How to Shot Web: Better Web Hacking in 2015
by: Jason Haddix
2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that every tester can take home and use. Jason will focus on philosophy, discovery, mapping, tactical fuzzing (XSS, SQLi, LFI, ++), CSRF, web services, and mobile vulnerabilities. In many cases we will explore these attacks down to the parameter, teaching the tester common places to look when searching for certain bugs. In addition he will cover common evasions to filters and as many time saving techniques he can fit in.
by: John Menerick
Join John Menerick for a fun-filled tour of source control management and services to talk about how to backdoor software. He will focus on one of the most popular, trendy SCM tools and services out there – Git and GitHub. Nothing is sacred. Along the way, he will expose the risks and liabilities which one is exposed to faulty usage and deployments. When John will be finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project.
Open Source Internet Infrastructure Insecurity
by: John Menerick
Over the past 30 years, the Internet and open source software have worked in tandem. The Internet has provided an environment for open source software to prosper. Some would say the Internet and open source software are indistinguishable. From low level cryptography to critical services, the Internet’s foundation is built upon open source building blocks, these blocks are crumbling.
This presentation will tread through popular open source projects, common fallacies, peer into 0days, walk trends, and break code. When John will be finished, you will be able to use the same techniques and tools to break or protect the Internet’s building blocks.
by: Christopher Elisan
Malware comes in different shapes and sizes, they are even produced in a massive scale. But attackers know that this is not enough, malware has to be protected.
Join Chris on his presentation, as he will present the different techniques attackers use to protect and mask malware to bypass security products and analysis. Chris will show how attackers have perfected this methodology giving them the capability to automate malware masking to match the massive malware production done on a regular basis. But there is hope, in this talk, Chris will also present different techniques on how to "unmask" malware to reveal its true nature.
by: Carlos Tingson
Of course it's Hacking Time, this is a hacker conference, right?
But what if we hack time? Yes, time! Time has been a source of fascination and inspiration for a lot of people, from Isaac Newton to Stephen Hawking. But why hack time? Stealing some seconds would not generally turn back time, but a lot of things would certainly go off sync, causing some guys miss some kisses. This talk will try to look at the seemingly harmless things that we often take for granted and how they can suddenly become a National Security Issue. We will try to have a fun way to dissect how time intersects with every aspect of our daily lives. And of course, Carlos will try not to waste your time.
Hiding Behind ART
by: Paul Sabanal
The introduction of the new Android Runtime (ART) brings several improvements in Android. But, as with any new technology, it also brings new ways to conduct or enhance malicious activities. Join Paul in his presentation, as he details one of those ways.
Once an attacker or malware has gained access to the Android device, t he next step is to find ways to hide itself and gain persistence, and this is usually achieved by installing a rootkit. The majority of these rootkits are kernel mode rootkits and the common way of achieving persistence is by modifying files in the system partition. However, recent advancements in Android security, such as verified boot, have made this increasingly difficult. His presentation will demonstrate how to go around this difficulty by taking the game out of kernel mode and out of the system partition. We will show you how to take advantage of the mechanisms of ART to create a user mode rootkit.
Paul tart with a discussion of past Android rootkit research and how these techniques have become increasingly difficult to use in modern Android systems. He will then go deep into ART internals where he will discuss the file formats and mechanisms relevant to rootkit creation. After we have understood the mechanisms involved, we will then discuss methods of crafting a rootkit (i.e. what to change, where to find them, how to change them), and techniques on gaining persistence on the system. We will also examine the limitations of this approach and possible future work in this area.
The talk will conclude with a live demonstration of an ART rootkit.
Building Automation and Control: Hacking Energy Saving System
by: Philippe Z Lin
BACnet is an ANSI/ISO protocol for building automation and control systems for applications such as heating, ventilation, air-conditioning control, lighting control, etc. (Wikipedia) In this talk, Philippe will demonstrate how to use Shodan to find BACnet devices exposed on the Internet, and to retrieve and analyze information from them. He will also discuss possible security impacts on its massive deployment and take subsidized installation in Taiwanese schools as an example.
Detecting Indicators of a Compromise Using an SDN-Based Network Access Control Implementation
by: Mon Nunez & Paul Prantilla
From the research of Mon and Paul.
The focus of this talk is to show how Software Defined Network (SDN) technology can be used to implement common Network Access Control (NAC) functionality with a level of versatility and programmability that are not found in bare metal switches.
Leveraging on the benefits provided by SDN Technology, this research explores a novel approach in implementing a simple NAC platform using off-the-shelf Raspberry Pis, a basic OpenFlow compatible switch, and the POX application framework. A single Raspberry Pi is commissioned to function as an SDN controller which offloads complex processing from the said switch. The Pi controller, via DNS interceptions, is able to determine if a network traffic originating from an internal client machine is attempting to connect to a malicious domain. When a malicious domain name query is detected, the Pi controller will push appropriate configuration changes in the switch to isolate the offending client, and then place it in a remediation network.
Optimizations are also implemented to significantly reduce the number of operations and queries performed by the SDN controller when detecting compromises.
Incident Response for Targeted attacks
by: Jose Ramon Palanco
During the talk Jose will explain: - How is organized a SOC (key people, tools, methodology):
- How to set up a SIEM and correlate events:
- How to create IoC (Indicators of compromise, like snort rules, yara signatures, ..):
- Jose will introduce to targeted attacks and he will show a example of analysis of a targeted attack against SCADA protocols (HAVEX):
How safe is my system from reverse engineering
by: Markku Kero
When we let people use any program that we make, we will need to let them have access to the program. Often we feel that once we have compiled the program, our source code is hidden and our intellectual property is secured. We feel that the internal details of our system are hidden, and cannot be known by others without permission. But is it really so? How easy is it to reverse engineer a program, to find out how it works, and to know its vulnerabilities and hidden secrets? How can we protect our programs, or can we? In this session we will take a look at several programming languages and operating systems, and get an idea of how easy it is to reverse engineer applications, and how exactly the reverse engineering process would work.
Fixing CSRF Vulnerabilities Effectively
by: Lu Zhao
Cross-site request forgery (CSRF) vulnerabilities have been in the OWASP top 10 list for many years. Many web applications, especially those written before CSRF was discovered, are vulnerable to this kind of attack. Our talk first gives a deep analysis about its nature, and demonstrates how it can happen. Afterwards, we analyze and present a solution with code examples that can be easily applied into web applications including legacy code. Our solution set has several desirable features:
1. it has a modular structure and a well-defined API interface, so that web applications can get CSRF protection by simply calling a couple of interface functions;
2. we protect both POST and GET methods using an internal translation scheme, and the distinction between the two is transparent to application code;
3. the same solution can be conveniently applied in both developing new web applications and hardening legacy code.
Once more unto the data breach
by: Steve Miller
Sufficiently motivated attackers will improvise, adapt and overcome all security technology in order to breach their target networks. Join Steve Miller, Security Strategist for FireEye in APJ, as he discusses evolving attacker methods, and examples of data breach in action.
Oh My Honey: Honeypots (or honeynets)
by: Ray Torres
Oh My Honey: Honeypots (or honeynets) are systems used for luring and monitoring attackers by masquerading as real servers. One approach that is used as an application of honeypots are honeywords. Honeywords are fake passwords that function as an alarm when the account associated with the fake password is used in a server. A possible camouflage for a honeypot is to make it seemingly hardened and secure, with the honeyword credential as ideally the only point of entry for attackers. Integrating all of these functionalities with a jumpoff server setup capable of transitioning from a normal production setup to a ghost network setup that simulates a real production network, this design gives security administrators a better understanding of an attack, based on the extent of the knowledge of the adversary, and provides additional insights to improve an organization’s incident response plan.
What Hacker Sees
This talk is inpired by Johnny Long's No-Tech Hacking wherein we will try to dissect, unpack and apply its context in the Philippines. We will reveal proofs and evidences of some of our hacking escapades, routines, and mis-adventures and let the audience evaluate of what's wrong in the pictures in the context of information security.
by: Nathan LaFollette
A new HTTP Protocol Standard is here. Nathan will review the HTTP/2 protocol in-depth - the good, the bad, and the ugly. HTTP/2 will greatly effect how we test for vulnerabilities and scale our web or mobile applications. During the presentation, Nathan will analyze and educate the audience on HPACK Encryption Techniques, TLS Cipher Blacklisting, and how headers and cookies are effected by the protocol implementations.
Receives the Black Badge entitled them for free entrance for next years conference.
WiFi Warrior - No Winner
RC CTF (Capture The Flag) - Handshake Team
Hacker Jeopardy - Speakers Team (Nathan LaFollette, Jason Haddix, John Menerick)