From BruCON 2017
Automated 0wnage with Return Oriented Programming
by Erik Buchanan
Abstract: Return-Oriented Programming has become a hot topic in security research. However, little work has been done to make ROP simple to use. In this talk, we will present a framework for automating Return-Oriented Programming to make using it as simple as writing a payload to exploit a vulnerability. ROP allows an attacker to exploit a vulnerability effectively, even in the face of defenses like Windows’ Data Execution Prevention (DEP) and similar code-injection defenses. While creating a custom payload for ROP exploitation can be tricky, our compiler completely removes the complexity of programming attacks in a return-oriented fashion.
CsFire: browser-enforced mitigation against CSRF
by Lieven Desmet
Abstract: In this talk, we will presents three interesting results of our research: (1) an extensive, real-world traffic analysis to gain more insights in cross-domain web interactions, (2) requirements for client-side mitigation against CSRF and an analysis of existing browser extensions and (3) CsFire , our newly developed FireFox extension to mitigate CSRF.
Cyber [Crime|War] - connecting the dots
by Ian Amit
Abstract: CyberWar has been a controversial topic in the past few years. Some say the the mere term is an error. CyberCrime on the other hand has been a major source of concern, as lack of jurisdiction and law enforcement have made it one of organizaed crime's best sources of income. In this talk we will explore the uncharted waters between CyberCrime and CyberWarfare, while mapping out the key players (mostly on the state side) and how past events can be linked to the use of syndicated CyberCrime organization when carrying out attacks on the opposition. We will discuss the connections between standard warfare (kinetic) and how modern campaigns use cybersecurity to its advantage and as an integral part of it
Embedded System Hacking and My Plot To Take Over The World
by Paul Asadoorian
Abstract: It seems that as Moore's law is proven time and time again, we as a society are seeing more and more embedded systems help us in our daily lives. Embedded or purpose-built systems those that perform a specific function â are contained in the carriers of our data, from your computer to your online backing site, from the coffee shop network back to your corporate VPN. Each time we use the computer on our home cable modem network, print an important document, or use a wireless network there is typically some kind of embedded system involved. While embedded systems have made our lives easier, security is largely an afterthought if it's a thought at all.
Embedded systems simplify tasks for the end user, but implement very little security. This presentation analyzes common vulnerabilities in popular embedded systems that carry sensitive data every day. It will demostrate the abundance of these systems and vulnerabilities by using public source and new scanning methods. Solving the problem is more difficult, but starts with changing both the developers and user's perception of embedded systems technology.
In this presentation we will cover:
- Finding embedded system vulnerabilities on a large scale
- Ways to exploit embedded vulnerabilities and hide from the end user
- Why controlling embedded systems is so powerful (and how they could be used to take over the world)
- Ways to mitigate the potential threat
- Explore some longer term solutions for embedded systems security
GSM security: fact and fiction
by Fabian van den Broek
Abstract: GSM security: fact and fiction 4.1 billion people around the world communicate over GSM. Besides communication, more and more additional services - like payment functionality - are being deployed on top of GSM. It has been over 20 years since GSM was designed, and in that time several security problems have been found, both in the protocols and in the - originally secret - cryptography. However practical exploits of these weaknesses are complicated because of all the signal processing involved and have not been seen much outside of their use by law enforcement agencies.
In recent years new signal capturing capabilities have become available due to the emergence of SDR (Software Defined Radio). The often used combination of the USRP's hardware (http://www.ettus.com/) and the GnuRadio software (http://gnuradio.org/trac) makes most signal capturing a lot easier, leading to small groups of people trying to scrutinize the GSM air interface . At the end of 2009 attacks were announced against A5/1,the most common GSM cipher today, and against A5/3, the appointed successor of A5/1 cipher that is also used in 3G networks . This might have given rise to the idea that GSM is now thoroughly broken. However these new attacks still do not enable us to eavesdrop on most GSM traffic.
My talk will discuss the current state-of-affairs in vulnerabilities of the GSM air-interface, separating fact from fiction. I will discuss most current attacks and their (in)feasibility and explain the current practical problems (and possible solutions) that complicate eavesdropping, based on extensive practical experiments with sniffing GSM signals using Gnuradio/airprobe and a Nokia 3310 phone.
Head Hacking – The Magic of Suggestion and Perception
by Dale Pearson
Abstract: Social Engineering is considered by many as a sort of magical art form in the Infosec world, some of the best at it must have Jedi like powers to get into some of the places they do. The magic or art of SE is all about creating a situation that suggests you belong, and are perceived to be just like everyone else just going about your business. Some people have a natural flare for SE, they are good at building rapport and are generally likeable. This isn't necessarily something they have learnt, but something they are born with. People say that SE exists because of human stupidity and there is no patch for it, but what if you can understand why the human brain is susceptible, if you understand this better can you be more successful in your SE exploits, and can you use this to educate and perhaps help apply that patch. I am sure that people wont fall for something too many times once they are aware, and have some how experienced it.
During my talk I will discuss how I looked at methods and skills that can be learnt to better understand how the human brain works, and how it can be manipulated. This will take us on the journey and fun of looking at NLP patterns, mentalism and becoming a hypnotist myself. We will talk about why these skills can improve your success as a social engineer, as well as being more aware of being manipulated yourself. The talk will be thought provoking, and encourage you to learn more.
Memoirs of a Data Security Street Fighter
by Mikko Hypponen
- 20 years, and what have we got? - Where did we go wrong? - Why can't we fix these things? - Is it going to get better or worse?
NFC Malicious Content Sharing
by Roel Verdult
Abstract: The security features of Near Field Communication (NFC) compatible mobile phones needs to be seriously revised. NFC mobile phones can communicate with other NFC mobile phones, NFC readers, or RFID tags in so-called smart posters, for instance to exchange of small files with photos or contact details. To exchange files, two devices should be within the proximity coupling distance of 5 cm, besides this phisical constraint there is no user interaction required. We show that feature interaction between NFC and bluetooth, where an NFC connection starts a bluetooth connection without any request for permission, can be abused to surreptiously install software on an NFC phone. This results in a serious vulnerability, when, for instance “smart posters” start acting “smarter” and install malicious applications instead of providing some harmless information. We verified this vulnerability on the recently released Nokia 6212 Clasic phones.
Project Skylab 1.0: Helping You Get Your Cloud On
by Craig Balding
Abstract: Got Cloud? Cloud Computing and Security is a lot like sex: everyone is talking about it, but few people are getting any. Informal surveys of security geeks at infosec cons reveals that 90% of attendees haven't even got to first base (aka spinning up a virtual machine at a public cloud provider). This talk will help you "get your cloud on" for something that you might actually find useful. Whether you're a penetration tester seeking a place for target practice, a sysadmin looking to test new tools or a vulnerability researcher, you'll learn how to create an on-demand, cloud based, security test lab with no hardware, for significantly less than the cost of a first date. Kicked off in March at SecureCloud 2010 in Barcelona, the Skylab project will come to fruition just in time for Brucon. Fun times ahead! (for credit card holders).
"The Monkey Steals the Berries" The State of Mobile Security
by Tyler Shields
Abstract: Mobile Application security is a fresh new target for malware and malicious backdoors. The presenter has previously released a fully functional spyware application that exfiltrates any and all personal and private information on a Blackberry device. This presentation will go over the current state of mobile spyware, trojans, and backdoor applications as well as dive into the technical details that makes his particular brand of Spyware tick. All new spyware features will be introduced that will demonstrate the extent of functionality available from the device manufacturers own provided API set.
The WOMBAT Project: Recent Developments in Internet Threats Analysis
by Olivier Thonnard and Andreas Moser
Abstract: In the recent years, many security experts have acknowledged the fact that the cyber-crime scene becomes increasingly organized and more consolidated. Even though there are some plausible indicators about the origins, causes, and consequences of these new malicious activities observed in the Internet, many questions remain regarding the attribution of the attacks and the organization of cybercrime.
WOMBAT (Worldwide Observatory of Malicious Behaviors and Threats - http://www.wombat-project.eu) is a European project (FP7) which aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. In this talk, we will focus on some recent developments done by WOMBAT researchers regarding Internet threats analysis.
Fireshark - A tool to Link the Malicious Web
by Stephan Chenette
Abstract: Thousands of legitimate web sites serve malicious content to millions of visitors each and every day.
Trying to piece all the research together to confirm any similarities between possible common group patterns within these websites, such as redirectors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be time-consuming and sometimes impossible given many of the freely available tools.
I will present a web security research project called FireShark that is capable of visiting large collections of websites at a time, executing, storing and analyzing the content, and from it identifying hundreds of malicious ecosystems of which the data, such as the normalized, deobfuscated content within them can easily be analyzed.
In this presentation many of the major web exploit kits will be analyzed using Fireshark.
Top 5 ways to steal a company "Forget root, I want it all"
by Chris Nickerson
Abstract: This will be a highly interactive talk with the audience! the corporate landscape is built on a toothpick pillar and it is time to point it out. This talk will challenge the audience to find flaws in pictures/videos, identify universal weak points in culture and design, as well as go through the top 5 ways to completely take over most of the companies out there. We will blur the line of black/white hat to show how it is done in the real world.
Tor: Censorship Circumvention in the Real World
by Jacob Appelbaum
Abstract:The Tor network is the largest and well known anonymity network ever deployed.
How does it work? Who uses it, where do they use it, and why do they use it? This talk will give a quick introduction to the Tor network, it will include real life examples of people using Tor to safeguard their use of the internet, and it will cover some of the current challenges facing the Tor network.
If you've ever wondered about country-wide firewalls (both the technology and the social support behind them), geographically anonymous hosting, or practical privacy on the internet - this talk will be of interest.
You Spent All That Money And You Still Got Owned...
by Joseph McCray
Abstract: This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC).
The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.
The key areas are:
- IPS Identification and Evasion
- WAF Identification and Bypass
- Anti-Virus Bypass
- Privilege Escalation
- Becoming Domain Admin
Your Project: From Idea To Reality "Make A Living Doing What You Love"
by Mitch Altman
Abstract: If you have a project idea, you can bring it into the world, and possibly even make a living from it. Mitch tells the story of how he brought TV-B-Gone into the world, using it as an example to show how you can do the same with your ideas, while along the way sharing some of the pitfals that you can avoid running your own small business.
If you have ever had an idea that is burying inside of you, there has never been a better time to bring it into reality. By inventing and selling TV-B-Gone universal remote controls, I learned a lot about how to manufacture projects and make them into viable products that earn me a living. In this presentation I will give an overview of the entire process: from idea to product to end user to collecting checks. I will share some surprising experience gained along the way that can help you avoid some of the same mistakes of running a small business. I make a living on projects I love. Perhaps you can too.