Presented by d1dymu5 and n8zwn (Colin Jackson and Nathan Smith) At a recent conference, a few of us were discussing how there are a ton of great info security peeps in the area that have really cool ideas and project, yet many don't feel comfortable presenting them or submitting papers about their ideas. We've also felt that many of the same people present due to lack of submissions. The overall goal of this presentation will be about stepping out of our comfort zone, overcoming your imposter syndrome and offering some tips of giving your 1st or your 20th conference talk.
If you are like the many organizations out there, you have a large number of unaddressed vulnerabilities. The question lies, where to start? Which vulnerabilities are most important and why? Can you rely on CVSS or an arbitrary risk score alone? This presentation and discussion will address how I have worked with organizations in the past to tackle these challenges and what your organization can do about it.
Port scanning is a simple way to find vulnerable targets within a network. Learn how to use tools like nmap, masscan and Shodan to do external scanning of your network and find the low-hanging fruit before somebody else does.
Information Security has a near 0% unemployment rate. We are increasing the demand while reducing the entry requirements, and it is still extremely difficult to find enough bodies to fill the seats. This talk will be summary of the hiring issues we face today along with some solutions to help ease the pain for organizations trying to step into this industry.
We live in a world of smart phones, smart TVs, smart kitchen appliances and security ignorance users. The main target of all cyber attacks is human--people like you and me who are driven to exploit the millions of data that's being captured today. User behavior plays a key role in many security breaches and incidents because humans are the biggest threat to data security. The tremendous increase of cyber security attacks due to human error is often depicted as a security pandemic. Past research has shown that lack of training, support, motivation and the increase use of social media platforms are all human habits that weaken security. Therefore, it is important to first understand the essential link between privacy and security in a cyber security context and identify the human factors that may weaken this link.
An introduction to Cross Site Request Forgery, why it is an issue and why you shouldn't assume your framework is protecting you.
On-demand IT services are being publicized as the new normal, but often times these services are misunderstood and hence misconfigured by engineers which can frequently enable red teams to gain, expand, and persist access within Azure environments. In this talk we will dive into how Azure services are commonly breached (e.g. discovering insecure blob storage), and then show how attackers are pivoting between the data & control planes (e.g. mounting hard disks, swapping keys, etc...) to expand access. Finally we will demonstrate some unique techniques for persisting access within Azure environments for prolonged periods of time.
SAINTCON 101 - Learn how to "own the con". Get the most out of SAINTCON, all the in's and out's of Utah's Premier Security Con
Off-the-shelf malware, custom developed malware, or just living off the land are ways to attackers to not only compromise your environment, but also reside within it. Attackers are regularly able to breach perimeters, and easily maintain access due to a lack of defensive technologies preventing them from doing so. Anti-Virus, EDR? These can be effective, but aren't a brick wall. What if there's another way, and it's likely built right into the operating system you are running? Let's talk about Windows Defender Application Control (WDAC). WDAC is a highly effective application whitelisting technology that's built right into Windows 10 and Server 2016. WDAC easily stops attacks from ever beginning, or provides you with the audit capabilities to know when it did. This talk will cover exactly what Windows Defender Application Control is, how policies are created, how to distribute policies within an environment, and demo its effectiveness against modern attacks.
What parts were used this year and why - Short timeframe - New Designer - IoT integrations - Minibadges - Feedback - Next year ideas/plans
In this presentation, we will go over the basics of writing shellcode, focusing on writing shellcode for Linux 32/64 bit operating systems. We will go over the basics of setting up a development environment along with common troubleshooting techniques.
End-users care that your site looks nice, and that your name hasn't recently been in the news for a security breach. More sophisticated users care that your website is HTTPS and doesn't show any warnings. But now we're talking about enterprise-class security. What kind of security features open up the Fortune-500 market? Come and listen as we review many of the security gotcha's and lessons Lucidchart.com has learned on the road to Enterprise.
By leveraging security instrumentation platforms, you are bringing together red and blue teaming initiatives with greater symbiotic mutualism across three major areas. First, you can validate the efficacy of security controls such as firewalls, WAFs, DLPs, EDRs, and SIEMs. If those controls aren't working as needed, you can leverage perspective analytics to instrument them. Second, you can apply configuration assurance to verify that a change that has been made actually does what's desired. You can also determine if that change negatively impacts other facets of security. Third, you can utilize automated, ongoing checks to ensure that what was working continues working in perpetuity. Should something stop functioning, blocking, detecting, correlating, etc., as needed, alerts will be generated in response to the environmental drift. We need to readjust so that we are focusing on security effectiveness and the efficacy of our security controls. We need to industrialize our approach to red and blue teaming with security instrumentation through automation, environmental drift detection, prescriptive actions, and analytics that enable us to finally and empirically manage, measure, and improve security effectiveness.
Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the VMs it executes. Thus, how can we trust that a hypervisor deployed by a cloud provider will respect the privacy of their customers? While there are hardware-based protection mechanisms with the goal of guaranteeing data privacy even in the presence of such an "introspecting" hypervisor, there are currently no tools that can check whether the hypervisor is introspecting when it shouldn't. We have developed a software package that analyzes instructions and memory accesses on an unprivileged guest system which has been deployed onto a hypervisor to determine the potential presence (or lack) of introspection. These techniques are developed to examine properties of modern x86 systems, such as cache-based memory access timing and privileged instruction benchmarking to examine the behavior of the hypervisor. Moreover, we have developed timing methods such as thread racing to determine whether a hypervisor is monitoring regions of memory or hooking instructions.
I have worked on cracking the message on the Kryptos statue at the CIA headquarters. The fourth section has not been solved "publicly", but I have come up with a methodical way to decrypt the text. In doing so I have identified general troubleshooting patterns that can help solve complex problems in a systematic way.
First an Intro to self driving cars, hardware, software, meetups and handy URLS, then inside the defcon26 Mad Max Valhalla Self Driving Car Challenge
Instrumenting cloud for security issues with cloud first strategy - ways to instrument the cloud for security to enable incident response and forensics - network traffic techniques and traffic agents - cloud log collection - show/talk about configuration monitoring and compliance
Cloud infrastructure security and configuration has been shown to be a difficult task to master. Sysadmins and developers with years of traditional IT experience are now being pushed to the cloud, where there is a whole new set of rules. This is what makes AWS environments particularly exciting to attack as a penetration tester. Best practices are often overlooked or ignored, which can leave gaps throughout an AWS environment that are ripe for exploitation. With an increasing number of breaches leaking AWS secret keys, companies are working to be proactive and are looking for red-team-like post exploitation penetration tests, so that they can be sure that their client data is as safe as possible post-breach. Due to this need and the lack of AWS specific attack tools, I wrote Pacu, a modular, open source Amazon Web Services post exploitation attack tool created and used for Rhino Security Labs pentests. In this talk I will cover how red teamers can use Pacu to simulate real-world attack scenarios against AWS environments, starting from information enumeration and scanning through exploitation, privilege escalation, data exfiltration and even providing reporting documentation. It will be released as an open source project to encourage collaboration and discussion of different AWS attack techniques and methodologies with both attackers and defenders. This way, both myself and the community can contribute new modules to expand the functionality and usefulness of Pacu continuously.
We will discuss different career paths that ultimately lead toward becoming a pentester and beyond. We'll discuss options for schooling, training, and initial career moves. We'll also talk about ways to improve your skills and I'll share some hard lessons I learned on my own that I wish someone shared with me early in my career. This will be somewhat of a Q&A format so bring all questions.
Beginning last year, a honeypot I run on the DMZ of my lab network started receiving a lot of traffic on a TCP port I wasn't familiar with. Out of curiosity, I investigated and discovered that the machine was getting hit, over and over again, by an elaborate, automated attack that used a sequence of Microsoft SQL database commands in an attempt to commandeer what it thought was an MS-SQL server. In this talk, I'll step attendees through the attack from its initial connection to the delivery of the malicious payload, and what I was able to determine about the IP addresses from which the attack originated and their checkered history.
There are many ways to disrupt WiFi. I will go over the different types of attacks used against WiFi and different types of mitigation that can be used.
For those new to cyber security, is easy to get into the mindset that all hacks are big, targeted hacks and that hackers generally don't go after the small guys. The reality is, hackers will often times just go after what is easy and available. If you are connected to the internet, you are a target. Just how big of a target depends on many different factors. Are you low-hanging fruit? What can you do to reduce your chances of being a hacker's next target?
ATM Jackpotting isn't something new, as security researcher Barnaby Jack famously demonstrated jackpotting an ATM machine at Black Hat 2010. However, in the past year there has been a significant rise of jackpotting ATM machines across the United States. Most criminals that try to rob money out of an ATM machine use less technical means, such as skimming credit card numbers or physically trying to break open an ATM machine. This presentation sheds light on both the technical means of jackpotting an ATM machine, as well as the organized crime nature of how teams are assembled to accomplish this task.
Where is the line between convenience and intrusion? What is your expectation of privacy? There are those who argue that your data is already collected on servers across the globe, and with social media like Facebook, Snapchat, and Instagram many have willing given up their data. With all of the breaches in the last five years, society is now asking, â€œHow do we put the genie back in the bottle? New privacy laws are driving requirements to update standards. We'll look at the history of privacy, current events, and the coming standards we can leverage to help ensure privacy.
I will conduct a live demo of an actual Business Email Compromise (BEC) using the same TTP's Nigerian and Russian attackers are employing to attack private sector organizations. I will dissected each step of the attack and demonstrate how to identify pre-attack signatures to help detect and defend against an imminent attack. I will demonstrate several tools and methods to conduct a post-attack investigation to identify the attacker. Of interest, I'll demonstrate the use of the previously undocumented Office365 Activities API to access once-secret logs that are incredibly detailed and helpful when conducting BEC incident response. Lastly, I will provide tips and best practices when coordinating with law enforcement.
Information security is fast growing discipline. However, the weakest link still remains the human element. Social Engineering is the 'art' of exploiting human behavior in order to gain access to sensitive information and breach security. This presentation highlights about one such recent experience I had with social engineering where in a person stole a laptop from a company and took free lunch to avoid suspicion. I will be highlighting what are the key takeaways from it and through this presentation I also want to emphasize on why physical security still matters and steps one should be taking to avoid social engineering attacks.(NOTE:I will be anonymizing the company and the person in the video to avoid any legal issues).
Network segmentation is one of the most important steps you can take to secure your network today. Footholds on networks are all too common, and when that is combined with a fully open network it becomes a ripe for pwnage and abuse. In this track we will discuss turning your software and chewy center into a hardened jawbreaker.
Just when you thought you had all your users trained to use passwords properly, they change the rules again. In this track we will discuss the most recent password recommendations and how to deploy those recommendations in your organization.
You are constantly being scanned, every single day. It's often fully automated and never sleeps. In this track we will discuss one method of automaticly blocking those who maliciously scan your network by building and leveraging a darknet address space.
I will talk about the skills and approaches necessary to succeed at winning Hackers Challenge and other CTFs. We will walk through 1 or 2 basic challenges to get you started.
We will walkthrough several challenges and answer questions about the stumpers and more complex Hackers Challenge puzzles
New to lock picking? Just curious? Why would you want to learn this? Why is there always a LPV at security cons? Legal concerns? This and more will be addressed in this quick intro to lock picking. We’ll cover basic locks, mechanisms, parts, lock picking tools, and methods.
Helping you see what a hacker sees and putting yourself in their mindset
IPv6 support is built in throughout the Internet now, so there's not as much talk about it as a few years ago. Things are pretty quiet out there. Too quiet. In the last year, some advanced attackers abused IPv6 in some way. We'll take a look at a few of those, and talk about the need to ensure IPv6 visibility and control in your network, so you don't leave a door open.