Wednesday, January 8, 2014

ShmooCon Epilogue 2014 Schedule

The following is the speaker line up for Jan 20 2014 ShmooCon Epilogue. Thanks to everyone who submitted talks. It was very hard to pick between all of the great talks submitted but here is the final list:


Talk Title/Description
The Allegory of the Cave: Has Application Whitelisting Coagulated As Expect?
Curt Shaffer & Judah Plummer
Attacker Ghost Stories: Mostly free defenses that give attackers nightmares
LUNCH TALK - Project Kid Hack
Hash All The Things
Password Topology - Histogram Wear Leveling
Hank Leininger
Statistical Probabilities
15:00 (30 min)
GuessWhat: Educational Malware
Sean Pierce
15:30 (30 min)
BACKFIL - Finding those backup files
Tobias McCurry
Gone Phishing and I Want My Hook Back!
AV Evasion with the Veil Framework
Christopher Truncer and Harmj0y
Backup Pwnage
20:00 (30 min)
Ultrasonic Hardware Hacking
20:30 (30 min)
OMG HE HAXX!!: an Introduction to the Game Hacking Framework
Jason Haddix

Talk Descriptions:

The Allegory of the Cave: Has Application Whitelisting Coagulated As Expect?

by Curt Shaffer & Judah Plummer

Application white listing continues to be touted as a superior measure of defense against new, unseen malware and advanced threats. As such, it has become a staple in the defense of many large corporations and various departments of the government. While we understand that to properly protect hosts, more is needed beyond just simple AV. Unfortunately, we do not believe application whitelisting to be the “silver bullet” as some continue to claim, and in fact, we have seen the vendors themselves compromised this year. This leads to a false sense of security within these organizations and validates the importance of a defense-in-depth approach to protecting networks. 
We will take the audience through our testing methodology, testing Bit9 Parity, Microsoft AppLocker, and McAfee Application Control. We will show how current versions of these software products are still susceptible to the old methods discussed previously and new techniques as well; due to lack of features, lack of understanding the current threat landscape, and in some cases, vulnerabilities in the software itself that allows for a complete bypass. We will end the talk by releasing a Metasploit module that incorporates the successful techniques we found so they can be utilized in penetration testing.

Attacker Ghost Stories: Mostly free defenses that give attackers nightmares 

by mubix

This talk is about the tidbits that I've seen piecemeal across the multitude of businesses big and small that were innovated and highly effective, yet free, or mostly free and stopped me dead in my tracks.

Going over a number free, or nearly free methods, tactics, and software setups that will cut down intrusions significantly that you can deploy or start deployment of the hour after the talk is done.

Project Kid Hack

by grecs

Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.

Hash All The Things

by Hectaman

In Bro 2.2 we release the files framework- under research for the past three years, this real time streaming file analysis library gives network operators and security teams a new flexible way to work with files at both a micro and macro level- real time hashing, analysis and more will be demonstrated in the demonstration heavy presentation.

Password Topology - Histogram Wear Leveling

by Hank Leininger

PathWell is a novel approach to enforcing password complexity, designed to thwart modern cracking tools and approaches while retaining compatibility with existing enterprise authentication systems and password stores.

Recent trends in password cracking, such as the hashcat suite's mask modes, focus on common password "shapes" or topologies, such as "start with an uppercase letter, then several lowercase letters, then several digits" -> "?u?l?l?l?l?l?d?d". We find that topology use is so skewed, that exhausting the 1-5 most common topologies (out of tens of thousands to millions of possible topologies) will result in 25+% of all passwords cracking for a typical enterprise network.

PathWell is a way to audit and/or enforce topology uniqueness across an enterprise. This greatly reduces the attacker's success rate when cracking passwords, and increases their work factor to crack any sizable percentage.

The concepts apply to both medium-weak hash types, extending the effective lifespan of deployed systems, and also to systems using stronger hash types, making them even more resistant to cracking. 

Statistical Probabilities

by aricon

Given the sheer amount of data the various vocations the security fields are required to digest an understanding of statistics is crucial to our accomplishment of any meaningful goals. In order to demonstrate why understanding this principles is key, examples in gather from recent events and underpinning a meaningful subset of techniques used by those in forensics, network defense, penetration testing and policy creation will be examined as to why these tools of analysis are so important for practitioners to know.

GuessWhat: Educational Malware

by Sean Pierce

Learning to quickly triage malware is undoubtedly useful and can be taught rather quickly, however an in depth malware analysis requires a non trivial amount of experience with common malware behavior and analysis tools. GuessWhat is a proof of concept game which allows hands-on training for novice malware analysts who want to expand their knowledge and experience.

BACKFIL - Finding those backup files

by Tobias McCurry

One of the key steps in web application pentesting is analyzing the application. This application helps identify any files that may have been copied to the production server.

Gone Phishing and I Want My Hook Back!

by N1tr0

It is about being able to deploy your exploits, phish your target, then keep you exploit or deployment method.

AV Evasion with the Veil Framework

by Christopher Truncer and Harmj0y

As antivirus has started to slowly increase in effectiveness, more of the payloads used during penetration tests are being caught. While the industry as a whole has demonstrated its capabilities of bypassing AV solutions in nearly all situations, valuable assessment time is often lost.

The Veil-Evasion Framework (Veil) was developed to solve this problem by offering a modular, open-source, and UI focused framework for generating AV-evading payloads in a programming language and technique agnostic way. Veil's structure greatly simplifies payload generation and allows for the integration of public and private AV evasion methods. In this talk we will go over the genesis of the framework, its structure and features, and how to develop your own payload modules. Recently released modules will also be covered, and our implementation of a lesser known shellcode injection method will be released.

We will also cover public reaction and disclosure ethics, and we plan on discussing Veil-Catapult, our payload delivery tool. Veil-Catapult extends the capabilities of the existing Veil framework by utilizing various methods to deliver and trigger payloads across targeted machines. We will conclude with a discussion of current and future mitigation strategies to combat Veil’s effectiveness.

Backup Pwnage

by Anagogue

Backup systems are an important security tool. But they're also a great way to take over an entire organization.

Ultrasonic Hardware Hacking

by Aly

Ultrasonic Testing is frequently used in the evaluation of semiconductor components used in computers, smart cards, cell phones, and other electronic components. Reverse engineering often requires tedious logic analysis or use of hazardous materials to decap devices. Ultrasonic testing is a unique alternative providing non-destructive analysis of internal structures. I’ll cover ultrasonic basics, typical testing setup, and hobbyist alternatives.

OMG HE HAXX!!: an Introduction to the Game Hacking Framework

by Jason Haddix

Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients, servers, monetary transfers, social interactions, etc, with every bit the need of security that most internet hosted apps have (if not more in some cases). Join me as I release a NEW OWASP project to help classify the diverse types of game hacks that exist for some of the world’s biggest games. We'll use history as an example, and break down the flaws as much as possible, creating a do-not-do list of flaws new game companies can reference when creating new games. This is very much an alpha project, come participate and be part of history! (or something like that ;)

No comments: