From BruCON 2017
- Wednesday 16/09 - Thursday 17/09: see Training
- Friday 18/09 - Saturday 19/09: Workshops + Presentations + Lightning Talks
Conference doors and registration will be open at 8:00 on Friday
- Brucon Workshop #1: Digital ID workshop
- Brucon Workshop #2: Toool will be present at Brucon
- Brucon Workshop #3: Wireless auditing
- Brucon Workshop #4: VOIP workshop
For now, we have just a complete list of confirmed presentations
“I am walking through a city made of glass and I have a bag full of rocks” (Dispelling the myths and discussing the facts Global Cyber-Warfare)
by Jayson E. Street
Abstract: There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.
A new web attack vector: Script Fragmentation
by Stephan Chenette
Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.
This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.
Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.
All Your Packets Are Belong to Us - Attacking Backbone Technologies
by Daniel Mende
Abstract: The year 2008 has seen some severe attacks on infrastructure protocols (SNMP, DNS, BGP). We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today's carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It's about making the theoretical practical, once more!
Botnets, Ransomware, Malware, and Stuff!
by Julia Wolf
Building Hackerspaces Everywhere
by Esther Schneeweisz
Abstract: Within the last 12 months, we've seen hackerspaces spread all across the world at an incredible rate, and hackers everywhere getting involved with the movement and turning into the most excited entusiasts for shared community spaces to research and/or build things. As of today there are 102 officially known active hackerspaces and another 82 in planning or building process. The media has developed an interest in the movement, its history (reaching back dozens of years already), and its current status.
However, the epic plan of taking over the world and bringing new mechanisms of studying, working and experience to the people doesn't stop here. The 40 minute talk will mostly focus on why to build a hackerspace, how, and what questions to ask yourself in the process. It will conclude in an extensive Q/A round.
How to prepare, coordinate and conduct a cyber attack
by Eric Adrien Filiol
This talk intends to present how true cyberattack could be planned and launched from a military perspective but with the technical aspects in mind. The aim is to explain why the common definition of cyber attack is totally wrong and to show what a rogue group or a rogue nation could really do. Our approach is based on Nato InfoOps techniques, military doctrines and computer attacks techniques. A number a examples will be given to illustrate the talk.
by Brian Honan
Abstract: In late 2008 the author was challenged by an Irish security journalist to steal her identity. The author was only allowed to use information that could be found online, could not break any laws and could not use any social engineering techniques. The author will present what information was available online, whether or not he was succesful and what lessons can be learned from the experience in relation to an individual's privacy.
Malicious Markup - I thought you were my friend - cycle 3
by Mario Heiderich
Abstract: The talk will cover a short exegesis of how and where browser vendors talk about security - and what can be seen from a security professionals perspective. The ratio between the growth of new browser technologies and the amount of time for developers to learn working with them could turn out to be a problem - especially when knowing that todays browsers support a vast amount of lost treasures. Amongst them various XML quirks, data islands, SVG fonts etc. which make it hard to protect rich web applications. Surprising but true: several of the most recent in-the-wild browser exploits were possible due to those legacy features like the IE6-8 code execution flaw. Reason enough to dive into a collection of weird techniques and standards exposing attack vectors and scenarios that WAF systems and filters might have some trouble with. The talk also shows some issues regarding IE8 and Opera 10 - as well as current Firefox versions. The conclusion of the talk features an overview of what we can expect during the next months, ways for developers and related parties to deal with those security risks.
Open Source Information Gathering
by Chris Gates
Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we're on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.
Rage Against The Kiosk
by Paul James Craig
My name is Paul Craig, and I am the self proclaimed "King of Kiosk Hacking".
Last year at Defcon 16, I released iKAT v1.0 (The Interactive Kiosk Attack Tool). iKAT is an online tool designed to allow users to hack an internet Windows Kiosk terminal, in less than one minute.
Thousands of Kiosks worldwide have accessed iKAT and witnessed its Kiosk hacking power.
Kiosk vendors ran for cover after the Defcon release, fixing their software and explicitly blocking iKAT and my techniques. The year is now 2009, and I have spent my spare time playing with more Kiosks. With even more success than ever before!
iKAT v2.0 is now ready to be released, with more oh-day, more tools and more tricks, to provide you with the ultimate Kiosk hacking experience.
Red and Tiger Team
by Chris Nickerson
Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?
To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.
Social engineering for penetration testers
by Sharon Conheady
In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorised access to sensitive information or facilities.
Does this mean that there are fewer successful social engineering attacks?Unfortunately not.
In fact, because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more people are resorting to social engineering techniques as a means of gaining access to an organisation's resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organisation gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test?
During my talk, I will discuss the practical aspects of a social engineering attack, providing plenty of war stories from my career as a social engineer. The key to preventing social engineering attacks from being successful lies in education and awareness. This talk will give the audience an insight into the techniques used by social engineers, whether as part of an ethical social engineering test or as a malicious social engineering attack.
SQL Injection - how far does the rabbit hole go?
by Justin Clarke
Abstract: SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea.
This talk starts from what was demonstrated last year at Black Hat in Las Vegas, where a self propagating SQL Injection worm was demonstrated live on stage. Explore some of the deeper, darker areas of SQL Injection, hybrid attacks, and exploiting obscure database functionality.
The Frogs Who Desired A King: A Virtualization and Cloud Computing Security Fable Set To Interpretive Dance
by Christofer Hoff
Abstract: Aesop wrote this little ditty about some discontented frogs who lived in a pond. They asked Zeus for a King. They got one. It ate them. The moral of this story is "be careful what you wish for as you might just get it."
The corresponding analog is that of virtualization and cloud security. It's coming, but it's not going to look much like what security looks like today and it's certainly not what people are expecting. In fact, it may consume us all because we're unprepared for what we're asking for.
Transition to IPv6 on the Internet: Threats and Mitigation Techniques
by Eric Vyncke
While IPv6 security is relatively well known in European Universities, most enterprises and service providers had little exposure to it.
This is becoming really worrying because Microsoft Vista, 2008 includes IPv6 and IPv6 is even the preferred communication protocol. While this is probably a good thing, the transition mechanisms (notably the tunneling) can lead to risk exposure...
The IPv4-address exhaustion is for 2010, this means that the migration to IPv6 is happening and that it is urgent to expose the security community to IPv6 with the latest news (like secure neighbor discovery which has been designed to secure the ARP-like function with cryptographically generated addresses). The session also cover the threats linked to the dual-stack approach and the use of carrrier grade NAT.
by Vincent Rijmen
Abstract: Until late in the last century, cryptology and cryptographers were working almost exclusively for the military and government organizations. From the 1970s onwards, first companies and later also individuals started to use cryptography to protect their sensitive data. Cryptology became an open and lively field of research. Although in the recent past many people have benefited from the increased use of cryptographic applications, currently there are growing doubts about the trust we can put in cryptology and its applications.