HackMiami Con 7

Talks May 18th

An inconvenient truth: Evading the Ransomware Protection in windows 10 - Soya AoyamaAbstractThe WannaCry cyber-attack all over the world in May, 2017 is still fresh in our minds. The malware encrypted and rendered useless hundreds of thousands of computers in over 150 countries. As a measure against ransomware, Microsoft introduced the function "Ransomware protection" in "Windows 10 Fall Creators Update". How does this function work? Is it really effective? In this talk, I will explain the operation principles of "Controlled folder access" of"Ransomware protection" through demonstration video. Then I show the requirements to avoid this function, and describe that this function can be avoided very easily. And I will ask you that we may have to reconsider the definition of vulnerability.BioSoya Aoyama is security researcher at Fujitsu System Integration Laboratories Limited.Soya has been working for Fujitsu more than 20 years as software developer of Windows, and had been writing NDIS drivers, Bluetooth profiles, Winsock application, and more, and started security research about 3 years ago. Soya has gave presentation in BSidesLV, GrrCON, ToorCon and DerbyCon in the past.

For more information:
info@hackmiami.org
www.hackmiami.com

An inconvenient truth: Evading the Ransomware Protection in windows 10 - Soya Aoyama

Abstract

The WannaCry cyber-attack all over the world in May, 2017 is still fresh in our minds. The malware encrypted and rendered useless hundreds of thousands of computers in over 150 countries. As a measure against ransomware, Microsoft introduced the function "Ransomware protection" in "Windows 10 Fall Creators Update". How does this function work? Is it really effective? In this talk, I will explain the operation principles of "Controlled folder access" of"Ransomware protection" through demonstration video. Then I show the requirements to avoid this function, and describe that this function can be avoided very easily. And I will ask you that we may have to reconsider the definition of vulnerability.

Bio

Soya Aoyama is security researcher at Fujitsu System Integration Laboratories Limited.Soya has been working for Fujitsu more than 20 years as software developer of Windows, and had been writing NDIS drivers, Bluetooth profiles, Winsock application, and more, and started security research about 3 years ago. Soya has gave presentation in BSidesLV, GrrCON, ToorCon and DerbyCon in the past.

Becoming a Human nMAP!: Cultivating a Renaissance Approach for the Social EngineerAbstract

Abstract

As a security analyst with an atypical entry into the information security world, one of my research questions posed in social engineering is why reading a diverse array of topics is beneficial to the social engineer, be it something they are passionate about or not. In building upon the Defcon 24 presentation at the Social Engineering Village by Tomohisa Ishikawa: “Does Cultural Differences become a barrier for social engineering?” cultural differences presented by different countries place emphasis on different genres; therefore, what one person from a certain country holds dear, the other may not. Therefore, your reconnaissance, pretexts and elicitations and the support required must be able to adapt. I have found this to be true. Reading/Watching/Listening like a 'Renaissance individual (knowledgeable on a variety of topics but not limited to select ones) ameliorates this challenge. The answer came from a combination of attending the Advanced Practical Social Engineering course in 2016 and a self-reflection; all the reading I loved and hated as a child and as an adult has given me an extensive web to build rapport through as a social engineer and improve my elicitation to procure more information . In my talk, I would like to discuss how to develop a strategy and which areas to focus on so you would be available to navigate even through the ‘darkest of waters’ and the ‘coldest of individuals’ and get information you would need.

Bio

th3cyF0x

Defending Cloud Infrastructures with Cloud Security Suite - Jayesh Singh Chauhan

Abstract

Nowadays, cloud infrastructure is pretty much the de-facto service used by large/small companies. Most of the major organizations have entirely moved to cloud. With more and morecompanies moving to cloud, the security of cloud becomes a major concern. While AWS, GCP & Azure provide you protection with traditional security methodologies and have a neat structure for authorization/configuration, their security is as robust as the person in-charge of creating/assigning these configuration/policies. Also, the massive scale at which cloud services are adopted in enterprises, merged with inevitability of human error, often leads to catastrophicdamages to the business.
There are a few open source tools which help in cloud auditing however none of them provides an exhaustive checklist. Also, setting up all the tools and looking at different result sets is a redundant task. While managing massive infrastructures, system audit of server instances is a challenging task as well. CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures along with server audit feature. CS Suite leverages capabilities of current open source tools and has plethora of custom checks into one tool to rule them all.

Bio

Jayesh Singh Chauhan is a security professional with more than 6 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat EU Arsenal 2017, c0c0n 2017, 2015, 2013 GES 2014 and Ground Zero 2015. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.

An introduction to the ISO 27000 series - Michael Brown

Abstract

Many Information Security professionals may have heard of the ISO/IEC 27000 series of documents, in particular 27001 and 27002, but may not understand what they are about and what the rest of the series (nearly 50 other documents) are for. In this presentation, we will introduce 27001 along with 27002 and explain their purpose in creating an Information Security Management System of people, process, and technology to secure organizations.As there are other documents in the series, some more heavily tied to 27001 & 27002, we will look more closely as some of the more important of these, such as 27003 (implementing an ISMS), 27004 (metrics and measurement) and 27005 (risk management). How the series is managed and updated will be touched on, as well as how individuals and organizations may be "certified" in ISO/IEC 27001. At the end, participants will have a better understanding of this series, its importance in the field, and how it will be of value to themselves and their organization.

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, has been involved with IT for over 20 years, more than half in information security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant working with clients to implement an information security management system as well as performing security risk assessments, gap analysis, and developing policies and procedures. His research interests include IT/Security frameworks and compliance, the Internet of Things, and mobile device security.

What you know, what you have and what you are: MFA in the modern age

Abstract

A simple username and password are not enough to protect accounts and vital assets anymore. Time and time again, we see various types of accounts being compromised due to password reuse, phishing, smishing and vishing scams and overall poor password hygiene. Throwing money at this problem doesn’t make it go away. Social engineering methods and the ‘evil genius” cyber criminals behind the attacks are furiously innovating, keeping IT off-guard. In this session we will discuss different types of multi-factor authentication (MFA) such as hardware keys, smart cards, SMS and application-based factors. The session will explain the differencesbetween hardware-based One Time Passwords (HOTP), Time-based One Time Passwords (TOTP) and Personal Identity Verification (PIV) credentials.
We will talk about the pros and cons of each, the vulnerabilities and the various ways that they can be leveraged to help protect accounts. The session is designed for people interested in expanding their knowledge of multi-factor authentication and will cover: - The damage being done through credential theft - Hardware and software tokens - PIV certificates and Smart Card login options - Password vaults and MFA protections - Protecting social media accounts

Bio

Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army's 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.

Hiding Shellcode inside Neural Networks - Drew Kirkpatrick

Abstract

Penetration testers and red teamers often need to bypass endpoint and network protections such as anti-virus to further access into a client’s network and better emulate the behaviorof malicious actors. For this purpose, attackers use a number of methods to bypass antivirus solutions and avoid detection, including obfuscating payloads. Encryption is one such method for obfuscating a payload until it is needed at runtime. This talk will cover a novel method for obfuscating payloads by hiding the payload (shellcode) in neural networks. Neural networks are inherent black boxes that are difficult to analyze, making them an interesting technical approachfor obfuscation problems. The method described in this talk and implemented in the proof of concept encoder is capable of creating complex recurrent neural networks that can be even more challenging to analyze and reverse engineer. The proof of concept ENNEoS (Evolutionary Neural Network Encoder of Shenanigans) encoder presented in this talk uses genetic algorithms to evolve neural networks to store the desired shellcode, and output that shellcode given a particular set of inputs into the neural network. Potential benefits of using this approach over simpler techniques such as encryption is the possibility of encoding multiple payloads into the neural network solution to be output in different conditions. This could include benign shellcode output normally and a malicious shellcode given the correct inputs, or multiple shellcodes simply to complicate reverse engineering efforts. The talk will cover at a very high level the neuroevolutionary underpinnings of the encoding software, although any discussion in depth on this topic is well beyond the scope of this talk. Fortunately, users of the software only need to understand how to drive the training of the neural networks, by defining a “fitness function”, which is simply an algorithm to “grade” the performance of a neural network. How to design a fitness function to achieve your desired encoding behavior will be covered thoroughly. Provided with a fitness function, the genetic algorithms handle the rest. A high level pseudocode walkthrough of the C++ based encoder and sample loader will be presented, detailed demonstrations of various fitness functions given, and a live demonstration of different encoded payloads performed. The talk will conclude with links to the GitHub page of the project (MIT License), and a Q/A session with the remaining time.

Bio

Drew has nearly twenty years of experience designing and building complex systems including application security, network policy management, machine learning, and transit and aerospace systems. These days he works to improve information security by applying penetration testing and computer science to assess the security posture of TrustedSec clients. Before joining TrustedSec as a Senior Security Consultant he was a Security Researcher at NopSec and Secure Decisions and a Senior Computer Scientist for the U.S. Navy. He is a certified GWAPT and OSCP, and a member of the GIAC Advisory Board. He received his B.A. in Psychology and Economics from St. Mary’s College of Maryland, and Master’s degrees in Computer Science and Computer Information Systems from Florida Institute of Technology

Why your red team shouldn’t be snowflakes - Isaiah Sarju

Abstract

Red teaming require the use of specialized tools. However, this should not exclude operators from using the same technology, adhering to the same procedures, and following the same policies as their colleagues throughout the organization. Some argue that this will prevent operators from executing on their duties. The contrary is true. With a few exceptions in place and thoughtful architecture considerations, treating red teamers as regular employees will improve their testing and reduce the risk that red teamers bring to organizations.

Bio

Isaiah Sarju is a red teamer. He has contributed to the Microsoft Security Intelligence Report, conducted numerous penetration/red team engagements, and taught students how to become top tier defenders. He plays tabletop games, swims, and trains Brazilian Jiu-Jitsu.@isaiahsarju Isaiahsarju.io

BATIMAGEN - OSINT tool for image analysis - Elena Lopez / Francisco Tomás Valdesoiro

Abstract

The project uses the Phil Harvey's ExifTool, to extract metadata from the archives.It make a virus analysis too, using the Virustotal web, to look for infections. If we are analyzing an image, it's send to Google's vision API, to find similar images at the web, to make sentiments analysis, and detects some parameters, like texts, face Detection… We are using Node.js and Pug to make a server render app, running Phoenix tool, OpenCV, Boots, and we are performing a forensic analysis in order to know if the image was edited with Photoshop.

Bio

Elena LopezSince my childhood, I always was interested in technology. Finally I started to program after studied the Adalab's course about one year and a half ago. Actually I'm working in Next Chance company like frontend developer, and in continuous studies about cybersecurity and programming in Node and JS. I'm an active member from OSW and learn in the Red Tema Guild. This is my passion and I really enjoy learning, so I will have a plenty hours of fun. For me the cybersecurity is the most fun part of technology, so the next years I will learn about it.Francisco Tomas Valdesoiro.I decided to focus my studies on Cross-platform Applications, because I love technologies, and now I work like a .NET developer in Madrid. I enjoy a lot the augmented reality and sometimes I play with Unity. I'm an hard work guilder at OWS at my free time, and participate in the red team guild, where I'm learning about cyber security and pentesting.

Manipulating the Masses - Sara Kraynick

Abstract

Manipulating people can be on a personal, as well on a societal level. Exploiting people can be a powerful way to affect change in a society. In this talk Sarah will discuss how people are influenced on a personal level leading to consequences on a much larger scale. Technological exploits are one thing, exploiting or “hacking humans” is a whole other… and is far more dangerous for all of us, as often, we aren’t even aware we are being hacked. Why start a traditional war, when you can get people to fight amongst themselves or even to change their views. Across the globe we are seeing the impact disinformation has. This talk will break down the tactics used and how we can defend our societies against such efforts.

Bio

Sarah Kraynick is a self-taught hacker and software engineer who spent over a decade in the development world working on backends, android, and IoT. She started her career in the test/qa arena before switching to pure development. She continues to develop for open source initiatives, most recently Mycroft.ai where she helps lead the android “team”, while she runs her cyber security consultancy that specializes in social engineering and physical pen tests. She was a co-founder on a medical start-up (which is now defunct) and Hacking Health Berlin, which is still going strong with an army of new and energetic set of volunteers. She splits her time between her “off-grid” acreage in North Central Saskatchewan, Vancouver and various places around Europe.


twitter - @nomad_soc_eng
Linkedin - https://www.linkedin.com/in/sarahkraynick/
github - https://github.com/skraynick

Taking the Bugs out of Your Bug Bounty Program - Josh Jay

Abstract

Bug bounties are hard, and I will walk you through my personal journey of designing and building a high profile bug bounty that went viral and the fight to keep ahead of the curve. My background is in ethical hacking. In my role at a fortune 100 I set out to design and build out a bug bounty program. This talk is very much a I wish that i knew then what i know now. I will go through the basic steps, the common hurdles, and what you absolutely must do before you even consider starting a program.

Bio

Josh Jay

Making Honeypots (*SSH) Sticker - Jose Hernandez

Abstract

One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack weare trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on howto modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.

Bio

Jose Hernandez. Principal security researcher at Splunk, co-founder of Zenedge (Now part of Oracle), and former Security Architect at Akamai. Also member of %27.

Anatomy of a Nation-State Attack

Abstract

Ever wondered how advanced attackers gain foothold within an organization’s network? Learn their tactics, techniques and procedures (TTPs) on a real-life example of a recent suspected nation-state attack attributed to Iranian-backed hacking group called OilRig (aka APT34 or Helix Kitten). From supply chain attack to file-less malware, from off-the-shelf dual-purpose utilities to crafted malware turning Google Drive into a command and control (C&C) server. Leave this presentation armed with technical details of how sophisticated attackers operate along with knowledge that can help you improve your organization’s security posture.

Bio

cybersecurity experience in the areas of endpoint protection, insider threat, encryption and vulnerability management. Rene run Product teams at multiple Silicon Valley startups as well as Fortune 500 companies, including Symantec, Citrix, Altiris, ThinAir and Nyotron. Rene earned his Computer Science degree from Tallinn University of Technology. He frequently speaks on security topics at industry conferences like Black Hat, InfoSecurity and (ISC)2 Security Congress.

RDPwned: An in depth examination of adversarial RDP TTPS - Jesse Burke

Abstract

A presentation on known popular RDP exploits, session hijacking, RDP MiTM attacks, etc. and how to detect/defend when possible. We will also examine compromised RDP systems for sale in the underground, vulnerable RDP systems listed on Shodan, backdoored RDP systems listed on Shodan & how to find them, and an overall overview of the underground English-speaking RDP economy given the recent takedown of xDedic compromised system market.

Bio

Co-Owner and Advanced Cyber Analysts at Wapack Labs. Team lead of Wapack Labs’ Team Jaeger and Senior Software Developer at Wapack Labs’ Red Sky Alliance.

BountyCraft - The Panel - Chloe Messdaghi / Jason Haddix

Abstract

Every security tester has some sort of methodology and toolset they use. This "secret sauce" is the essence of good security research. BountyCraft the panel is about disclosing those secrets. The panel will talk through the successful tools and techniques used by the panelists, what do they focus on, and why. They will discuss topics such as advents in tooling, approaches to different types of applications, reconnaissance, vulnerability trends in bounty, and more. Viewers will leave this presentation with knowledge of practical recommendations for hacking methodologies, tools, and tips to better hack. The panelists will talk through vulnerabilities commonly seen as edge cases that have been present on heavily tested sites, and what are the upcoming challenges in the space. This talk focuses on the current and future of bounty huntingand web hacks that bug hunters or penetration testers can be knowledgeable of what the various environment trends. We will be going over the changes to the web attack landscape and how web hackers, can better find bugs in the web applications that are currently beingdeveloped. Panel includes: Jason Haddix Anonymous Hunter 1 AnonymousHunter 2 Moderator: Chloé Messdaghi

Bio

Chloe Messdaghi. PM & Security Researcher Advocate. Jason Haddix. VP of Researcher Growth @Bugcrowd

Social Engineering Lols and Trolls to Pester the Scammers

Abstract

Real audio from an epic troll against "Microsoft Tech Support" where Joshua demonstrates how social engineering can be used to combat scammers. Not only is this a fun talk with crazy outtakes, plenty of hilarity and valuable social engineering lessons learned, but it's helpful for anyone looking to learn or enhance their social engineering capabilities by analyzing real-life social engineering calls.

Bio

Joshua Crumbaugh is an engaging and internationally respected cybersecurity subject matter expert, author, keynote and public speaker. During Joshua‘s ethical hacking career he has never encountered a single network that could keep him or his teams out. He has also accomplished a number of impressive social engineering feats, such as talking his way into bank vaults, fortune 500 data centers, corporate offices, restricted areas of casinos and more. His experience in all things security led him to realize something had to change. This was the catalyst that led him to found PeopleSec where he is the CEO and Chief Hacker. Joshua is internationally recognized as one of the world’s most accomplished social engineers and the world’s leading expert on cybersecurity awareness

Secure Coding Concepts for Game Development Using Crypto - Iamjasonbunch

Abstract

Secure coding has appeared as a castle in the sky for security professionals for decades. Convincing or even training developers to code with security best practices in mind has shown to be a challenging endeavor. Could it be that this ongoing talent gap for security professionals and finding coders who have strong security skills makes this apparition in the sky vivid for all of us? This apparition becomes opaquer as you venture off the mainstream and enter the world of niche gaming markets.Let’s tackle these common security problems in Roblox games, from start to finish, with limited effort on a platform that coders inherently make it easy for scripters and hackers to cheat. We will think outside the box, and introduce basic security controls that will make a large impact on fighting these real problems. In addition, we will set a future path for how more advanced crypto techniques can be implemented using the platform today.

Bio

Jason Bunch is the Founder and CEO of ThoughtSplosion, a technology company in the heart of Downtown Miami. Previously, Jason has spent over a decade protecting some of the world’s most critical financial systems in both a defensive and offensive security capacity. Jason is a passionate, enthusiastic, and a goal driven visionary who has a love for video games and entertainment. Being a natural leader with a wealth of knowledge in the technology and cybersecurity industry, he encourages people around him to tap into their greatest potential enabling them to create awesome things.


For more information:

info@hackmiami.org
www.hackmiami.com