Presentation
Abstracts and Presenter Bios
(in CC-10 schedule order)
(in CC-10 schedule order)
Password Cracking for noobs: All your hashes are belong to us - smrk3r
As the great philosopher ludacris said, "if you get hashes, you crack them. it's a rule."
Welcome to a world where getting a hash should mean you also just owned that account. This is boring if it's your grandmother's computer, but way more interesting when it's a bank. This talk will discuss the basic concepts behind password hashes, how they can be obtained, and what to do with them once you have them. Special attention will be given to demos related to effective hash cracking techniques and introduction to toolsets for making the process as efficient and effective as possible.
Bio:
smrk3r is a co-founder of the FALE Association of Lockport Enthusiasts and he breaks into banks.
The Insider Threat: From Snowden to the Unspoken - Omar Santos
This presentation provides details about the risks associated with the insider threat and how to mitigate these risks by designing and implementing secure networks using leading best practices. You will learn how to identify the signs of insider information theft, fraud, and sabotage including attacks linked to organized crime, nation state actors, and the Internet underground.
Bio:
Omar Santos is Cisco’s Product Security Incident Response Team (PSIRT) Technical Leader where he investigates the most complex security vulnerabilities in Cisco products and industry-wide security incidents. He mentors and lead engineers from many organizations within Cisco. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. Government. Omar is the author of several books, numerous whitepapers, articles, and other publications. He is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure.
Attacker Ghost Stories: Mostly Free Defenses That Gives Attackers Nightmares - mubix
This talk was originally titled “I'm tired of defenders crying”, but I thought better of it. This talk is about the tidbits that I've seen piecemeal across the multitude of businesses big and small that were innovated and highly effective, yet free, or mostly free and stopped me dead in my tracks. Going over a number of free, or nearly free methods, tactics, and software setups that will cut down intrusions significantly that you can deploy or start deployment of the hour after the talk is done.
Bio:
Mubix is a Senior Red Teamer. His professional experience starts from his time on active duty as United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications, but the titles that he holds above the rest is FATHER, HUSBAND and United States Marine.
Building Botnets 101 - Terrence O' Connor
Having worked to defend against some of the largest botnets to date I have gathered information on how easily they form and are executed. I would like to present these findings, do a demonstration, and present some thoughts on how to defend against these types of attacks.
Bio:
Terrence has over 13 years of security expertise, working in a variety of roles from software developer to Director of Global Security Architecture for a large travel conglomerate. Terrence has worked in many verticals including, commerce, financial, enterprise, travel and media, giving him a unique understanding of the challenges faced by organizations with implementing technology and process changes to improve their overall security posture.
Real World Social Engineering for the Geek/Introvert - Luke (MindNinja) Stephens
The human in the equation is always the weakest security link. Metasploit, nmap, Burp and such tools do nothing for the security professional in hacking the human factor. Social engineering techniques and skills, alone, provide the powerful mechanism for cracking the human element. While many security professionals conduct "anonymous" social engineering attacks (phishing schemes and such) most have been led to believe that do do non-anonymous social engineering one must be a charismatic mythical man. This talk breaks the myth that myth and shows the average, introverted person how to do good "in person" social engineering and open up new doors to assessments.
Bio:
The speaker is a master of the arts of social engineering. Interestingly enough, he is also a ISTP on the Meyers/Briggs assessment - making him an "Introvert". As a US Army Special Forces "A" team member, he was the "face man" for his detachment - procuring the needs of his team, and getting access to places few do, dynamically and oftentimes with little or no resources. As a law enforcement officer, his ability to "con" the bad guy into turning himself in, or even just putting down the loaded gun aimed at him was legend among his peers. As a security consultant, his ability to open doors, walk into secure facilities, and even just have people happily hand over the "crown jewels" is profound. His skills and experiences cover a breadth and depth few can claim - including real life and death dependence on his social engineering abilities. The speaker is a trained interrogator, certified hypnotist, an actual trained ninja and highly experienced special operations/intelligence/leo operative. 20 years special forces/intel/leo experience, 25 years IT (with 15+ in InfoSec), all his life a mind ninja.
Simple Network Management Pwnd - Deral Heiland (Percent_x) and Matthew Kienow
The presentation will deliver an in depth examination of SNMP, private MIB security issues and information extraction methodologies. Live demonstrations will walk the audience through methods for extracting data and performing comparative analysis to discover private MIBs involved in critical data leakage. Mitigation methods will be discussed to help end users secure this service.
Bios:
Deral Heiland CISSP, GWAPT, serves as a Senior Security Consultant for Rapid7 where he is responsible for security assessments, and consulting for corporations and government agencies. Deral is also founder of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral has also presented at numerous national and international security conferences including BlackHat, ShmooCon, Defcon, Derbycon, Hacker Halted, Securitybyte India and Hackcon Norway. Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC and Pcworld.
Matthew Kienow is an independent security researcher. He has 10 years experience engineering software and is currently employed as a Senior Software Engineer. He has designed, built, and successfully deployed secure software solutions, however, often enjoys breaking them instead.
Carding Markets: Comparing Apples and Lemons - Tom Holt / Professor Farnsworth
Mass data breaches have grabbed media attention over the last decade, ranging from the TJX breach in 2007 to the most recent compromise of Target and Neiman Marcus. The academic research community from both the social and technical sciences are increasingly focused on the activities of data thieves and the market for data resale that has emerged in forums and IRC. These studies have varying depth of content and representativeness, creating a great deal of speculation about the profit margins and economy for stolen data. In fact, Herley and Florencio argue that open forums for stolen data are largely "lemon markets" in that the data sold is invalid or will lead a buyer to be ripped off rather than receive product. Any cost estimates derived from such an analysis are likely to be invalid and reflect the practices of unscrupulous vendors rather than demonstrate the activities of sophisticated and "legitimate markets." This presentation will explore whether lemon markets exist, using qualitative and quantitative analyses of a sample of threads from 13 Russian and English language forums involved in the sale of stolen data. Estimates for the prices for data sold in the markets will be provided, along with an examination of the social and market forces that shape the advertised prices for certain products. The policy implications of this study for consumers, law enforcement, and security analysts will be discussed in depth to provide improved mechanisms for the disruption and takedown of stolen data markets globally.
Bio:
Dr. Thomas Holt (aka ProfessorFarnsworth) is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior. He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data. He has also given multiple presentations on computer crime and hacking at academic and professional conferences, as well as hacker conferences across the country including Defcon, HOPE, and CarolinaCon.
How To Get Money Fast Using A Pwned PBX - Patrick McNeil / unregistered436
Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this talk I'll discuss...
- How SIP compromises occur and who the primary actors are:
- How did we get here? Why so many vulnerable devices?
- Common discovery and attack methodologies & the weaknesses exploited
- The most common attack tools used, backed up by real world data
- Where most attackers are coming from, again with real data
After a system has been compromised: Top ways to make money - how and why they actually work:
- International Revenue Sharing Fraud - calling a high cost destination and splitting the profits
- Toll Bypass - using a PBX local trunk to bypass high per minute rates
- Domestic Traffic Pumping - driving traffic to a rural telco to increase payment from inter-exchange carrier
- Extortion using a Telephony Denial of Service attack - a quickly rising trend where phone lines are tied up if demands are not met
- Time permitting, other top fraud that doesn't require a PBX - Wangiri & SMS SPAM - missed call or text message to a mobile, return call to high cost destination with profit splitting
Bio:
Patrick is in charge of product security for the communications business unit of a fortune 100 company. His twenty years of experience has mostly been within telecom manufacturers, but he's also worked in banking and defense. When not working you can find him brewing beer, picking locks, or practicing Kung Fu.
AV Evasion with the Veil Framework - HarmJ0y, Christopher Truncer, and Michael Wright
As antivirus (finally) has started to slowly increase in effectiveness, more and more of the payloads used during penetration tests are being caught. While the industry as a whole has demonstrated its capabilities of bypassing AV solutions in nearly all situations, valuable assessment time is often lost. The Veil-Evasion Framework was developed to solve this problem by offering a modular, open source, and UI focused framework for generating AV-evading payloads in a programming language and technique agnostic way. Veil's structure greatly simplifies payload generation and allows for the integration of public and private AV evasion methods. In this talk we will go over the genesis of the framework, its structure and features, and how to develop your own payload modules. Recently released modules will also be covered, and our implementation of a lesser known shellcode injection method will be covered.
We will also cover public reaction and disclosure ethics, and we plan on discussing Veil-Catapult, our payload delivery tool. Veil-Catapult extends the capabilities of the existing Veil framework by utilizing various methods to deliver and trigger payloads across targeted machines. We will conclude with a discussion of current and future mitigation strategies to combat Veil’s effectiveness.
Bio:
The Veil development team is comprised of HarmJ0y, Chris Truncer, and Mike Wright, a group of pentesters based in the D.C. region and employed by the Veris group. They spend their days doing assessments and their nights researching and building new tools such as Veil.
Hack Android using Normal Permissions & Broadcast Receivers - Fadi Mohsen
In this work, we investigate the risks of permissions of normal protection level when used in broadcast receivers. Android broadcast receivers allow applications to register to listen to System events (e.g. receive call, receive message).
We first conduct an extensive study on the evolution of Android broadcast actions over all releases. We study their overhead and permissions requirements. We then study the implications of including broadcast receivers in third party applications: battery life and user’s privacy. Finally, we implement a malicious Android application in an effort to compromise user’s privacy. The study finds that the numbers of broadcast’s actions have increased by 64% since Android first release. We also find that user’s privacy can be compromised using broadcast receivers that require normal permissions. Moreover, uncontrolled broadcast receivers’ registration can drain device battery which can be frustrating. Existing security and privacy tools have to consider new attack types and techniques.
Bio:
I’m a PhD student at UNC Charlotte studying Software and Information Systems. I‘m interested in Information Security and Privacy. I’m currently researching the flaws of Android third-party applications that pose security and privacy risks on Android users. I also spend time teaching, writing and building up my public engagement experience.
Hacking the Hackerspace - Steven Sutton and Alan Fay
Hackerspaces are popping up all over the world, serving local communities of makers, who fill their walls with 3D printers, electronics equipment, power tools, and welders. Some say personal manufacturing is the next industrial revolution, and hackerspaces represent everything from the new economy to a complete overhaul of education. Putting the hype aside, what exactly is a hackerspace? How do you start one? How do you effectively manage its operations? How do you shape its culture?
Steven Sutton and Alan Fay present their experiences with Freeside Atlanta, with a focus on managing hackerspace members and developing a strong culture and identity. A short presentation of Freeside's history and current projects is followed by a panel discussion. Audience participation and questions are encouraged throughout.
Brief Bio:
Steven Sutton, Process Technical Manager at Shaw Industries Inc. BS in Industrial Engineering, SPSU 2010. President and Director at Freeside Atlanta.
Alan Fay, independent software consultant, BS Computer Science, Georgia Tech 2004. Director and Treasurer at Freeside Atlanta.
F*ck These Guys: Practical Counter-Surveillance - Lisa Lorenzin
We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So i decided to fight back... by looking for practical, realistic, everyday actions i can take to protect my privacy and civil liberties on the internet, and sharing them with my friends.
Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the internet, one encrypted bit at a time.
Bio:
Lisa Lorenzin is a network security geek; in her day job, she's worked in a variety of internet-related roles since 1994, with the past 15 years focused on network and information security. she's currently interested in free speech, privacy, digital rights, and global internet freedom.
Exploiting the Bells and Whistles: Uncovering OEM Vulnerabilities in Android - Jake Valletta
I know what you're probably thinking: "another Android talk on how to use Baksmali and Apktool to remove ads from Angry Birds." Well not this time. Instead of walking through the process of exploiting a single application, this talk will focus on attacking the features introduced by device manufacturers and carriers. I'll present new tools and techniques to determine exactly what the hardware manufacturers and carriers added, deleted, and changed in the free version of Android. Some things we’ll inspect include new framework functionality, applications, system binaries, and libraries. From here, we’ll search for weaknesses and demonstrate how malicious users could abuse these vulnerabilities. A basic understanding of Android and its security model is encouraged, but not required.
Bio:
Jake is a consultant at Mandiant in their New York office. His areas of interest include mobile security, application security, penetration testing, and incident response. His responsibilities at Mandiant include research and development of Android sandboxing technologies, performing mobile application assessments, as well as building and maintaining Mandiant’s mobile application assessment methodologies. He has also performed incident response and forensic services for fortune 500 and fortune 100 companies. He holds a Bachelor of Science (BS) in Information Security and Forensics from Rochester Institute of Technology. He has presented at the New York State Cyber Security Conference, BruCON, BSidesDC, OWASP, and Mandiant’s own MIRcon. In his free time, he maintains a website and blog dedicated to mobile security and research called “The Cobra Den.”
Reverse Engineering Executables - John F. Davis (Math for 400)
An introduction to reverse engineering application executables to determine its purpose. This talk is geared for everyone. It shows how a simple program from source is constructed into intel assembly, then it shows how to examine the assembly to identify common components. Afterwards the audience can see that examining large programs with this method is complex and time consuming.
The next topic is how to proceed using the industry term static analysis to identify key functional constructs. The executable usage of libraries to perform tasks are used to anticipate function.
Lastly the industry term dynamic analysis is used to show how an executable can be run in a virtual machine environment to safely examine an executable at runtime. These techniques can help you understand how a program behaves and determine if the program is safe to run.
Bio:
John is an electrical engineer by school, but a software engineer by trade. He believes in continuous learning and enjoys working with computers in all aspects. He has attended CarolinaCon for many years and DefCon once. He has presented at various conference in the United States and has worked around the world but this is his first presentation at CarolinaCon.
Bypassing EMET 4.1 - Jared DeMott
The goal of the research to be presented was to gauge the difficultly of bypassing the protections offered by EMET, a popular Microsoft zero-day prevention capability. We initially focused on just the ROP protections, but later expanded to all the protections in the real world study. We were able to bypass EMET’s protections in example code and via a real world browser exploit. The two primary novel elements in our research are:
1) Deep study regarding the ROP protections, using example applications
2) Detailed and novel code showing how to defeat the stack pivot protection (SPP), using a real world example. Included in the SPP bypass is an EAF bypass for Windows 7.
The impact of this study shows that technologies that operate on the same plane of execution as potentially malicious code, offer little lasting protection.
Bio:
Jared DeMott is a security researcher for Bromium, Inc. He has spoken at security conferences such as DerbyCon, Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, and GRRCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing. Mr. DeMott has been an invited lecturer at prestigious institutions such as the United States Military Academy, and previously worked for the National Security Agency. DeMott holds a PhD from Michigan State University.
Demystifying The Cloud, a look at Hyperscale Computing From a Hacker Perspective - Nick Fury
Lets face it, the first time you heard the word "cloud" you knew it was a buzzword and if you didn't then you can hand in your hacker card now. This talk will move beyond the buzzwords in an effort to demystify the world of hyperscale computing. Like it or not, you use Google and Amazon's services so wouldn't you like to know how they work?
The goal of this talk is to educate others in the community about how these large scale cloud operations actually work. It might make you trust them more or it might make you trust them less but at least you'll be more educated. The talk will be a high level talk focusing on terminology, infrastructure, security implications, general concepts, and more. Beer will be drunk and examples will be given. The talk will also go into the future (with a crystal ball though, not a time machine) and how these operators are impacting smaller companies that might not use cloud services today.
Bio:
Nick Fury is a kitchen robot. Don't tell him though, he thinks he's "undercover." Keep stirring, Nick.
So you want to break into Security? - supherdave
The security profession, the REAL security profession, is a difficult road to traverse. There are things you need to know that can make or break you. I am willing to show you what I did to go from IT administrator to Red Team pen tester. Join me as I share real world experence on how to market yourself, get recognition for your work, and show you how to stand out in a crowded profession. After all, to stand out in a profession of cynics it will take WORK on your part.
Bio:
I left Hawaii to join a Red Team for an unnamed financial organization.