|Track 1||Track 2||Track 3|
|9h30 – 10h30||Intro
|11h-12h||When you can’t afford 0days.Client-side exploitation for the masses
Michele Orru, Krzysztof Kotowicz
|Enjeux juridico-organisationnels et Contractuels du Cloud computing
|Mapping malware infections
Ricky “HeadlessZeke” Lawshae
|13h30-14h30||Lurking in clouds: easy hacks for complex apps
|Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector
|Binary art – funky PoCs & visual docs
|Dalvik Executable (DEX) Tricks
|I’ve got ARGuments for YOU !
Mikko Hypponen is the Chief Research Officer for F-Secure. He has worked with F-Secure in Finland since 1991. He’s also a TED Speaker.
Mr. Hypponen has led his team through the largest outbreaks in history. He named the infamous Storm Worm, was part of the Conficker Working Group and he has done classified briefings on the Stuxnet worm.
Mr. Hypponen has assisted law enforcement in USA, Europe and Asia on cybercrime cases. He has written for magazines such as Scientific American, Wired and Foreign Policy and for newspapers like The New York Times.
Mr. Hypponen has addressed the most important security-related conferences worldwide. He has been the subject of hundreds of interviews in global media, including a 9-page profile in Vanity Fair.
Mr. Hypponen, born in 1969, was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. He also received the Virus Bulletin Award, awarded every ten years, as the “Best educator in industry”. Mr. Hypponen sits in the advisory boards of ISF and The Lifeboat Foundation.
Apart from computer security issues, Mr. Hypponen enjoys collecting and restoring classic arcade video games and pinball machines from past decades.
Adam “Major Malfunction” Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd., who specialise in reverse engineering of secure systems. He started in the computer industry in the late Seventies, and quickly became interested in the underlying network and data protocols.
During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world’s first CD ripper, ‘CDGRAB’. He was also involved various early open source projects, including ‘Apache-SSL’ which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.
Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library ‘RFIDIOt’, which can be found at http://rfidiot.org, and is an occasional blogger here: http://adamsblog.aperturelabs.com/
Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution has not yet taken place in RFID. The proliferation of RFID/NFC devices means that it is unlikely that you will not interact with one such device or another on a daily basis. Whether it’s your car key, door entry card, transport card, contactless credit card, passport, etc. you almost certainly have one in your pocket right now!
RFIDler is a new project, created by Aperture Labs, designed to bring the world of Software Defined Radio into the RFID spectrum. We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination. The rest is up to you!
In this talk I’ll cover the fundamentals of Software Defined Radio, and then show how low-level RFID communications could be considered in the same light. I will then go on to demonstrate the RFIDler prototype in action, reading, writing and emulating some common tags.
Mr. Nicolas Rosenthal is one of the few legal expert in private practice who has extensive experience in both Banking and Information Systems compliance. In recent years, Mr. Nicolas Rosenthal has gained a solid reputation and has been distinguished by several banks, industries and Swiss authorities.
Mr. Nicolas Rosenthal is recognized as an authority on bank self-regulation and privacy law and has served on the banking, privacy law and European law committees. He speaks at conferences on these topics on a regular basis and provides testimony on them as an expert witness.
Founder : Rosenthal Law office http://www.e-droit.ch
President of the Swiss Privacy Professionals Association http://www.appd.ch
Enjeux juridico-organisationnels et contractuels du Cloud computing
Ricky “HeadlessZeke” Lawshae
Ricky “HeadlessZeke” Lawshae is a Security Researcher for DVLabs at HP TippingPoint with some medium-sized number of years experience in professionally breaking things. He has spoken at the Defcon and Recon security conferences, and is an active participant in the extensive Austin, TX hacker community. When he’s not accidentally DoS’ing his company’s network, he enjoys picking locks, reading comic books, and drinking snooty beers.
Mapping malware infections
No one can deny that malware is a serious and growing problem. However, up to this point it has been very difficult to efficiently and accurately quantify exactly how bad it is. In this presentation, Ricky will demonstrate how new scanning technologies like zmap can be used to get complete and up-to-date snapshots of current malwar infections, map where the infections are worst, and even track down Command and Control servers.
Michele Orru, Krzysztof Kotowicz
When you can’t afford 0days. Client-side exploitation for the masses A bag of fresh and juicy 0days is certainly something you would love to get as a Christmas present, but it would probably be just a dream you had one of those drunken nights.
Hold on! Not all is lost! There is still hope for pwning targets without 0days.
We will walk you through multiple real-life examples of client-side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.
The talk will be highly practical and will demonstrate how you can do proper client-side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.
We’ll delve into Chrome and Firefox extensions (automating various repetitive actions that you’ll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.
You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.
Sébastien BOMBAL is the head of operational security and industrial system for AREVA, the world leader in nuclear energy. He is also responsible of the system, network and security department of the French engineering school EPITA and captain in the French citizen reserve of cyberdefense.
Deploying cyberdefense measures and policies in a Critical Infrastructure Sector
Axelle Apvrille is a senior antivirus researcher at Fortinet. Senior hopefully meaning she’s experienced, but not yet too old 😉 She specifically looks into mobile malware, but is also having fun with Internet of Things or SCADA. She enjoyed speaking at various conferences, including VB, EICAR (best paper award), Insomnihack, ShmooCon, BlackHat Europe, Hack.Lu etc. Known in the community by her more or less mysterious handle “Crypto Girl”. She turns red each time someone mentions using MD5 (or CRC…) for hashing.
Dalvik Executable (DEX) Tricks
In this talk, we discuss the guts of a trick named hidex which operates at Android’s Dalvik Executable (DEX) level. we hide an entire method within the DEX file. Disassemblers we know of (baksmali, apktool, Androguard, IDA Pro…) fail to see the hidden method. we call and execute the hidden method (PoC) – to prove it is still there and operational. we explain various options to detect such a trick, and present our implementation, hidex, available on github. we discuss the hiding of strings in DEX files.
I’ve got ARGuments for YOU !
Do you like forensics, mazes, puzzles, hacking and fun challenges ?
Do you like hidden menus on DVDs, weird codes to crack, and alien languages ?
Do you feel like being a cyber-detective crawling to find the mysterious clue ?
Do you like nerd-talk, 8-bit emulators and text adventure games ?
Haven’t you already tried to connect on a BBS far away with a 14.4k modem ?
Are you able to spend 20h non-stop reversing something to understand it ?
Maybe you could be interested about this talk !
This talk is not only for infosec specialists, but also for people that like challenges. I will present some of the best ever released hidden challenges, that were buried in mass-released products, and requires a lot of experience in hacking, reverse-engineering, smart thinking, maths and more to solve.
Nicolas Gregoire has more than 13 years of experience in penetration testing and auditing of networks and (mostly Web) applications. A few years ago, he founded Agarri, a small company where he finds security bugs for customers and for fun. His research was presented at numerous conferences around the world (Hack in the Box, HackInParis, ZeroNights, OWASP AppSec, …) and he was publicly thanked by some well known vendors (Microsoft, Adobe, Mozilla, Google, Apple, VMware, Oracle, Yahoo, …) for responsibly disclosing vulnerabilities in their products. He also participates in bug bounties and won (twice) the highest Prezi reward ever offered.
Lurking in clouds: easy hacks for complex apps
Most modern applications have a few common points: they will, at a point or another, process untrusted XML and make network requests based on user inputs. So a few common bug classes may apply, like XXE and SSRF. However, I’ll not reiterate all the stuff you already learned if you’re interested in this kind of attacks. That would be boring 😉
I’ll rather show you how a few basic techniques, added with a bit of creativity and some skills at reading the docs, are often sufficient to find high-impact vulnerabilities in everyday applications. How do I define “high impact”? It depends…
Escaping from the Oracle cloud with a few lines of SQL? High impact! Getting RCE on CC processing back ends despite JAXP SECURE_PROCESSING? High impact! Reading files on Yahoo YQL servers and bypassing their anti-SSRF blacklists? High impact! Stealing Prezi’s Chef private key and pwning their cloud? High impact!
If you’re not ashamed when an exploit is only a few lines long, come on and enjoy the show!
Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than and leads a small yet exquisite pen-test company. He commonly pesters peaceful attendees on various capitalist conferences with powerpoint-slides and profanities. Mario also recently watched “Sharknado” and believes it to be one of the greatest movies of all times. I mean come on! Sharknado? Really?
Reverse engineer – author of Corkami
Binary art – funky PoCs & visual docs
Binary file formats should have been the last refuge for reliability, as their specifications can be updated and improved, and parsers are often open-source. I’ll show that things are not exactly looking so good, with my various experiments, whether they are extreme, polyglots, schizophren… I’ll also share a few hints about making nicer documentations on binary formats (http://imgur.com/a/PbN8H)