I Am The Cavalry track kicks off with an introduction to the topics and overview of the two day session. Whether you have been The Cavalry from the beginning, or are just curiously stopping by, there will be something for everyone. Participants who have yet to be introduced to the initiative will be; those who are very familiar will be updated on activities and progress over the last year. And we will describe the vision for the day's activities. Even if you miss this first session, you can join for any of the others.
NSA takes very seriously its mandate to do “what NSA does” against foreign entities and NOT U.S. citizens. The rules were clarified in the late 70's in the Foreign Intelligence Surveillance Act (FISA). FISA was written after the findings of the "Church Proceedings" were published as part of the fallout of the Watergate scandal.
I've only heard the Church Proceedings mentioned twice in my lifetime - once twenty years ago when I was investigated for violating the charter when I led a forensic team to help the Dept. of Justice after their website was defaced, and the second time was in hearing news reports about Edward Snowden. This is why I'm sometimes heard to say, "I was the first Edward Snowden".
I will share the story of how I was almost fired from NSA for violating the same law that NSA has been accused of violating based on the information disclosed by Edward Snowden several years ago. The goal is to shed some light on how NSA really operates, from someone who used to be on the inside, in order to take the whole Snowden debate to a different level. I do not intend to sway anyone's opinion, but merely want to offer some details that should help anyone make a more informed decision about NSA, its mission, and the laws by which it is governed.
So you've taken the red pill, realized the cavalry isn't coming, and you know it's up to us, hackers and security researchers, to save the day. How can we make this a reality? How do we take the impact of our work to the next level? This talk will focus on the ways security research matters, and how to use your time, ideas and hard work to create greater positive impact in the world, as hacker heroes.
Cyber Safety industries (Medical, Automotive, Home, and Public Infrastructure) have come a long way in the last few years, but still have a long way to go. We will talk about the quiet successes, where these industries need to go, and how to help get them there.
If a consumer purchases software (like, perhaps, a word processor or a note taking software) and that leads to some harm- perhaps the software allows malware to run on their computer, locking all their data for ransom, or their private data is stolen, then do they have any recourse?
In the area of private law suits, a consumer would likely first look to products liability. Product liability law acts as a form of insurance to protect users - if a product is built in an unsafe way, and it injures you, you may sue the retailer or manufacturer of the product.
There are three general theories a consumer can recover under:
Although these suits are common for defective products such as lawn mowers, coffee makers, and other consumer goods, they are not used by purchasers or users of software. The primary reason why this is so far is that products liability is so focused on physical harms- it covers serious injuries like losing your finger to a bagel cutter, for instance, and the fact that until somewhat recently, most software couldn’t physically harm you. (Although alternatively, some users can recover if they had a contract with the software creator or provider - as in the Trustwave Incident Response suit)
The rise of the Internet of Things is about to change a lot of that. There have already been a small number of cases where liability was found where buggy software caused physical harm to some consumers. Returning to the fridge, what if someone could connect remotely to your fridge, and adjust the temperature to be a little too warm, leading you to get food poisoning? What if they could do so without the temperature display in the fridge changing, so it looked like it was still cold enough?
This talk will explore the background of product liability law, and discuss how and why IOT might bring about a change in expanding coverage of software flaws.
Some fuzzers are blackbox while others are protocol aware. Even the ones that are made protocol aware, the fuzzer writer typically has to get the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee anything about the code coverage by the fuzzer. To make matters worse, what if we wish to attack a proprietary binary protocol with no protocol specification or source code access. Tools like AFL cannot come in handy because of we cannot compile the code, or give a function name to be monitored. There are other limitations like -- if we want to fuzz the 3rd packet in the protocol sequence, it is not possible with tools like AFL.
The presentation deals with this specific scenario where the target protocol is completely unknown (proprietary) and we do not have access to the source code or protocol specs. The tool we have developed builds a feedback loop between the client and the server components. The packet is then mutated optimally to increase the code coverage based on this feedback that the server component of our tool sends to the client component. The tool does not need target binary compilation and there is no need for the daemon to be restarted along with the feedback monitor. We fuzz using the runtime monitoring of the target daemon.
Looking forward to seeing you at the talk !!
A year ago a predominant mode of thinking was that “nobody would ever hurt patients; there’s no money in it.” After a spate of Ransomware incidents that have shut hospitals, nobody says that anymore. There’s been a lot of quiet progress - and some much more visible - in making medical devices safer. Manufacturers, the FDA, physicians, and security researchers are recognizing they can - and must - depend on each other to improve patient safety and medical treatment. Hear about our Hippocratic Oath for Connected Medical Devices, how much the FDA is pushing, what hospitals are doing, and other stories of progress as models for success.
There will be guest speakers filling in details of their progress, and what's next.
It’s been two years since I Am The Cavalry launched the 5-Star Automotive Cyber Safety Framework. The Auto-ISAC launched, there’s a new Automotive Security Review Board, DEF CON hosts a car hacking village, and automakers are flocking to security conferences. What’s really changed in Automotive Cyber Safety and what’s just window dressing? What have been the lasting effects of car hacking on the automakers and the minds of the public? Most importantly, what’s needed, what’s next, and how can security researchers continue to be a part of the solution?
There will be guest speakers filling in details of their progress, and what's next.
Welcome back! We will recap yesterday’s session, as well as set the agenda and overview of the second day of the track. Whether you have been The Cavalry from the beginning, or are just curiously stopping by, there will be something for everyone. If you missed any part of Day 1, you’ll get up to speed, if you were there, you’ll get a tight summary, and in either case you’ll see what the day ahead holds.
Hunting is the art of searching for badness and unauthorized activity on our own systems or network. By knowing what is normal in our networks and what is possible of adversaries, the hunter can identify malware, signs of unauthorized activity, and indicators of compromise lurking within. In this session, we will explore how to hunt for malware and compromises on windows endpoints using built-in Powershell commands and scripts. We will explore how to validate what’s running on our systems and identify some of the tell-tale signs that you’ve been pwned. The failure of automated prevention and detection coupled with a disappearing perimeter means hunting will become an increasingly important skill among defenders. The skills demonstrated will be useful on your own local system or remotely against hundreds or even thousands of systems.
To change the world we must first change ourselves; challenge our preconceived notions, and build new solutions. This second facilitated discussion will look at some ways we might be able to deal with the uncomfortable truths raised in the previous one. How do we resolve tensions and conflicts that exist in the things we believe to be true? After exhausting easy fixes, we must challenge ourselves to consider uncomfortable ones, even if we end up rejecting them.
Welcome to the new age where technologies like DC/OS, Mesos, and Marathon will abstract your entire datacenter into a single logical computer but what happens when a single application or service within your DataCenter’s OS inevitability gets compromised?
Join us as we explore how a single compromise can enable an attacker to expand access by exploiting many of the technologies supporting a container centric datacenter including ZooKeeper, Marathon, Chronos, Mesos, Docker, and HAProxy. New modules will be released for EmPyre which will enable penetration testers and red teams to more efficiently identify and exploit vulnerabilities within these technologies.
Expertise in these technologies is not required since this presentation will cover briefly what you need to know about each service before highlighting how they can be manipulated by an attacker. The information presented is designed to be useful for both Offensive (Red Team) & Defensive (Blue Team) members.