SEC-T - 0x0Anniversary

September 14-15, 2017 – Stockholm, Sweden

Talks 2017


Intercepting iCloud Keychain

By Alex Radocea

iCloud Keychain employs end-to-end encryption to synchronise secrets across devices enrolled in iCloud. We discovered a critical cryptographic implementation flaw which would have allowed sophisticated attackers with privileged access to iCloud communications to man-in-the-middle iCloud Keychain Sync and gain plaintext access to iCloud Keychain secrets.

About speaker

Alex Radocea started in Security by testing firms from an office on Wall St at Matasano and playing wargames at wargames.unix.se. He’s worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify before founding Longterm.


Breaking Tizen

By Amihai Neiderman

Tizen​ ​is​ ​Samsung’s​ ​newest​ ​OS​ ​for​ ​its​ ​devices​ ​and​ ​considered​ ​by​ ​them​ ​as​ ​the​ ​operation system​ ​of​ ​everything,​ ​aiming​ ​to​ ​run​ ​on​ ​every​ ​device​ ​from​ ​simple​ ​IoT,​ ​mobile​ ​phones, televisions​ ​to​ ​even…Cars. During​ ​the​ ​course​ ​of​ ​a​ ​few​ ​days​ ​I​ ​found​ ​over​ ​40​ ​different​ ​vulnerabilities​ ​in​ ​tizen​ ​-​ ​some​ ​logical and​ ​some​ ​just​ ​classic​ ​(really​ ​classic!)​ ​memory​ ​corruptions​ ​bugs.​ ​I will explain the basics of Tizen OS and present some cherry-picked 0days I have found.

About speaker

Amihai Neiderman is a security researcher in the field of vulnerability research. Amihai has worked on everything from embedded devices, IoT, OS exploitation and web security. In past years he has worked as an independent researcher for various companies and now works as a security researcher for Azimuth security.


Candy and Competence

By Hugo Hirsh

Bringing together lessons from Criminology, Sociology and Behavioral Psychology, this talk focuses on the human elements of creating secure organizations. We discuss embedding security as a part of the culture of an organisation and how to bring it to the forefront of everyone’s mind.

Positive re-enforcement, the Broken Window Theory, and Design Thinking all contribute to creating an environment where security is taken out of the hands of the few and into the hands of the masses. Empowering our users, and our businesses, for the better.

About speaker

Hugo Hirsh is a founding member of the Security Operations team at Kambi, a B2B sports betting company. He is an infrequent CTF player and an even less frequent blogger. He has a passion for learning by doing, and can frequently be found out of his depth. He also tries to help out with Security Without Borders.


Introduction the Wichcraft Compiler Collection

By Jonathan Brossard

With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code ‘reuse’ by relinking those relocatable objects as arbitrary shared libraries, we’ll create a form of binary reflection, add scripting capabilities and in memory debugging using a JIT compiler, to attain automated API prototyping and annotation, which, we will argue, constitutes a primary form of binary code self awareness. Finally, we’ll see how abusing the dynamic linker internals shall elegantly solve a number of complex tasks for us, such as calling a given function within a binary without having to craft a valid input to reach it.

The applications in terms of vulnerability exploitation, functional testing, static analysis validation and more generally computer wizardry being tremendous, we’ll have fun demoing some new exploits in real lifeapplications, and commit public program profanity, such as turing PEs into ELFs, functional scripting of sshd in memory, stealing crypto routines without even disassembling them, among other things that were never supposed to work. All the above techniques have been implemented into the Wichcraft Compiler Collection, released as proper open source software (MIT/BSD-2 licenses) at https://github.com/endrazine/wcc.

About speaker

Jonathan Brossard is a computer whisperer from San Francisco. For his first conference at DEF CON 16, he hacked Microsoft Bitlocker, McAffee Endpoint and a fair number of BIOS Firmwares. In 2012 he presented Rakshasa, a BIOS malware based on open source software, the MIT Technology review labeled “incurable and undetectable”.

Endrazine is also known in the community for having run the Hackito Ergo Sum and NoSuchCon conferences in France, participating to the review board of Shakacon (Hawaii) and Opcde (Dubai) as well as authoring a number of exploits over the past decade. Including the first remote Windows 10 exploit and several hardcore reverse engineering tools and whitepapers. Jonathan is part of the research team behind MOABI.COM, and acts as the Principal Engineer of Product Security at Salesforce.


Hack the Invisible! Exploiting IoT Devices over Software Defined Radio, ZigBee, WiFi and BLE

By Swaroop Yermalkar

With arrival of new smart devices every day, Internet of Things is one of the most upcoming trends in technology. Most of these devices have component to communicate over Wireless. However many of these devices communicate over proprietary protocols and it’s important to know the process of analyzing and finding flaws in it.

This talk will help you to understand Software Defined Radio, ZigBee, WiFi, BLE (Bluetooth Low Energy) with practical approach for identifying attack surface and exploiting IoT Devices. The talk will cover BLE hardware, ZigBee Sniffing Hardware, SDR Hardware – RTL SDR, HackRF, WiFi Sniffing / Injection hardware, Radio Frequencies Basic, ZigBee Profiles, WiFi, ZigBee, BLE attacks with IoT devices.

About speaker

Swaroop Yermalkar works as a Senior Security Engineer at Philips. His work includes threat modelling, security research, assessment of IoT devices, healthcare products, web applications, networks, Android, and iOS applications.

Swaroop is an OWASP iGoat Project leader and one of the top security researchers worldwide who works with Cobalt.io and Synack.inc. Swaroop has given talks and training at various security conferences, such as Hacks in Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple Banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. Swaroop has written articles for clubHACK magazine and is the author of An Ethical Guide to Wi-Fi Hacking and Security and Learning iOS Penetration Testing (Packt Publishing).


Act Three, The Evolution of Privacy

By Arron Finnon (Finux)

ZOMG not another god-damn privacy talk, i’m fed up of this. When will it ever end? We all know privacy is dead!

STFU, we’ve been saying things like that for too long! Empires have come and empires have fallen, but what part has privacy really played in any of it?

What i can tell you is, what we consider privacy today, isn’t what what was considered privacy a thousand years ago. You could argue, privacy is a learned behaviour of our species that’s less few centuries old. Yet that doesn’t quiet paint the full picture. However what is strange about privacy is, if i deny you your privacy, you will have physiological reactions to this (as well as psychological ones too). Most privacy talks I see are centred around a key premise, that what we have, we will lose, if we don’t stand up for it now, which is true. Yet few of those talks look at privacy from a historical prospective. Can we truly protect something we hold so dear, when we know so little about it’s history?

This talk is a gentle walk down Memory Lane, looking at many civilisations interpretation of what privacy is, and how it has been nurtured, as well as how it has been attacked. After all, “privacy may actually be an anomaly.”

About speaker

Arron “finux” Finnon has been involved in security research and consultation for a over 10 years. Arron has discussed a wide range of security related topics at a number of high profiled international Security/Hacking conferences, as well as producing over 100 security related podcasts. Interviewing countless security professionals as part of the Finux Tech Weekly podcast show. His security research and consultation have helped businesses around the globe better develop the effectiveness of their security posture in detecting and mitigating cyber attacks.

During Arron’s time at The University of Abertay Dundee he was awarded the SICSA Student Open Source Award for his Advocacy of Free and Open Source software for his work whilst president of The UAD Linux Society. A subject matter he is still very passionate about even today.

Arron currently is the Chief Technical Officer for Krohn and Partners where he oversees the technical and security requirements of the business, as well as offering security consultation and services to Krohn and Partners clients.


MEAN stack bugs and vulnerabilities

By Murat Yilmazlar

This presentation will be about the MEAN Stack and how to smash it. MEAN is the new era on web application world. In this presentation the speaker will cover all of the MEAN Stack components vulnerabilities and bugs. And it will be demo at the end of the presentation.

About speaker

Murat works as Penetration Tester at SiberAsist. His main interests are blackbox web application auditing and static analysis. He also supports the open source community. He is also known for bug bounty hunting.


Where Cypherpunk Meets Organized Crime

By Benjamin Brown

Where Cypherpunk Meets Organized Crime: The Shifting Landscape of Underground Economies and Crypto-driven Privacy.

About speaker

Benjamin Brown’s current research focuses on the dark web, cybercrime, cryptocurrencies, and underground digital economies. He also engages in internal and customer incident response, adversarial resilience, and security training. His day job is with Akamai Technologies where he has the opportunity to integrate his anthropology and international relations educations with research into large-scale, internet-level security problems.


Revoke-Obfuscation

By Daniel Bohannon

Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, its power has made it increasingly attractive for attackers and commodity malware authors alike. How do you separate the good from the bad? Revoke-Obfuscation is a framework that transforms evasion into a treacherous deceit. By applying a suite of unique statistical analysis techniques against PowerShell scripts and their structures, what was once a cloak of invisibility is now a spotlight. It works with .evtx files, command lines, scripts, ScriptBlock logs, Module logs, and is easy to extend.

About speaker

Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over seven years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques.


Invoke-CradleCrafter

By Daniel Bohannon

Are you a Blue Teamer that feels confident in your ability to detect PowerShell remote download cradles? What about if powershell.exe harness other binaries to actually make the network connection? As a Red Teamer, are you looking for new obfuscation techniques to thwart the Blue Team’s ability to effectively detect your payload delivery mechanisms to powershell.exe?

Invoke-CradleCrafter is a living library of obscure PowerShell remote download cradles that evade many of today’s detections through obscurity, syntax obfuscation, and even the pawning off of network connections to additional Windows signed binaries through COM objects, BITS or even SendKeys. In addition to highlighting over a dozen different PowerShell remote download cradles, I will cover over ten different code invocation syntaxes along with obfuscation techniques completely different from those found in other obfuscation frameworks like Invoke-Obfuscation.

Finally, as an Incident Response consultant with MANDIANT, I will share numerous behaviors and artifacts associated with each cradle that we regularly find during investigations so that both Blue Teamers and Red Teamers can be better educated and equipped when it comes to investigating or employing these various cradles on the job.

About speaker

Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over seven years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques.


Cyber Terrorism

By Kyle Wilhoit

Terrorists have found novel ways to circumvent typical security controls. Examples of these activities come in many forms and can be found everywhere—from using vulnerabilities in software, websites, and web applications as attack vectors, defacing websites to further their political or idealogical viewpoints, all the way to utilizing social networks to convey their messages. No matter what technology or service rolls out in the future, there will always be room for abuse. Terrorist organizations, while taking plays from organized cybercrime or state sponsored entities, are completely different then their counterparts in their methods, ideologies, and motivational factors.

Looking closer at terrorist ecosystems, we attempt to understand terrorist organization’s abuse of technology and online platforms to benefit their cause. We will focus on their methodologies, their use of the “darkweb”, the services they abuse, and the tools they’ve homebrewed to streamline said abuse so that their followers can facilitate their activities much more easily. We will also track financials on the “deep web” attempting to locate financial records of these organizations while also attempting to understand how these organizations are leveraging the “deep web.” We will dive deeply into each of the technologies and how they are used, showing live demos of the tools in use.

About speaker

Kyle Wilhoit is a Sr. Security Researcher (or Purveyor of offensive security) at DomainTools. Kyle focuses on research DNS- related exploits, investigate current cyber threats, and exploration of attack origins and threat actors. Kyle is on the Blackhat Guest Review board, and has spoken at over 50 conferences worldwide, including Blackhat US, Blackhat EU, FIRST, SecTor, Defcon, HiTB, Derbycon, and several more. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn’t be. Kyle is a co-author on the book Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.


Using the ISCSI Protocol to Harvest Unprotected Hard Drives

By Lucas Lundgren

Having problem knowing where to dump your granny pictures? Why not on the internet? Who needs Dropbox when there are just thousands of hard drives out there to waiting to be used? Oh, giddy up, strap up, mount up, and sit down. All your granny pictures are belong to us.

About speaker

Lucas started breaking things at the age of twelve and has reported numerous vulnerabilities since then. A penetration tester for nearly 15 years, Lucas has worked with global security leaders including Sony Ericsson and IOActive. He primarily focuses on penetration testing, fuzzing, and exploit development (any platform, any medium, all the time).


iGoat – A Self Learning Tool for iOS App Pentesting and Security

By Swaroop Yermalkar

OWASP iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

This talk is all about how iOS developers, security analysts can dive deep into iOS App Security using iGoat tool. This talk will start from setting up iGoat to exploiting latest exploits in iOS app. I’ll also release a major version of iGoat with tons of new exercises at SEC-T 2017.

About speaker

Swaroop Yermalkar works as a Senior Security Engineer at Philips. His work includes threat modelling, security research, assessment of IoT devices, healthcare products, web applications, networks, Android, and iOS applications.

Swaroop is an OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project) and one of the top security researchers worldwide who works with Cobalt.io (https://app.cobalt.io/swaroopsy) and Synack.inc. Swaroop has given talks and training at various security conferences, such as Hacks in Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple Banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. Swaroop has written articles for clubHACK magazine and is the author of An Ethical Guide to Wi-Fi Hacking and Security and Learning iOS Penetration Testing (Packt Publishing).


Evil Devices and Direct Memory Attacks

By Ulf Frisk

Total physical pwnage and plenty of live demos in this action packed talk! The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and governments alike. A year later major operating systems are still vulnerable by default. I will demonstrate how to take total control of Linux, Windows and macOS by PCIe DMA code injection. Kernels will be subverted, full disk encryption defeated, file systems mounted and shells spawned! All this by using affordable hardware and the open source PCILeech toolkit.

About speaker

Ulf Frisk is a pentester working in the Swedish financial sector. Ulf focuses mainly on online banking security, penetration testing and it-security audits during daytime and low-level coding during nighttime. Ulf has been working professionally with security since 2011 and has a dark past as a developer.


Cryptocurrencies

By Benjamin Brown

Cryptocurrencies: You keep using that word, anonymity. I do not think it means what you think it means.

About speaker

Benjamin Brown’s current research focuses on the dark web, cybercrime, cryptocurrencies, and underground digital economies. He also engages in internal and customer incident response, adversarial resilience, and security training. His day job is with Akamai Technologies where he has the opportunity to integrate his anthropology and international relations educations with research into large-scale, internet-level security problems.


Above list of speakers and topics is not complete and might change at any notice, though we hope it will only grow with more interesting topics. 🙂