Adam Laurie - A day in the life of a hacker
Adam "Major Malfunction" Laurie is a White Hat Hacker who spends his time traveling from country to country speaking and training at international conferences and providing consultancy to his clients around the world. But what does he do in his spare time? How does a hacker keep himself busy whilst wide awake in a foreign land, in the middle of the night and in the wrong time zone? What can he find of interest in random hotel rooms and business centres to keep him from going crazy? Is the ATM in the lobby secure? How about the hotel TV? The room safe? The door entry system? The mini bar?
So many toys, so little time...
Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies and quickly became interested in network protocols moving his attention to those areas and away from programming. At this point, he and his brother Ben became interested in the newly emerging concept of "The Internet", and were involved in various early open source projects, the most well known of which is probably their own "Apache-SSL" which went on to become the de-facto standard secure web server.
Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings. He is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library RFIDIOt.
Jacob Appelbaum - Smartcard attacks and magstripe madness
Jacob will present work done together with Joe Grand and Chris Tarnovsky; an evaluation of electronic parking meters including smart card protocol analysis and emulation, silicon die analysis, and firmware reverse engineering, all of which aided in successful breaches of the stored-value card payment system.
He will also demonstrate his newly developed software tools for inspecting and tampering with magnetic
stripe cards. Jacob will also be holding a separate workshop on the free Tor TCP traffic anonymizing system.
Jacob Appelbaum (aka ioerror) is an accomplished photographer, software hacker and world traveler. He works as a developer for The Tor Project and trains interested parties globally on how to effectively use and contribute to the Tor network. He is a founding member of the hacklab Noisebridge in San Francisco where he indulges his interests in magnetics, cryptography and consensus based governance. He was a driving force in the team behind the creation of the Cold Boot Attacks; winning both the Pwnie for Most Innovative Research award and the Usenix Security best student paper award in 2008. Additionally, he was part of the MD5 Collisions Inc. team that created a rogue CA certificate by using a cluster of 200 PS3s funded by the Swiss taxpayers. He is also an ethics enthusiast, a former pornographer and proudly Vegan.
Travis Goodspeed - Locally Exploiting Wireless Sensors
Wireless sensors are often built with a microcontroller and a radio
chip, connected only by a SPI bus. The radio, not the MCU, is
responsible for symmetrical cryptography of each packet. When the key
is loaded, it is sent as cleartext over the SPI bus, and an attacker
with local access can steal the key using a few syringe probes and
readily available hardware. This attack and other local attacks
against wireless sensor networks will be presented in detail,
including a live demo of an AES128 key being extracted from an
operational network. Following the conclusion of the lecture, audience
members are welcome to try out some of the speaker's equipment on
example hardware.
Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. He has been exploiting and reverse engineering wireless sensors since writing the first stack overflow exploit for them in 2007. His recent projects have included a timing attack on the MSP430 bootstrap loader and an extra-neighborly party-mode belt buckle in the shape of Tennessee.
Saar Drimer - EMV: attacks, solutions, and lessons
Security-critical systems can appear to be secure in theory, but fail
when deployed in practice. An example is "Chip and PIN", an EMV-based
smartcard payment system deployed in the UK just over three years ago.
In this talk, several practical attacks on "Chip and PIN" will be
described and discussed in the context of design, certification,
legislation, and
usability problems, and how deployment changed the criminal landscape.
Lessons will be drawn from the experience gained while analysing this
closed security system, and from the industry's response to
demonstrated security vulnerabilities.
Saar Drimer is finishing his PhD studies at the Computer Laboratory, University of Cambridge. His research focus is on security for reconfigurable systems, and is generally interested in the security properties of banking systems and hardware modules.
Ramón Pinuaga - Playing in a Satellite environment
This presentation is a warning call to those responsible for the companies that use or provide data
connection (especially the Internet) via satellite, proving some of the attacks that are possible in this environment.
You will learn how insecure satellite connections are and how to secure communications using this technology. Also, you will learn how these attacks can be made, including how to get an anonymous satellite connection to the Internet.
Ramón Pinuaga works as Security Analyst for the Spanish company S21SEC since 2000. He is an experienced security consultant and penetration tester. His education comes from the old-school hacking, but his work has geared towards corporate web environments, application servers and databases.
Erik Hjelmvik - Security Posture of our Critical Infrastructure
SCADA and Process Control Systems are used to monitor and control several parts of our critical
infrastructure, such as production and distribution of electricity, oil, gas and water.
Our society depends on these systems, but can we trust them to be secured against threats such as
terrorists, disgruntled employees, malware and hackers? In this talk, Erik will give a walkthrough
of several types of vulnerabilities and other IT security related problems that can exist in SCADA
and Control Systems. He will also give his view of what is needed in order to improve the security
of our critical infrastructure.
Erik Hjelmvik is a software architect and developer at the R&D department of Syntronic, where he focuses on software for the telecom industry and embedded devices. In the past, Erik served as an R&D engineer at one of Europe’s largest electric utility companies, where he worked with IT security for SCADA and process control systems. Erik is also the creator of the open source network forensics tool NetworkMiner.
Sandro Gauci - Searching for Phones on the Internet
In this talk, subtitled "Adventures with SIPVicious", Sandro will show us the many different kinds of telephony
devices that are exposed on the Internet today and how he found them. We will get to see the weird things that
some VoIP devices do and how one can fingerprint different SIP implementations.
Sandro will also detail the different protocols involved in IP telephony applications and show off his SIP honeypot.
Sandro Gauci is the owner and Founder of EnableSecurity where he performs R&D and security consultancy for mid-sized companies. Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious and VOIPPACK for CANVAS.
Sumit Siddharth - More Advancements in SQL Injection Techniques
This talk will cover a variety of exploitation as well as identification techniques.
Starting with the very basics the talk will get more and more complex and will discuss
exploiting SQL injections which seem to be un-exploitable. Exploitation in scenarios when
the web APIs do not allow execution of multiple SQL query in single statement will be discussed.
Special emphasis will be paid on Oracle database and how to achieve privilege escalation and OS
command execution from web applications will be demonstrated.
There will be a tool release (bsqlbf) for advanced SQL Injection exploitation against Oracle.
The talk will also show an Oracle SQL Injection worm to prove that worms could target not just
MS-SQL but any other database.
Sumit "sid" Siddharth works as a Principal Security Consultant (Penetration Tester) for 7Safe Limited in the UK. He has been a speaker at many security conferences including Defcon, Troopers, OWASP Appsec and IT Underground. He also runs the popular IT security blog www.notsosecure.com.
Collin Mulliner - Fuzzing the Phone in your Phone
The talk presents research work that was conducted together with Charlie Miller.
In this talk we show how to find vulnerabilities in smart phones.
Not in the browser or mail client or any software you could find on a
desktop, but rather in the phone specific software. We present techniques
which allow a researcher to inject SMS messages into iPhone, Android, and
Windows Mobile devices. This method does not use the carrier and so is free
(and invisible to the carrier). We show how to use the Sulley fuzzing
framework to generate fuzzed SMS messages for the smart phones as well as
ways to monitor the software under stress. Finally, we present the results
of this fuzzing and discuss their impact on smart phones and cellular
security.
Collin Mulliner is a PhD student at Technical University of Berlin (TU-Berlin) and T-Labs. Collin's main interest is the security of mobile devices with an emphasis on mobile and smart phones. In recent years he worked on many Bluetooth-based projects where he created the first Bluetooth port-scanner. Since 1997 Collin has developed software and done security work for PalmOS, J2ME, Linux, SymbianOS, and Windows Mobile. In 2006 he published the first remote code execution exploit based on the multimedia messaging service (MMS).
John Pirc - Assessing the Security Risk of Cloud Computing The “Cloud” is an emerging utility and delivery model for many IT-based services, in which the user sees only the service, and has no insight about the technology or implementation of the Cloud infrastructure. The Cloud can deliver and host many services such as SaaS, IaaS and PaaS. With any new implementation of technology or architecture comes risk. In the following presentation I will discuss the technical, and business risk associated with Cloud. Additionally, I will be discussing virtualization and more importantly the threat landscape that drives the security needed to secure the Cloud.
John has multinational security and business experience across several verticals. He was also recently named a SANS Institute Security Thought Leader. John has worked for the US Intelligence Community, small private security consulting firm and large global vendors. In addition to a BBA in Information Systems from the University of Texas at San Antonio, John also holds the NSA Information Assurance Methodology and Certified Ethical Hacker certifications. John was recently named security thought leader from SANS Institute and advisory board member of SANS Execubytes publication. Currently, John is responsible for the strategic direction and success of IBM Internet Security Systems' entire security product portfolio. In addition to providing strategic direction for the all the security products and next generation platforms, John has the privilege of working closely with clients, X-Force research team, and other IBM teams worldwide.
