|Thursday April 18, 2024
|Registration and Morning Coffee: Powered by Mint Security
|Opening Words, Tomi Tuominen
|Systems Alchemy: the transmutation of hacking
|Coffee: Powered by Unknown sponsor
|Hacking a Satellite for Fun and Profit
|Distance over Velocity: Practical tips from the field for Red and Blue teams
|Securing Azure Open AI apps in the Enterprise
|Attacking the supply chain - The miscreants field manual
|Two fat men, a clipboard warrior and a one file system (NFS)
Christer, Claes & Marcus
|Coffee: Powered by Critical Section Security / Otto Ebeling
|Hacking - 30 years ago
|Closing Words for the 1st day, Tomi Tuominen
|Cocktails & Networking: Powered by WithSecure
|Cocktails & Networking ends
|Dinner: Powered by WithSecure
|Friday April 19, 2024
|Morning Coffee: Powered by Mint Security
|From Drone Strike to File Recovery, outsmarting a nation state
|Coffee: Powered by Unknown sponsor
|Economizing Mobile Network Warfare: Budget-Friendly Baseband Fuzzing
|All You Need Is Guest
|Navigating the Labyrinth - How to find bugs in large code bases
X41 D-Sec GmbH
|The Dark Side of AI: The Hidden Risks in Open-Source AI Models
Jossef Harush Kadouri
|Coffee: Powered by Critical Section Security / Otto Ebeling
|Waves of intrusion: From rogue signals to the supervillain scenario
Tom Van de Wiele
|Closing Words, Tomi Tuominen
Systems Alchemy: the transmutation of hackingThaddeus grugq
Everywhere we look we find complex systems creating, enabling, controlling and shaping the fabric of modern life. The critical infrastructure of society is dependent on systems, mostly privately owned, that have same the inherent problems of all complex systems.
In this keynote we examine the properties of systems and how understanding them creates new opportunities for hacking. Adopting systems thinking allows hackers to target and manipulate everything from critical social infrastructure to the very physics of cyberspace.
er... I'll get back to you with that.
Hacking a Satellite for Fun and ProfitMario Polino @ mhackeroni
A light-hearted and entertaining dive into our victorious adventure at Hack-A-Sat! Our presentation takes you on a ride through the challenges and triumphs of hacking into an orbiting satellite, the Moonlighter. What is a Capture The Flag What is Hack-A-Sat How Qualification works How to Organize a CTF Team The competition The preparation of the team for the competition Same challenge example and solution.
Mario Polino has been a hacker and CTF player since 2008. He has a PhD in Computer Security from Politecnico di Milano. Mario worked as a researcher at Politecnico, publishing scientific papers on binary and malware analysis and ML for cybersecurity.
Mario has been the captain of Politecnico's team, Tower of Hanoi (https://toh.necst.it/about/, winner of ruCTF 2019), and is the captain of the Italian team mhackeroni (https://mhackeroni.it/ 5 times DEF CON CTF Finalist). Mario coaches Team Italy (https://teamitaly.eu/), the national Italian hacking team, and Team Europe (https://teameurope.site/), the hacking team selected among all European nations.
Distance over Velocity: Practical tips from the field for Red and Blue teamsYossi Sassi @ 10root/freelance
What makes or breaks a successful cyber attack? Can it be attributed to defenders' design, an adversary's execution, or something else? what REALLY makes an attack stealthy, in an uninterrupted window of adversary opportunity or, vice versa, a solid, high-fidelity, early detection and containment? In this 'demo packed' session we will dive into some hands-on practical examples for both offensive & defensive teams on the single most important metric - Time, and how to effectively utilize it, based upon ongoing research from 2 decades & over 100 organizations.
Seasoned InfoSec researcher and trainer. Yossi Sassi has accumulated extensive experience in information security for over 30 years, on assessments in 4 continents, conducting DF/IR investigations and more, including Fortune100 customers. Ex-Javelin Networks (advanced deception solution acquired by Symantec in 2018). Ex-Technology Group Manager at Microsoft (coded windows server tools). Sassi was awarded 4 Peace and friendship awards from governments and universities worldwide, and speaks regularly at various security conferences around the globe.
Attacking the supply chain - The miscreants field manualMackenzie Jackson @ GitGuardian
Software supply chain attacks have forever changed the security landscape, enabling attackers to target more victims with increasingly sophisticated attacks. But how do these supply chain attacks unfold in reality? This talk reviews high-profile attacks and then recreates the steps through a series of live demos to uncover and unmask how supply chain attacks unfold and how we can prevent them.
Mackenzie is a developer and security advocate with a passion for DevOps and application security.
As the co-founder and former CTO of the health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations. Today Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, an experienced global speaker, and appeared as an expert in documentaries and television broadcasts.
Securing Azure Open AI apps in the EnterpriseKarl Ots @ EPAM Systems
With the last year bringing us real hands-on experience with Azure OpenAI, and the announcement of OpenAI’s ChatGPT Enterprise. it's time to look at how to properly secure Open AI services in Azure.
In this session, we explore the core security controls for securing usage of OpenAI’s services in an enterprise environment. We cover what controls are available, which are missing, what is their effective coverage, and how to implement them.
Karl Ots is a cloud and cybersecurity leader with over 15 years of industry experience. Karl has secured some of the largest enterprises in technology, manufacturing, and finance. In his role at EPAM Systems, a global engineering and consulting company, he serves as Head of Cloud Security.
Karl is recognized as with the Microsoft Regional Director and Security MVP. He is a patented inventor, a best-selling author, and an international conference speaker. He has presented in conferences such as ISC2 Congress, InfoSec World, SANS CloudSecNext and BSides.
Two fat men, a clipboard warrior and a one file system (NFS)Christer, Claes & Marcus @ signedness.org
Working on a different project we stumbled across some NFS bugs, then realized that the BSD implementations were less than robust to put it mildly. Digging deeper more bugs were found (not memory corruption bugs...) and that pretty much every implementation we could find was vulnerable. These bugs are super trivial to exploit and are present pretty much everywhere NFS is used (take FreeBSD from the earliest version we managed to install in a VM to the latest is vulnerable).
Christer is a a fat electrician who likes vuln hunting, exploitation, drinking, brewing and talking about good beer. He is also the eternal supreme leader of SOG
Claes is a fat chef who likes vuln hunting, exploitation, good beer and food. He is a a high ranking member of SOG and the leader of PNS
Marcus has no IT-security background and the unenviable task of trying to manage Claes and Christer but enough common sense to trust them to do their own thing and hope for good results (sounds easy enough, right? Wrong! 15 or so predecessors did not have the same common sense)
Hacking - 30 years agoWalter Belgers @ FRTN
Since the internet exists, people have been trying to circumvent security. Whereas most people nowadays do so for financial gain, 30 years ago the world looked different. The internet connected academia. The people hacking were students, almost the only people who had access. Not many system administrators were paying much attention to security and for hackers, breaking into sites such as that of NASA, were ways to gain a reputation. In this presentation, "one of the Dutch hackers" will take a look at the hacking scene in the late 1980s, early 1990s.
Walter started hacking in the late 1980s, after he got his first UNIX account at his university. It was a time of pioneering. No computer crime laws existed but he was in some scary situations. Luckily, Walter was able to become an ethical hacker and make it his profession. He is also a known lockpicker and recently had a book published on the subject. When Walter is not hacking, he likes to read, sail, and drive in rally cars in Finland.
From Drone Strike to File Recovery, outsmarting a nation stateGuy Barnhart-Magen @ Profero
This is our stage, set in early 2023, a nation state is prepping a campaign against several organizations - using similar TTPs.
Join us on an exhilarating journey through a massive incident response (IR) in an incredibly intricate setting. Picture this: A drone strike motivates a nation state to attack an organization and launch an InfoOps campaign. With over 30 distinct Business Units, each with its own unique IT structure. Every endpoint directly exposed to the vast expanse of the internet, boasting a class B IP range. And to top it off, varying levels of security hygiene.
But wait, there's more! The attackers unleashed a devastating ransomware attack, which, surprise, turned out to be successful. Countless terabytes of data held hostage, with no possibility of a key.
Fear not, for we have discovered a remarkable method to exploit this ransomware and reclaim the majority of the encrypted data. Prepare to witness the magic of resourcefulness, innovation, and the art of cracking cryptography. Brace yourself for a talk that will leave you in awe!
With nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.
As the Co-Founder and CTO of the Incident Response company Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach.
Most recently, he led Intel’s Predictive Threat Analysis group, which focused on securing machine learning systems and trusted execution environments. At Intel, he defined the global AI security strategy and roadmap. In addition, he spoke at dozens of events on the research he and the group have done on Security for AI systems and published several white papers on the subject.
Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages, to name a few), and the recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cybersecurity advocate rank.
He started as a software developer for several security startups and spent eight years in the IDF. After completing his Electrical Engineering and Applied Mathematics degrees, he focused on security research in real-world applications.
He joined NDS (later acquired by Cisco). He led the Anti-Hacking, Cryptography, and Supply Chain Security Groups (~25 people in USA and Israel).
Brenton leads Incident Response engagements on a daily basis for Profero. From sophisticated cloud attackers to ransomware events. Brenton has a unique set of combined security research and developer experience, allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.
Economizing Mobile Network Warfare: Budget-Friendly Baseband FuzzingJanne Taponen @ Fraktal Oy
In an era dominated by mobile communication, ensuring the security of networks and the devices connected to them is crucial. "Economizing Mobile Network Warfare: Budget-Friendly Baseband Fuzzing" explores the significant role of Software Defined Radios (SDRs) in making baseband fuzzing both accessible and affordable. This talk guides you through building and operating a cost-effective baseband fuzzing rig. The talk will also cover how Large Language Models (LLMs) can be leveraged to accelerate the development of protocol parsers, enhance code understanding, and aid in the reverse engineering of large-sized baseband modem firmwares.
We will showcase key discoveries from such setups focusing on the often-neglected vulnerabilities in device radio access network (RAN) interfaces. Our exploration spans various devices, including automotive communication ECUs, payment terminals, cellular modems, and mobile phones. We'll dissect the intricacies of modem firmware reverse engineering, including methods to acquire firmware and the associated challenges. The talk also features ideas on practical testing of discovered baseband vulnerabilities, assessing the feasibility of exploiting these vulnerabilities in ISP-run networks.
The presentation will shed light on the possibilities of RAN security research offered by running your own cellular infrastructure.
Janne is a full-spectrum hacker and works with product security from the PCB to the cloud, and everything in between. Janne is the hardware security lead at Fraktal.
Navigating the Labyrinth - How to find bugs in large code basesEric Sesterhenn @ X41 D-Sec GmbH
Too afraid to look at the haystack to find the needle? No idea where to start when searching for vulnerabilities? Finding a Bug in 10 lines of code can be hard, but how do you tackle 100000 lines? You experience a feeling of auditors block after executing tar xvz? No fear - this talk will help you find your way through the various labyrinths and disentangle the thread. This talk explains different approaches and strategies on how to audit large code bases for security vulnerabilities with a focus on C code. These will be illustrated with real world security issues from various open source projects such as Unbound, BIND9 and git.
Eric Sesterhenn is working as an IT Security consultant for more than 20 years (currently at X41 D-Sec GmbH), working mostly in the areas of source code auditing and penetration testing. He has identified vulnerabilities in various software projects including the Linux kernel, X.org, git and BIND9.
All You Need Is GuestMichael Bargury @ Zenity
EntraID guest accounts are widely used to grant external parties limited access to enterprise resources, with the assumption that these accounts pose little security risk. As you're about to see, this assumption is dangerously wrong.
In this talk, we will show how guests can leverage undocumented APIs to bypass limitations and gain unauthorized access to sensitive business data and capabilities including corporate SQL servers and Azure resources. Furthermore, we will reveal how guests can create and control internal business applications to move laterally within the organization. All capabilities presented in the talk will be demonstrated with default Office 365 and EntraID configuration.
Next, we will drop PowerPwn, an offensive security toolset for Microsoft 365 focused on Power Platform. PowerPwn uncovers the true scope of guest access in your tenant. It automates limitation bypass, enumerate and dump all accessible data, and allow for interactive write and delete operations by the researcher.
Finally, we will make up for shattering the illusion of guests having limited access by sharing concrete steps to harden your Azure AD and Office 365 configurations to prevent such attacks and suggest detection logic to catch them if a change in configuration is not possible.
Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. He also leads the OWASP No-Code/Low-Code Top 10 project and writes about it on DarkReading. Michael is a regular speaker at BlackHat, DEFCON, OWASP and BSides.
The Dark Side of AI: The Hidden Risks in Open-Source AI ModelsJossef Harush Kadouri @ Checkmarx
In a world where generative AI and Large Language Models (LLMs) have become integral to business operations, companies are confronted with a unique set of challenges.
In this talk, we will demonstrate how AI models are built, with a focus on their vulnerabilities. We will then give a live demo of how an attacker might exploit these weaknesses to build malicious models and publish them to be consumed by victims.
In addition, we'll be addressing takeaways related to the use of generative AI and LLMs within companies:
What challenges do companies face today when it comes to employee use of generative AI and LLMs?
How can companies understand their company’s specific risks regarding generative AI and LLMs, and best mitigate against them?
Can companies benefit from the productivity gains of generative AI and LLMs while still meeting compliance, privacy, and security standards?
Jossef Harush Kadouri
In 2020, I co-founded Dustico (acquired by Checkmarx), a software supply chain security company. Since then, I have been working with my team to identify and prevent software supply chain attackers, ensuring the safety of the ecosystem.
I have a passion for startups and have had the opportunity to be involved with several, including Dustico (as a co-founder), Zero Networks (as a co-founder), and CyberX (as the first employee).
I love to contribute code to open-source and answer questions, ranked in the top 1% on Stack Overflow.
Checkout my published stories: https://medium.com/@jossef https://github.com/jossef
Waves of intrusion: From rogue signals to the supervillain scenarioTom Van de Wiele
This talk explores the evolution of signal hacking and its impact on infrastructure and society. It highlights the significant security gaps in essential systems with historic and recent examples and discusses personal on-going research with regards to the invisible critical infrastructure that surrounds us. The talk will also highlight the on-going contrast and misunderstanding of the media and Hollywood's interpretation of what a real cyber disaster would look like.
Tom Van de Wiele stands at the forefront of cyber security as a distinguished speaker, researcher, and ethical hacker. With over two decades of experience, his expertise spans across various cyber security domains and business sectors, where he has offered his insights as an advisor and conducted intrusion testing of high security environments.