BSIDESTLV JUNE 2016 AGENDA
BSidesTLV 2016 June 22 at Tel Aviv University, sponored by Akamai and Cellebrite
Most talks were recorded and can be found online here:
https://www.youtube.com/playlist?list=PLNiWLB_wsOg4YPY6v76waeuTyWVAgo0Bx
AGENDA 13:30-13:45
Opening and Introduction to Security Bsides @BsidesTLV
Keren Elazari @k3r3n3
What it's all about and why we started @BsidesTLV...
What to expect throughtout the event, how you can participate , introducing our team and setting some housekeeping rules, too :)
13:45-14:00
Ethical Hacking: What, How -
And Why it's important to us at @BsidesTLV
Inbar Raz @inbarraz
...and introducing our MC for the day : Ezra Caltum @aCaltum !
14:00-14:40
"The Dark Side of Adware : Malware and Data Exfiltration"
Veronica Valeros @verovaleros
In the past, adware as advertising oriented software was clearly considered harmless and legitimate. In recent years this has changed and it is now often common to find adware presenting a mix of advertising and malicious behaviour. Where do we draw the line? There is still no general agreement on what is considered malicious when it comes to this type of software. Our research showed that 85% of the companies surveyed between January and October 2015 were infected by adware, averaging around 400 hosts per million adware infections per day. This is an alarming number considering that most of these infections remain un-handled for long periods of time as the capacity of incident response teams is usually quickly exhausted by remediating high risk threats.
This presentation aims to raising awareness on the real threat these type of infections may pose to individuals and organisations. We will show how does the adware landscape looks like, typical distribution methods and what type of information is usually exfiltrated by this type of software. We will present details of a concrete case of a malware being distributed by adware and how the escalation took place.
14:40-15:20
"How I hacked my city"
Amihai Neiderman
This is a in depth walkthrough on how I managed to get from an IP address in my city's public WIFI into taking over the network exit nodes. During the course of May this year I conducted a research of an unknown device. In the beginning I only had an IP of the WAN part and an open port. From there I had to find ways to identify the product I was seeing and eventually successfully exploiting it and by that effectively taking over the network.
15:20-16:00
"OEMs considered harmful: Hello new 0days!"
Adam Donenfeld
Android devices, being an extremely popular user platform with over 1.4 billion active devices around the world, have been subject to a large amount of scrutiny by security researchers over the years. We looked at how well OEMs have improved the security on the newest Android devices, and the answer was, “not by much”. This talk is not for the faint of heart! Devices were hurt during this research! Most OEMs make significant modifications to Android for their devices to give them their distinguishing features. Unfortunately these modifications can be more trouble than they are worth, undermining many of the security measures taken by the AOSP developers. With this in mind we decided to check out some of the most obvious and dangerous attack surfaces for Android and reverse engineered several interesting OEM applications. Our presentation will introduce a through analysis of some critical zero day vulnerabilities (both remote and local), with a live demo showcasing the ease of exploitation and the harsh impact of OEMs on the security of the device.
16:00-16:20
Break (finally)
16:20-17:00
"What could have derailed the Northeast Regional No. 188?"
Moshe Zioni (@dalmoz_)
On May 2015 there was a fatal derailment of the Northeast Regional No. 188, headed by the Amtrak ACS 64 locomotive. The derailment cause is still a mystery and was speculated to be a cyber-attack – through my research on those massive machines I went on exploring their attack surface and came out with some serious issues regarding design and implementation of technologies from collected material on this specific model and in general going through the technologies that hold current throughout common locomotives. In my talk I map out those vectors, explaining what exactly is between an attacker and its target and what the impact on each is. Lastly, I draw some conclusions and recommendations for a better design of security for locomotives.
17:00-17:40
"Protecting Your Browser Secrets in a Domain Environment"
Itai Grady
All popular browsers allow users to store sensitive data such as credentials for online and cloud services (such as social networks, email providers, and banking) and forms data (e.g. Credit card number, address, phone number) In Windows environment, most browsers (and many other applications) choose to protect these secrets by using Window Data Protection API (DPAPI), which provides an easy method to encrypt and decrypt secret data. Lately, Mimikatz, a popular pentest/hacking tool, was updated to include a functionality that allows highly-privileged attackers to decrypt all of DPAPI secrets. In this talk, I will analyze the Mimikatz Anti-DPAPI attack targeting the Domain Controller (DC) which puts all DPAPI secrets in peril and show how it can be defeated with network monitoring.
17:40-18:20
"The Success Blueprint of Organized Cybercrime"
Limor Kessem @iCyberFighter
Nowadays, we know that almost all cybercrime of considerable magnitude is the work of a dark, well-orchestrated organization. These organizations are built of technical teams, online experts, and ground troops who operate in mob-style cells. Throughout the everyday battles we fight against the top cybercrime groups, the expertise and methodology of these sophisticated supply chains paint a clearer picture of how they manage to reach the real world results we see in the wild. In this presentation, we will go over the most prominent organized crime cases in 2015-2016, and take a deeper dive into how the teams behind Dyre, Dridex, and Neverquest fuel their success behind the scenes to generate billion dollar annual profits.
18:20-18:40
Break (finally)
18:40-19:00
Mystery Special Guest Speaker ... @mariegmoe !
"Hacking My Own Heart" by Marie Moe, Scientist - Infosec hero and @SINTEF_Infosec Associate Professor
https://www.wired.com/2016/03/go-ahead-hackers-break-heart/
19:00-19:40
Demo "Vaccination: The Anti-Honeypot Approach"
Gal Bitensky
This session will give the participants a glimpse into ways to prevent modern malware execution on Windows machines. This "anti-honeypot" approach is implemented by creating and modifying artifacts searched by malicious programs prior to their execution. The session will also include a short DIY-vaccination demo.
19:40-20:00
The number of new malware samples that we need to handle every day grows at an absurd pace. Today's solutions of dealing with mass-scale malware analysis are not good enough, and in many times, manual Reverse Engineering is required. In this talk, we discuss about a method of conducting Large-scale Reverse Engineering using the relatively new technology of containers, and reveal a new Open Source project for the use of the attendees.
20:00-20:40
The first thing that pops to your head when the word "adware" is mentioned is the annoyance on popups on Windows machines circa the year 2002. You definitely don't think about a malware that has complete access to anything on your machine, including code execution, as ROOT, on your beloved Mac OS X running machine! OSX/Pirrit is all about that.
20:40-20:55
21:00- Party Until Late!
SPECIAL Mystrey Speaker... @sidragon1!
looking for clues again? allright - try this: kilts, cows and sideway airplanes ;-)))
Outro and Party Time With BsidesTLV Team!
Socialize, meet your friends, beer and fun, Party sponsored by Cellebrite, Party passes
will be handed out at the Cellebrite expo desk.
Location: "Hahoog-Hatzfoni" (Facebook link)
Entin Square , Outside TAU Gate 7 (Map)
