History and ethos of BSides talk
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities. What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections. Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed. In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger. Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
This is a light-hearted, but very true presentation that dispels many of the common myths surrounding a number of things in the computer forensics world. One example is, "Can freezing a hard drive recover the data?". Another one is, "Can a virus even put child porn on a computer?" You'll just have to come and find out what the other 8 are, and the answers to all 10!
In recent years the number of so called "darknet" marketplaces has exploded. Most people have heard of Silk Road, but there have been many others lurking beneath the surface; and they have all, without exception, failed spectacularly. This talk will explore the ways in which some of these marketplaces have met their end and will hopefully answer the important questions like "Should I really use PHP?" and "Why should I never try to buy a house with Bitcoin?" The talk will apply these failures onto the current state of anonymous applications and examine how we can build more robust systems to protect everyone.
In 2016 infosec needs to be a business enabler, the days of "just say no" and expecting paper tigers to defend against the onslaught of emerging threats are long gone, if these were ever the answer in the first place. While graphs and pie charts have seldom wow'd techies those that write the cheques need credible summary data to make the decisions that determine if the doors will still be open next year. One only needs to look at an firewall log for 5 minutes to confirm we are drowning in data but still stuck on answering "are we secure" when senior leadership asks. This presentation will summarize one nerd's journey into big data and risk analysis as a means to demonstrate attack patterns through statistics and visualization. The two goals of this approach are: Increase credibility in the board room by demonstrating the ability to summarize the appearant randomness of network attacks into attacker profiles. Assist solution designers and defenders balancing the technical defences with the business priorities. We are all special snowflakes to one degree or another so this project will release some tools that allow easy customization to suit the measurements needed be that recurring monthly reports on one time analysis during an incident response. Most of us has limited budgets so everything is free and open source.
Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don't do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it's easier than you think!) these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work... allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than an unlocked staircase as far as building security is concerned!
A new age of malware is upon us that takes advantage of the emotional vulnerability and attachment to our unprotected data. This data ranges from videos of our children to databases of client information that is invaluable to us in many respects. This malware has been popularized by the media in recent years due to its impact on everyone from large corporations to local store owners. It is commonly known as "Ransomware" where files are held hostage by being encrypted with sophisticated cryptographic algorithms which are unbreakable for the majority of stakeholders affected if implemented correctly. The only way files can be decrypted is by supplying the 'hostage takers' with a ransom in the form of digital currency. Throughout this presentation we will discuss ransomware delivery mechanisms and low level details of their implementations varying in sophistication.
Most are familiar with the term called Darknet. Many have ventured a few times out of curiosity. For me, Darknet is an untapped source of Threat Intelligence and in some cases amusement. The news you see online about things being sold on the Darknet are mostly concerning the United States, the Russians, Credit Cards and Drugs. While those are the most sought after topics, there is a lot people don’t know about the Canada’s Darknet shore. The talk covers interesting yet shocking information about Credit Cards, PayPal Accounts, Bank Accounts, Financial Data, PII, Fake IDs, Money Laundering and more. The final objective is to highlight the Canadian market and why we should not ignore it.
With the rise of robotics and programming for children, i fill like other remote places of the world are being left behind. bringing the gap through charity will empower the poor to access and learn robotics and computer programming. It is the reason i wanna share with you about how it is all done and how it can be improved.
Open Up A Can of OSINT On 'Em
Managing ICS Cyber Security within an organization is challenging. Learn what types of ICS Incidents can occur from a large organization and how to implement proven best practices to better manage the response. Practical advice on how to manage ICS Cyber Security initiatives will also discussed.
An introduction to a career in InfoSec: Tales and advice from a grouchy, bitter old man This talk will be a (hopefully) entertaining and realistic look into the world of Information Security as a career. It is meant to provide students as well as newcomers to the InfoSec space a real world introduction based on one man’s opinion and experiences along with combined nuggets of wisdom from his peers. We will be discussing areas such as: - Don’t cross the streams - Forensics, Vulnerability and Penetration Testing, Architecture, Networks, Applications, Governance and Compliance: Where does my education and prior IT experience fit best? - A love/hate relationship: Working with and for the business - The facts of life: Budgets, resources, priorities, oh my! - Judge Dread: Governance, compliance, policies and process – Or how I learned to love control frameworks and audits - How to be worth more than a $50 vulnerability scan: Adding value to VAs and PenTests - Certs, huh, good God, what are they good for? - Rebel vs. Empire: Consultant or employee – The good, the bad and the ugly - Try it now! : Dealing with frustration, apathy and indifference - Is Mr. Robot just a (very cool) show? : Being realistic about what to expect day to day Old timers are welcome to attend and provide their personal wisdom and advice. Please note: This is not a self-help group for suffering veterans – no hugs will be provided.
With more and more governments requiring breach notifications to customers in response to an event, it is critical that we take a look at how we are positioning the message. What information do we disclose, what information does the customer need to take action. This talk takes a deep dive through publicly available breach notifications and points out the ones that are doing it right, and sadly the ones that fail so bad, it is almost comical.
Adversarial modelling exercises
With over 3.1 million applications in the Apple AppStore and Google Play Store, and more than 7.5 billion mobile subscribers in the world, mobile application security has been shoved into the forefront of many organizations. One of the newly added features on mobile devices is that of a fingerprint reader. Both iOS and Android provide access to the hardware fingerprint reader through APIs. The fingerprint APIs can be used correctly and incorrectly. Join David as he shows how the APIs work, how you can use them correctly and incorrectly, and how a malicious actor may attack the fingerprint APIs.
As providers of infrastructure services we all have to agree that DevOps is a reality and something that we must prepare for. At the same time we are asking for tools to improve our operational efficiency. WestJet's IT Security Team came to realization that these two drivers are nicely aligned. Let me show you how WestJet is architecting solutions for automated security and how these solutions are paving the way for DevOps.
In this talk we tear apart IoT devices, inspect their components, extract the software, discover debug interfaces and gain root. The home automation Wink Hub is used as a test-bed as we cover the most important topics for those interested in tearing apart and understanding embedded devices. We will go over methods of gaining control of the system using JTAG, UART, and direct firmware access by dumping flash. We will do all of this with a $55 beaglebone black running opensource tools.
When this industry started – there was a gap for those that quickly went on the defense or offense. Our minds were structured in either seek and destroy (red) or defend all the things (blue). The industry is changing and the understanding of both offense and defense is imperative to building a much better tomorrow. This talk runs through the latest offensive techniques used with live demonstrations as well as some of the best methods for defense when it comes to stopping the offense. Learn some of the methods I use on a regular basis for the offense, and most importantly – the easiest ways to detect me as I’m ripping through the network.
Adware has long occupied the gray area between legitimate software and malware. Antivirus vendors have struggled in recent years to classify adware. Labels given to adware, such as "misleading application", and "potentially unwanted application", attempt to warn the end user about what they are about to install. Some Antivirus vendors allow nuisance adware to be installed if it meets certain criteria, like having a digital signature, a EULA, and an uninstall method. What are corporate security analysts to do about adware? In many organizations antivirus adware detection events are ignored or silenced if users are given some amount of freedom to install software on their machines. Is this safe? This presentation will discuss a case of malware being delivered by adware. Upon contacting the owners of the infected systems, it was discovered local administrators had already been notified about the affected machines by their antivirus vendor, but only about adware installed on the system. The administrators chose to ignore the notifications, because adware detections were quite numerous and considered innocuous. The novel method used to detect the infection will be discussed, along with technical information from reverse engineering the malware.
OpenStack Security So you have deployed OpenStack in your data center and opened it up to end users. Now everyone is building instances and creating networks. But who can access what and from where? How is network communication security handled in an OpenStack environment? In this talk we will review how network communication is handled inside OpenStack, network access to Project / Tenants, OpenStack API endpoints and endpoint transport security. We will also cover some of the OpenStack best practices for isolating projects and services.
Full-Disk Encryption (FDE) solutions are used by both legitimate enterprises and unlawful individuals to protect the disclosure of sensitive data at rest. Hardware-based FDE, known as Self-Encrypting Drives (SED), have penetrated the market and are advertised as being more secure and as having zero overhead. This session will explore SED solutions and fundamental security issues with the current state of the standards that can be used to bypass the encryption and access the data on protected drives.
There is no shortage of security products and technologies that each claim to address a critical need. I love getting new toys just as much as the next guy, but do we really need more security technology? We can build much better security than we are today using the tools that we already have. I will share the areas where I see the biggest gaps over and over again and what can be done today to get the greatest benefit. Let’s pause for a minute and have a discussion about how to maximize security (not costs), leverage the capabilities that we have but aren't using today and explain to management why focusing on the basics when it comes to security is good for business.
All good security programs have people, process and technology that make them run smoothly. But what happens when your security program has been derailed by a major incident, your company’s reputation has taken a hit, or even worse, the security team has lost the trust of the larger organization? With a little help from Taylor Swift song titles, your security program can rise like a phoenix from the proverbial ashes.
Currently BGP security is one-hop trust, meaning that you only ever trust your direct peer, but any information that comes from an ASN beyond that peer is of unknown quality. This leads to the possibility of man-in-the-middle attacks where an organization in the routing chain injects routes that they aren't administratively responsible for and is able to redirect traffic for these routes to themselves. Current solutions to this problem involve a complete re-working of the Internet (Next generation Internet protocols) or protocol modifications and add-ons (RPKI). While these hold promise, they involve a lot of infrastructure changes and heavy lift. In the interim, what's to be done to improve the situation? Taking a national Critical Infrastructure level view, I propose that Canadian ASNs (or any trust group, for that matter) could band together and implement a low-cost solution that ensures the integrity of critical routes by simply advertising more specific prefixes than is generally allowed by Internet standards. The question is, how much BGP integrity would be gained with a focus on securing routing traffic within a single hop, vs. the traffic that originates from multiple hops. In this talk, I'll review the security problem, a few of the alternate approaches (SCION, RPKI), an analysis of the peering traffic at TELUS wrt one-hop routing, and an evaluation of the benefits that might be gained by a Canadian BGP routing exchange. As this study is not yet complete, I can't predict the results but early indications are that 70% of OUR peering traffic does not require more than a single hop (e.g. originates via a trusted partner) and would lend itself to this solution. Audience members should come away with an understanding of BGP one-hop trust and man-in-the-middle routing vulnerabilities, in addition to an awareness of proposed solutions to fix the problem. In addition, this knowledge will be further informed by the results of a peering traffic analysis on a Canadian communication provider's network.