SEC-T - 0x0Compute

September 19-20, 2019 – Stockholm, Sweden

Talks 2019

Zero to Millionaire in 60 minutes: Hacking Real Life Financial Applications

A talk by Himanshu Sharma

“The talk will revolve around us red-teamers testing and penetrating into Banking, Mobile wallets and Non Banking Financial applications. We will cover bugs not only in payment gateways and frameworks but also in applications that fail to implement them properly. This will include bypassing AES encrypted requests, logical bugs in numerous banking applications we tested. We will talk about techniques using which we were able to make recurring deposits in our account which get debited from victim’s accounts, view statements of arbitrary accounts, buy products for free, pay loan instalments for free, pay credit card bills for free, make online recharges from victim accounts, regenerate ATM pins of bank accounts at mass among numerous other exploits along with real life case studies, patches and recommendations”

About Speaker

Himanshu Sharma has been in the field of bug bounty since 2009 and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in tracking down his hacked account and recovering it. He was a speaker Botconf ’13, held in Nantes, France, RSA 2018 held in Singapore. He also spoke at IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the co-founder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services. He also authored two books titled Kali Linux titled “Kali Linux – An Ethical Hacker’s Cookbook”, ” Hands On Red Team Tactics”


Battle in the Clouds: Attacker vs Defender on AWS

A talk by Dani Goland & Mohsan Farid

The interaction between attackers and defenders is like a ping pong game, and that is exactly how we did this research. On the offensive Mo will share his tools and tactics attacking AWS Infrastructures from Recon to Attacks to Post Exploitation on different services with a focus on Elastic Container Service(ECS). After each attack step, Dani will explain the defensive side and tools and tactics for hardening the AWS Infrastructure from Designing a secure Cloud Architecture to Detection to Hardening specific services like Docker containers on ECS. After the battle, we will both walk-through common misconfiguration problems, one-click solutions for monitoring and attack detection, and workflows for pentesters on AWS. One of the most important lessons from our research is the importance of the interaction between pentesters and developers/DevOps engineers, and how a few days of working side by side can help us secure our current systems and learn to develop future systems with security in mind.

About Speakers

Mohsan Farid:
Mohsan has over 13 years of experience in cyber security. Mohsan has ran the gamut in the security space: from penetration testing for Rapid7 as a consultant, penetration testing for numerous federal agencies, pentesting mobile applications for HP, pentesting Fortune 500 companies, and contributing exploits to the Metasploit framework as well as contributing to open source projects. When Mohsan isn’t breaking things, he likes to travel the globe in search of incredible surf, scuba diving, rock climbing, hiking, and is an avid yogi.

Dani Goland:
At the age of 20 he founded his own boutique company for innovative software and hardware solutions. He is a certified AWS Cloud Solutions Architect. While gaining experience in business and finance, Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. During his studies, Dani found VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 2500 researchers. Dani spoke at numerous cybersecurity conferences such as BlackHat USA, CodeBlue Japan, CONfidence, SEC-T, and more. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.


Crypto Cobra: Tales of the nation-state actor targeting crypto-exchanges

A talk by Dani Goland & Ido Naor

There’s only one state-sponsored threat actor that targets victims for financial motivations. Because of sanctions and political implications, it has been told that the isolated kingdom of North Korea resorted into launching vicious malware campaigns against financial institutions to fund their operations. They hold the record for one of the most notorious banking heists in history, but it doesn’t stop there. Tools from their APT group, called Lazarus, has been found in many digital crime scenes and cross-matched other attacks on crypto-currency exchanges as well! This talk is a version 2 in the series, scoping attacks conducted against the virtual currency trading platforms. Ido & Dani will dive into how the lion of APTs takes on its pray in the Jungle of digital warfare.

About Speakers

Ido Naor:
Ido is a principal security researcher at Kaspersky and part of the elite threat intelligence unit called GReAT (Global Research and Analysis Team). During the past 5 years, Ido has been dedicating thousands of hours into hunting for state-sponsored APT actors, mainly in the Middle East. Aside from analyzing malware samples, Ido also enjoys vulnerability research as responsible disclosure. He successfully reported major in-the-wild vulnerabilities used by hackers. In 2018, Ido founded a collaborative malware research platform called Virusbay which skyrocket among world renowned researchers from all over the world. It is a house for over 2500 researchers. Ido holds a bachelor of CS, is a father of three, a Kyokushinkai black belt and a former commander of an elite intelligence unit in the IDF.

Dani Goland:
At the age of 20 he founded his own boutique company for innovative software and hardware solutions. He is a certified AWS Cloud Solutions Architect. While gaining experience in business and finance, Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani recently relocated from Israel to the United States to study Data Science at the prestigious UC Berkeley. During his studies, Dani found VirusBay, a collaborative malware research community which skyrocket amongst the global security community with over 2500 researchers. Dani spoke at numerous cybersecurity conferences such as BlackHat USA, CodeBlue Japan, CONfidence, SEC-T, and more. After serving in the Israeli Defense Forces as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, music concerts, and having crazy, breathtaking experiences such as spending 5 days in the Bolivian Jungle with no food or water.


Cloudhopper

A talk by Vesa

The Swedish National Defense Radio Establishment was among the first organizations to notice the APT campaign later dubbed Cloudhopper. This presentation will reveal some of the discoveries we made and information about the methods used by the threat actor, as well as some techniques that are useful against a threat of this magnitude.

About Speaker

Vesa has worked the last 20+ years with IT-security from different perspectives at the Swedish national authority for Signals Intelligence, FRA.


Game Boy hacking – Making the Midnight Sun CTF Game Boy challenge from hardware to software

A talk by Carl Svensson

For the Midnight Sun CTF finals we created a binary exploitation challenge for the Game Boy. This involved hardware modification, low level software, making a game and developing an exploit on the Z80 architecture. This talk will go through the process and various aspects of hacking the beloved game console.

About Speaker

Carl is a security professional and hobbyist currently working as the head of security at Swedish healthcare startup, Kry. He is a frequent CTF player for the Swedish top team HackingForSoju and an active member of the Swedish and international security community with a great fondness for a broad range of topics, reverse engineering being one of his favorites.


Quantum computing and its impact on the field of cryptology

A talk by Martin Ekerå

The possible future advent of large-scale quantum computing threatens to void the security of asymmetric cryptographic schemes based on the computational intractability of the integer factoring problem (IFP) or the discrete logarithm problem (DLP) in abelian groups.

This implies that virtually all currently widely deployed asymmetric schemes, including but not limited to RSA, finite field Diffie-Hellman (DH), the digital signature algorithm (DSA), elliptic curve DH and elliptic curve DSA, will become susceptible to practical cryptanalytical attacks should large-scale quantum computers materialize. The process of standardizing post-quantum secure replacements for these schemes is already under way.

This talk aims to briefly explain the fundamentals of quantum computing, and to describe the quantum computer algorithms that threaten current asymmetric cryptography, in a manner that is accessible.

Furthermore, this talk aims to describe the rapid transformation that the field of cryptology is currently undergoing in response to the developments in the field of quantum computing, and to advice the community on what actions need to be taken, in what order, and within which approximate time scales, to begin the process of mitigating the quantum threat.

About Speaker

Martin Ekerå is serving as the chief cryptographer of the Swedish NCSA that is a part of the Swedish Armed Forces.

He is also a part-time researcher at the Royal Institute of Technology (KTH) in Stockholm, focusing primarily on quantum computer algorithms for cryptanalysis and on algorithms for post-quantum secure cryptography.


Pwning AWS Cloud services

A talk by Mohammed Aldoub

This talk will touch on methods of gaining and keeping access inside AWS cloud environments, and will showcase also some aws-specific attacks such as attacks against Serverless functions (AWS Lambda), (e.g. Serverless Event Injection), attacks against EC2 instances (even without having access to SSH keys!), methods to backdoor compromised AWS accounts, cloud-wide credential theft, and other attacks. This talk will help penetration testers understand the cloud and how its components interact in order for us to be able to better penetrate and assess risks in cloud environments.

In the talk I’ll also demo my new tool “barq”, the custom AWS post-exploitation tool!

About Speaker

Mohammed Aldoub is an independent security consultant from Kuwait, who, in his 10 years of experience, worked on creating Kuwait’s national infrastructure for PKI, cryptography, smartcards and authentication. Mohammed delivered security trainings, workshops and talks in the Netherlands, USA, Czech Republic, Singapore, Dubai, Lebanon, Riyadh, Kuwait, and in global conferences such as Blackhat, Infosec in City, OPCDE, North Security Conference, and others.

Mohammed is focusing now on APIs,secure devops, modern appsec, cloud-native security, applied cryptography, security architecture and microservices.

You can find his twitter account at https://twitter.com/Voulnet and Github at https://github.com/Voulnet


Modchips of the State: Hardware implants in the supply-chain

A talk by Trammell Hudson

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

We don’t know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

About Speaker

I like to take things apart.

I’m Trammell Hudson, a programmer, photographer, frequent hacker and occasional watchmaker. I enjoy reverse engineering things, restoring antique computers and making things blink. Sometimes I use my Amateur Extra rating (NY3U) and hack on Radio and RF projects. I also have other hobbies involving coffee, aviation, sailing and other vehicles. And on the weekends I enjoy teaching classes at NYC Resistor.