsAugust 11, 2023 15:55LocationUnity Boardroom, Forum


Veilid – TC Johnson & Deth Veggie

Demolabs DC Forum Page

Veilid

Saturday August 12, 10:00 – 11:55, Committee Boardroom, Forum

TC Johnson & Deth Veggie

Veilid is a new, distributed communication protocol developed by Cult of the Dead Cow’s Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat. These demos will cover setting up an identity, connecting to others, deploying heavy nodes to support the network, and contributing to the project.

TC: Rubber Duck to the actual developer of Veilid. Here to get you started on the future we were promised — communication free of a profit motive, free of corporate overlords, and free of other intrusive eyeballs.

The Deth Vegetable: cDc member since December 1990. Minister of Propaganda If everything is to be believed, he has alternately been a Special Forces Commando, Mexican wrestler, comicbook villain, bodyguard to Mr. T, designer drug manufacturer, electronics wizard, and used tire recycler.

Audience: Everyone, we’re changing the world, cDc style​StartsAugust 12, 2023 10:00EndsAugust 12, 2023 11:55LocationCommittee Boardroom, Forum


Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone – Simon Ammer, Christoph Wedenig

Demolabs DC Forum Page

Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone

Friday August 11, 10:00 – 11:55, Accord Boardroom, Forum

Simon Ammer, Christoph Wedenig

Unguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software. Designed to mimic a web-based Twitter clone, the platform offers user registration, login, content posting, and social interactions, all with a wide variety of exploitable vulnerabilities. Featuring a wide range of security flaws, including SSRF, Command/SQL Injection, Log4Shell, and Spring4Shell, Unguard challenges security professionals, developers, and students to identify, exploit, and understand these weaknesses. Simultaneously, the platform showcases deceptive elements, such as phony ads and profile management options, which further enhance the real-world experience offered by the demo.

Simon’s interest in cybersecurity was sparked after listening to the Darknet Diaries podcast, which led him to pursue a career in this fascinating field. He studied Software Engineering and Mobile Computing in Austria, focusing on enhancing web vulnerability scanner reports for his Master’s thesis. Driven by his passion for cybersecurity, Simon decided to further expand his knowledge by enrolling in another Master’s program specializing in Artificial Intelligence. Currently, he holds the position of Research Software Engineer in the cloud-native security team at Dynatrace. There, he leverages his knowledge to employ AI to improve security measures and safeguard digital infrastructures.

Christoph always loved to interact with software systems, even more so in unintended ways. He studied Applied Computer Science in the south of Austria, focusing on the detection of server-side request forgery in his Master’s thesis. As a demo environment for this thesis, he created a small distributed application called “Vogelgrippe” which was then later extended for various other use cases until being renamed to Unguard and finally gifted to the community as an Open-Source playground. Currently, he is working in the Application security team at Dynatrace, where he helps build a wide suite of security-related software.

Audience – Offense, Defense
StartsAugust 11, 2023 10:00EndsAugust 11, 2023 11:55LocationAccord Boardroom, Forum