2017 SPEAKERS - May 21st Rooms cavalier 1 -2
ROOM CAVALIER 2
The Ransomware and IoT Threat - 1PM-2PM EST
We have seen a rise in Ransomware attacks in the past year. While we are recovering from these attacks a new wave of DDoS attacks using IoT devices suddenly thrust into the limelight. In this talk, I will discuss all the stages of a ransomware attack and also shed light on how IoT are used in DDoS attacks. Then I will discuss how a combination of Ransomware and IoT attacks can be dangerous.
Christopher Elisan, Principal Malware Scientist at RSA, is a seasoned reverse engineer and malware researcher. His long history of digital threat and malware expertise, reversing, research and product development started at Trend Micro as one of the pioneers of TrendLabs where he honed his skills in malware reversing. He then built F-Secure’s Asia R&D where he spearheaded projects in vulnerability discovery, web security and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. He speaks at conferences around the world and frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Elisan’s published works include Hacking Exposed: Malware and Rootkits 2ed.
Oauth Nightmares Abstract OAuth Nightmares - 2PM - 3PM
Yashvier Kosaraju / Hariram Balasundaram
OAuth is one of the most popular authorization frameworks in use today. All major platforms such as Google, Facebook, Box etc support it and you are probably thinking of implementi ng OAuth for your product/platform.We are not debating the popularity of the protocol or the limitations that come with it. We are here to help you implement it securely. When you use OAuth, there are three pieces - The Platform , the Application (using the platform) and the User (of the application). We will go over the common flaws we have seen in applications built on a OAuth platform which can lead to complete account takeover, how they can be a security engineer's nightmare, and how to fix them. We will go over security controls that the platform can put in place to help mitigate security vulnerabilities. We will also cover how bad design decisions, if chained with otherwise lower risk vulnerabilities can result in gaping holes in your OAuth implementation. You will leave this session with a deep understanding of how OAuth implementation should be secured both for a platform and in an application and things to test for during a security evaluation of OAuth implementations.
Yashvier Kosaraju: Yash is a security enthusiast and is currently working as a Security Engineer with Box where he is responsible for securing Box's applications on all fronts. Prior to Box, Yash was a Security Consultant with iSEC Partners where he performed security engagements for top technology firms in the Silicon Valley. He has previouslyspoken at BSides 2016. He holds a Masters degree in Security Informatics from Johns Hopkins University. Hariram Balasundaram: Hari has been hacking applications and networks since 6 years. He has previously worked at EY's Advanced Security Center and performed attack and penetration assessments for Fortune 500 companies across US and Canada. At his current gig, he is responsible for Security Assurance at Box, identifying vulnerabilities that may impact Box'sapplications and infrastructure and more importantly - help fix them.
Repurposing Adversarial Tradecraft - 3PM-4PM EST
Today’s threat surface is defined by the actors that develop and employ advanced adversarial techniques. These techniques directly affect how red team and pen test engagements are conducted to an extent. This talk will dive into mechanics and tool development of these TTPs (Tactics, Techniques and Procedures). Using multiple languages I will cover a few implementations I have developed directly to help aid engagements, as well as how we can relate them to practical red team engagement scenarios to help deliver effective tests to our customers. We will also cover the tradecraft that can be gleaned from these actors, and how we can implement this into how we operate as red teams and testers.
Alex Rymdeko-Harvey (@killswitch_gui) is a previous U.S. Army Soldier who recently transitioned and currently works on the Sony Global Threat Emulation team as a Red Teamer. Alex focus is on adversarial emulation and TTP creation to drive modern day engagements. Alex has a wide range of skills and experience from offensive to defensive operations taking place in today's modern environments.
Abusing “Accepted Risk” With 3rd Party Command and Control - 4PM - 5PM EST
Justin Warner / Jon Perez
In mature networks, defenders stand guard utilizing strong boundary defenses to protect users, detect adversaries, and prevent compromise. However, within these boundary walls exists gaping holes for seemingly innocent services - the unideal result of practical use. While some adversaries are stopped at the boundary, many threat actors have risen to the occasion bringing new capabilities that work to evade current defenses by utilizing innocent 3rd party services as an obfuscation layer. This layer, made up of services like Dropbox, Google Apps, Twitter and more, has allowed actors to blend in with the “accepted risk” that so many organizations rubber stamp. This talk will analyze the threat landscape surrounding 3rd party command and control vectors to show the tactics and techniques used in real world malware samples. Next, the talk will transition to demonstrate to the audience how simple it can be to implement these attacks while providing sample snippets of code and demos of the techniques as well as possible detections. Using the techniques in this talk, red team members will be armed to replicate these threats and expose their blue team counterparts to methods being actively used. Additionally, blue team members will be called to action and introduced to heuristic based analysis of these malicious 3rd party activities.
Justin Warner (@sixdub) is a hacker and researcher with experience in offensive and defensive roles. Justin is an Air Force Academy graduate and former USAF Cyber Ops officer. As a red team lead, he gained experience targeting Fortune 100 corporations as well as federal, state, and local government organizations. Justin has a passion for threat research, reverse engineering, threat replication development and red team operations. He is a cofounder of the PowerShell Empire project, actively develops on numerous open source projects and has spoken at several conferences including CarolinaCon, BSidesLV and several other BSides events.
Jon Perez is a security research engineer focused on network defense. He got is start in information security as a tinkerer and student then worked as a cyber operations specialist in the Army. In his free time, Jon likes to analyze malware, investigate network traffic, and develop tools to help find bad things.
All Your Base Are Belong to Everyone: Managing Digital Trust in the Era of Megabreaches - 5PM-6PM EST
Alexander Heid | Chief Research Officer | SecurityScorecard
The year 2016 & 2017 experienced unprecedented disclosures of compromised data sets that were made available to the public within the hacker underground. It is reported that over 2 billion sets of usernames, email addresses, and passwords have been released thus far. The breaches go as far back as 2012, and include such household names as Yahoo, Dropbox, Linkedin, and dozens more. Furthermore, advanced toolkits from nationstates are now public domain, whereby any script kiddie can become a shadow government hacking master. Where do these breaches come from? How did they originate? Why did it sometimes take years to discover? What have attackers been doing with the data? What can attackers still do with this data? What can companies and individuals do to protect themselves and each other during these floods of hacked data sets? How dramatically has this shifted the cyber risk landscape?
Alexander Heid is Chief Research Officer at Security Scorecard, where he is in charge of developing innovative vendor risk management solutions. Heid is also co-founder/President of HackMiami, a South Florida hacking organization that hosts an annual information security conference in Miami Beach, FL. Heid was a founding member of the PLXSERT at Prolexic Technologies, where he developed DDoS neutralization and counterattack methods during the Operation Ababil campaigns of 2012 - 2013. Heid's work has been frequently cited by mainstream media, such as the feature story in Rolling Stone magazine entitled "The Geeks on the Front Lines."
Hacking the Federal Aviation Administration - 6PM - 7PM EST
William M. Nett
Radar or RAdio Direction And Ranging is an object-detection system that uses radio waves to determine the range, angle, or velocity of objects, most commonly used in aviation. It is becoming obsolete with the advent and requirement / implementation of ADS-B or Automatic Dependent Surveillance – Broadcast system by the FAA due to ADS-B being more accurate, but is it safe? In this talk we will explore and demonstrate the discrepancies, weaknesses, and inherent flaws of the ADS-B system through the use of SDR or otherwise known as Software Defined Radio. ADS-B is inherently insecure as it has no levels of cryptography, authentication, or proper identification. We will be demonstrating a live ADS-B capture stream to demonstrate this. We can examine, dissect, and decode data streams which are currently being broadcast by all major airlines and even some government aircraft which can yield a great deal of SIGINT or Signal Intelligence.
Speaker is a former military service member with Naval Aviation experience on F-14 Tomcats, C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance) as well as a former private pilot and computer geek with experience in RF technologies.
CLOSING PANEL - 7PM - 8PM EST
ROOM CAVALIER 1
-ExecutionPolicy Bypass" Living off the land with Powershell and WMI - 12PM- 1PM EST
Evan Wagner (Haxhatlon)
Multi staged exploitation techniques using Powershell. Presentation will go over capabilities to subvert execution restrictions, credential stealing, reconnaissance, passing tickets, setting up persistence and at the end presenter will show a C2 that uses only powershell to issue and setup encrypted tunnels to issue commands and remotely control machines in real time over different types of DNS queries.
Evan Wagner has been in the web development industry since the mid-late 90s. He got his start when he would go to the library on Howard AFB, in Republic of Panama, to upload his websites, via floppy disc, to Geocities. He purchased his first domain name (Webmastersland.com) in 1999 and started his hosting company in 2000. It was about that time he became a Linux breakfast cereal kid, installing Linux on everything and taking on any tasks he could to prove to people the power of Linux. After years of this he found himself in positions of increasing responsibility. Just to name a few: DBA for Florida Cancer Specialists ($1Bn+ yearly revenue), Various DevOps roles, Networking roles (BGP,SS7), International SMS/MMS communication engineering (tracing messages from handset to handset as well as deploying solutions to carriers) at Interop Technologies, Sr. Software Architect and currently Systems Software Engineer within Security Engineering at Akamai Technologies.
Hackers Interrupted - 2PM-3PM EST
Going beyond a breach or initial damage, let’s examine the minds of the hackers. What drives them to succeed, what makes them fail? It is a difficult task to understand internal motivations of a hacker, beyond the obvious, and rarely anyone tries. The practical approach shows opposite, understanding hacker’s thinking may lead to a reversal of their ill gains. Using practical examples from the largest breaches of today, we will get inside the hackers’ mind and find out how to stop them.
Alex Holden is the founder and CISO of Hold Security. Holden is credited with the discovery of many high-profile breaches including Adobe Systems, initial vendor breach that led to the discovery of the JPMorgan Chase breach, and the independent discovery of the Target breach. Considered one of the leading security experts, he regularly voices his professional opinion in mainstream media.
The Cloud is a Lie - 3PM - 4PM EST
For years now, companies have been promoting Cloud-based storage as a solution to all of our data needs. We've been told that the Cloud is a magical place, and can provide fault tolerance, cost efficiency, and reliability. With an ever-increasing number of companies offering such solutions, the cost of hosting our data on somebody else's servers is at an all-time low. But what is the actual cost of this new-found convenience? Could the Cloud also have dark lining?
This presentation is about how decentralization can help us subvert and rage against the Machine. The decentralization of the Internet will take control away from governments and corporations. It will empower us to once again be the authoritative source for all of our personal information. Imagine a world where Facebook, Google, and other Internet powerhouses are rendered impotent because we no longer need them. Decentralized networks, persistent storage, and innovative applications are ushering in a new era of online security, anonymity, privacy, and collaboration. We're sorry, Mr. Zuckerberg, but your services are no longer required.
Eijah is the founder of demonsaw, a secure and anonymous information sharing program. For the last 5 years he was a Senior Programmer at Rockstar Games where he worked on Grand Theft Auto V for PS3, Xbox 360, PS4, Xbox One, and PC. Before that he released the first AACS device key for Blu-ray. Eijah has over 15 years of software development and IT Security experience. His career has covered a broad range of Internet and mid-range technologies, core security and system architecture. He has been a faculty member at multiple colleges, has spoken about security and development at DEF CON and Hack Miami conferences, and holds a master’s degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.
Cyber Resilience: what is it and why should I care? - 4PM - 5PM EST
With the increase in breaches and other security incidents, a new concept is come to the fore: “cyber resilience”. Some tout is as the next step in cyber security. What is it, and why should the information security professional care? Cyber resilience goes beyond just preventing and then responding to incidents, but looks at how organizations can be prevent, detect, and recovery from the impact of incidents by working to make systems more resilient to impacts. This is not just recovery. We will look at the model for cyber resilience: Resilia, from the group that oversees ITIL and other standards, as well as the work going on here in the US with the Global Forum to Advance Cyber Resilience and others.
Bio Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, ISSA Fellow, has been involved with IT for over 20 years, more than half in information security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant working with clients to implement information security management systems as well as performing security risk assessments, gap analysis, and developing policies and procedures. His research interests include IT/Security frameworks and compliance, the Internet of Things, and mobile device security.