The following is the speaker line up for Jan 20 2014 ShmooCon Epilogue. Thanks to everyone who submitted talks. It was very hard to pick between all of the great talks submitted but here is the final list:
Schedule:
Talk Title/Description
|
Speaker
|
Time
|
The Allegory of the Cave: Has Application Whitelisting Coagulated As Expect?
|
Curt Shaffer & Judah Plummer
|
10:00
|
Attacker Ghost Stories: Mostly free defenses that give attackers nightmares
|
mubix
|
11:00
|
LUNCH HOUR XXXXXXXXXXXXXXXXXXXXX
|
XXXXXXXXXXXX
|
XXXXXXXXX
|
LUNCH TALK - Project Kid Hack
|
grecs
|
12:30ish
|
Hash All The Things
|
Hectaman
|
13:00
|
Password Topology - Histogram Wear Leveling
|
Hank Leininger
|
14:00
|
Statistical Probabilities
|
aricon
|
15:00 (30 min)
|
GuessWhat: Educational Malware
|
Sean Pierce
|
15:30 (30 min)
|
BACKFIL - Finding those backup files
|
Tobias McCurry
|
16:00
|
Gone Phishing and I Want My Hook Back!
|
N1tr0
|
17:00
|
DINNER HOUR XXXXXXXXXXXXXXXXXXXX
|
XXXXXXXXXXXX
|
XXXXXXXX
|
AV Evasion with the Veil Framework
|
Christopher Truncer and Harmj0y
|
19:00
|
Backup Pwnage
|
Anagogue
|
20:00 (30 min)
|
Ultrasonic Hardware Hacking
|
Aly
|
20:30 (30 min)
|
OMG HE HAXX!!: an Introduction to the Game Hacking Framework
|
Jason Haddix
|
21:00
|
Talk Descriptions:
The Allegory of the Cave: Has Application Whitelisting Coagulated As Expect?
by Curt Shaffer & Judah Plummer
Application white listing continues to be touted as a superior measure of defense against new, unseen malware and advanced threats. As such, it has become a staple in the defense of many large corporations and various departments of the government. While we understand that to properly protect hosts, more is needed beyond just simple AV. Unfortunately, we do not believe application whitelisting to be the “silver bullet” as some continue to claim, and in fact, we have seen the vendors themselves compromised this year. This leads to a false sense of security within these organizations and validates the importance of a defense-in-depth approach to protecting networks.
We will take the audience through our testing methodology, testing Bit9 Parity, Microsoft AppLocker, and McAfee Application Control. We will show how current versions of these software products are still susceptible to the old methods discussed previously and new techniques as well; due to lack of features, lack of understanding the current threat landscape, and in some cases, vulnerabilities in the software itself that allows for a complete bypass. We will end the talk by releasing a Metasploit module that incorporates the successful techniques we found so they can be utilized in penetration testing.
Attacker Ghost Stories: Mostly free defenses that give attackers nightmares
by mubix
This talk is about the tidbits that I've seen piecemeal across the multitude of businesses big and small that were innovated and highly effective, yet free, or mostly free and stopped me dead in my tracks.
Going over a number free, or nearly free methods, tactics, and software setups that will cut down intrusions significantly that you can deploy or start deployment of the hour after the talk is done.
Project Kid Hack
by grecs
Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
Hash All The Things
by Hectaman
In Bro 2.2 we release the files framework- under research for the past three years, this real time streaming file analysis library gives network operators and security teams a new flexible way to work with files at both a micro and macro level- real time hashing, analysis and more will be demonstrated in the demonstration heavy presentation.
Password Topology - Histogram Wear Leveling
by Hank Leininger
PathWell is a novel approach to enforcing password complexity, designed to thwart modern cracking tools and approaches while retaining compatibility with existing enterprise authentication systems and password stores.
Recent trends in password cracking, such as the hashcat suite's mask modes, focus on common password "shapes" or topologies, such as "start with an uppercase letter, then several lowercase letters, then several digits" -> "?u?l?l?l?l?l?d?d". We find that topology use is so skewed, that exhausting the 1-5 most common topologies (out of tens of thousands to millions of possible topologies) will result in 25+% of all passwords cracking for a typical enterprise network.
PathWell is a way to audit and/or enforce topology uniqueness across an enterprise. This greatly reduces the attacker's success rate when cracking passwords, and increases their work factor to crack any sizable percentage.
The concepts apply to both medium-weak hash types, extending the effective lifespan of deployed systems, and also to systems using stronger hash types, making them even more resistant to cracking.
Statistical Probabilities
by aricon
Given the sheer amount of data the various vocations the security fields are required to digest an understanding of statistics is crucial to our accomplishment of any meaningful goals. In order to demonstrate why understanding this principles is key, examples in gather from recent events and underpinning a meaningful subset of techniques used by those in forensics, network defense, penetration testing and policy creation will be examined as to why these tools of analysis are so important for practitioners to know.
GuessWhat: Educational Malware
by Sean Pierce
Learning to quickly triage malware is undoubtedly useful and can be taught rather quickly, however an in depth malware analysis requires a non trivial amount of experience with common malware behavior and analysis tools. GuessWhat is a proof of concept game which allows hands-on training for novice malware analysts who want to expand their knowledge and experience.
BACKFIL - Finding those backup files
by Tobias McCurry
One of the key steps in web application pentesting is analyzing the application. This application helps identify any files that may have been copied to the production server.
Gone Phishing and I Want My Hook Back!
by N1tr0
It is about being able to deploy your exploits, phish your target, then keep you exploit or deployment method.
AV Evasion with the Veil Framework
by Christopher Truncer and Harmj0y
As antivirus has started to slowly increase in effectiveness, more of the payloads used during penetration tests are being caught. While the industry as a whole has demonstrated its capabilities of bypassing AV solutions in nearly all situations, valuable assessment time is often lost.
The Veil-Evasion Framework (Veil) was developed to solve this problem by offering a modular, open-source, and UI focused framework for generating AV-evading payloads in a programming language and technique agnostic way. Veil's structure greatly simplifies payload generation and allows for the integration of public and private AV evasion methods. In this talk we will go over the genesis of the framework, its structure and features, and how to develop your own payload modules. Recently released modules will also be covered, and our implementation of a lesser known shellcode injection method will be released.
We will also cover public reaction and disclosure ethics, and we plan on discussing Veil-Catapult, our payload delivery tool. Veil-Catapult extends the capabilities of the existing Veil framework by utilizing various methods to deliver and trigger payloads across targeted machines. We will conclude with a discussion of current and future mitigation strategies to combat Veil’s effectiveness.
Backup Pwnage
by Anagogue
Backup systems are an important security tool. But they're also a great way to take over an entire organization.
Ultrasonic Hardware Hacking
by Aly
Ultrasonic Testing is frequently used in the evaluation of semiconductor components used in computers, smart cards, cell phones, and other electronic components. Reverse engineering often requires tedious logic analysis or use of hazardous materials to decap devices. Ultrasonic testing is a unique alternative providing non-destructive analysis of internal structures. I’ll cover ultrasonic basics, typical testing setup, and hobbyist alternatives.
OMG HE HAXX!!: an Introduction to the Game Hacking Framework
by Jason Haddix
Some of the most prolific apps these days are video games. They are sponsored, scrutinized, monetized, and celebrated, just like many sports. They handle clients, servers, monetary transfers, social interactions, etc, with every bit the need of security that most internet hosted apps have (if not more in some cases). Join me as I release a NEW OWASP project to help classify the diverse types of game hacks that exist for some of the world’s biggest games. We'll use history as an example, and break down the flaws as much as possible, creating a do-not-do list of flaws new game companies can reference when creating new games. This is very much an alpha project, come participate and be part of history! (or something like that ;)