Topics & Speakers
Dancing With Dalvik - Thomas Richards
Digital Energy BPT - Paul Coggins
Exploit Development for Mere Mortals - Joe McCray
Jargon Jitsu: The Tao of Buzzwords - Craig Searle (kezef)
Intro to Lock Picking - smrk3r
Terminal Cornucopia - Evan "treefort" Booth
Getting Shells When Metasploit Fails - Ryan Linn (sussurro)
Burp Suite: Comprehensive Web Pen Testing - JoshInGeneral
Search Engine Hacking: Finding Credit Cards, Social Security Numbers, and Frightenly More - Stephen Chapman
iPhone Data Reconnaisance without Physical Access to the Device - Jarrick
The Evolution of Network Security: How Networks Are Still Getting Hacked - Omar Santos
msfpayload isn't dead yet: AV Avoidance in Payload Delivery - melvin2001
---------------------------------------------------------------------------------
Name:
Thomas Richards
Title:
Dancin' With Dalvik
Abstract:
So you've reversed you're first Android APK; now what? Java pseduocode is nice, but how do we modify the app? This is a crash course in reading and understanding Davlik opcodes. It will go through some basics then we will jump into a couple case studies to demonstrate some of the concepts. This talk should help testers who are interested in or do Android application assessments to better understand how to mess with the underlying code.
Bio:
Thomas Richards is an Application Security professional located in
Rochester, NY. He has presented at AppsecDC, GrrCON, and DerbyCON.
He also currently holds the OSCP, OSWP, GPEN, and Security+
---------------------------------------------------------------------------------
Name:
Paul Coggin
Title:
Digital Energy – BPT
Abstract:
There is a great deal of conversation today regarding APT and critical infrastructure networks for ICS/SCADA, smart grid networks and service providers. The basic persistent threat (BPT) issues are being ignored in many cases. How can the APT be mitigated when the BPT issues have not been resolved? Typically, the technical capability to mitigate BPT many of the APT risks already exist in the installed HW/SW but proper attention to trust relationships, integration and interdependencies are overlooked. Close attention should be given to the often overlooked network vulnerabilities in the network architecture and protocols that enable BPT. In this presentation common network BPT issues that are often discovered during security consulting engagements will be discussed. BPT network architecture mitigations including separation of services for control, management and data traffic as well as securing and monitoring trust relationships and interdependencies will be covered.
Bio:
Paul Coggin is an Internetwork Consulting Solutions Architect with Dynetics in Huntsville, Alabama. Paul is responsible for designing and building broadband multi-service networks supporting Smart Grid, MPLS, VoIP, and IPTV for service providers, leading cyber security research efforts, in addition to performing network security architecture assessments and penetration tests for enterprises, utilities and service providers. Paul is a Cisco Systems Certified Instructor # 32230 and a Certified EC-Council Instructor. He has a BS in Mathematics, MS in Computer Information Systems. In addition he holds a wide array of certifications, including CEH, ECSA, CPTS, CISSP, CCNA SPOPS, CCNP, CCDP, CCIP, CCSP, and CCNP-Voice.
---------------------------------------------------------------------------------
Name:
Joe McCray
Title:
Exploit Development for Mere Mortals
Abstract:
Joe will walk through the basics of exploitation starting from basics of stack overflows, then SEH overwrites, egg hunters, heap spray, and ROP. For people interested in the subject of exploitation here is a chance to finally get an introduction to it from a guy that won’t put you to sleep.
Bio:
Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.
---------------------------------------------------------------------------------
Name:
Craig Searle (kezef)
Title:
Jargon Jitsu: The Tao of Buzzwords
Abstract:
Moore’s law states that IT systems will double in processing power every 18 months. However, security has not progressed at the same rate…seriously, it is 2012 and enterprise organisations are still arguing over whether or not 7 or 8 character passwords are stronger. ORLY? As a security industry what have we done about it? We’ve introduced standards like PCI DSS that further exacerbate the problem. Why? Because they prescribe the security controls required in order to meet some arbitrary compliance requirement. This is totally arse-about from how any well run enterprise project would be executed; define the objectives and then develop the controls/outcomes from there. Security is not unlike a tesseract; we cannot see what ‘secure’ looks like, but we can describe what the end results of security will look like. This presentation is a look at how buzzwords and poorly-constructed standards have actually hindered security in enterprise and what we as a security community can do about it.
Bio:
Craig is currently the Chief Operating Officer for BAE Systems Stratsec, the largest pure play security consultancy in the Asia-Pac region. He has extensive experience in the development, management & execution of IT security advice and assurance activities within large organisations, including banking and finance, critical infrastructure, ASX200 organisations and government (both state and federal).
---------------------------------------------------------------------------------
Name:
smrk3r
Title:
intro to lockpicking
Abstract:
You have locks on your network closet. Great. What if I can open them in 30 seconds or less? This talk will explore the basic-level concepts of various types of locks and how/why they can be picked. This information should be common knowledge by now, but given the need for free and open information sharing, it really can never be reviewed too often. Plus you're sure to get some seriously inappropriate humor alongside all of it.
Bio:
smrk3r is a penetration tester and co-founder of the FALE Association of Locksport Enthusiasts. He enjoys staying in his basement and not leaving the house before 9pm.
---------------------------------------------------------------------------------
Name:
Evan "treefort" Booth
Title:
Terminal Cornucopia
Abstract:
In this talk, I explore a seldom-discussed facet of airport security: what happens after the backscatter/millimeter wave scan or the friendly pat-down? A marginally resourceful and MacGyver-esque individual can breeze through terminal gift shops, restaurants, magazine stands and duty-free shops to find everything they need to wage war on an airplane. We'll take weapons — melee, projectile, and beyond — from concept to prototype in this serious (yet often humorous) talk, replete with photos and video.
Bio:
Evan "treefort" Booth is an interactive developer with roots in advertising. His company, Recursive Squirrel Interactive, has serviced clients such as HP, 20th Century Fox, AARP, and Hess. Evan is also a founding member of the FALE Association of Locksport Enthusiasts (www.lockfale.com), where he regularly gets to teach fellow problem-solvers and generally attractive people the fundamentals of lock picking and physical security.
---------------------------------------------------------------------------------
Name:
Ryan Linn (sussurro)
Title:
Getting Shells When Metasploit Fails
Abstract:
Penetration Tests aren't new, and most companies have figured out how
to eliminate
the low hanging fruit. Some have even gone above and beyond and
deployed technologies like Network AV, IPS, and egress filtering. In 50
minutes, this talk is going to
go through different ways of getting access to systems on the network
without exploits and working around common hardening. Leveraging
configuration weaknesses, common hardening oversights, and more, we'll
go through ways to get around difficult AV systems,
network AV, using open source and commonly available tools to get access
to boxes were the standard stuff fails. Join us for a adventure with
few slides and lots of shells, just make sure to keep your hands and
feet inside the ride at all times.
Bio:
Ryan Linn is a Senior Consultant with Trustwave’s SpiderLabs – the advanced
security team focused on penetration testing, incident response, and application
security. Ryan is a penetration tester, an author, a developer, and an educator.
He comes from a systems administration and Web application development
background, with many years of IT security experience. Ryan currently works as a
full-time penetration tester and is a regular contributor to open source
projects including Metasploit and BeEF, the Browser Exploitation Framework.
---------------------------------------------------------------------------------
Name:
JoshinGeneral
Title:
Burp Suite: A Comprehensive Web Pen Testing
Abstract:
I plan on showing some of the features of the Burp Suite and how it can be used to run Pen Tests on devices that have web authentication. I will walk through setup and use of the target window to store proxy requests, and then combine that with the repeater, intruder and sequencer to attack the site. My talk will explain how we can use each view to analyze and view responses as we modify packets on the fly. I plan to show how Burp helps you bypass site XSS and SQL injection checking, directory traversal, client side login checks, and find non-random sessions keys.
The last part of the demo I will show how I successfully used this in order to bypass the web authentication on an Iomega drive Network
Access System. Without knowing the details of the CVE, upload a backdoor to the NAS and gain root so that I can use it as a pivot point and mount other attacks into the victims network... all with using Burp. All of this will be presented live, however instructions and PowerPoint will be provided so anyone can repeat this demo on their own.
Bio:
Josh currently works as a Linux Administrator in the Washington DC Area. He has a Masters degree from UNC Charlotte in Security and Privacy, were he was also the founder of the 49th Security Division and two time winner of the South East Collegiate Cyber Defense Competition. He has done work for the Military and Private Sector in the areas of web penetration testing, network security and defense R&D, as well as ran his own business doing web development and network setups. His other activities include playing FPS's, Swimming, Traveling, and Scripting.
---------------------------------------------------------------------------------
Name:
Stephen Chapman
Title:
Search Engine Hacking: Finding credit cards, Social Security numbers, and frighteningly more
Abstract:
Brief Topic Abstract: This presentation is for anyone interested in learning the true power of search. While the vast majority of people think of search engines as gateways to movie times, shopping deals, and a little fact-checking, the reality is that advanced search queries are being used via the most popular search engines every day to find unbelievable types of information. Search has proven time and again that even the most paranoid and cautious individuals can find themselves on the business end of identity theft, and they'd never know how it happened. If you don't know how to use a search engine to find credit card scans, Social Security numbers, usernames and passwords, VPN credentials, back-up images, virtual machine installs, software licenses, confidential documents, private image/video dumps, or similarly fascinating/frightening data, then I'm offering you the chance to take the red pill and see just how deep the search engine rabbit hole really goes...
Bio:
Stephen is a freelance writer and investigative researcher who is head-over-heels in love with search. Whether it's tirelessly refining advanced search queries, unearthing awesome niche search engines, Internet marketing (SEO, social media, etc.), or just about anything Web-related, Stephen is passionate about it. Such passion allows him to touch on various facets of competitive research, Web security, search-related "fun and profit," and much more. Currently, Stephen writes for CBS Interactive / ZDNet on topics related to search, security, hardware, software, gaming, and other tech-related subjects. He speaks at conferences regarding search engine hacking and is also in the process of writing a book regarding advanced search querying with Google. Connect with Stephen via his Web site, LinkedIn, Twitter, or Facebook!
---------------------------------------------------------------------------------
Name:
Jarrick
Title:
iPhone data reconnaissance without physical access to the device.
Abstract:
I'll explore methodologies for iOS data reconnaissance without physical access to the device. Using a non jailbroken iPhone, I'll show how to use a local network to use common settings on devices to remotely backup the device to its paired instance of iTunes (assuming network or physical access to the computer), find the backup on disk, and extract things like the TXT/iMessage raw sqlite database to the recent calls list.
These tactics can be used to automate backups of your own device for safekeeping of data or for more nefarious things like recovering text message logs from a spouse's phone to see what they've ben up to behind your back. I'll show example SQL queries to adjust date/timestamps and account for an Apple bug that made it into production with iMessage database records which will make it easier to work with the data. I'll also show a simple way to protect against this sort of data reconnaissance by others.
Bio:
Jarrick is a software engineer by trade and manages the engineering department of a small custom web application development company. He also has a successful side business developing iOS apps for the masses. Jarrick is a member of the FALE Association of Locksport Enthusiasts.
---------------------------------------------------------------------------------
Name:
Omar Santos
Title:
The Evolution of Network Security: How Networks Are Still Getting Hacked
Abstract:
This presentation will cover how network and internet security is evolving. No matter how big your organization is, the possibility of having your network hacked is now higher than ever. This presentation will discuss how the attack landscape is changing and how large scale cyber-espionage campaigns have been pwning networks for years. People always think of nation-state hacks against large defense contractors, big government offices, and profile financial institutions, but anyone can be a victim. This presentation will also cover how organizations mature in their security strategy to try to maintain a good security posture, but in a lot of cases are unsuccessful.
Bio:
Omar Santos is an Incident Manager at Cisco's Product Security
Incident Response Team (PSIRT). Omar has designed, implemented, and
supported numerous secure networks for Fortune 500 companies and the
U.S. government. Omar has delivered numerous technical presentations on
several venues; as well as executive presentations to CEOs, CIOs, and
CSOs of many organizations. He is also the author of 4 Cisco Press books
and two more in the works.
---------------------------------------------------------------------------------
Name:
melvin2001
Title:
msfpayload isn't dead yet: AV avoidance in payload delivery
Abstract:
Most, if not all, executables generated by msfpayload/msfencode/msfvenom get destroyed by every antivirus available. Msfpayload is still fantastic, but it's inevitable that something this fantastic will get a lot of attention from AV providers. It is crucial for security professionals to have reliable payloads to provide quality deliverables to their clients. Rather than having a theoretical discussion regarding various avoidance techniques, this talk will demonstrate methods that these chaps use on a regular basis with ridiculous success rates. Of particular focus will be ghost-writing ASM, use of binary-level encryption for payloads, and remote command execution for shell generation.
Bio:
melvin2001 is a penetration tester that loves cinnabon, and is a founding member of the FALE Association of Locksport Enthusiasts.