The Finnish buildings are not as safe as you might think or want them to be. Social engineering is the standard red teaming maneuver, but there are many tricks you can use to get past the locked door without talking to anyone. I will present case examples of weaknesses and attacks I have personally encountered over the years and also offer some background why these weaknesses exist. Your office can even pass security audits with flying colors because these questions are not asked :)

Security wise people are most vulnerable when they are travelling, and attackers are exploiting that. This presentation covers various attack scenarios that espionage operators are using against business travelers, and countermeasures that you can take to make yourself as a difficult target.

Why are people having such a hard time using computers? Why are my users so stupid? Why would anyone click that link, open that attachment or struggle with software? This talk is about people's relationship with computers, and how hardware and software design is in need of a paradigm shift towards simpler systems that are hard to use incorrectly and easy to use securely.

In this workshop we learn basics of memory forensics. We focus on Windows memory forensics but also cover some basics for Linux forensics. The syllabus involves (but is not limited to) Windows memory structure, what can be found from memory, what are the best practices for collecting memory dumps, how to analyze memory dumps with opensource tools. We have prepared multiple memory dumps for analyze and host a little competition at the end of the workshop. Let's make blue team great again!

Pre-requirements:
* Laptop
* Internet connectivity (f.e. sharing network from your mobile phone to your laptop)
* Volatility and Regripper installed and tested to work. Easiest way to do this is to download SIFT Workstation VM and run it on VMWare / VirtualBox.
* Linux command line experience is recommended but not mandatory

Resources:
* (Recommended) SIFT Workstation: https://digital-forensics.sans.org/community/downloads (requires registration)
* Volatility: https://github.com/volatilityfoundation/volatility
* Regripper: https://github.com/keydet89/RegRipper2.8
* We will also have few USB sticks with SIFT Workstation OVA

Material:
* Download link will be released on Friday 14.2.
* We will also have few USB sticks with the material

We will host a short CTF competition [with prizes] at the end of our workshop.

Material: https://files.dfir.fi/mf101/

Now that we all know the fundamentals of quantum computing, let’s dive into machines available in the near term and solving problems that have practical value. In the workshop we will look use a quantum annealing process on a Noisy Intermediate-Scale Quantum (NISQ) quantum computer to solve an optimization problem. In practice the prerequisite knowledge is a very superficial understanding of quantum computing and a laptop. The more detailed prerequisites will be clarified as the planning of the content progresses. Get as close to practical quantum computing as possible!

The workshop is a short introduction to the very basics of penetration. It covers the anatomy of an attack:
* Basic lifecycle (reconnaissance / enumeration, planning the attack, selecting or preparing tools, execution, persistence, post exploitation)
* Terms and concepts (what vulnerabilities are and their categories, enumeration methods and tools, exploits and tools).

The workshop consists of a short lecture, followed by lab exercises led and assisted by the instructor. Lab materials include a virtual Kali Linux used as an attack machine, and a target VM prepared by the instructor, containing multiple vulnerable services. The lab exercises revolve around practicing enumeration, use of enumeration and attack tools, and post exploitation with an easy target. This will be a shorter version of the "Introduction to pwning" workshop i've done in Turkusec, Helsec, TreSec, and internally at my work.

Detection evasion in most enterprise networks is a problem that attackers have to deal with. In the modern enterprise network a number of defenses can intercept and block, detonate or analyze your malware/agent before it even achieves execution on a target. But what if an attacker could create malware that was supported by the target machine and not supported by the sandbox or other detection tools? The idea of keyed malware is not new; however, this talk looks at keying malware to leverage x86 Instruction Set Architecture (ISA) features supported by specific Intel and AMD CPUs, instead of from a higher-level abstraction as has been done previously with malware keyed to the operating system. In this talk, I will demonstrate and showcase how x86 instruction set architecture (ISA) specific features that allow for sandbox detection and bypass in instances where the x86 ISA version is mismatched between the target environment and the analysis environment. I will discuss and demonstrate methods for implementing ISA detection bypass techniques into the malware development lifecycle. Additionally, I will discuss the ramifications of an ever growing instruction set for the enterprise defender.

In January 2018, Electron patched a critical vulnerability, CVE-2018-1000006, resulting in Remote Code Execution in all Windows apps using the app.setAsDefaultProtocolClient API. Yet in February 2019, in a review of some of the more popular applications, we were still able to identify seven RCEs in six different apps, all using the same attack vector of Windows URI scheme handlers. All six of the identified apps were already patched against the Electron vulnerability, yet five of the seven exploits relied only on Electron features for code execution.

We detail three different approaches for exploiting Windows scheme handlers — two of them application-specific and one applicable to Electron apps more generally — and show how Windows Universal Naming Convention can present a significant risk for command injection. We also demonstrate a small tool for exploiting the Chrome DevTools protocol.

While most of the issues discussed in this talk have already been mitigated on several levels, the Electron team has failed to publicly document which versions of the framework are vulnerable. And while Electron's new tightened release cycle means that vulnerable versions have already reached EOL, when developers are unaware that a vulnerability exists, there is little incentive to upgrade. With this talk, we aim to fix that lack of incentive.

In addition to the technical details of the seven vulnerabilities, we provide insight into the disclosure process itself, the various types of programs intended to facilitate it, and their shortcomings. In particular we present our experiences with Zero Day Initiative, who acquire high-impact vulnerabilities, and Mattermost, one of the affected vendors running a responsible disclosure program.

In this workshop, you will learn some tools to influence your perceived competence. We've got you covered with: personal strategies to hack yourself, body language, as well as the proper mindset. Have you ever been presented a challenge that you were not feeling competent enough for? Then this workshop is for you. Are you aware of your external perception, but struggle to get it on point in front of a client? Then this workshop might be for you. If you're negotiating day in day out, this workshop is probably not for you. This workshop will attempt to give you confidence in your abilities or at least show you how to be perceived as competent. Learn to acknowledge, accept and embrace your anxieties/insecurities and get rid of them by self-deception. By the end of the workshop, despite your doubts, you will be able to present yourself to others in a competent way. #blockchain #consultant #wokeUpLikeThis

Shatter attacks were all the rage in 2003 but were quickly neutralized by DEP, UIPI and Session 0 isolation. 15 years later, confronted with a commercial sandbox product on the one hand, and with state-of-the-art security endpoint products on the other – we brought Shatter attacks back to life, extending and weaponizing them to be useful once more. We’ll start this talk with a quick intro to the classical Shatter attacks and continue to share the full, low-level, details on our reincarnation of them, including a live demo.

I'm going to talk and demostrate modern techniques to mess up with Android applications, fuzzing for bugs and break ARM anti debugging. I'll introduce some of my opensource tools which make reverse engineering and malware analysis less painful.

This beginner (as well as intermediate / advanced) friendly workshop runs the participants through a vast variety of different configuration issues and vulnerabilities that can be discovered using active scanning, bruteforcing and fuzzing in web context. The participants will learn to use variety of tools and to automate repetitive parts of the workflow. Topics covered include (but not limited to) content & asset discovery, credential bruteforcing, virtualhost discovery, SSRF, denial of service, shell scripting, dynamic payload generation and result filtering. We will be fuzzing different inputs: HTTP headers, GET & POST parameters, payloads and different APIs across various hosts. The participants will be provided with a VirtualBox VM image with a variety of challenges covering these topics, with difficulties ranging from easy to really hard. Large parts of the workshop content dive into advanced usage of a blazing fast open source web fuzzing tool ffuf (https://github.com/ffuf/ffuf/), and also often act as the first steps of bug bounty hunting on a target.

Pre-requirements: Laptop with VirtualBox installed, basic Linux command line knowledge and adventurous mind.

Ever wonder how digitally secure the aviation industry is? Take a peek inside the world's largest aircraft manufacturer Boeing. As Chris takes you on a journey of surprisingly weak security which can potentially affect passenger and aircrew safety. XSS Exploitable vulnerabilities, email spoofing, bypassing authentication into the Aviation ID system for accessing flight control software live and test and the cabin viewing system with IOT camera in the cockpit. Describe safety risks and struggles to coordinate disclosure and legal pressure by Boeing to keep silent.

Key takeaways:
- Boeing is in the IT business and happen to produce aircraft.
- Applications and software live and breathe throughout aerospace.
- Changing the way digital technology is regarded by industry is paramount.
- Ever critical manufacturing involved with safety must have a functional coordinated disclosure program.
- Software affects safety system, especially when planes have already fallen out of the sky due to code errors.

Trusted Computing denotes a set of technologies that can be used to provide trustworthy platforms by leveraging the use of a Trusted Platform Module (TPM) chip, available in most modern computing platforms. The TPM provides secure storage of keys, confidential data, certificates, cryptographic measurements of system components, as well as cryptographic functions and key generation. We can use this device to guarantee the integrity of the software running on a platform, from the firmware up to run-time components. When a device boots, we can measure each component in the boot sequence and store those measurements in the TPM. Then, we can check if those values are as expected, to detect any possible tampering with the machine.

But what does this mean in practice?

To build large trusted platforms, we need to understand what kind of guarantees we can actually make about our system. TPM-aware systems generate a set of logs that can be used to reconstruct the measurements that get stored in the chip. The content of these logs is defined in a set of standards and, when something changes, they can be used to pin-point the component that changed. However, sometimes the ideal world of the standards doesn't quite match what we find in reality. This talk covers the practical aspects of building and working with trusted platforms, what they enable us to do and where the limitations are.

How do you unravel complex social engineering techniques to someone with no infosec knowledge? How can your message be noticed if you're not used to writing? This workshop will share simple writing techniques and provide support for sharing infosec knowledge for different audiences. You'll learn how to open up difficult terminology, how to adapt your style for various audiences, and how to improve your overall professional knowledge sharing skills. This workshop is for you, if you want:
- Motivation to write and share your professional knowledge
- Techniques for adapting your infosec message for different audiences
- To improve your message e.g. in information security campaigns
Attendees are required to bring: Writing materials (analog or digital)

A short travel from broken metal chunks to "undocumented user accounts" and other IT Security disasters. There will be a recap of IT Security problems from well known and also lesser known products presented. IT resp. computer security is an interesting area. Not only for criminals but also for scientists, programmers and users. We all should know that 100% security does not exist. Therefore I would like to underpin this statement with this lecture. 2018 & 2019 were a blast in case of security disasters. B0rken processors, authentication bypasses all around, behind every corner a Remote Code Execution waiting for you and sometimes even some 0days jumps out of nowhere. Surprisingly 2020 offering already after a single month content for multiple talks. I want to review together with the audience the best security disasters from 2019 and 2020. Maybe we can reveal some trends that are happening in the disaster industry. Besides having an entertaining lecture I want also reflect on consequences of such security failures and what we can hopefully learn about it. If the demo gods are not on holiday, I will present a live demo. You will probably see your software and hardware differently after this lecture.

This talk revisits the theme of personal privacy in the digital world, this time centring around the "I've got nothing to hide" argument. A beam of intensive light is shed on the motivation behind caring about one's privacy. We go in depth into what we can do to stay private and should we even try to do it at all. We talk about where we as an global society were able to fix privacy and where we have failed. New topics previously not covered are discussed, such as herd immunity and certification programs.

Do you know what happens when your systems are hit with traffic exceeding the available bandwidth? I know. Now. In this presentation I'm telling a story how we were able to organize a (legal) DDoS exercise against ourselves and what we learned from it. Asymmetric or application level DoS attacks respecting the organization's bandwith are easy, anyone can do it. We took the hard way - attacking the real, live, production environment with no training wheels or safety net.

The PCILeech direct memory access attack toolkit has become the defacto standard for PCIe DMA attacks amongst researchers, red teamers, governments and game cheaters alike. We will demo how to take total control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware.

MemProcFS - The Memory Process File System is memory forensics made super easy! Analyze memory dumps or live memory by clicking on files in a virtual file system using your favorite tools. Analyze and modify live memory using PCILeech PCIe hardware devices or even memory acquired from remote hosts - live over the network. MemProcFS is 100% open source memory forensics, blazingly fast and super easy to use!

Privacy should not be left only to the legal department: every security specialist and software developer should know the basics to be able to design applications with Privacy by Design principles.

Threat modeling is a natural approach to Privacy by Design, since it's already an established practice in secure software development. In addition, the general idea of threat modeling - thinking what can go wrong and what can you do about it - is excellent, because even features added to increase privacy may bring new threats if implemented insecurely.

There are only a few existing privacy threat modeling methodologies, such as LINDDUN, but they don't take into account the lifecycle of personal data. A pure LINDDUN model works on data flow diagrams which easily become complicated and its approach to compliance-type threats is underdeveloped. Instead of focusing only on data flows, taking a higher-level look at functionality and business processes makes identifying threats easier.

This talk introduces a privacy threat modeling method that enables you to systematically detect threats from the five data lifecycle phases: collecting, storing, handling, anonymization and removal. The method combines elements from LINDDUN, TRIM and Persona non Grata approaches and takes into account the data breach victims for better coverage.

This talk explains what kind of threats are related to personal data from the moment of collecting it to the point of deletion. You will learn how to find privacy threats from each lifecycle phase, system features and architecture.

After this talk, you will be able to identify potential harm-doers and understand how people even with good intentions can cause privacy problems. You will get practical advice on running a privacy threat workshop and getting privacy features and controls implemented alongside functionality and security.

This workshop is an introduction to the red teaming process and leading of a red team engagement according to our research which can be downloaded from here. We created a comprehensive model for leading a red team engagement which emphasizes the collaboration between pentesters, developers and the client, capitalizing on communication and agile working methods.

The workshop covers the full scope of a red team engagement. Focus will be on planning the engagement and remediations:
- Plan – Are we doing the right things?
- Engage – Are we doing the things right?
- Provide – What should we do next?

The workshop consists of lecture and short exercises in intelligence, targeting and planning of a red teaming engagement. No computers will be used, just pen, paper and a creative mind.

Identifying hidden and often unintended attack paths is crucial for organisations since once an attacker obtains initial access into the network the first objective is to perform data collection. Attackers use these techniques, which will be covered in the training to identify attack paths that could be exploited to compromise the Active Directory environment.

The training is planned to roughly consist of the following topics:
* Setting up and running BloodHound for data collection
* Differences between data collection methods
* Analysis of data collected by BloodHound
* Using customised cypher-queries

Objective of this workshop is to give attendants the knowledge and capabilities on what is BloodHound and how to use it in their organisations to identify attack paths.

After the training, the participants have necessary skills to independently use BloodHound for data collection and analysis to identify and mitigate attack paths in their environment.

Pre-requirements:
* Laptop with VirtualBox or VMWare
* Internet connectivity
* Kali pre-installed

Material:
* Access to cloud instance containing database for data analysis
* Pre-installed Kali images containing all necessary data (if you do not have Kali readily available – there will be time in the beginning of the workshop to set this up)

"Game of #shells" is a talk about battles between Red and Blue team. As stories always have more than one perspective, then for the first time ever on Disobey stage we will unveil some epic ****ups that either side had to confront throughout several months. Come on down, ask all the questions you haven't had the guts to ask from either side: Red or The bluez

We will go through some basic tools and principles for Open Source Intelligence (OSINT) and see what kind of information we can find from our potential targets and then figure out what is something we could use to create a believable phishing package.

In this workshop we do not craft technical malware packages but focus on the information gathering and thinking more about how we can get the psychological effect that our package would be opened by the would-be target.

We ask the participants to figure out in advance a target organization they wish to conduct the reconnaissance on.

Pre-requisite: Laptop

Subscription-based commercial VPN services have become very popular among Internet users. They are used for various purposes, such as protecting Internet traffic when using a shared WLAN, hiding online activities, and accessing geo-blocked media content.

In this talk, we discuss the security of commercial VPN services from the client-side perspective. More specifically, we focus on how their desktop client applications set up VPN tunnels and how end-users are instructed to configure generic VPN client software for common VPN protocols. We show various vulnerabilities that we found in 30 popular commercial VPN services. These vulnerabilities break the security of the VPN tunnel by, for example, allowing attackers to strip off the traffic encryption or to bypass server authentication. Some of them also allow the attacker to steal user credentials that are used for authenticating a client to the VPN gateway.

Our findings indicate a serious lack of security-awareness across the commercial VPN industry. While most of the studied VPN protocols are secure if used properly, vulnerabilities can be introduced to them with misconfigurations. Using such badly configured VPN client will give wrong perception of security and privacy to end-users.

Why? Because we want to make the world a better place.

What?
This hands-on workshop is about digital forensics tools and how to create repeatable semi-automatic analysis workflows with devops tools. In this workshop we will be:
* Introducing set of open source tools which are useful and easy to use for analysis work
* Thinking together how to find better and easier ways to do analysis
* Hands on exercises how to create and automatize analysis pipelines
* How to create robust and repeatable analysis pipelines

For Whom?
People who are doing digital threat analysis at their work, incident response teams, people who are interested about the subject.

Required tools
To attend, bring a laptop running a Ubuntu 18.04 (VM or native).

Background
This workshop leverages work done in the CinCan project (cincan.io), which is about building shareable, repeatable & history preserving analysis pipelines using your favourite tools + CI + git + containers. (INEA/CEF funded project worked on by NCSC-FI, Jyväskylä University of Applied Sciences & University of Oulu)

This workshop gives participants hands-on experience of analysing large amounts of diverse and challenging log files to investigate an incident. Some of the logs are broken, some of them are pretty but still a pain to parse. Using the (free) desktop version of Spectx, we'll first look at parsing challenges such as multiple timestamp formats, missing fields, extra fields, volatile separators and maliciously weird data. Next, the task is to figure out if an incident has happened. If yes (doh), then how, why, when? What else can we learn about the attacker? And there's more. We suspect that one of our (imaginary) users might be involved in something fishy. To investigate, we'll zoom into the curious case of Mähönen across different application, system and network logs. Bring your laptop; we'll give you the data, the tool and the earworm (all you need is logs).

Recently a new malware family started to appear in the wild, identifying itself as the new version of the old DarkRAT. This malware is now being distributed via RigEK. In a short period of time, the developer of DarkRATv2 made a significant number of improvements and updates to his creation. In this talk I would like to give you a demonstration how developer mistakes can lead to more discoveries, how to leverage THREATINT means and techniques to learn more about the malware and its operations: and ultimately picking it apart from a reverse engineering perspective. Also I'm planning to give you an end-to-end approach on malware hunting, so you can use these techniques and apply it to your daily malware work. The talk will also introduce concepts from reverse engineering, malware analysis, threat hunting, signature development and use of THREATINT and OSINT techniques.

Offensive security professionals need to increase the sophistication of their tactics, techniques and procedures (TTPs) in order to accomplish their goals due to the improvements in security culture and the sophistication of security products. Timo and Robert have been on a quest to find a way around modern EDR with regard to credential theft.

As part of this presentation, the team will:
* Discuss the evolution of credential theft and the reasons why alternative approaches are required
* Introduce and opensource ‘physmem2profit’, a tool that can be used to retrieve credentials and secrets without alerting the blue team
* Recommend approaches that can be used to detect and mitigate this technique

In this half hour we study aspects of physically and cryptographically secure hardware (often termed secure element or SE) and the integration into circuits. We illustrate utility of such integration by inspecting a cryptocurrency wallet design, and explain the difficulty presented by nondisclosure agreements (NDA) common to industry closed adversaries. We consider the conference badge, study it's parts under a close range circuit camera, and hypothesize on value added by secure hardware components.

This is a workshop for everyone who wants to learn to work with modern miniaturized electronics components but doesn't know where to start. I will remove your fear of SMD work. You will learn how to use your hands and how to handle tiny parts by assembling a touch-activated purring kitten. No prior knowledge or experience needed. Everyone can do this. Yes, even you who never touched electronics before. Costs 20€, avoid caffeine use immediately before workshop.

Mikko Hyppönen has the third most viewed pastebin in history. His AMA made the front page of reddit. Mikko works as a data hostage negotiator. He spoke at the legendary Rubicon conference in Detroit before it was shut down. He has also had a keynote at both DEF CON and Black Hat Asia. He used to hold the US patent 6,577,920 but doesn’t anymore. Hyppönen is a certified bodyguard and an expert in hand-to-hand combat. He's also the current world champion in Xevious. He runs a podcast called “Herrasmieshakkerit” together with Tomi Tuominen, in Finnish because perkele.

Jayson E. Street is an author of the "Dissecting the hack: Series". He’s also the DEF CON Groups Global Ambassador and the VP of InfoSec for SphereNY. Jayson has spoken at DEF CON, DerbyCon, GRRCon and at several other ‘CONs and colleges on a variety of Information Security related subjects. Jayson is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. Jayson does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.

Introduction to Disobey 2020 Badge; usage, app development, hacking, puzzle. If you want to know what the badge is, what it does and how to use it, you should hear this.