Conference Schedule 2014

Schedule

Track 1 Track 2 Track 3
9h30 – 10h30 Intro
Paul Such
Keynote
Mikko Hypponen
- -
10h30‐11h coffee break
11h‐12h When you can’t afford 0days.Client-side exploitation for the masses
Michele Orru, Krzysztof Kotowicz
Enjeux juridico‐organisationnels et Contractuels du Cloud computing
Nicolas Rosenthal
Mapping malware infections
Ricky “HeadlessZeke” Lawshae
12h‐13h30 lunch
13h30‐14h30 Lurking in clouds: easy hacks for complex apps
Nicolas Gregoire
Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector
Sébastien Bombal
Wallix
TBA
14h30‐15h30 JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks
Mario Heiderich
Binary art – funky PoCs & visual docs
Ange Albertini
Dalvik Executable (DEX) Tricks
Axelle Apvrille
15h30‐16h coffee break
16h‐17h RFIDler
Adam Laurie
I’ve got ARGuments for YOU !
Bruno Kerouanton
TBA

Speakers

Mikko Hypponen

Mikko Hypponen is the Chief Research Officer for F‐Secure. He has worked with F‐Secure in Finland since 1991. He’s also a TED Speaker.
Mr. Hypponen has led his team through the largest outbreaks in history. He named the infamous Storm Worm, was part of the Conficker Working Group and he has done classified briefings on the Stuxnet worm.
Mr. Hypponen has assisted law enforcement in USA, Europe and Asia on cybercrime cases. He has written for magazines such as Scientific American, Wired and Foreign Policy and for newspapers like The New York Times.
Mr. Hypponen has addressed the most important security‐related conferences worldwide. He has been the subject of hundreds of interviews in global media, including a 9‐page profile in Vanity Fair.
Mr. Hypponen, born in 1969, was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. He also received the Virus Bulletin Award, awarded every ten years, as the “Best educator in industry”. Mr. Hypponen sits in the advisory boards of ISF and The Lifeboat Foundation.
Apart from computer security issues, Mr. Hypponen enjoys collecting and restoring classic arcade video games and pinball machines from past decades.

Keynote

Adam Laurie

Adam “Major Malfunction” Laurie is a security consultant working the in the field of electronic communications, and a Director of Aperture Labs Ltd., who specialise in reverse engineering of secure systems. He started in the computer industry in the late Seventies, and quickly became interested in the underlying network and data protocols.
During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world’s first CD ripper, ‘CDGRAB’. He was also involved various early open source projects, including ‘Apache‐SSL’ which went on to become the de‐facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re‐using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.
Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library ‘RFIDIOt’, which can be found at http://rfidiot.org, and is an occasional blogger here: http://adamsblog.aperturelabs.com/

RFIDler

Software Defined Radio has been quietly revolutionising the world of RF. However, the same revolution has not yet taken place in RFID. The proliferation of RFID/NFC devices means that it is unlikely that you will not interact with one such device or another on a daily basis. Whether it’s your car key, door entry card, transport card, contactless credit card, passport, etc. you almost certainly have one in your pocket right now!
RFIDler is a new project, created by Aperture Labs, designed to bring the world of Software Defined Radio into the RFID spectrum. We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over‐the‐air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination. The rest is up to you!
In this talk I’ll cover the fundamentals of Software Defined Radio, and then show how low‐level RFID communications could be considered in the same light. I will then go on to demonstrate the RFIDler prototype in action, reading, writing and emulating some common tags.

Nicolas Rosenthal

Mr. Nicolas Rosenthal is one of the few legal expert in private practice who has extensive experience in both Banking and Information Systems compliance. In recent years, Mr. Nicolas Rosenthal has gained a solid reputation and has been distinguished by several banks, industries and Swiss authorities.
Mr. Nicolas Rosenthal is recognized as an authority on bank self‐regulation and privacy law and has served on the banking, privacy law and European law committees. He speaks at conferences on these topics on a regular basis and provides testimony on them as an expert witness.
Founder : Rosenthal Law office http://www.e-droit.ch
President of the Swiss Privacy Professionals Association http://www.appd.ch
Enjeux juridico‐organisationnels et contractuels du Cloud computing

Ricky “HeadlessZeke” Lawshae

Ricky “HeadlessZeke” Lawshae is a Security Researcher for DVLabs at HP TippingPoint with some medium‐sized number of years experience in professionally breaking things. He has spoken at the Defcon and Recon security conferences, and is an active participant in the extensive Austin, TX hacker community. When he’s not accidentally DoS’ing his company’s network, he enjoys picking locks, reading comic books, and drinking snooty beers.

Mapping malware infections

No one can deny that malware is a serious and growing problem. However, up to this point it has been very difficult to efficiently and accurately quantify exactly how bad it is. In this presentation, Ricky will demonstrate how new scanning technologies like zmap can be used to get complete and up‐to‐date snapshots of current malwar infections, map where the infections are worst, and even track down Command and Control servers.

Michele Orru, Krzysztof Kotowicz

When you can’t afford 0days. Client‐side exploitation for the masses A bag of fresh and juicy 0days is certainly something you would love to get as a Christmas present, but it would probably be just a dream you had one of those drunken nights.

Hold on! Not all is lost! There is still hope for pwning targets without 0days.

We will walk you through multiple real‐life examples of client‐side pwnage, from tricking the victim to take the bait, to achieving persistence on the compromised system.

The talk will be highly practical and will demonstrate how you can do proper client‐side exploitation effectively, simply by abusing existing functionalities of browsers, extensions, legacy features, etc.

We’ll delve into Chrome and Firefox extensions (automating various repetitive actions that you’ll likely perform in your engagements), HTML applications, abusing User Interface expectations, (Open)Office macros and more. All the attacks are supposed to work on fully patched target software, with a bit of magic trickery as the secret ingredient.

You might already know some of these exploitation vectors, but you might need a way to automate your attacks and tailor them based on the victim language, browser, and whatnot. Either way, if you like offensive security, then this talk is for you.

Sébastien Bombal

Sébastien BOMBAL is the head of operational security and industrial system for AREVA, the world leader in nuclear energy. He is also responsible of the system, network and security department of the French engineering school EPITA and captain in the French citizen reserve of cyberdefense.

Deploying cyberdefense measures and policies in a Critical Infrastructure Sector

Axelle Apvrille

Axelle Apvrille is a senior antivirus researcher at Fortinet. Senior hopefully meaning she’s experienced, but not yet too old 😉 She specifically looks into mobile malware, but is also having fun with Internet of Things or SCADA. She enjoyed speaking at various conferences, including VB, EICAR (best paper award), Insomnihack, ShmooCon, BlackHat Europe, Hack.Lu etc. Known in the community by her more or less mysterious handle “Crypto Girl”. She turns red each time someone mentions using MD5 (or CRC…) for hashing.

Dalvik Executable (DEX) Tricks

In this talk, we discuss the guts of a trick named hidex which operates at Android’s Dalvik Executable (DEX) level. we hide an entire method within the DEX file. Disassemblers we know of (baksmali, apktool, Androguard, IDA Pro…) fail to see the hidden method. we call and execute the hidden method (PoC) – to prove it is still there and operational. we explain various options to detect such a trick, and present our implementation, hidex, available on github. we discuss the hiding of strings in DEX files.

Bruno Kerouanton

I’ve got ARGuments for YOU !
Do you like forensics, mazes, puzzles, hacking and fun challenges ?
Do you like hidden menus on DVDs, weird codes to crack, and alien languages ?
Do you feel like being a cyber‐detective crawling to find the mysterious clue ?
Do you like nerd‐talk, 8‐bit emulators and text adventure games ?
Haven’t you already tried to connect on a BBS far away with a 14.4k modem ?
Are you able to spend 20h non‐stop reversing something to understand it ?
Maybe you could be interested about this talk !

This talk is not only for infosec specialists, but also for people that like challenges. I will present some of the best ever released hidden challenges, that were buried in mass‐released products, and requires a lot of experience in hacking, reverse‐engineering, smart thinking, maths and more to solve.

Nicolas Gregoire

Nicolas Gregoire has more than 13 years of experience in penetration testing and auditing of networks and (mostly Web) applications. A few years ago, he founded Agarri, a small company where he finds security bugs for customers and for fun. His research was presented at numerous conferences around the world (Hack in the Box, HackInParis, ZeroNights, OWASP AppSec, …) and he was publicly thanked by some well known vendors (Microsoft, Adobe, Mozilla, Google, Apple, VMware, Oracle, Yahoo, …) for responsibly disclosing vulnerabilities in their products. He also participates in bug bounties and won (twice) the highest Prezi reward ever offered.

Lurking in clouds: easy hacks for complex apps

Most modern applications have a few common points: they will, at a point or another, process untrusted XML and make network requests based on user inputs. So a few common bug classes may apply, like XXE and SSRF. However, I’ll not reiterate all the stuff you already learned if you’re interested in this kind of attacks. That would be boring 😉

I’ll rather show you how a few basic techniques, added with a bit of creativity and some skills at reading the docs, are often sufficient to find high‐impact vulnerabilities in everyday applications. How do I define “high impact”? It depends…

Escaping from the Oracle cloud with a few lines of SQL? High impact! Getting RCE on CC processing back ends despite JAXP SECURE_PROCESSING? High impact! Reading files on Yahoo YQL servers and bypassing their anti‐SSRF blacklists? High impact! Stealing Prezi’s Chef private key and pwning their cloud? High impact!

If you’re not ashamed when an exploit is only a few lines long, come on and enjoy the show!

Mario Heiderich

Mario Heiderich, handsome heart‐breaker, bon‐vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser‐ and greater‐than and leads a small yet exquisite pen‐test company. He commonly pesters peaceful attendees on various capitalist conferences with powerpoint‐slides and profanities. Mario also recently watched “Sharknado” and believes it to be one of the greatest movies of all times. I mean come on! Sharknado? Really?

JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks There is a way to build common, classic web applications. You know, servers, databases, some HTML and a bit of JavaScript. Ye olde way. Grandfather still knows. And there is a way to build hip and fancy, modern and light‐weight, elastic and scalable client‐side web applications. Sometimes with a server in the background, sometimes with a database ? but all the hard work is done by something new: JavaScript Model‐View‐Controller and templating frameworks.

Angular, Ember and CanJS, Knockout, Handlebars and Underscore? those aren’t names of famous wrestlers but modern JavaScript fame‐works that offer a boost in performance and productivity by taking care of many things web‐app right there in the browser, where the magic happens. And more and more people jump on the bandwagon and implement those frameworks with great success. High time for a stern look from the security perspective, ain’t it not?

This talk will show you how those frameworks work, how secure their core is and what kind of security issues spawn from the generous feature cornucopia they offer. Do their authors really know the DOM well enough to enrich it with dozens of abstraction layers? Or did they open a gate straight to JavaScript hell introducing a wide range of new injection bugs and coding worst‐practices? Well, you’ll know after this talk. You’ll know?

Ange Albertini

Reverse engineer – author of Corkami

Binary art – funky PoCs & visual docs

Binary file formats should have been the last refuge for reliability, as their specifications can be updated and improved, and parsers are often open‐source. I’ll show that things are not exactly looking so good, with my various experiments, whether they are extreme, polyglots, schizophren… I’ll also share a few hints about making nicer documentations on binary formats (http://imgur.com/a/PbN8H)