Speakers will be published continuously during the review process. If you made a submission and have not heard back from us you are still being considered for a speaker position.
Speakers are presented in no particular order.
OLD SKEWL HACKING: DVB-T Black Button Pivot
This research looks at vulnerabilities in UK DVB-T Televisions, created by the requirement to adhere to the MHEG standard in order to support “Freeview”, the UK’s national Free To Air television, radio and data service. This standard pre-dates today’s “Smart” TVs, but affects them as well as older models, and includes some Internet capability, thus opening up the possibility of pivoting from DVB-T to the Internet on every TV installed in the UK that has some kind of Internet connection.
I will demonstrate the attacks as well as providing detailed information on techniques & tools used.
Adam Laurie is a security consultant working the in the field of
electronic communications, and a Director of Aperture Labs Ltd. who specialise in reverse engineering of secure embedded systems. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe’s largest specialist in that field (A.L. Downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world’s first CD ripper, ‘CDGRAB’. At this point, he became interested in the newly emerging concept of ‘The Internet’, and was involved in various early open source projects, the most well known of which is probably ‘Apache-SSL’, which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres housed in underground nuclear bunkers as secure hosting facilities.
Adam aka “Major Malfunction” has been a senior member of staff at DEFCON since 1997 and is the POC for the London DEFCON chapter DC4420. Over the years has given presentations on forensics, magnetic stripe, EMV, InfraRed, RF, RFID, Terrestrial and Satellite TV hacking, and, of course, Magic Moonbeams. He is the author and maintainer of the open source python RFID exploration library ‘RFIDIOt’, which can be found at http://rfidiot.org.
REAL-WORLD LESSONS ABOUT SPIES EVERY SECURITY RESEARCHER SHOULD KNOW
Intelligence agencies need intelligence. Recruiting people who know stuff is one of their tasks, but how do they actually do it? What do they want? What is their methods? David and Stefan who both work at Kaspersky Lab have tracked and documented operations from different intelligence agencies and is going to give you a full disclosure presentation about what is actually happening in the industry regarding intelligence and security researchers.
“My name is David, I’ve walked this earth for 35 years. On my spare time I play with myself, and if I get lucky sometimes with other people. I like computers! Most of the time I break stuff and then talk about it. I have no education, no fancy certificates, diplomas or anything like that but i do have a job which i like. I’ve written books, been in movies, traveled the world for security conferences. When I grow up I want to be a unicorn!” /Bio stolen from an undisclosed website dump.
LIGHT-WEIGHT PROTOCOL! SERIOUS EQUIPMENT! CRITICAL IMPLICATIONS!
Neal Hindocha has been working in the security industry since 1999. He began his work at SARC (Symantec Antivirus Research Center), reverse engineering malware and writing signature for Symantec’s antivirus products. From there, he moved on to penetration testing, and has since been a consultant for Verizon Business and Trustwave, where he helped build the mobile testing services and focused on deliveries for advanced projects.
Currently, Neal is a Principal Consultant at FortConsult (part of NCC Group), focusing on new service areas such as cloud and IoT, whilst still reversing the odd malware and delivering pentests.
Lucas Lundgren has a vast experience in IT security, with the “bad luck” (or tendency) to annoy companies by reporting vulnerabilities in their products.
IN THE ZONE: OS X HEAP EXPLOITATION
The most recent literature on exploiting the OS X heap was written in Phrack in 2005. Though the same region allocation scheme is still in use, the implementation has changed significantly. I am going to dive into how the OS X heap is laid out in memory, what is unique about it’s region-based allocator, and how this changes common exploitation techniques. We will also be releasing tooling that works with LLDB to further enhance the users ability to look into the current state of the heap and query the various zones for information. We will also be releasing the most advanced LLDB init available and truly push LLDB to be much more user friendly and functional. After an overview of the heap and how it is laid out we will present a case study of real world heap exploitation based on vulnerabilities found at Cisco Talos.
Tyler Bohan is a Senior Research Engineer with the Cisco Talos Vulndev Team specializing in vulnerability research and exploitation. Tyler is the creator of MacDBG, a general purpose debugging framework for OSX.
STATE-SURVEILLANCE: TREASON, HERESY AND THE BOY THAT DRIVES THE PLOW
There once was a man from Dundee, who traveled quite frequently. He ranted and raved, and laughed and joked about issues in security. He then changed his tune, from hackers and doom, to stories about history. So you should feel quite blessed to have experienced this mess, and witnessed my poetry.
Societies may change, but the staus-quo remains the same. What happens when a super-power has its secrets exposed? Can a government understand the human-cost of wars against religious extremists? Will those chosen to govern ever be able to control the pace of technological developments? Can a state assassinate its exiles in other countries ever really be morally justified? Are just some of the topics covered within this talk.
Granted, this talk looks as though its going to repeat the same Snowden/Wikileaks/Manning stories we’ve all come to expect at a security conference, except you’d be wrong. This talk looks at state-surveillance during the Reformation in Europe during the 16th Century. This particular period in history is interesting for many reasons, yet the parallels to modern dilemmas are clear. Has little changed in 500 years?
HTTP/2 & QUIC – TEACHING GOOD PROTOCOLS TO DO BAD THINGS
DIRECT MEMORY ATTACK THE KERNEL
HOW TO BREAK PETYA’S CIPHER WITH PEN & PAPER
After leon-stone published a program in GO able to break Petya’s key using genetic algorithms, I set up to understand which were the weaknesses in Petya’s version of Salsa-20 that allowed such approach to succeed.
In this talk I’ll cover how I modeled Petya’s cipher from leon-stone’s implementation using pen and paper to be able to discover the initial flaw with the 32-bit shifts (which meant 5-bits of the key where unmixed) and how I improved those attacks to be able to recover at least 7-bits and finally the whole key. To this end, I’ll explain how ciphers can be modelled as sets of boolean equations and how these can be used as simple metric to check the difusion of algorithms.
Although Francisco had always had the curiosity inherent to hackers to take apart things to see how they worked and even fix them and learnt how to use MS-DOS with 7 years so he could play Commander Queen on his father’s computer things looked as if he was just going to be a computer programmer. After spending a summer reading Bruce Schneier’s applied cryptography and taking part, after lots of persuasion by the organizers, on a CTF competition where he wrote his own tools things started escalating quickly. Since then Francisco has done things like participating in some CTFs, becoming a Gentoo Hardened developer, writing an Arduino bootloader able to cryptographically verify updates, contributed cryptographic code to the Haskell community, written a fast implementation of the TTH algorithm and championed the introduction of new standards in the ADC protocol. Currently, Francisco works as a pentester and in house developer at Coresec Systems AB where he also supports other workers in cryptographic matters whilst trying to do his research in his spare time.
THE SEVEN LORDS OF THE KEY TO THE INTERNET
It sounds like fantasy: seven keys, held by individuals from all over the world, that together control security at the core of the internet? The entire process with the DNSSEC signing of the root zone leans heavily on the participation of trusted representatives from the global internet community, selected to take an active role in the key management process based on a n-out-of-m scheme.
Some of these trusted representatives are appointed as Crypto officers, holding keys to retrieve the credentials needed to activate the hardware security module (HSM) with which all the operations are made.
Rumours about the power of the keyholders abound: could they use their keys to switch off the internet? Or, if someone somehow managed to bring the whole domain name system down, could we turn it on again?
The keyholders have been meeting four times a year in the US, twice on the East coast and twice on the West coast beginning in June 2010.
During my presentation I will tell more about the process, the security model and what is going on right now – with a KSK key rollover coming up. Is it worth it?
TIME / MEMORY TRADE OFF FOR HASH CRACKING
GPU:s and other hardware has during the last years made huge improvements
in hash cracking. Will the time/memory trade off techniques such as Rainbow-tables
ever come to fashion again? Or are there still cases where we can find uses for them or other methods for use of mass storage that also is getting cheaper?
Vesa Virta has over 20-years of experience of being an IT-security-intelligence-dude. An ordinary day contains tasks ranging from things he can not talk about to things he can definitely not talk about. However any similarities between the day job and the presentation are purely circumstantial.
Mapping the invisible – A journey into discovering tor hidden services
Eric Michaud has been working in the security industry since about 2008 when he began his first official job out of college at the DoE. Fast forward to today and he’s been working in private industry on the physical side of things with his company Rift Recon and the digital side with Darksum which has been acquired by Intelliagg. In his recent spare time he took up the violin, codes in Python, and picks the occasional lock.
SCAM CALLER – Call Dropped
“Hi, I’m calling from technical department and your computer is infected”
This is very common and we saw a high increase of scam calls targeting Sweden in the end of last year.
But sometimes someone decides to have fun with the caller.
Best practice, the inconsistency of doing it the right way
Love is a student in computer networks at Mälardalens Högskola. While working with first line support he realized that he was more interested in how the network actually worked than helping customers. There and then he decided to learn more. Roughly two years has passed since that job and now he is one of our speakers giving his thoughts on how best practice works from the perspective of someone new with fresh eyes.
Solving the FRA challenge, again
Crypto implementation flaws in Pacom GMS System
The Pacom 1000 CCU and controllers (RTU) is used in security
alarm installations all over the world. The flaws we have found can bypass the security of any unpatched installation.
The talk will describe how we found the flaw, when doing an audit of critical infrastructure, when we was expecting flaws in other parts of the audited system, but not the physical alarm system itself.
The fundamentals of the flaws are described in the CVE we published in December 2015. This talk have only been presented to closed audience under NDA before.
Fredrik Söderblom, Senior Security Advisor and founder of XPD AB.
For more than 20 years, Fredrik been engaged as an IT architect, expert advisor and security advisor, both in Sweden and internationally.
As Fredrik has worked in multiple sectors (ranging from defense sector and financial institutions, governmental agencies and organizations to private businesses) all with different business goals, he has developed an in-depth understanding of what is
required of a security architecture in order to fulfill both the business goals and pass a security audit, to ensure that systems is secure and safe.
Fredrik is also an appreciated teacher and has been hired as a lecturer at universities and conferences both in Sweden and abroad.
He has worked with security since 1992 when he designed and implemented the first firewall for his then employer, Hewlett-Packard in northern Europe.
Joachim has been designing processors, digital hardware and embedded systems since 1991. Way before that he started messing with security. Working at Assured, Joachim helps customers choose the right crypto and other security mechanisms for their products and services.
Since 1998 Peter has focused on network, infrastructure and system design/security.
While working at XPD he has also worked extensively with technical parts of IT security audits focusing mostly on internal and external intrusion reviews both in the EU and the US.