Difference between revisions of "Presentations"

Difference between revisions of "Presentations"

From BruCON 2017

Jump to: navigation, search
(How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend)
Line 77: Line 77:
This includes entertaining and newly discovered attacks including PHP session prediction and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.
This includes entertaining and newly discovered attacks including PHP session prediction and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.
[[Image:pdf_logo.jpg|50px|link= I Met Your Girlfriend.pdf]]
[[Image:pdf_logo.jpg|50px|link=\ I\ Met\ Your\ Girlfriend.pdf]]
==Memoirs of a Data Security Street Fighter==
==Memoirs of a Data Security Street Fighter==

Revision as of 12:34, 29 September 2010


The 2009 archive with videos and presentations can be found on the 2009 wiki


Creating a CERT at WARP Speed: How To Fast Track the Implementation of Your CERT

by Brian Honan

Abstract: A major challenge facing those trying to set up a Computer Emergency Response Team is developing the tools and platform to support the initiative. This session will look at how the WARP (Warning Advice and Reporting Point) platform can be used to facilitate the establishment of a CERT in a cost effective and efficient manner. After spending 4 years trying to convince the Irish Government to establish a national Computer Emergency Response Team with little or no progress, Brian Honan set up a not for profit company to offer CERT services to the Irish business community. However, faced with a very small budget Brian had to determine how best to implement the CERT without compromising the level of service provided to the target community. This talk will cover Brian's journey as he progressed from the initial conception to actually setting up IRISS-CERT,, which is now Ireland's only CERT. Brian will discuss how and why he decided what services were required by the business community and how he used the WARP ( platform to provide those services.

CsFire: browser-enforced mitigation against CSRF

by Lieven Desmet

Abstract: In this talk, we will presents three interesting results of our research: (1) an extensive, real-world traffic analysis to gain more insights in cross-domain web interactions, (2) requirements for client-side mitigation against CSRF and an analysis of existing browser extensions and (3) CsFire , our newly developed FireFox extension to mitigate CSRF.

Pdf logo.jpg

Cyber [Crime|War] - connecting the dots

by Ian Amit

Abstract: CyberWar has been a controversial topic in the past few years. Some say the the mere term is an error. CyberCrime on the other hand has been a major source of concern, as lack of jurisdiction and law enforcement have made it one of organizaed crime's best sources of income. In this talk we will explore the uncharted waters between CyberCrime and CyberWarfare, while mapping out the key players (mostly on the state side) and how past events can be linked to the use of syndicated CyberCrime organization when carrying out attacks on the opposition. We will discuss the connections between standard warfare (kinetic) and how modern campaigns use cybersecurity to its advantage and as an integral part of it

Pdf logo.jpg

Embedded System Hacking and My Plot To Take Over The World

by Paul Asadoorian

Abstract: It seems that as Moore's law is proven time and time again, we as a society are seeing more and more embedded systems help us in our daily lives. Embedded or purpose-built systems those that perform a specific function â are contained in the carriers of our data, from your computer to your online backing site, from the coffee shop network back to your corporate VPN. Each time we use the computer on our home cable modem network, print an important document, or use a wireless network there is typically some kind of embedded system involved. While embedded systems have made our lives easier, security is largely an afterthought if it's a thought at all.
Embedded systems simplify tasks for the end user, but implement very little security. This presentation analyzes common vulnerabilities in popular embedded systems that carry sensitive data every day. It will demostrate the abundance of these systems and vulnerabilities by using public source and new scanning methods. Solving the problem is more difficult, but starts with changing both the developers and user's perception of embedded systems technology.

In this presentation we will cover:

  • Finding embedded system vulnerabilities on a large scale
  • Ways to exploit embedded vulnerabilities and hide from the end user
  • Why controlling embedded systems is so powerful (and how they could be used to take over the world)
  • Ways to mitigate the potential threat
  • Explore some longer term solutions for embedded systems security

Pdf logo.jpg

Finding Backdoors in Code

by Matias Madou

Abstract: Insiders who write code, whether they are developers working for an enterprise or contributors to an open source project, have an almost unlimited number of ways to put chinks in the armor of their software. Many times, these holes are put in place for seemingly good reasons—to facilitate easy debugging, make working from home easier, or as a failsafe in case other mechanisms for interfacing with the system fail. Worse still, malicious insiders can plant logic bombs or insert backdoors so that they can embezzle funds, steal private information, or exact revenge if they become disgruntled.

Whether unintentional or malicious, code that performs questionable behavior or permits unauthorized access can be introduced with relative ease and can persist in a code base almost indefinitely without being discovered. Until it's too late. In this talk, we discuss techniques for applying static analysis to program source code to assist auditors hunting for backdoors, logic bombs, and other threats introduced by insiders. We give detailed examples of insider threats that have been uncovered in real software systems, outline possible motives for malicious insiders, and discuss how external stimuli like layoffs are increasing the attention paid to insider threats. We conclude the talk with results of applying the detection techniques discussed in this talk to real-world software.

GSM security: fact and fiction

by Fabian van den Broek

Abstract: GSM security: fact and fiction 4.1 billion people around the world communicate over GSM. Besides communication, more and more additional services - like payment functionality - are being deployed on top of GSM. It has been over 20 years since GSM was designed, and in that time several security problems have been found, both in the protocols and in the - originally secret - cryptography. However practical exploits of these weaknesses are complicated because of all the signal processing involved and have not been seen much outside of their use by law enforcement agencies.

In recent years new signal capturing capabilities have become available due to the emergence of SDR (Software Defined Radio). The often used combination of the USRP's hardware ( and the GnuRadio software ( makes most signal capturing a lot easier, leading to small groups of people trying to scrutinize the GSM air interface . At the end of 2009 attacks were announced against A5/1,the most common GSM cipher today, and against A5/3, the appointed successor of A5/1 cipher that is also used in 3G networks . This might have given rise to the idea that GSM is now thoroughly broken. However these new attacks still do not enable us to eavesdrop on most GSM traffic.

My talk will discuss the current state-of-affairs in vulnerabilities of the GSM air-interface, separating fact from fiction. I will discuss most current attacks and their (in)feasibility and explain the current practical problems (and possible solutions) that complicate eavesdropping, based on extensive practical experiments with sniffing GSM signals using Gnuradio/airprobe and a Nokia 3310 phone.

Pdf logo.jpg

Head Hacking – The Magic of Suggestion and Perception

by Dale Pearson

Abstract: Social Engineering is considered by many as a sort of magical art form in the Infosec world, some of the best at it must have Jedi like powers to get into some of the places they do. The magic or art of SE is all about creating a situation that suggests you belong, and are perceived to be just like everyone else just going about your business. Some people have a natural flare for SE, they are good at building rapport and are generally likeable. This isn't necessarily something they have learnt, but something they are born with. People say that SE exists because of human stupidity and there is no patch for it, but what if you can understand why the human brain is susceptible, if you understand this better can you be more successful in your SE exploits, and can you use this to educate and perhaps help apply that patch. I am sure that people wont fall for something too many times once they are aware, and have some how experienced it.

During my talk I will discuss how I looked at methods and skills that can be learnt to better understand how the human brain works, and how it can be manipulated. This will take us on the journey and fun of looking at NLP patterns, mentalism and becoming a hypnotist myself. We will talk about why these skills can improve your success as a social engineer, as well as being more aware of being manipulated yourself. The talk will be thought provoking, and encourage you to learn more.

Pdf logo.jpg

How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend

by Samy Kamkar


This includes entertaining and newly discovered attacks including PHP session prediction and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more.

link=\ I\ Met\ Your\ Girlfriend.pdf

Memoirs of a Data Security Street Fighter

by Mikko Hypponen


- 20 years, and what have we got? - Where did we go wrong? - Why can't we fix these things? - Is it going to get better or worse?

Pdf logo.jpg

NFC Malicious Content Sharing

by Roel Verdult

Abstract: The security features of Near Field Communication (NFC) compatible mobile phones needs to be seriously revised. NFC mobile phones can communicate with other NFC mobile phones, NFC readers, or RFID tags in so-called smart posters, for instance to exchange of small files with photos or contact details. To exchange files, two devices should be within the proximity coupling distance of 5 cm, besides this phisical constraint there is no user interaction required. We show that feature interaction between NFC and bluetooth, where an NFC connection starts a bluetooth connection without any request for permission, can be abused to surreptiously install software on an NFC phone. This results in a serious vulnerability, when, for instance “smart posters” start acting “smarter” and install malicious applications instead of providing some harmless information. We verified this vulnerability on the recently released Nokia 6212 Clasic phones.

Project Skylab 1.0: Helping You Get Your Cloud On

by Craig Balding

Abstract: Got Cloud? Cloud Computing and Security is a lot like sex: everyone is talking about it, but few people are getting any. Informal surveys of security geeks at infosec cons reveals that 90% of attendees haven't even got to first base (aka spinning up a virtual machine at a public cloud provider). This talk will help you "get your cloud on" for something that you might actually find useful. Whether you're a penetration tester seeking a place for target practice, a sysadmin looking to test new tools or a vulnerability researcher, you'll learn how to create an on-demand, cloud based, security test lab with no hardware, for significantly less than the cost of a first date. Kicked off in March at SecureCloud 2010 in Barcelona, the Skylab project will come to fruition just in time for Brucon. Fun times ahead! (for credit card holders).

Pdf logo.jpg

"The Monkey Steals the Berries" The State of Mobile Security

by Tyler Shields

Abstract: Mobile Application security is a fresh new target for malware and malicious backdoors. The presenter has previously released a fully functional spyware application that exfiltrates any and all personal and private information on a Blackberry device. This presentation will go over the current state of mobile spyware, trojans, and backdoor applications as well as dive into the technical details that makes his particular brand of Spyware tick. All new spyware features will be introduced that will demonstrate the extent of functionality available from the device manufacturers own provided API set.

Pdf logo.jpg

The WOMBAT Project: Recent Developments in Internet Threats Analysis

by Olivier Thonnard and Andreas Moser

Abstract: In the recent years, many security experts have acknowledged the fact that the cyber-crime scene becomes increasingly organized and more consolidated. Even though there are some plausible indicators about the origins, causes, and consequences of these new malicious activities observed in the Internet, many questions remain regarding the attribution of the attacks and the organization of cybercrime.

WOMBAT (Worldwide Observatory of Malicious Behaviors and Threats - is a European project (FP7) which aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. In this talk, we will focus on some recent developments done by WOMBAT researchers regarding Internet threats analysis.

Pdf logo.jpg

Fireshark - A tool to Link the Malicious Web

by Stephan Chenette

Abstract: Thousands of legitimate web sites serve malicious content to millions of visitors each and every day.

Trying to piece all the research together to confirm any similarities between possible common group patterns within these websites, such as redirectors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be time-consuming and sometimes impossible given many of the freely available tools.

I will present a web security research project called FireShark that is capable of visiting large collections of websites at a time, executing, storing and analyzing the content, and from it identifying hundreds of malicious ecosystems of which the data, such as the normalized, deobfuscated content within them can easily be analyzed.

In this presentation many of the major web exploit kits will be analyzed using Fireshark.

Top 5 ways to steal a company "Forget root, I want it all"

by Chris Nickerson

Abstract: This will be a highly interactive talk with the audience! the corporate landscape is built on a toothpick pillar and it is time to point it out. This talk will challenge the audience to find flaws in pictures/videos, identify universal weak points in culture and design, as well as go through the top 5 ways to completely take over most of the companies out there. We will blur the line of black/white hat to show how it is done in the real world.

You Spent All That Money And You Still Got Owned...

by Joseph McCray

Abstract: This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC).

The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.

The key areas are:

  • IPS Identification and Evasion
  • WAF Identification and Bypass
  • Anti-Virus Bypass
  • Privilege Escalation
  • Becoming Domain Admin

Pdf logo.jpg

Your Project: From Idea To Reality "Make A Living Doing What You Love"

by Mitch Altman

Abstract: If you have a project idea, you can bring it into the world, and possibly even make a living from it. Mitch tells the story of how he brought TV-B-Gone into the world, using it as an example to show how you can do the same with your ideas, while along the way sharing some of the pitfals that you can avoid running your own small business.

If you have ever had an idea that is burying inside of you, there has never been a better time to bring it into reality. By inventing and selling TV-B-Gone universal remote controls, I learned a lot about how to manufacture projects and make them into viable products that earn me a living. In this presentation I will give an overview of the entire process: from idea to product to end user to collecting checks. I will share some surprising experience gained along the way that can help you avoid some of the same mistakes of running a small business. I make a living on projects I love. Perhaps you can too.

Pdf logo.jpg