From 14th to 15th of February, 2020
Kaapelitehdas, Helsinki Finland
More
Less
The Finnish buildings are not as safe as you might think or want them to be. Social engineering is the standard red teaming maneuver, but there are many tricks you can use to get past the locked door without talking to anyone. I will present case examples of weaknesses and attacks I have personally encountered over the years and also offer some background why these weaknesses exist. Your office can even pass security audits with flying colors because these questions are not asked :)
Antti Virtanen, CISO at Solita Oy
More
Less
Security wise people are most vulnerable when they are travelling, and attackers are exploiting that. This presentation covers various attack scenarios that espionage operators are using against business travelers, and countermeasures that you can take to make yourself as a difficult target.
Jarno Niemelä, Principal Researcher at F-Secure
More
Less
Why are people having such a hard time using computers? Why are my users so stupid? Why would anyone click that link, open that attachment or struggle with software? This talk is about people's relationship with computers, and how hardware and software design is in need of a paradigm shift towards simpler systems that are hard to use incorrectly and easy to use securely.
Antti Kurittu, DFIR team lead at Nixu
More
Less
In this workshop we learn basics of memory forensics. We focus on Windows memory forensics but also cover some basics for Linux forensics. The syllabus involves (but is not limited to) Windows memory structure, what can be found from memory, what are the best practices for collecting memory dumps, how to analyze memory dumps with opensource tools. We have prepared multiple memory dumps for analyze and host a little competition at the end of the workshop. Let's make blue team great again!
Juho 'whois' Jauhiainen, Senior Security Consultant at Nixu
Mika, Security Consultant at Nixu
More
Less
Now that we all know the fundamentals of quantum computing, let’s dive into machines available in the near term and solving problems that have practical value. In the workshop we will look use a quantum annealing process on a Noisy Intermediate-Scale Quantum (NISQ) quantum computer to solve an optimization problem. In practice the prerequisite knowledge is a very superficial understanding of quantum computing and a laptop. The more detailed prerequisites will be clarified as the planning of the content progresses. Get as close to practical quantum computing as possible!
More
Less
The workshop is a short introduction to the very basics of penetration. It covers the anatomy of an attack:
* Basic lifecycle (reconnaissance / enumeration, planning the attack, selecting or preparing tools, execution, persistence, post exploitation)
* Terms and concepts (what vulnerabilities are and their categories, enumeration methods and tools, exploits and tools).
The workshop consists of a short lecture, followed by lab exercises led and assisted by the instructor. Lab materials include a virtual Kali Linux used as an attack machine, and a target VM prepared by the instructor, containing multiple vulnerable services. The lab exercises revolve around practicing enumeration, use of enumeration and attack tools, and post exploitation with an easy target. This will be a shorter version of the "Introduction to pwning" workshop i've done in Turkusec, Helsec, TreSec, and internally at my work.
Osku, Chief Security Architect at Sanoma
More
Less
Detection evasion in most enterprise networks is a problem that attackers have to deal with. In the modern enterprise network a number of defenses can intercept and block, detonate or analyze your malware/agent before it even achieves execution on a target. But what if an attacker could create malware that was supported by the target machine and not supported by the sandbox or other detection tools? The idea of keyed malware is not new; however, this talk looks at keying malware to leverage x86 Instruction Set Architecture (ISA) features supported by specific Intel and AMD CPUs, instead of from a higher-level abstraction as has been done previously with malware keyed to the operating system. In this talk, I will demonstrate and showcase how x86 instruction set architecture (ISA) specific features that allow for sandbox detection and bypass in instances where the x86 ISA version is mismatched between the target environment and the analysis environment. I will discuss and demonstrate methods for implementing ISA detection bypass techniques into the malware development lifecycle. Additionally, I will discuss the ramifications of an ever growing instruction set for the enterprise defender.
Chris Hernandez, Red Team Manager at Code42
More
Less
In January 2018, Electron patched a critical vulnerability, CVE-2018-1000006, resulting in Remote Code Execution in all Windows apps using the app.setAsDefaultProtocolClient API. Yet in February 2019, in a review of some of the more popular applications, we were still able to identify seven RCEs in six different apps, all using the same attack vector of Windows URI scheme handlers. All six of the identified apps were already patched against the Electron vulnerability, yet five of the seven exploits relied only on Electron features for code execution.
We detail three different approaches for exploiting Windows scheme handlers — two of them application-specific and one applicable to Electron apps more generally — and show how Windows Universal Naming Convention can present a significant risk for command injection. We also demonstrate a small tool for exploiting the Chrome DevTools protocol.
While most of the issues discussed in this talk have already been mitigated on several levels, the Electron team has failed to publicly document which versions of the framework are vulnerable. And while Electron's new tightened release cycle means that vulnerable versions have already reached EOL, when developers are unaware that a vulnerability exists, there is little incentive to upgrade. With this talk, we aim to fix that lack of incentive.
In addition to the technical details of the seven vulnerabilities, we provide insight into the disclosure process itself, the various types of programs intended to facilitate it, and their shortcomings. In particular we present our experiences with Zero Day Initiative, who acquire high-impact vulnerabilities, and Mattermost, one of the affected vendors running a responsible disclosure program.
More
Less
In this workshop, you will learn some tools to influence your perceived competence. We've got you covered with: personal strategies to hack yourself, body language, as well as the proper mindset. Have you ever been presented a challenge that you were not feeling competent enough for? Then this workshop is for you. Are you aware of your external perception, but struggle to get it on point in front of a client? Then this workshop might be for you. If you're negotiating day in day out, this workshop is probably not for you. This workshop will attempt to give you confidence in your abilities or at least show you how to be perceived as competent. Learn to acknowledge, accept and embrace your anxieties/insecurities and get rid of them by self-deception. By the end of the workshop, despite your doubts, you will be able to present yourself to others in a competent way. #blockchain #consultant #wokeUpLikeThis
Simon 'Plantprogrammer' Schliesky
More
Less
Shatter attacks were all the rage in 2003 but were quickly neutralized by DEP, UIPI and Session 0 isolation. 15 years later, confronted with a commercial sandbox product on the one hand, and with state-of-the-art security endpoint products on the other – we brought Shatter attacks back to life, extending and weaponizing them to be useful once more. We’ll start this talk with a quick intro to the classical Shatter attacks and continue to share the full, low-level, details on our reincarnation of them, including a live demo.
Andrey Malamud, Security Researcher at Accenture Security Israel
More
Less
I'm going to talk and demostrate modern techniques to mess up with Android applications, fuzzing for bugs and break ARM anti debugging. I'll introduce some of my opensource tools which make reverse engineering and malware analysis less painful.
Giovanni 'iGiogo' Rocca, Programmer and reverse engineer at Overwolf
More
Less
This beginner (as well as intermediate / advanced) friendly workshop runs the participants through a vast variety of different configuration issues and vulnerabilities that can be discovered using active scanning, bruteforcing and fuzzing in web context. The participants will learn to use variety of tools and to automate repetitive parts of the workflow. Topics covered include (but not limited to) content & asset discovery, credential bruteforcing, virtualhost discovery, SSRF, denial of service, shell scripting, dynamic payload generation and result filtering. We will be fuzzing different inputs: HTTP headers, GET & POST parameters, payloads and different APIs across various hosts. The participants will be provided with a VirtualBox VM image with a variety of challenges covering these topics, with difficulties ranging from easy to really hard. Large parts of the workshop content dive into advanced usage of a blazing fast open source web fuzzing tool ffuf (https://github.com/ffuf/ffuf/), and also often act as the first steps of bug bounty hunting on a target.
Pre-requirements: Laptop with VirtualBox installed, basic Linux command line knowledge and adventurous mind.