ROOTCON 9

September 18-19, 2015 Taal Vista Hotel, Tagaytay City
Media direct downloads || Back to past events


Talks

How to Shot Web: Better Web Hacking in 2015
by: Jason Haddix
(PDF)
2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that every tester can take home and use. Jason will focus on philosophy, discovery, mapping, tactical fuzzing (XSS, SQLi, LFI, ++), CSRF, web services, and mobile vulnerabilities. In many cases we will explore these attacks down to the parameter, teaching the tester common places to look when searching for certain bugs. In addition he will cover common evasions to filters and as many time saving techniques he can fit in.

BackDooring Git
by: John Menerick

Join John Menerick for a fun-filled tour of source control management and services to talk about how to backdoor software. He will focus on one of the most popular, trendy SCM tools and services out there – Git and GitHub. Nothing is sacred. Along the way, he will expose the risks and liabilities which one is exposed to faulty usage and deployments. When John will be finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project.

Open Source Internet Infrastructure Insecurity
by: John Menerick

Over the past 30 years, the Internet and open source software have worked in tandem. The Internet has provided an environment for open source software to prosper. Some would say the Internet and open source software are indistinguishable. From low level cryptography to critical services, the Internet’s foundation is built upon open source building blocks, these blocks are crumbling.

This presentation will tread through popular open source projects, common fallacies, peer into 0days, walk trends, and break code. When John will be finished, you will be able to use the same techniques and tools to break or protect the Internet’s building blocks.

Unmasking Malware
by: Christopher Elisan
(PDF)
Malware comes in different shapes and sizes, they are even produced in a massive scale. But attackers know that this is not enough, malware has to be protected.

Join Chris on his presentation, as he will present the different techniques attackers use to protect and mask malware to bypass security products and analysis. Chris will show how attackers have perfected this methodology giving them the capability to automate malware masking to match the massive malware production done on a regular basis. But there is hope, in this talk, Chris will also present different techniques on how to "unmask" malware to reveal its true nature.

Hacking Time
by: Carlos Tingson

Of course it's Hacking Time, this is a hacker conference, right?

But what if we hack time? Yes, time! Time has been a source of fascination and inspiration for a lot of people, from Isaac Newton to Stephen Hawking. But why hack time? Stealing some seconds would not generally turn back time, but a lot of things would certainly go off sync, causing some guys miss some kisses. This talk will try to look at the seemingly harmless things that we often take for granted and how they can suddenly become a National Security Issue. We will try to have a fun way to dissect how time intersects with every aspect of our daily lives. And of course, Carlos will try not to waste your time.

Hiding Behind ART
by: Paul Sabanal
(PDF)
The introduction of the new Android Runtime (ART) brings several improvements in Android. But, as with any new technology, it also brings new ways to conduct or enhance malicious activities. Join Paul in his presentation, as he details one of those ways.

Once an attacker or malware has gained access to the Android device, t he next step is to find ways to hide itself and gain persistence, and this is usually achieved by installing a rootkit. The majority of these rootkits are kernel mode rootkits and the common way of achieving persistence is by modifying files in the system partition. However, recent advancements in Android security, such as verified boot, have made this increasingly difficult. His presentation will demonstrate how to go around this difficulty by taking the game out of kernel mode and out of the system partition. We will show you how to take advantage of the mechanisms of ART to create a user mode rootkit.

Paul tart with a discussion of past Android rootkit research and how these techniques have become increasingly difficult to use in modern Android systems. He will then go deep into ART internals where he will discuss the file formats and mechanisms relevant to rootkit creation. After we have understood the mechanisms involved, we will then discuss methods of crafting a rootkit (i.e. what to change, where to find them, how to change them), and techniques on gaining persistence on the system. We will also examine the limitations of this approach and possible future work in this area.

The talk will conclude with a live demonstration of an ART rootkit.

Building Automation and Control: Hacking Energy Saving System
by: Philippe Z Lin
(PDF)
BACnet is an ANSI/ISO protocol for building automation and control systems for applications such as heating, ventilation, air-conditioning control, lighting control, etc. (Wikipedia) In this talk, Philippe will demonstrate how to use Shodan to find BACnet devices exposed on the Internet, and to retrieve and analyze information from them. He will also discuss possible security impacts on its massive deployment and take subsidized installation in Taiwanese schools as an example.

Detecting Indicators of a Compromise Using an SDN-Based Network Access Control Implementation
by: Mon Nunez & Paul Prantilla
(PDF)
From the research of Mon and Paul.

The focus of this talk is to show how Software Defined Network (SDN) technology can be used to implement common Network Access Control (NAC) functionality with a level of versatility and programmability that are not found in bare metal switches.

Leveraging on the benefits provided by SDN Technology, this research explores a novel approach in implementing a simple NAC platform using off-the-shelf Raspberry Pis, a basic OpenFlow compatible switch, and the POX application framework. A single Raspberry Pi is commissioned to function as an SDN controller which offloads complex processing from the said switch. The Pi controller, via DNS interceptions, is able to determine if a network traffic originating from an internal client machine is attempting to connect to a malicious domain. When a malicious domain name query is detected, the Pi controller will push appropriate configuration changes in the switch to isolate the offending client, and then place it in a remediation network.

Optimizations are also implemented to significantly reduce the number of operations and queries performed by the SDN controller when detecting compromises.

Incident Response for Targeted attacks
by: Jose Ramon Palanco
(PDF)
During the talk Jose will explain: - How is organized a SOC (key people, tools, methodology):
- How to set up a SIEM and correlate events:
- How to create IoC (Indicators of compromise, like snort rules, yara signatures, ..):
- Jose will introduce to targeted attacks and he will show a example of analysis of a targeted attack against SCADA protocols (HAVEX):

How safe is my system from reverse engineering
by: Markku Kero

When we let people use any program that we make, we will need to let them have access to the program. Often we feel that once we have compiled the program, our source code is hidden and our intellectual property is secured. We feel that the internal details of our system are hidden, and cannot be known by others without permission. But is it really so? How easy is it to reverse engineer a program, to find out how it works, and to know its vulnerabilities and hidden secrets? How can we protect our programs, or can we? In this session we will take a look at several programming languages and operating systems, and get an idea of how easy it is to reverse engineer applications, and how exactly the reverse engineering process would work.

Fixing CSRF Vulnerabilities Effectively
by: Lu Zhao
(PDF)
Cross-site request forgery (CSRF) vulnerabilities have been in the OWASP top 10 list for many years. Many web applications, especially those written before CSRF was discovered, are vulnerable to this kind of attack. Our talk first gives a deep analysis about its nature, and demonstrates how it can happen. Afterwards, we analyze and present a solution with code examples that can be easily applied into web applications including legacy code. Our solution set has several desirable features:

1. it has a modular structure and a well-defined API interface, so that web applications can get CSRF protection by simply calling a couple of interface functions;
2. we protect both POST and GET methods using an internal translation scheme, and the distinction between the two is transparent to application code;
3. the same solution can be conveniently applied in both developing new web applications and hardening legacy code.

Once more unto the data breach
by: Steve Miller
(PDF)
Sufficiently motivated attackers will improvise, adapt and overcome all security technology in order to breach their target networks. Join Steve Miller, Security Strategist for FireEye in APJ, as he discusses evolving attacker methods, and examples of data breach in action.

Oh My Honey: Honeypots (or honeynets)
by: Ray Torres
(PDF)
Oh My Honey: Honeypots (or honeynets) are systems used for luring and monitoring attackers by masquerading as real servers. One approach that is used as an application of honeypots are honeywords. Honeywords are fake passwords that function as an alarm when the account associated with the fake password is used in a server. A possible camouflage for a honeypot is to make it seemingly hardened and secure, with the honeyword credential as ideally the only point of entry for attackers. Integrating all of these functionalities with a jumpoff server setup capable of transitioning from a normal production setup to a ghost network setup that simulates a real production network, this design gives security administrators a better understanding of an attack, based on the extent of the knowledge of the adversary, and provides additional insights to improve an organization’s incident response plan.

What Hacker Sees
by: JIM

This talk is inpired by Johnny Long's No-Tech Hacking wherein we will try to dissect, unpack and apply its context in the Philippines. We will reveal proofs and evidences of some of our hacking escapades, routines, and mis-adventures and let the audience evaluate of what's wrong in the pictures in the context of information security.

Understanding HTTP/2
by: Nathan LaFollette
(PDF)
A new HTTP Protocol Standard is here. Nathan will review the HTTP/2 protocol in-depth - the good, the bad, and the ugly. HTTP/2 will greatly effect how we test for vulnerabilities and scale our web or mobile applications. During the presentation, Nathan will analyze and educate the audience on HPACK Encryption Techniques, TLS Cipher Blacklisting, and how headers and cookies are effected by the protocol implementations.

Speakers

Carlos Tingson
Carlos Tingson is currently a student pursuing an MSc in Information Security here at the Information Security Group, Royal Holloway University of London under a British Chevening Scholarship. He specialized in Cyber Security and Cyber Crime. Carlos Tingson is an Army Captain by profession, his latest assignment is with the Presidential Security Group, based in Malacanang Park, Manila. he previously served with the Army's Special Operations Command and the 2nd Infantry Division. He graduated from the Philippine Military Academy with a degree in Information Systems. He also hold a Postgraduate Diploma in Research and Development Management from the University of the Philippines. A Certified Ethical Hacker (v. 7), Computer Hacking Forensics Investigator (v. 8), and EC-Council Certified Security Analyst. Carlos Tingson have been a regular Rootcon attendee since RC6. Not a pirate, Not a ninja, but had his fair share of ass kicking.

Christopher Elisan
Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. Aside from speaking at various conferences around the world, he frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Christopher Elisan is also a published author. He authored "Advanced Malware Analysis" and "Malware, Rootkits and Botnets." He co-authored "Hacking Exposed: Malware and Rootkits." All books are published by McGraw-Hill.

Jason Haddix
Jason is the Director of Technical Operations at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security assessments, cursory mainframe security analysis, cloud architecture reviews, wireless network assessment, binary reverse engineering, and static analysis. He is also a frequent player on the Shellphish CTF team. Jason lives in Santa Barbara with his wife and two children.

JIM
CLASSIFIED
UNDISCLOSED
All we know is a ninja that p4wns teh n1gh7

John Menerick
John works on Security @ NetSuite. John’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.

Jose Ramon Palanco
Jose Ramon Palanco is currently CTO of Drainware, Inc., a security company with offices in U.S and Spain: Palo Alto (California) and Madrid. In the past he has worked at Deloitte CyberSOC, managing incidents response (Tier 3). He studied Telecommunications Engineering at the University of Alcala de Henares and Master of IT Governance at the University of Deusto. He has been speaker at OWASP, ROOTEDCON and MALCON.

Lu Zhao
Lu Zhao got his Ph.D. in Computer Science with specialties in trusted computing, abstract interpretation, formal verification and program logic. He worked in designing and developing static analyzers for security at HP Fortify for three years, during which he gave talks about analyzing programs to find vulnerabilities in conferences and filed two patents in the security analysis area. He is now a principal application security engineer at NetSuite Inc. His primary job is building security features for NetSuite cloud services including securing data accesses, eliminating vulnerabilities, and preventing attacks. He also works on security reviews and automated security testing. He has a wide range of interests in computing, including security, programming languages, abstract interpretation, program analysis, formal verification, and automated constraint solving.

Markku Kero
Currently Markku Kero is the CEO of Eqela and Job and Esther Technologies. He also serves as Chief Software Architect for both companies. Over the last 15 years, Markku has been the driving force behind some of the most compelling technologies that have consistently been ahead of their time, overseeing the implementation of a 2G-compatible mobile voice over IP technology implementation, a mobile messaging system unifying email, SMS and instant messaging, a multi-device operating system and now automated programming language translation technology. He has founded and managed several companies in this field, previously Inceptions, Inc. and Kolipri Communications, currently Job and Esther Technologies and Eqela.

Mon Nunez
Mon has more than more than 14 years experience in network management and security, specializing in computer security, large-scale network deployment, system administration, and network forensics. He has been a consultant to international organizations such as WHO and NEC, is the Co-Head Security Architect of DOST-ICTO for the Integrated Government Project (iGov), the Network Infrastructure and Security Consultant of the UP Computer Center, and is currently the Director for Security at Chikka Philippines.

A member of Team Manila, Mon, with Paul Prantilla, has competed in the DEFCON 22 in Las Vegas this 2014. The team participated in multiple contests achieving 4th out of 264 teams for the Network Forensics Puzzle Contest (NFPC), and also 4th at the Capture the Packet Contest (CTP) championship round. They also competed in the 2014 Capture The Flag contest at Hack In The Box, Kuala Lumpur -- making them the first and only team from the Philippines to ever compete in an international CTF event.

Nathan LaFollette
Nathan is a Global Information Security Leader. He currently is the Managing Consultant at Trustwave SpiderLabs focusing on Web and Mobile Application Security for the top Fortune Companies. He has been interviewed and published by SC Magazine, Network World, Cisco, and Gartner, and has acted as a trusted advisor to many Corporate CEOs on Best Security Practices. Nathan has presented at numerous international security conferences and has extensive penetration testing experience that spans the past 18 years. He is actively involved in the Security Community and has recently created an Cyber Safety Program for Kids.

Paul Prantilla
Paul Prantilla got his masters in Computer Science from UPLB and currently is working on his PhD on Computer Security in UP Diliman. After a brief stint teaching graduate school, Paul became the first IT Director of UPLB, worked in the United Nations Population fund, and then in Chikka Philippines. While in Chikka, Paul worked with Mon Nunez to launch groundbreaking IT services in Smart - including Smart PowerApp and Internet for All. During this time, they became regular attendees of DEFCON and consistently attained a top 4 finish in multiple DEFCON contests. Currently, Paul works as the Director of Planning and Strategic Roadmapping in Globe's IT Division.

Paul Sabanal
Paul Sabanal is a Security Researcher on IBM Security's X-Force Advanced Research Team. He has more than a decade of experience in the Information Security industry, mainly focusing on reverse engineering and vulnerability research. He has previously presented at several conferences such as Blackhat and Hack In The Box, primarily on the topics of reverse engineering, sandbox vulnerabilities, and mobile security. His main research interests these days are in protection technologies, mobile malware, and IoT security. When not in front of a computer, he enjoys Disney movie nights with his daughter, playing weird instruments in a band, and pajama wrestling.

Philippe Z Lin
Philippe Lin is a staff engineer in Trend Micro. He works in data analysis, machine learning, fast prototyping and threat research. He was a BIOS engineer in Open Computing Project. Active in open source communities, he is a hobbyist of Raspberry Pi / Arduino projects and the author of Moedict-Amis, an open source dictionary of an Austronesian language.

Ray Torres
Ray Torres is an IT Security enthusiast and practitioner. He likes to read daily updates of security-related topics and tries to maintain a white-hat mentality at all times when he sees a new CVE. *wink wink*. He graduated from the University of the Philippines Diliman and has a bachelor’s degree in Computer Science (he doesn’t like to brag but he graduated as Magna Cum Laude from the said university *wink*). Currently he is taking his postgraduate studies in the same university. He also goes to the gym 3 times a week and tries to maintain a healthy lifestyle. On his leisure time, he reads legal-thriller books by John Grisham or looks for open wifi access points (for free internet of course).

Steve Miller
Steve Miller is an incident response professional and the Security Strategist for FireEye in Asia-Pacific and Japan. Steve has over 10 years of experience in areas such as computer forensics, communications signals analysis and intelligence program management.

Steve's background includes work for the U.S. Army, the National Security Agency, Cornell University, the U.S. Department of State, and the U.S. Department of Homeland Security.

As a part of FireEye's 24x7 incident response service, Steve leads security operations in APJ and also contributes to threat research and detection management. In his spare time, he rides a totally rad BMW F800GS motorcycle.

Contests

Receives the Black Badge entitled them for free entrance for next years conference.
WiFi Warrior - No Winner
RC CTF (Capture The Flag) - Handshake Team
Hacker Jeopardy - Speakers Team (Nathan LaFollette, Jason Haddix, John Menerick)

Pics

ROOTCON 9 Pics

⇑ Back to top