ROOM - CAVALIER 2
Hunting CyberCriminals (or not) - 12 - 1PM (SPONSORED TALK) - AFTER KEYNOTE
Millions of malicious applets (.jar files) and apps exist out there. You know that, but what about trying to understand who's behind this attack? where do the malicious applets come from? From which country? At least, from what time zone? It’s possible to find some singularity into an applets and use this to get information about CyberCrimen organizations?This talks is about our research and our experiences fighting with CyberCrime in the mobile apps. I’ll finish this talk showing you an analysis that we have made over mobile applications security best practice (or not) of the biggest twenty five banks in Latin America
Actual Chief Security Ambassador and Team leader of the Eleven Paths BsAs Research Office .Local chapter coordinator at Centro de Ciberseguridad Industrial of Argentina (a Centro de Ciberseguridad Industrial de España Subsidiary - CCI-Es.org). Former President at ISSA Argentina (through periods 2011-2013 and 2013-2015).
Cryptocurrencies & Anonymity: The Good, The Bad & The Future - 1PM - 2PM EST
Cryptocurrencies are seeing an enormous uptick in use. While much of that use shows through the media as illicit or crime oriented, cryptocurrencies are seeing widespread legitimate use for transfers without the wiring fees, gifts, remittances, basic retail transactions, and as an alternative to an unstable fiat currency (think Argentina, South Africa, Brazil, Myanmar, Malaysia, and Indonesia). So much business is being done via cryptocurrency that the United States IRS just served a "John Doe" summons to Coinbase (currently the largest cryptocurrency exchange) requesting the identities of United States Coinbase customers who transferred any convertible virtual currency from 2013 to 2015 to ensure proper reporting and compliance under U.S. tax law. In this talk I will explain what cryptocurrencies are and what related blockchains are. I’ll then give an overview of the current markets and valuations as well as the up and comers. With that foundation we can look at the erroneous claims of cryptocurrency “anonymity” and reveal how open transaction ledgers work. I will continue with current research, tools, and techniques for forensic cryptocurrency transaction analysis. We’ll then turn to techniques transactors use to further obfuscate their transaction trail and what the weaknesses of those techniques are. Finally, we’ll look at the current innovations targeting cryptocurrency privacy concerns, how they work, and what challenges they face.
Benjamin Brown currently works on darknet research, threat intelligence, incident response, adversarial resilience, and systems architecture safety review at Akamai Technologies. He has experience in the non-profit, academic, and corporate worlds as well as degrees in both Anthropology and International Studies. Research interests include darknet and deepweb ethnographic studies, novel and side-channel attack vectors, radio systems, the psychology and anthropology of information security, and thinking about security as an ecology of complex systems.
Doomsday Preppers: Fortifying Your Red Team Infrastructure - 2PM - 3PM EST
Steve Borosh, Jeff Dimmock
The sky is falling! Nation state 0days are up for auction, blue teams are hacking back, Red Team infrastructure is being pwned. Pandemonium! It’s time to hunker down and strengthen your Red Team infrastructure. In this talk we’ll discuss tactics for Red Teams to reduce the risk of getting your infrastructure shutdown. We cover traffic bending with mod_rewrite, C2 redirection, and counter-recon techniques. Don’t worry Blues, we provide detection and mitigation methods to protect your bunker-- or organization.
Steve Borosh (@424f424f) is a long-time security enthusiast, prior U.S. Army Infantry Combat Veteran, and private security contractor. Currently working as a Penetration Tester, Red Teamer. Steve enjoys bug hunting, building useful security tools and teaching. Steve has presented at Hack Miami (x2), HackFest D.C., and BSidesLV.
Jeff Dimmock (@bluscreenofjeff) is a pentester/red-teamer. He has performed penetration tests and red team engagements for a number of large organizations. Jeff has a passion for social engineering and offensive tradecraft development.
cookieMOnstruo: hijacking the social login - 3PM-4PM EST
Martin von Knobloch (Kl8mour)
With this talk, we want to revive the interest in the largely ignored method of web application account compromise through cookie stealing, by introducing a new powershell module "CookieMonstruo", which aims to be the default post-exploitation tool for session hijacking. Through the use of this tool we will show the implications of lax session management controls in web applications, especially the ones providing a social login functionality. What are the possibilities after session hijacking has been achieved? Password reset? Account compromised? Money transferred? By the end, we should convince you that cookies can sometimes be a more interesting loot than passwords.
Bio Martin von Knobloch is a Senior Security Consultant at FortConsult (Part of NCCGroup), Denmark. Apart from his role as a pentester and security advisor, he enjoys evangelizing the regular citizens about what a dangerous place the Internet can be, while advising them how to engage in safe IT security practices. Tired of the getting the usual question that immediately follows after introducing himself as a white-hat hacker: “Oh, does that mean that you can hack my [insert social media site/e-mail provider/etc.]?”, he decided to embark on a journey of discovering a practical hacker’s approach to achieving this goal.
Don’t Get Caught Em-bed:Finding and Preventing Vulns at its Lowest Level - 4PM - 5PM EST
Aaron Guzman Abstract
It's no secret that embedded systems surround and control our daily lives. Embedded device and system manufactures have long prioritized code quality and/or user experience over application security. As devices become more interconnected to each other, it is becoming apparent that change is needed throughout the industry. Utilizing millions of vulnerable embedded devices, we have witnessed some of the worlds largest DDoS attacks in 2016 as a result of neglecting fundamental secure coding principles. Join me as we discuss common embedded application security threats.
Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in web application security, mobile application security, and embedded security. He has previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell, breaking code and architecting infrastructures. With Aaron’s years of experience, he has given a number of presentations at various conferences ranging from DEFCON and OWASP’s Appsec USA, to developer code camps around the world. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. You can follow Aaron’s latest research on twitter at @scriptingxss controls, and best practices.
Interactive Offense and Incident Response - 5PM - 6PM EST
Joe Partlow / Jonathan Echavarria
Join us as we walk through a real-world threat scenario as we play out both the offense and defense roles. If you are currently doing one or the other, this is the perfect opportunity to see how the other side thinks, counters and how they react after each escalation point. Audience participation is encouraged!
Jonathan Echavarria works as a Red Team Operator for ReliaQuest, an IT Security Services company based out of Tampa, Florida. His areas of interest focus on stealthy offensive operations, malware and exploit development.
Joe Partlow is the CTO of ReliaQuest, a leading Information Security services provider. Joe currently overseas all new research and development efforts, new product initiatives as well as all infrastructure, internal corporate security and compliance. Joe has been involved with Infosec in some capacity or role for over 20 years, mostly on the defensive side but always impressed by offensive tactics. Current projects and interests include forensics, threat intelligence, security metrics & automation, red/purple teaming and artificial intelligence.
Detection of webshells in compromised perimeter assets using ML algorithms - 6PM-7PM EST
Rod Soto / Joseph Zadeh
This presentation will focus on the use of machine learning techniques and analytics to detect compromise of perimeter assets via webshell. Presenters will go over how unpatched, forgotten & even party web servers can serve as unexpected door openers and provide attackers with a pathway inside the perimeter. What are webshells? What are the most common webshells used? Why use a webshell?. What recent exploitation campaigns have used webshells? .Presenters will also show how by using ML algorithms and analytics it is possible to detect web server exploit chains, and react faster and prepare for these type of attacks.
Rod Soto has over 15 years of experience in information technology and security. He is a security researcher and secretary of the board of Hackmiami %27.He has spoken at ISSA, ISC2, OWASP, DEFCON, BlackHat, RSA, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.
Joseph Zadeh studied mathematics in college and received a BS from University California, Riverside and an MS and PhD from Purdue University. While in college, he worked in a Network Operation Center focused on security and network performance baselines and during that time he spoke at DEFCON and Torcon security conferences. Most recently he joined Caspida as a security data scientist. Previously, Joseph was part of the data science consulting team at Greenplum/Pivotal helping focused on Cyber Security analytics and also part of Kaiser Permanentes first Cyber Security R&D team.
ROOM CAVALIER 1
Creating a security tool in 30 minutes .Come learn how to create and bootstrap your security tool idea with the creator of things - 2PM - 3PM EST
In this presentation Jason will start with a brief overview of proven problem solving techniques to identify a problem. He will then begin the process of creating a potentially profitable solution in 30 minutes. Python, a popular scripting language, will be used to demonstrate how powerful this tool is to create a proof of concept. This presentation will provide a walk-thru of a real life example of a security tool idea being created. The audience can engage in this interactive presentation as they begin their transformation into a creator of things.
Jason Bunch is the Founder and CEO of ThoughtSplosion, a technology company in the heart of Downtown Miami. Previously, Jason worked as CTO of Vijilan Security, a Fort Lauderdale based Security Company. At Vijilan, Jason oversaw all operations and led the vision for product development. He also has spent over ten years in the financial industry, including more than three years as a hacker for Citigroup protecting the world’s largest financial services network. Jason is a passionate, enthusiastic, and goal driven visionary. Being a natural leader with a wealth of knowledge in the technology and security industry, he encourages people around him to tap into their greatest potential enabling them to create awesome technology. By the end of the presentation, one will see how ideas come to life and will walk away inspired to create the next big security tool!
The rise of security assistants over security audit services - 3PM - 4PM EST
Mobile applications have not only become daily things of our lives, but they have also become a part of XXI culture. Corporate IT and security professionals have same needs with typical customers who manage personal information only. To understand a security, users should keep in mind what happens with their OS, applications, and its data and divide risks into vulnerability and privacy group. The first group refers to actions that break either application or OS. It usually designed to rare involve any user actions to break security mechanisms and get access to user data. The second group refers to privacy issues and describes cases when data stored or transmitted insecurely. Developers ignore the data protection until they faced something or someone who makes them implement a protection, as it should be designed. Developer's privacy policies describe how much every developer cares about data, protect everything and assure users his app provides 100% guarantees. Many security companies develop their risky applications to show customers how much good their data protected. They use (or develop their own) automatic scanners to analyze application code and provide an auto-generated report. Anyway, no one of them can clearly say what data items protected and how bad that protection is. In other words, should user worry about non-protected HTTP connection if he does not know what data transferred over it? The downloading news might be acceptable; transmitting device information, geolocation data and credentials over the network in plaintext is not acceptable. Same to out-of-date OS. Is previous version so bad to worry to rush into an update or not? How was many user data items consumed by 3rd party services like Google/Flurry analytics? The last question is usually how much money user data does worth? The cheapest software costs less than $50; the average one does in 10 times more and forensics software costs over thousand dollars up to $20,000 that gives access to thousand devices and million data items. The saddest part of this story is 'Speed-to-market' idea that helps them to grab data from thousand applications improperly protected, especially, if customers use same data among more than one applications and have at least one bad protected the application. More same data shared between applications and more applications you use, the higher risk of data leakage customers obtains eventually. A new set of security challenges has been already raised. To answer this, we have been examining many applications to have the opportunity make results widely useful and available for IT and security professionals as well as non-technical customers to stay informed about app insecurity. The goal is integrating and introducing security, data privacy compliance to mobile application development and management. It helps to educate customers with useful security & privacy behavior mindset. Spreading information in different ways such as bulletins, EMM integrated monitoring service, or simple reports is a way to solve insecurity issues and help to reduce risks when using mobile applications.
Yury Chemerkin has ten years of experience in information security. He is multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance. He published many papers on mobile and cloud security, regularly appears at conferences such as CyberCrimeForum, HackerHalted, DefCamp, NullCon, OWASP, CONFidence, Hacktivity, Hackfest, DeepSec Intelligence, HackMiami, NotaCon, BalcCon, Intelligence-Sec, InfoSec NetSysAdmins, etc.
Broadcast yourself - 4PM - 5PM EST
An introduction on how to effectively create and distribute broadcast content including audio, video, and radio programming, with a special focus on technical subjects such as coding and hacking demos, electronic projects, and just plain fun. BioTom Morris has been a mostly self taught radio engineer and electronics technician for over two decades, working with microcontrollers, entertainment systems, audio production, broadcast and radio systems. He started out building relay logic controls for pump systems at the age of 7 and somehow arrived at building and maintaining radio broadcast systems via a wild ride past way too many blown electrolytic capacitors.
Hacks and Crafts: Improvised Physical Security Tools for Improvised Situations - 5PM - 6PM
Ever start unpacking your kit on a physical security assessment and then you realize you left your under door tool at home? This talk will teach you how to head into the hardware store and make whatever tools you need. I'll demonstrate live on stage how to build several physical security tools on the fly! Bio Jeff is a penetration tester at NTT Security. He started his career working in regular old IT and quickly fell in love with security. Jeff is involved in the local community from giving talks at local events,teaching lockpicking monthly at Tampa Hackerspace and serving on the board at Bsides Orlando. He also enjoys brewing and drinking snobby craft beer like a hipster.
The Mirai Botnet... a story from the trenches - 6PM - 7PM EST
Akamai was responsible for mitigating the worlds largest DDoS attack (at that time, 620/Gbps) against krebsonsecurity.com late in 2016. This talk covers how this lead to the discovery of the Mirai botnet, tactics and techniques used to investigate it, and continuing efforts to do so. It will cover everything from the importance of collaboration and information sharing down to network protocol reverse engineering and botnet monitoring.BioChad Seaman is a Senior Security Intelligence & Response Team Engineer for the Akamai SIRT team. My work includes postmortem attack analysis, malware and botnet investigation, mitigation strategies, and intelligence collection.