DOCSLIB.ORG

The ONE! One Schedule to Rule Them All!

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The ONE! One Schedule to Rule Them All! The ONE! One Schedule to Rule them All! Welcome to the "One Schedule to Rule them All!". Thank you for your interest by using this. This is an attempt to make things easier for you, the DEF CON attendee, to figure out the when/what/where during the chaos of DEF CON 28. It started out simple. I had a Kindle and wanted an ebook of the schedule so I didn't have to wear out the paper pamphlet by pulling it out after every talk to figure out where to go next. Back then there was only the main DEF CON tracks, not really any Villages, and production of the ebooks were easy. Over time the Village system developed with a resulting multiplication in complexity, both for attendees and for my production. The offerings no longer include epub and mobi formats and instead now include html, csv, PDF, ical, public Google calendar, and mysql dump format files. Hopefully you'll find something of use. The intent is still to be a resource to answer the question at the end of an hour of "What's next?" As a general rule I do not include: • Off-site events • Blatent vender pitch events • Nonspecific timed events. Unfortunately this means the contests aren't on the regular schedule. This year I've added a contests list so you see what's happening and their hours • DEF CON events are emphasized, so BSLV and BH tend to not show up Be sure to check out the Links section at the bottom of this. Most all of the events listed here were derived from these links and a Infoboot data feed. There is much more going on at DEF CON than what is listed here. Check out the Guides/Tips/FAQs links if you're new to Las Vegas. Notable suggestions are: • Bring comfortable shoes, you'll be doing a lot more walking than you expect • Bring a water bottle to keep hydrated • Beware of going out doors, there's nothing like LV sun and heat • Relax, don't try to see everything, you'll never be able to! • Have FUN! 1 And finally, this is only as good as the ideas and information used to generate it. I welcome your constructive suggestions and comments. Please send them to [email protected] Have a good time at DEF CON 28! 2 Index of DEF CON 28 Activities Locations Legends and Info Schedule - Thursday - Friday - Saturday - Sunday Speaker List Talk Title List Village Talk List AEV - AIV - ASV - BCV - BHV - BTVT1 - BTVW1 - BTVW2 - CHV - CLV - CNE - CPV - CRV - DC - DCG - DL - ENT - ETV - FSL - HHV - HRV - HTS - ICS - IOT - LBV - LPV - MOV - PAYV - PHVT - PHVW - POV - PWDV - RCV - RGV - RTV - SEV - VMV - WLV Talk Descriptions DEF CON News DEF CON 28 FAQ DEF CON FAQ Links to DEF CON 28 related pages 3 Locations Legends and Info AIV = Artifical Intellegence Village Location: #aiv-general-text ASV = AppSec Village Location: #asv-general-text AEV = AeroSpace Village Location: #av-lounge-bar-text BCV = Blockchain Village Location: #bcv-general-text BHV = Bio Hacking Village Location: #bhv-general-text BTVT = Blue Team Village Talks BTVW = Blue Team Village Workshops Location: #btv-general-text CHV = Car Hacking Village Location: #chv-welcome-text CLV = Cloud Village Location: #cloudv-general-text CNE = Contests and Events CPV = Crypto Privacy Village Location: #cpv-general-text CRV = Career Hacking Village Location: #cahv-general-text DC = DEF CON Talks 4 DCG = DEF CON Groups Location: #dcg-stage-voice DDV = Data Duplication Village Location: #ddv-general-text DL = DEF CON DemoLabs ENT = Entertainment ( Music ) ETV = Ethics Village Location: #ev-general-text FSL = Fireside Lounge Location: #fireside-lounge-voice HHV = Hardware Hacking Village Location: #hhv-infobooth-text HRV = Ham Radio Village Location: #ham-general-text HTS = Hack The Sea Location: #htsv-general-text ICS = Industrial Control Systems Village Location: #ics-general-text IOT = Internet Of Things Village Location: #iotv-general-text LBV = Lock Bypass Village Location: #lbpv-social-text LPV = Lockpicking Village Location: #lpv-general-text 5 MOV = Monero Village Location: #mv-general-text PHVT = Packet Hacking Village Talks PHVW = Packet Hacking Village Workshops Wall of Sheep Location: #phv-infobooth-text PAYV = Payment Village Location: #pay-labs-text PWDV = Password Village Location: #pwdv-general-text POV = Policy Village Location: #pol-general-text RCV = Recon Village Location: #rv-general-text RGV = Rogue's Village Location: #rov-announcements-text RTV = Red Team Village Location: #rtv-briefings-text SEV = Social Engineering Village Location: #sev-general-text Vendors Area Vendors Discord channel #vendors VMV = Voting Machine Village Location: #vmhv-general-text WLV = Wireless Village Location: #wv-general-text 6 Talk/Event Schedule Thursday This Schedule is tentative and may be changed at any time. Check at an Info Booth for the latest. Thursday - 07:00 PDT Return to Index - Locations Legend RTV - (07:30-07:59 PDT) - Red Team Village Announcements and Remarks - Joseph Mlodzìanowskì (cedoXx),Omar Ωr 7 Thursday - 08:00 PDT Return to Index - Locations Legend RTV - The Bug Hunter’s Methodology - Jason Haddix 8 Thursday - 09:00 PDT Return to Index - Locations Legend BTVT1 - Blue Team Village - Opening Ceremony DC - (09:30-09:59 PDT) - Discovering Hidden Properties to Attack Node.js ecosystem - Feng Xiao RTV - Red Team Village CTF - Prequal - RTV - (09:15-10:15 PDT) - Securing AND Pentesting the Great Spaghetti Monster (k8s) - Kat Fitzgerald WLV - wicked wardriving with gps and glonass - wytshadow WLV - Introduction to WiFi Security - Nishant Sharma WLV - Wireless Blue Team - Eric Escobar WLV - DragonOS - How I kept busy during COVID19 - cemaxecuter WLV - The Basics Of Breaking BLE v3 - FreqyXin 9 Thursday - 10:00 PDT Return to Index - Locations Legend BTVT1 - (10:15-10:59 PDT) - Graylog: An Introduction Into OpenSOC CTF Tools - Lennart Koopmann DC - (10:30-10:59 PDT) - Room for Escape: Scribbling Outside the Lines of Template Security - Alvaro Munoz,Oleksandr Mirosh RTV - cont...(09:15-10:15 PDT) - Securing AND Pentesting the Great Spaghetti Monster (k8s) - Kat Fitzgerald RTV - (10:30-11:30 PDT) - Guerrilla Red Team: Decentralize the Adversary - Christopher Cottrell 10 Thursday - 11:00 PDT Return to Index - Locations Legend BTVW1 - (11:15-11:59 PDT) - Kibana: An Introduction Into OpenSOC CTF Tools - TimDotZero DC - (11:30-11:59 PDT) - DNSSECTION: A practical attack on DNSSEC Zone Walking - Hadrien Barral,Rémi Géraud-Stewart RTV - cont...(10:30-11:30 PDT) - Guerrilla Red Team: Decentralize the Adversary - Christopher Cottrell RTV - (11:45-12:45 PDT) - Evil Genius: Why you shouldn't trust that keyboard - Farith Perez,Mauro Cáseres 11 Thursday - 12:00 PDT Return to Index - Locations Legend BTVW1 - (12:15-12:59 PDT) - OpenSOC CTF Tool Demo: Moloch DC - (12:30-12:59 PDT) - Hacking the Hybrid Cloud - Sean Metcalf RTV - cont...(11:45-12:45 PDT) - Evil Genius: Why you shouldn't trust that keyboard - Farith Perez,Mauro Cáseres 12 Thursday - 13:00 PDT Return to Index - Locations Legend BTVW1 - (13:15-13:59 PDT) - Osquery: An Introduction Into OpenSOC CTF Tools - Whitney Champion DC - (13:30-13:59 PDT) - Hacking traffic lights - Rik van Duijn,Wesley Neelen HTS - Dockside with the US Coast Guard RTV - Combining notebooks, datasets, and cloud for the ultimate automation factory - Ryan Elkins 13 Thursday - 14:00 PDT Return to Index - Locations Legend BTVW1 - (14:15-14:59 PDT) - Velociraptor: An Introduction Into OpenSOC CTF Tools - Mike Cohen DC - (14:30-14:59 PDT) - Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Hundreds of Millions of Critical Devices - Ariel Schön,Moshe Kol,Shlomi Oberman RTV - (14:15-15:15 PDT) - Deep Dive into Adversary Emulation - Ransomware Edition - Jorge Orchilles 14 Thursday - 15:00 PDT Return to Index - Locations Legend BTVW1 - (15:15-15:59 PDT) - Zeek: An Introduction Into OpenSOC CTF Tools - Aaron Soto,Amber Graner DC - (15:30-15:59 PDT) - Demystifying Modern Windows Rootkits - Bill Demirkapi RTV - cont...(14:15-15:15 PDT) - Deep Dive into Adversary Emulation - Ransomware Edition - Jorge Orchilles RTV - (15:30-16:30 PDT) - Introducing DropEngine: A Malleable Payload Creation Framework - Gabriel Ryan 15 Thursday - 16:00 PDT Return to Index - Locations Legend BTVW1 - (16:15-16:59 PDT) - Suricata: An Introduction Into OpenSOC CTF Tools - Josh DC - (16:30-16:59 PDT) - Domain Fronting is Dead, Long Live Domain Fronting: Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise - Erik Hunstad RTV - cont...(15:30-16:30 PDT) - Introducing DropEngine: A Malleable Payload Creation Framework - Gabriel Ryan RTV - (16:45-17:45 PDT) - Zero Trust - A Vision for Securing Cloud and Redefining Security - Vandana Verma Sehgal 16 Thursday - 17:00 PDT Return to Index - Locations Legend BTVW1 - (17:15-17:59 PDT) - OpenSOC CTF Tool Demo: Thinkst Canary RTV - cont...(16:45-17:45 PDT) - Zero Trust - A Vision for Securing Cloud and Redefining Security - Vandana Verma Sehgal 17 Thursday - 18:00 PDT Return to Index - Locations Legend RTV - What college kids always get wrong, the art of attacking newbies to blueteam - Forrest Fuqua 18 Thursday - 19:00 PDT Return to Index - Locations Legend RTV - (19:15-20:15 PDT) - Android Malware Adventures - Kürşat Oğuzhan Akıncı,Mert Can Coşkuner 19 Thursday - 20:00 PDT Return to Index - Locations Legend RTV - cont...(19:15-20:15 PDT) - Android Malware Adventures - Kürşat Oğuzhan Akıncı,Mert Can Coşkuner RTV - (20:30-21:30 PDT) - Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite - Shay Nehmad 20 Thursday - 21:00 PDT Return to Index - Locations Legend RTV - cont...(20:30-21:30 PDT) - Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite - Shay Nehmad RTV - (21:45-22:45 PDT) - Android Application Exploitation - Kyle Benac (aka @B3nac) 21 Thursday - 22:00 PDT Return to Index - Locations Legend RTV - cont...(21:45-22:45 PDT) - Android Application Exploitation - Kyle Benac (aka @B3nac) 22 Thursday - 23:00 PDT Return to Index - Locations Legend RTV - Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing - Kaustubh Padwad 23 Friday This Schedule is tentative and may be changed at any time.
Load more

Recommended publications
  • Fill Your Boots: Enhanced Embedded Bootloader Exploits Via Fault Injection and Binary Analysis
    IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925, Vol. 2021, No. 1, pp. 56–81. DOI:10.46586/tches.v2021.i1.56-81 Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis Jan Van den Herrewegen1, David Oswald1, Flavio D. Garcia1 and Qais Temeiza2 1 School of Computer Science, University of Birmingham, UK, {jxv572,d.f.oswald,f.garcia}@cs.bham.ac.uk 2 Independent Researcher, [email protected] Abstract. The bootloader of an embedded microcontroller is responsible for guarding the device’s internal (flash) memory, enforcing read/write protection mechanisms. Fault injection techniques such as voltage or clock glitching have been proven successful in bypassing such protection for specific microcontrollers, but this often requires expensive equipment and/or exhaustive search of the fault parameters. When multiple glitches are required (e.g., when countermeasures are in place) this search becomes of exponential complexity and thus infeasible. Another challenge which makes embedded bootloaders notoriously hard to analyse is their lack of debugging capabilities. This paper proposes a grey-box approach that leverages binary analysis and advanced software exploitation techniques combined with voltage glitching to develop a powerful attack methodology against embedded bootloaders. We showcase our techniques with three real-world microcontrollers as case studies: 1) we combine static and on-chip dynamic analysis to enable a Return-Oriented Programming exploit on the bootloader of the NXP LPC microcontrollers; 2) we leverage on-chip dynamic analysis on the bootloader of the popular STM8 microcontrollers to constrain the glitch parameter search, achieving the first fully-documented multi-glitch attack on a real-world target; 3) we apply symbolic execution to precisely aim voltage glitches at target instructions based on the execution path in the bootloader of the Renesas 78K0 automotive microcontroller.
    [Show full text]
  • Anti-Forensic Implications of Software Bugs in Digital Forensic Tools
    Anti-Forensic Implications of Software Bugs in Digital Forensic Tools ALAIN HOMEWOOD Bachelor of Computer and Information Sciences (AUT, NZ) Diploma in Information Technology (AUT, NZ) A thesis submitted to the graduate faculty of design and creative technologies AUT University in partial fulfilment of the requirements for the degree of Master of Forensic Information Technology School of Computing and Mathematical Sciences Auckland, New Zealand 2012 ii Declaration I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which to a substantial extent has been accepted for the qualification of any other degree or diploma of a University or other institution of higher learning, except where due acknowledgement is made in the acknowledgements. ........................... Signature iii Acknowledgements I would like to thank everyone that has supported me in writing this thesis. Without their support this thesis may not have been completed. I have received guidance, support and insight from many people during the course of conducting this research. Firstly I would like to express my gratitude to my thesis supervisor, Dr Brian Cusack. Dr Cusack has provided continual support and guidance which has greatly influenced the direction of this research as well as the quality of the thesis. Dr Cusack is the latest of many faculty members of the School of Computing and Mathematical Sciences who have helped me reach my goals throughout my tertiary education. I also thank Campbell McKenzie for his continued support throughout writing my thesis.
    [Show full text]
  • Crystal Eye Technology Report (Updated) – 2020
    Technology Report Red Piranha’s Crystal Eye Platform Peter Hannay & Clinton Carpene [email protected], [email protected] 16th October 2017 Updated Review Red Piranha’s Crystal Eye XDR Platform v4.0 Kenneth Tan – [email protected] Meidi van der Lee – [email protected] Rossa Risdiana – [email protected] 4th September 2020 The statements made and opinions expressed in this report are believed to be correct by the authors, however the authors assume no responsibility or liability for any errors or omissions in the content of this report. The information contained in this report is provided on an as-is basis with no guarantees of completeness, accuracy, usefulness or timeliness. Any discussion of projections or future performance are subject to interpretation and it must be noted that past performance is not a reliable indicator of future results, as such no responsibility can be accepted for decisions made based on this report. 1 Executive Summary Red Piranha Limited is a public unlisted company registered in Australia and currently based out of Perth and Sydney, developing information security products called the Crystal Eye Extended Detection and Response (CE XDR) platform with the immediate target market being small and medium businesses in Australia and exporting to global markets. The Crystal Eye platform integrates a collection of security technologies to provide multiple layers of cybersecurity protection, giving the benefit of defence-in-depth with comprehensive features even without optional functions installed. Clients can add more functionalities from the Marketplace as required according to each business’ inherent risks and requirements. Additional functionality can be included mostly at no additional cost.
    [Show full text]
  • Crystal Eye Technology Report
    Independent Technology Report Red Piranha’s Crystal Eye Next Generation Firewall Operating System Peter Hannay & Clinton Carpene [email protected], [email protected] 6th August 2017 The statements made and opinions expressed in this report are believed to be correct by the authors, however the authors assume no responsibility or liability for any errors or omissions in the content of this report. The information contained in this report is provided on an "as is" basis with no guarantees of completeness, accuracy, usefulness or timeliness. Any discussion of projections or future performance are subject to interpretation and it must be noted that past performance is not a reliable indicator of future results, as such no responsibility can be accepted for decisions made based on this report. 1 Executive Summary Red Piranha Limited is a public, unlisted company registered in Australia. Red Piranha Limited (“Red Piranha”, the “Company”) is currently based out of Perth and Sydney, developing information security technologies and products. Red Piranha is a fully integrated supplier of cyber security services for small to medium enterprises in Australia with export capabilities for global markets. Red Piranha’s advanced intrusion and detection systems, backed by the Company’s threat intelligence, updates systems multiple times a day giving greater protection against zero day attacks and advanced persistent threats. The Company is currently working with its business associates and partners to produce a bundled insurance product. The product provides a complete cyber security service through acombinationoftechnologyandinsurancepackagestoprovideremediationshouldsomedamageor loss eventuate. In 2015, Red Piranha purchased the DNS.Insure platform and began development on the Crystal Eye Unified Threat Management systems (UTMs; the "Technology").
    [Show full text]
  • 1UP A5 40PP BROCHURE Cut Marks
    2017 Contents 3 Introduction 5 Keynote 8 Talks (alphabetically by talk / workshop title) 29 Workshops (alphabetically by talk / workshop title) 39 Thanks 2 Introduction It's that time of the year already. A time for giving and sharing challenges and responses. A time for catching up with old friends around the glow of a warm tty. A time for (get to the point Steve! -A)... erm... ok. It's a time to get a little crazy and break stuff... It's 44CON TIEM!!!!1!11!1!!!one!!ones!!11 Welcome back to another year of 44CON. This year we've gone all out on talks and have some amazing ones from speakers around the world. We have the drinks primed for Gin O'Clock, the bus bar is ready and we have a cracking evening session ahead. Our CTF this year is run by Immersive Labs, who are offering good money for challenges. Go and talk to them if you'd like to make some extra cash developing challenges for their platform, but don't forget to have a go at the CTF too! If this is your first 44CON, you should know we might not be like other events you've attended. Everyone is approachable from our sponsors to speakers to the crew. If you have any questions, problems or suggestions, please do talk to our crew or ask at the front desk. We want to make sure you have the best time possible. 44CON couldn't happen without our sponsors, please make sure you say hello. Our sponsors aren't there to give you a hard sell, they're there to help you have a good time so do make sure to visit them and see what they have to offer.
    [Show full text]
  • APCERT Annual Report 2012
    AAPPCCEERRTT AAnnnnuuaall RReeppoorrtt 22001122 APCERT Secretariat E-mail: [email protected] URL: http://www.apcert.org 1 CONTENTS CONTENTS ........................................................................................................................... 2 Chair’s Message 2012 ............................................................................................................ 4 I. About APCERT ................................................................................................................... 6 II. APCERT Activity Report 2012 ...................................................................................... 12 1. International Activities and Engagements 12 2. Approval of New General Members / Full Members 16 3. APCERT SC Meetings 16 4. APCERT Study Calls 16 5. APCERT Information Classification Policy 17 III. Activity Reports from APCERT Members ................................................................... 18 Full Members 18 1. AusCERT Activity Report 18 2. BKIS Activity Report 20 3. BruCERT Activity Report 24 4. CERT Australia Activity Report 30 5. CERT-In Activity Report 35 6. CNCERT/CC Activity Report 47 7. HKCERT Activity Report 55 8. ID-CERT Activity Report 61 9. ID-SIRTII/CC Activity Report 71 10. JPCERT/CC Activity Report 78 11. KrCERT/CC Activity Report 86 12. MyCERT Activity Report 91 13. SingCERT Activity Report 99 14. Sri Lanka CERT|CC Activity Report 102 15. TechCERT Activity Report 113 16. ThaiCERT Activity Report 122 2 17. TWCERT/CC Activity Report 131 18. VNCERT Activity Report 142 General Members 146 19. bdCERT Activity Report 146 20. EC-CERT Activity Report 150 21. mmCERT Activity Report 154 22. MOCERT Activity Report 160 23. MonCIRT Activity Report 168 24. NCSC Activity Report 179 3 Chair’s Message 2012 The history of CERTs began in 1989 as a result of the Morris worm. As Internet expanded globally, CERTs began to form within the Asia Pacific region and quickly it became clear that collaboration to address challenges that went beyond individual national borders would become essential.
    [Show full text]
  • Download Next Generation Web Scanning
    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
    [Show full text]
  • I Got 99 Trend's and a # Is All of Them!
    I got 99 trend’s and a # is all of them! How we found over 100 RCE vulnerabilities in Trend Micro software Agenda ▪ About us ▪ Smart Protection Server ▪ Motivation ▪ Data Loss Prevention Manager ▪ Targets ▪ Control Manager ▪ Testing approach ▪ InterScan Web Security Virtual Appliance ▪ Pitfalls ▪ Mobile Security For Enterprise ▪ Overall results ▪ SafeSync For Enterprise ▪ Conclusion ▪ References 2 About Us Roberto Suggi Liverani (@malerisch) ▪ Independent Security Researcher ▪ Discovered critical vulnerabilities in vendors such as: Microsoft, Google, Oracle, Mozilla, HPE ▪ Guest speaker at HiTB, EUSecWest, Ruxcon, Kiwicon, DEFCON and HackPra AllStars ▪ http://blog.malerisch.net 3 About Us Steven Seeley (@mr_me) ▪ AWAE Content Developer at Offensive Security ▪ Independent Security Researcher at Source Incite – Focusing on high end desktop, enterprise and SCADA vulnerability discovery and exploitation ▪ Studies the CRCA Wing Chun Martial Arts system ▪ Certified Scuba Diver and Personal Trainer ▪ http://srcincite.io/ 4 What This Presentation is NOT about! ▪ Dropping the zero-day we found ! ▪ A debate on vulnerability disclosure ▪ Putting down Trend Micro. Many other vendors have just as many, if not more vulnerabilities in their code It’s about: ▪ Sharing our failures, successes, approach to testing ▪ Helping other developers and security researchers 5 Motivation 6 Motivation ▪ Trend Micro wants to secure their software ▪ They have a bug bounty ▪ They have a ton of recently acquired / developed security solutions ▪ Knowledge is readily available
    [Show full text]
  • Black Hat USA 2012 Program Guide
    SUSTAINING SPONSORS Black Hat AD FINAL.pdf 1 6/30/12 8:12 PM C M Y CM MY CY CMY K Black Hat AD FINAL.pdf 1 6/30/12 8:12 PM SCHEDULE WELCOME TABLE OF CONTENTS Schedule . 4-7 Welcome to Las Vegas, and thank you for your participation in the growing Black Hat community. As we celebrate our 15th anniversary, we believe that the event Briefi ngs . 8-24 continues to bring you timely and action packed briefi ngs from some of the top Workshops . 21 security researchers in the world. Security saw action on almost every imaginable front in 2012. The year started Turbo Talks . 23 with a massive online protest that beat back US-based Internet blacklist legislation Speakers . 25-39 including SOPA and PIPA, echoed by worldwide protests against adopting ACTA in the European Union. Attackers showed no signs of slowing as Flame Keynote Bio . 25 replaced Stuxnet and Duqu as the most sophisticated malware yet detected. The Floorplan . 40-41 Web Hacking Incident Database (WHID) has added LinkedIn, Global Payments, eHarmony and Zappos.com while Anonymous and other politically motivated groups Arsenal . 42-51 have made their presence known in dozens of attacks. Special Events . 52-53 No matter which incidents you examine—or which ones your enterprise must C respond to—one thing is clear: security is not getting easier. The industry relies upon Stay Connected + More . 54 M the Black Hat community to continue our research and education, and seeks our Sponsors . 55 guidance in developing solutions to manage these threats.
    [Show full text]
  • OWASP NZ Day 2011 Testing Mobile Applications
    OWASP NZ Day 2011 Testing Mobile Applications Presenter: Nick von Dadelszen Date: 7th July 2011 Company: Lateral Security (IT) Services Limited Company overview • Company – Lateral Security (IT) Services Limited – Founded in April 2008, offices in Wellington and Auckland – Directors Ratu Mason and Nick von Dadelszen • Services – Information security testing (design, architecture, penetration testing, security controls, policy and compliance) – Lifecycle auditing (design, pre prod, post prod) – Regular ongoing testing programmes • Differentiators – True vendor independence – Security testing is our unique specialty – Very highly skilled staff Agenda • Why mobile apps • How to test – Attacking the communication – Attacking the server – Attacking the client • iPhone • Android • What to test for • Roundup – What we talked about – What we didn’t talk about Why Mobile Apps • Everyone is developing Mobile apps these days – Banks – Travel industry – Trademe – Subway • Not Web Apps • Similar to my Kiwicon 2007 Fat Client talk BUT – Mobile apps generally customer facing How To Test • Two different approaches to testing: – Whitebox testing • Full information and source code provided – Blackbox testing • No code or information provided • Working only with downloadable app • Three areas to focus on: – Attack the network communication – Attack the server component – Attack the client component Attacking The Communication • Need to check how information is passed between the client and server – Is it encrypted? – Can it be MITMed? – What authentication
    [Show full text]
  • Contactless Payment Systems: Credit Cards and NFC Phones Addendum
    Contactless Payment Systems: Credit Cards and NFC Phones Peter Gutmann University of Auckland Addendum These slides represent a somewhat conservative view of the security of contactless payment cards that lends the card vendors/banks the benefit of the doubt in the number of cases. In practice the situation is rather scarier than what’s presented here, but research into this is still ongoing. In particular getting access to cards and payment systems in order to allow comparisons to be made isn’t easy, if you’d like to volunteer access to a card or card terminal please get in touch Contactless Payment Systems Implemented as a standard credit-card payment mechanism running over RFID/NFC transport • US: Magstripe card data dump in plaintext • Non-US: Allegedly EMV, but usually not – Standard smart-card based payment mechanism, a.k.a. Chip and PIN Completely standard, established mechanisms, but removing the need for a physical comms channel Contactless Payment Systems (ctd) Proprietary protocols for fare and stored-value cards, e.g. Mifare (1st-gen), T-Money (2nd-gen) • Works in areas where EMV/credit cards aren’t feasible – Microtransactions – Stored-value –… • Not limited to the awkward plastic-card form factor Mifare is completely broken from top to bottom • T-Money status is unknown Contactless Payment Systems (ctd) NFC-enabled phones are much like contactless credit cards • Emulate a standard contactless card • “Passive-mode target” in NFC terminology Contactless Payment Systems (ctd) Since phones have their own power, they can also
    [Show full text]
  • COMSEC Beyond Encryption
    COMSEC Beyond Encryption Best title slide ever. By Ben Nagy (@rantyben) and The Grugq (@thegrugq) We’ve added full notes, but you should be aware that they’re not all things we actually said during the presentation, these are just some explanatory notes so that we can publish what is, effectively, 101 lolcat slides. WARNING If COMSEC failure will not result in a negative outcome then this is not the talk for you Some people like to consider improving the COMSEC of the entire world, which is probably laudable, but NOT OUR THING WARNING It’s a pretty fine line between OPSEC and COMSEC. Everyone is free to practice COMSEC, whether or not they’re operational or whether or not they’re facing a genuine adversary. However, in that case, it’s impossible to construct a threat model ( because there’s no threat ), which makes a lot of the tradeoffs moot. The school of thought that holds that all commo failures are the fault of developers for not making things SO usable and pervasive that “average users” cannot ever get things wrong is stupid. It outsources understanding to the developers of those “usable systems” which also outsources trust - but those devs won’t be going to be going to jail for you. The reason we subtitled this talk “Beyond Encryption” is precisely because there are large swathes of COMSEC that having nothing to do with the tools themselves. If you get that stuff wrong, even with the magic super-usable unicorn, you’re still going to see the inside of your potential negative outcome.
    [Show full text]