Presentations 2014

image description

David Kennedy

Finding Our Way – From Pwned to Strategy
The attacks continue to move forward, the INFOSEC industry continues to struggle with how exactly to secure our environments – from what we read it always seems like a losing battle. The industry has come a long ways from when I first started attending Defcon in 1999 and there’s so much positive things moving forward. This talk will look at our industry today, where we are headed and what really works. We’ll go into current attack methods and how I break into companies all the time as well as defensive strategies in stopping how I think as a hacker and lastly where we need to go in the future.


image description

Jayson E Street

Around the world in 80 Cons (A tale of perspectives)
After spending 15 years in the hacker / InfoSec community, I thought it was time to pause and look back upon all I have seen, everywhere I have been, all the people I met and everything I have learned. And then share some of that knowledge with people to hopefully help them have a leg up moving forward. More importantly, compare and contrast my experiences and perspectives with statistics we commonly see based on attacks and the countries of origin. Statistics tell one story, perspective tells the other. This is a talk on perspectives. Hackers, and hacking, are perceived differently around the world and, in turn, some view our community and what we do with different eyes than ours. I believe most reports/papers we (Americans) see about that topic are skewed and never give an accurate global image. Taking a very small dose of reality and comparing it to what we’re subjected to, is interesting. Being a foreign hacker attending a con, or delivering an engagement, in an alien land often led to unexpected situations that I will also share.

I will also share while searching for diversity in our global hacking culture I found things that united us more than you would expect. I show how no matter what region of the planet you come from we face a threat we all need to face and overcome.


J Wolfgang Goerlich

Lulz per Employee and Other Key Metrics
What does it take to successfully lead a team of miscreants, misfits, hackers, and troublemakers? How do we create rules for a workplace full of people whose job it is to break rules? With metrics! Right? Actually, we frankly have no idea. But relying on the latest in chaos theory, management theory, and TV tropes, this talk will provide actual and aspiring team leads advice on building great teams. For the job seekers in the security field, this talk will provide advice on identifying and social engineering your way onto great teams. Let’s be honest: hackers are not like regular people, and regular leadership advice is sorely lacking in lulz. Now is the time for a new approach.


image description

Arron ‘Finux’ Finnon

Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities
Roll up, Roll up, my Lords, Ladies and Gentleman, come see the bizarre and wondrous marvels that the Cirque de Vendeurs Sécurité has to offer. Tales of miracle machines that can see into the future and tell their masters of all the dangers they face. Devices so wise that they can see the very threats of tyrants and evil doers before they’ve even been thought of. Contraptions that possess a mystical sixth sense that can see every footstep and action a would be assailant takes before any deadly blow is delivered. These miracle machines that give defenders a suit of armour that mean the wearer needs no warrior skills in defending their castles. Come see for yourself, and purchase one of the miracle wondrous machines!

Although the above sounds ludicrous and out of place, it isn’t that far fetched from a lot of the literature produced by Network Intrusion Prevention/Detection System vendors. This talk looks at the very long and fruitful history the world of network detection systems has to offer (you’ll be surprised they’re nearly 4 decades old). With a overview of just some of the failings these systems have had over the years, and how these failures shaped their development. At places this talk will be cynical and it won’t win any friends from vendors, but attendees will be given enough background information to understand why detection systems like IDS/IPS can work, but why they’re set to fail all at the same time.

Poor testing and the general acceptance by nearly everyone within the security industry that these systems can’t deliver is only the beginning of their history of fail. I intend to discuss why certain evasion techniques worked, and why they will continue to work until we understand the inherent problems. Consider this talk a historical journey with one eye fixed on the future..



Kevin Johnson

Securing our Ethics: Ethics and Privacy in a Target-Rich Environment
Security has become a huge conversation, especially when you consider privacy as part of it. In this presentation, Kevin Johnson of Secure Ideas will explore the topics of ethics and how they play in a security mindset. We will explore topics such as bug bounties, when its ok to test an application without permission and licensing of penetration testers and security researchers.
image description

Eve Adams

Hack the Hustle! Career Strategies For Information Security Professionals
While information security is widely considered a negative-unemployment industry (it’s actually closer to 3%), most of us will look for a job at some point. Seasoned technical recruiter Eve Adams (@HackerHuntress) provides infosec-specific insight on writing resumes that get you the kind of attention you want, getting short-listed for cool positions before they’re even posted, strategically riding infosec employment trends, and how to most effectively work with those delightful recruiters. This talk will have something for those just entering the workforce, mid-career security professionals, and former VAX hackers alike!


image description

Duncan Manuts

Full Douchesclosure
Anti-social code savants, profiteering technology companies, shadowy government agencies, and a few well-meaning idiots are working in concert to ensure that security research benefits only a select few. Meanwhile, computer users the world over are blind, naked, and afraid of an industry that has chosen ego and cash over living up to its promise of securing technology. Join me as we slaughter the sacred cows, shame the incompetent, and go home just as screwed as before in this honest look at security research and vulnerability (non)disclosure.


image description


Look Observe Link (LOL) – How I learned to love OSINT
In this presentation, I will provide an overview of some of my most used OSINT methodologies (analysis and collection). I am also going to go over OSCAR-F (Open Source Collection And Recon Framework), a tool for OSINT collection, and why creating collection tools is vital to you and your company.


image description

Kellman Meghu

$#!T My Industry Says. . .
The Security Industry says allot of ‘stuff’ about allot of things, and most of the time it just feels like noise. What does an Internet of Things really mean? Is SDN (Software Defined Networking) something you should care about, or should we just wait for the next networking buzzword? This session explores the real, and not so real stuff my industry says from how an Advanced Persistent Threat won’t actually eat your brain, to where our security capabilities really need to be in five years. And let’s have some fun while we pick apart all this great, and not so great, ‘stuff’. Audience participation, and possibly irritation, is expected.


Mike Kemp

Bigger Boys Made Us
Recently news reverberated about the technical attacks conducted by the NSA and GCHQ (amongst others). Many in the security industry were shocked. We however took it as an inspiration. Using our devious and somewhat addled minds we created a number of new toys to play with. Talk content will include an overview on global threats, a healthy disrespect for intelligence gathering agencies, props, profanity, the ruining of a number of things, and innovative use of swearing. Please note owing to levels of profanity and possible public nudity this talk is recommended for a mature audience.


image description

Matt Burch & Alain Iamburg

Glass Homes – The Transparency of Home Automation
With the growth of mobile devices and availability network connectivity home automation devices and technologies have grown to include devices capable of controlling your thermostat, water heater, electrical outlets and access to your home. Many corporate solutions will run through a rigorous QA process of validating the technology to protect enterprise against the risk of exploitation, however consumer products do not receive the same level of review.

We will dissect several name brand solutions currently available on the market today and demonstrate the tools used to reverse engineer these technologies and discuss the areas of risk and how to secure your self from attacks, which may shatter your glass walls. With the growth of mobile devices and availability network connectivity home automation devices and technologies have grown to include devices capable of controlling your thermostat, water heater, electrical outlets and access to your home. Many corporate solutions will run through a rigorous QA process of validating the technology to protect enterprise against the risk of exploitation, however consumer products do not receive the same level of review.

We will dissect several name brand solutions currently available on the market today and demonstrate the tools used to reverse engineer these technologies and discuss the areas of risk and how to secure your self from attacks, which may shatter your glass walls. With the growth of mobile devices and availability network connectivity home automation devices and technologies have grown to include devices capable of controlling your thermostat, water heater, electrical outlets and access to your home. Many corporate solutions will run through a rigorous QA process of validating the technology to protect enterprise against the risk of exploitation, however consumer products do not receive the same level of review.

We will dissect several name brand solutions currently available on the market today and demonstrate the tools used to reverse engineer these technologies and discuss the areas of risk and how to secure your self from attacks, which may shatter your glass walls.


image description


Email DLP: Simple concept, often poorly implemented
Businesses and organizations have dozens of quality software choices that address email data loss prevention, yet many are still leaving themselves vulnerable. Newer versions of Exchange even have DLP built in, but unless implemented correctly its worthless. During this talk I will show you an example of how, even if DLP is in place, users still try to beat the system. We will go in depth demonstrating how to recover deleted and purged emails using a tool called MFCMAPI. During this talk we will walk through a real investigation process using MFCMAPI and touch on how easily this type of data loss can be prevented.


image description

Chris Roberts

Security Hopscotch
As humans we move between the various electronic domains within our lives. We are familiar with those on our desks and in our pockets…we have been made aware of the ones in the transportation we use and the interactions with the world around us…but now we’re moving into the “Age Of Everything”. We live in houses controlled by remote interfaces, we move around in vehicles that carry our breathing lives as well as our electronic ones. We take it for granted that we can remain connected whenever and wherever we want…yet we don’t really think “how” does this happen…we know and understand elements of the jigsaw but for the most part these considerations are segmented and fragmented. This talk aims to put ALL the pieces together, to show correlation between each of the domains we interface with…and ultimately to play a game of Security Hopscotch between each of them…while maintaining end-to-end connectivity. Quite simply we are going to “demonstrate” how to take control of the Western USA Power Grid by initiating a hack of the Oven you have at home…and tie everything between those not-so-disparate systems. Enjoy the ride.


image description

Charles Herring

Advanced Breaches of 2013 vs. Behavioral Detection
Signature detection of attacks require an understanding of what is bad. Advanced attackers craft innovative and patient attacks that create a new brand of bad that has no signature. In this session, we will review how real-world breaches in 2013 were detected by looking at traffic deviating from normal patterns via metadata/NetFlow analysis.



Seeing Purple: Hybrid Security Teams for the Enterprise
The militaries of the world conduct wargames early and often in order to increase readiness in the event of an actual incident. Their job is the security of their respective nations, so for those of us responsible for the security of organizations, why should that be any different? Protecting any sufficiently sized infrastructure is just like protecting a virtual country; there can and will be everything from external, scripted attacks by a 14 year old who just downloaded Metasploit for the first time to a more intimate, internal attack by a disgruntled employee. In either case, and in every one in between, it is helpful to plan, prepare, and execute mitigations for these events. By combining both red and blue team operations into a wargame, you can develop a comprehensive security plan that will not only help you identify holes in your existing procedures, but also help you develop new ones along with keeping all participants at the top of their game. This talk will explore blueprints for creating such a team and how to integrate it into your existing hierarchy. Plus, let’s face it, games are fun!


Matt ‘The Streaker’ Johnson

Breach Stains
It was a beautiful December day during a particularly calm Michigan winter. My boss called and said “We have been hacked.” Those words stick in your head. It isn’t what anyone wants to hear about their network. A few years ago, I heard them. I still remember it like yesterday. An event like this never goes away. It says with you forever. This talk will recount the story of the days during the breach, what I learned from having lived through this and some simple things you can do to help prevent yourself, hopefully, from never hearing those words.


image description

Joel Cardella

Security On The Cheap
110 million credit cards got sold to the card market not due to custom malware distributed to POS terminals through a file share. That was the effect. The cause of the problem was poor internal network security which could have been prevented for little cost.

We will discuss how to increase your security controls, posture and maturity using common practices, methods and community resources, for very little monetary investment. You will walk away angry that you haven’t done these sooner.


image description

Kevin Thompson

LEVIATHAN: Command and Control Communications on Planet Earth
This presentation draws a new map of Planet Earth, based not on traditional parameters, but on hacker command and control (C2) communications. The primary data points used in this worldwide cyber survey are more than 30 million malware callbacks to over 200 countries and territories over an 18-month period, from January 2013 to June 2014.

First, this talk covers the techniques that hackers use to communicate with compromised infrastructure across the globe. It will explain how covert C2 works, and how attackers keep their communications hidden from network security personnel.

Second, this talk looks at strategic impact. Traffic analysis is used to deduce important relationships, patterns, and trends between the targeted industries and countries and the first-stage malware servers communicating with them. This section correlates C2 communications to traditional geopolitical conflicts and considers whether computer network activity can be used to predict real world events..


image description

Kyle ‘Chaoticflaws’ Andrus

Proof That Windows Computer Forensics is Sexy!
Forensics is sexy! My goal is to prove this to you by demonstrating a few of the basic elements of Windows computer forensics. We’ll explore the some of the tantalizing details that can be found in the Registry (MRULists, ShellBags, Key Creation Times…), Log Files (System, Application, Security,…), and other Windows artifacts (IE History, Thumbcache, prefetch, browser cache/sqlite…) that can help you figure out who or what was messing with your machine. In this talk, I’ll leverage some of those details to show how to see who ran command X, application X, and what exactly may have been taken from your workstation. If you’re a fan of low level debugging than you’ll fall in love with the knowledge and tools that are used in Windows Forensics and you too will find Windows Computer Forensics to be sexy!


image description

Shane Praay

The Security Implications of Software Defined Networks
SDN technology offers an opportunity to dynamically control traffic, which is useful for service chaining techniques including directing traffic to firewall and IPS services for inspection. The nature of SDN, networking with a physical and potentially geographically separate control plane, also creates an additional attack surface for bad actors to impact the operation of the network.


image description

Mark Stanislav

Security for the People: End-User Authentication Security on the Internet
Despite the continued success by attackers to brute-force accounts, phish credentials, and otherwise impact the online security of consumers, a large portion of the sites and services consumers utilize still don’t take authentication security seriously enough.

This presentation will review recent research into the state of end-user-facing authentication security as it relates to password policies, strong authentication, and complementary browser security features.
Through analysis of the ways organizations protect consumer authentication and deploy relevant browser security features, we can gain insight into which sites and services are most focused on ensuring consumers have the best chance defending against attackers.


image description

Jordi Vazquez

Emulate SandBox and VMs to avoid malware infections
The use of virtualization software is widely known by malware researchers. They need a controlled environment so they can run the malware safely in order to analyze changes in the system, network traffic and the resources used. Although there are several virtualization tools and Sandbox, this paper only addresses Virtual Box and Cuckoo, one of the most popular tools to to analize malware.

A large amount of current malware uses various anti-virtual-machine techniques in order to avoid detection by analysis. These techniques allow the malware to detect the virtual machine which will then execute a benign action or simply do nothing. Many of these techniques are based on finding specific files in the system or consulting some Windows registry keys. The purpose of this research is to study the characteristics of the Oracle Virtual Box virtualized operating system and try to replicate the configuration on a physical computer, in order to trick the malware into thinking it is in a virtual environment and thus not triggering its execution. To perform this work, we have created a python script that modifies the Windows registry, creates files in the system and download libraries to emulate a virtual environment. With this script it is possible to fool VM detection tools such as Pafish even real malware samples. I mean that, the most important think about this paper is that with this technique, you can avoid infections by unknown malware.


image description

Jordan M. Bonagura

CSO’s Myopis
The CSO Myopia:
Imagine what it would be like to manage your company without your customer’s data or if the data was in your competitors’ hands. The experiences your customers acquire along the years as well as their database are fundamental and represent a great competitive edge in this new corporate era. Keeping this in mind we realize the importance of implementing specific policies in order to build a base to guarantee the safety of these data, but I will show how the “limited” vision of some CSO’s can impact on fool vulnerabilities making the company with serious security issues.

PS.: In this preso I show a lot of vulnerabilities on Brazilian banks and another different companies and sectors.


image description

Aditya K Sood & Dr. Richard Enbody

Socioware: Dissecting Online Social Network Worms – Insidious Analysis and Design
Online Social Networks (OSNs) have revolutionized the internet and social interactions by giving birth to e-societies. Being chain networks, OSN’s expose a wide attack surface for attackers to trigger infections, affecting a large set of users. In the past OSN worms like Koobface, Ramnit, Lily Jade, etc. have been encountered by the world that exploited the integrity of OSNs. This talk sheds light on the model of Socioware, a termed coined to represent online social network malware. Using Socioware, we will shows how the malware authors design OSN worms and what type of techniques they use to trigger chain infections. The model of analysis used in this talk covers different sets of malware classes and attack techniques that are used by attackers to infect OSNs.

During the analysis of Socioware, we will discuss reverse engineering results of samples of bots that has the built-in functionality of Socioware. This talk unveils the use of spreaders, classes of malware that are used to inject malicious messages into communication software, and loaders, features in a bot that recursively load malicious programs and plugins onto the infected machine, and how they are used in Socioware. This talk goes over several demonstrations and real-world examples that cover how OSNs such as Facebook, Twitter, etc. are hijacked and infected. Finally, the talk will conclude with effective defense tactics that OSNs can implement to reduce Socioware.


image description

Gavin ‘Jac0byterebel’ Ewan

Social Engineering Can Kill Me, But It Can’t Make Me Care
Rumours of my demise have been greatly, well partly, exaggerated.

We are losing the battle, and quite frankly the war, against the conman, the trickster, but not the social engineer.
I have to hold my hand up and admit that I’ve been duped; I’ve been had; I’ve been scammed by the greatest con of all time, social engineering. No, this isn’t were I tell you this talk is about the tricks we all fall for, to err is human, there’s no patch for human stupidity and all that crap. You’ve heard all that before. No, the greatest con of all time is ‘Social Engineering’ itself, or at least how we as a collective whole view it. ‘Social Engineers’ are our construct, our hypothetical, nay, mythical bad guy/gal. We have all fallen for it, and I am more guilty than most having being typecast as a ‘Social Engineer’, and revelling in it. Well, enough is enough.
This talk is a journey, starting with why even the term ‘Social Engineering’ is wrong and moving on to how we have evolved as an industry to pick up (and implement) some very bad practices and viewpoints on the use of such ageless techniques. In my usual, Jac0byterebel trademark style, I will rant, I will swear, I will name and shame, I will piss many off, but win the hearts and minds of so many more. I will leave you, the attendee, the viewer, in no uncertain doubt as to the sins of our fathers.
All of the above would be an utterly useless venture without providing solutions, takeaways we can use right away, not in some hypothetical scenario or roleplay, but in real life. Starting with the most rudimentary of fixes, a simple name change, you will be taken along the final stages of this journey and shown that all is not lost. We have learned much over the years but do not apply the knowledge in the way we should. We have many fonts of inspiration that have brought us to where we are, but are missing many more, sources of far greater value that can change the game.

At the danger of sounding like the high school coach we all loved to hate I ask you this ‘Do you want to win the battle against the real enemy?’. Then come journey with me for an hour. Don’t want to win? Get out of my talk, hell, get out of my industry!


image description

Terrance Davis

Advanced Threats and Lateral Movement Protection
We hear in the news on a daily basis that the next another corporation was attacked. That they lost millions of personal and credit card data. And now, those attacks are becoming more and more complex. Join me as I discuss the attacks, and how detecting the lateral movement of these attacks may provide the means to protect your corporation in your front line fight against hackers.


image description


BioHacking: Becoming the Best Me I Can Be
This is one man’s journey from being fat and exhausted to a fit healthy energetic human. Leonard ventured into biohacking over 4 years ago, and at first it was tentative baby steps. Leonard’s journey into Biohacking accelerated in 2013 with the loss of 50 pounds in 3 months.

The journey, losing 50 pounds in 3 months and keeping it off for 9 months, diet, supplements, mindfulness, exercise and what has worked.


image description

Dr. Phil Polstra

Autonomous Remote Hacking Drones
This talk will cover scripting for remote hacking drones. While the focus will be on Python scripting for remote drones running The Deck, a custom penetration testing Linux distro described in Dr. Phil’s book Hacking and Penetration Testing With Low Power Devices, the techniques described can be applied to other pentesting scenarios as well.
Topics covered will include detecting wireless networks, automatically performing wireless attacks, finding and attacking wireless routers, automated scanning, and automated cracking of logins. Knowledge of Python is helpful, but not required.


image description

Thomas “G13″ Richards

Picking Blackberries
Blackberry 10 is the most recent operating system released by Blackberry(formally RIM). This talk will cover the architecture, system, and applicatoins that make up the Blackberry 10 OS. The talk will also cover points of interest for pentesters who are looking at BB10 applications.


image description


Hackers Are People Too
The world and popular culture mostly see hackers as criminals. We should all make it our mission to not only educate each other when it comes to technology and practices, but also education the population on what we do and why we do it. Let’s spread the word on all of the amazing things that our community does and has to offer to shine a better light on the word “hacker”. I go through the responses of my local community and circles of family and friends as well as what I’ve learned in the process. Hopefully the word spreads and it empowers us to secure all the things!!!


image description

Chuck Easttom

Cryptographic backdoors
An introduction to cryptographic backdoors. This will include coverage of the concept, as well as a walkthrough of a sample cryptographic backdoor. The presentation will also include discussion of the alleged NSA cryptographic backdoor DUAL_EC_DRBG.


image description

David “HealWHans” Schwartzberg

ZitMo NoM
A world without malware is ideal but unlikely. Many of us would prefer *not* to install another layer of protection on their already resource constrained handheld mobile device. Alternatively, Android malware detection sans anti-virus installation has become a reality. Learn about how it’s possible to detect mobile malware using simple text messages with ZitMo NoM. ZeuS in the mobile, known as ZitMo, is infamous for intercepting SMS transmissions then redirecting them to a Command & Control in order steal banking and personal information. Research with SMS transmissions directed at mobile malware has resulted in the ability to detect ZitMo’s presence without anti-virus applications installed. Turning their own tools against them makes this even more of a rewarding endeavor. We are looking for malware researchers to contribute to the continued development of this open tool. The presentation will include the research, the infrastructure and a demonstration of ZitMo NoM. Live malware will be used during this presentation, assuming we get it to behave.


image description

John “geekspeed” Stauffacher & Matthew “Mattrix” Hoy

Are you a janitor, or a cleaner?
In the wake of several major commercial breaches “DEFENDING” is the new hot topic. The industry had always favored attack and penetration and many people need to understand how to defend and respond to active attacks.With the changing trends in Information Security, Incident Response is something that everyone talks about, but nobody really has a good grasp on how to do. Take your Incident Response up a notch – stop just mopping up the mess and really start cleaning.

This presentation is an ongoing discussion on new and inventive ways to handle incident response. Too many organizations are relying on “set it and forget it” – mall-cop style (observe and report) security. We are being passive, letting business drive our security posture. Applications are being rolled out before vetting because of a “fuck it, ship it” mentality – that is leading to a subjugation of the security community as a whole – it’s time we start taking an *active* role. We need to stop being janitors, and start being professional cleaners.


image description

Tim Crothers

Infosec in the 21st century
Most organizations are using a security model developed in the 60’s and 70’s and expecting that to stop attackers from stealing their corporate jewels. In this talk we’ll examine how real criminals bypass our out-dated controls and security infrastructure by blending in with the legitimate user activity and steal at will completely undetected. The trick to catching these perps is not to use some new magical vendor solution but to leverage the data already at our fingertips in ways that most companies aren’t.


image description

Elliott Brink

Bringing PWNED To You: Interesting Honeypot Trends
Honeypots, how much do you know about them? Have you ever run one? I wanted to observe the activities of attackers, so I set one up. The results were quite interesting, and a little bit scary! This presentation will cover the results of running a honeypot for multiple months. Covered topics will include an introduction to honeypots, the results obtained, and the interesting activities and source of attacks.


image description

Scott ‘secureholio’ Thomas

Beating the Infosec Learning Curve Without Burning Out
So you have made the decision to get into Infosec and you’re going to be the best $Some_Job_Title ever. Great! What area interests you the most? You know that “Information Security” has many jobs other than “hacker” right? Maybe you started out with a IT background. Maybe you were an electrical engineer. Maybe you just decided “that security stuff” sounded like fun. Whatever brought you here, you are going to have the same issues that affects everyone starting a new career…where do I learn everything? Certifications or Higher Education? Are either of them required or just a way to get your foot in the door/pad your resume for the HR filter?

This talk will be an intro to what the speaker (who is always wanting to learn more) did to get into the industry and a couple tips to avoid the very real issue of burnout with the plethora of jobs and learning paths out there. It will also identify how he was able to find the people that helped him along the way. This talk is geared towards new people starting their career in Infosec.


image description

Rockie Brockway

The Challenge of Natural Security Systems
Static security models and “business as usual” directives have naturally resulted in a collective eyes wide shut mentality of organizational entropy. Organisms, as well as organizations, can only adapt to changing environments by leaving (or being forced from) their comfort zones. It should be obvious that today’s threat landscape is changing at a breakneck pace, yet most organizations are seemingly content in adding “spend” to the annual budget for more systems that claim to protect against the latest FUD. This is not learning and without learning adaptation cannot occur. Challenges to the organism and organization that move them both out of their respective comfort zones are crucial for successful adaptation. This talk will explore these adaptation requirements in an effort to develop a framework for more naturally secure systems and organizations. At its conclusion it will present a challenge for all those willing to get out of their own respective comfort zones and organically contribute to naturally stronger systems and organizations.


image description


Red Teaming: Back and Forth, 5ever
Whether you are on the red team, the blue team, or aspiring to either, you probably know that when it comes to penetrating a network, the scope of the engagement is non existent. I’m talking no-holds-barred penetration. No rules, no time limits, no prisoners. This talk discusses what happens when blue team meets red team and the tools, techniques, and methodology used when you don’t have to play by the rules. Additional topics include “why is red team?” and “how many does 5ever take?”


image description

Chris Pfoutz

Application Pen Testing
We’re all familiar with network pen testing, and many organizations port those processes and vendors over to application pen testing. There are very few resources on how to work with application pen testers. Furthermore, the resources providing the quality of pen testing organizations is scarce. This talk will discuss how to choose an application pen tester, how this process is different from network pen testing, and how to manage the process and individual engagements. For the pen testers in the audience, I’ll give you pointers on how to engage with your clients and add value to your engagements.


image description

Jen Fox

Reducing Your Organization’s Social Engineering Attack Surface
This case study is a journey through the presenter’s experience compromising a Fortune-50 company at the DEF CON 21 Social Engineering Capture the Flag (SECTF) competition and other smaller targets on more recent consulting engagements. The DEF CON SECTF participants competed to gather openly available information on their corporate targets both on the Internet and over the phone. Some companies put up better defenses than others.

Social engineering remains a threat to companies of all sizes and industries. Verizon’s 2013 Data Breach Investigations Report cites that 29% of breaches investigated had a social engineering component. Social engineers manipulate human beings to get them to reveal information or take a particular action, such as clicking a malicious link. Information gained via social engineering is then used to gain access to information systems or sensitive data.

Attendees will learn the factors that contributed to the presenter’s success and how simple changes could have frustrated her intelligence gathering operations. Session participants will also learn how to detect social engineering attacks and react to them appropriately. And yes, there will be pwnage.
  • Understanding of the social engineering process
  • Actionable tips that can be used in any company


    image description

    Milan Gabor

    Vaccinating APK’s
    Number of mobile applications is rising and Android still holds large market share. As these numbers of applications grow, we need better tools to understand how applications work and to analyze them. There is always a question if we can trust mobile applications to do only that that they are allowed to do and if they are really secure when transmitting our personal information to different servers. We will demonstrate, what can be found in mobile applications based on our experience. In the presentation some runtime techniques will be discussed and tool will be demonstrated. We will also be releasing and presenting tool can help developers to analyze runtime mobile Android applications and help them to look for different kind of vulnerabilities.
    Basic principle of this method is injecting small piece of code into APK and then connect to it and use Java Reflection to runtime modify value, call methods, instantiate classes and create own scripts to automate work. Tool is Java based and simple to use, but offers quite few new possibilities for security engineers and pentesters.


    image description

    Godfrey Nolan

    Hacking Android
    This session looks at a variety of techniques for reverse engineering Android APKs as well as looking at where to find user’s stored data on a phone. We’ll also look at the mistakes that companies have made in the past few years and how to avoid some classic pitfalls.


    image description

    Matthew ‘mandatory’ Bryant

    Vulnerable By Design – The Backdoor That Came Through the Front
    With the popular use of free software developed by inexperienced programmers, security vulnerabilities are becoming more and more frequent. With a new WordPress plugin exploit being released weekly, it begs the question – is it bad development or intentionally insecure software? Bring your tin foil hats as we take a hard look at the gray area surrounding software security negligence. Example offenders will be included, along with discussion on developing zero days for unreleased software.


    image description

    Shogo Cottrell

    Lessons from the front lines: Top focus areas for information security leaders
    Content will revolve around 4 strategies to help reduce risk & exposure:
  • Actionable threat intelligence
  • Complete visibility to your enterprise
  • Securing important assets
  • Policy-driven Early Response through Automation


    image description

    Brian ‘Arcane” Heitzman

    How to budget IDS’s
    IDS Systems are the bane of all IT budgets. They spit enough information out that our bosses and industry “experts” say we have to have them. Yet we find ourselves under mountains of alerts and logs that can get to petabyte levels when salesmen tell us to turn on all the switches. So how do we decide what switches to turn on and how do we preserve our budgets / lives in the process? In my presentation I will walk through some of the flaw with IDS’s, how you can work around them, what resources are available, and most of all how you can budget the running of an IDS.”


    image description

    Tony Miller

    OAuth2.0 – It’s the Implementation Stupid!!
    Recent media attention around “Covert Redirects” has stirred new concerns over an already identified weakness in OAuth 2.0 implementations. So if the weakness is not new, why do we keep hearing about it? OAuth 2.0 is a framework that when implemented correctly can be very secure but many developers do not understand or adhere to the specification and best practices for secure implementation. When implemented poorly, the resultant vulnerabilities can be a treasure chest of data exposure and session hijacking attack vectors.

    We’ll explore common mistakes in implementing OAuth2.0 and how they can be exploited. Use of OAuth has expanded well beyond its early implementations in social media platforms and is becoming increasingly common in enterprise development so we’ll delve into specific attack vectors that result. Of course we’ll also cover the design and remediation strategies that help prevent those common implementation flaws.


    image description

    King Dragon

    CryptoRush – Rising from the Ashes
    So you thought you knew everything about the digital currency world? Think again. CryptoRush, a digital exchange, was hacked hard in the beginning of 2014 with losses that still have not been released yet. There has been much speculation and many rumors floating around the net, but this will be the first ever full public disclosure about what and how it happened, including events that have transpired since and what is happening next.


    image description

    Todd Bursch

    Adopting a Risk-based Threat Model to Secure Your Defenses and Regain Control of Your Critical Data
    Due to increasingly complex attack and evasion techniques being used by sophisticated hackers, Perimeter and Infrastructure-based security programs no longer serve the dynamic security needs of organizations. A risk-based threat model can enable you to regain control of your critical data regardless of where it resides, and empower your workforce with access to information without compromising your IP and other critical data. Creating a security program focused on risk-based evaluation of threats can assist IT security in meeting evolving critical data security demands while enabling business groups and the overall success of an organization.
    In this discussion we will consider the following:
  • Evolving security threat landscape
  • Changing IT Demands
  • Business Demand drivers including endpoint DLP for online/offline employees
  • Understanding Threats and Actors and high risk insider threats
  • Design and Execution of a successful security mode


    image description

    Wyatt Roersma

    Memory Forensics with Hyper-V Virtual Machines
    With the increased demand for Memory Forensics, and more people using Windows Hyper-V as a hypervisor it’s critical the DFIR community follows the proper triage process. Much like ESXi stores a .vmss file for each virtual machines memory Hyper-V stores them in a .bin and .vsv file, however currently it’s not as simple to preform memory analysis on these files. It’s possible with Hyper-V 2.0 files (Windows Server 2008R2) to convert the .bin and .vsv files into a crash dump using vm2dmp and then use the imagecopy plugin in Volatility to convert the crash dump into a raw dump that you can fully work with. However with Windows Server 2012 and newer the vm2dmp tool no longer works on the .bin and .vsv files. It’s still possible to use strings against these images however because of the compression Microsoft uses on these files the data doesn’t tell the entire story.
    This presentation will cover everything from locating the .bin and .vsv files to converting and preforming memory analysis on Hyper-V Virtual Machines in a saved or snapshotted state from Windows Server 2008R2 – Windows Server 2012 R2 platforms. I will also briefly touch on how you can also use Microsoft Data Protection Manager to look at historical memory saved states to give the analyst an endless amount of data to work with. I will also discuss some of the current limitations I have discovered such as, any VM that has 4GB of RAM or more will cause the VM2DMP with an error like “ERROR: Failed to map guest block 4096 to any saved state block! ERROR: Element not found.” After we cover all the basics of analyzing the virtual machine layer, I’ll cover some basics of performing analysis on the hypervisor itself for signs of abnormal activity. I’ll also be show cases some new develop plugins for volatility for analyzing hyper-v systems.


    image description

    Shane Harsch

    Intelligence Driven Security
    Intelligence Driven Security focuses on the visibility, analysis, and actions that organizations need to detect, investigate, and respond to advanced threats; confirm and manage identities; and prevent online fraud and cybercrime.