Talks


Blockchain Based OT Monitoring Solution (BBOTMS)
by: Asif Hameed Khan / Gagan Jattana

Industrial Control Systems (ICS) are no longer an Isolated system. Industrial Control Systems (ICS) are having internet connectivity capabilities. The rise of IIoT/Industry 4.0 has opened the gateway for an adversary to attack the OT environment. The last decade has shown tremendous growth of cyber-attacks on OT/ICS environments ranging from Stuxnet malware to Industroyer, Shamoon, and Triton SIS devices compromise to name a few. As the cyber-related issues are rising, it is necessary to build threat detection and monitoring capabilities for an enterprise to detect and respond to sophisticated cyber threats. This work presents a novel approach for robust monitoring of OT/ICS environment based on the blockchain technology.

Cracking Financial Systems
by: Project Nexus

Recent attacks provide insight on cyber assaults which could halt the global economy. Financial-based systems are little more than a set of promises between various online and real life entities. Processes designed to make these services safe have created new vulnerabilities. If systemic institutions were compromised, panic could spread. Better testing is needed. However, cracking financial systems is harder than it looks. Project Nexus shows how certain testing methodologies can affect financial services, retail, banking, ecommerce, and might even have an impact on our chances for success.

Hackers Don't Wear Black Hoodies, They Wear Capes
by: Chloé Messdaghi

Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain's response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.

I've Injected a DLL - You Won't Believe What Happened Next!
by: @CaptnBanana

"Over the past year I've noticed that many people are particularly interested in the field of multiplayer game hacking, since these kinds of blog posts get quite a few clicks on my blog. Detailed information of good quality on this topic is hard to find on the internet, especially documentation of game hack source codes. I think this topic is quite interesting and fascinating at the same time since game hacks are able to precisely alter the inner workings of other processes by employing modifications of assembly code or memory segments. What's even better is that people with experience in game hacking are able to transfer the knowledge into various other fields, like exploit development and antivirus evasion research. Hence, game hacking is a win for everyone :)

These are the reasons why I decided to dig into this topic myself, with the goal to share my research, code and knowledge afterwards. During the last years I've implemented various game hacks for two different games:

- A hack for the Quake3 engine based game Jedi Academy: It allows you to view enemies trough walls (wallhack), it automatically aims (aimbot) and shoots (triggerbot) at enemies. Also, it has various other very game-specific features and some convenience functions like adding custom shaders to enemies to make them more visible. Even though the game is kind of retro, the techniques I've used can be applied to modern games too.

- Hacks for the game Counter Strike: Global Offensive: It makes you immune to flash grenades that would normally block your view. It's able to hook the 3D engine of the game to add custom content to the screen, like information on other player's current weapon and status. Also, I've implemented an aimbot that's very different to the one from the other game since the underlying game engine is also different.

During the talk I will explain two methods to implement a game hack:

1. Internal Hacks: It basically works by injecting a custom DLL into the game process that's able to hook and modify game functions. I'll also explain how to implement hooking from scratch without using an external library.

2. External Hacks: They run in their own process and constantly read and write the game memory of the game process in order to alter it at runtime.

As you can imagine, implementing the same cheat, e.g. the aimbot, is quite different when doing it internally versus externally."

Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing
by: Kaustubh Padwad

"The world is moving towards smart culture everything nowadays is smart, and mostly all are those smart devices are basically embedded devices with internet connectivity or some provision to connect with the internet. Since these devices are booming in market this also tempting lots of people/groups for hacking.

In this 1 hour talk we will discuss how to test the embedded/IoT devices, it would give you a methodology for assessment, how to perform firmware analysis, identifying vulnerable components, basic approach for reverse engineering the binaries to discover potential remote code execution, memory corruption vulnerabilities by looking for native vulnerable functions in C or bad implementation of functions like System, popen, pclose etc.

After conducting static analysis,firmware analysis we will move towards dynamic testing approch which include web application testing, Underlying OS security testing, identifying vulnerabilities and misconfiguration in device. At last we will move towards fuzzing the device via web application parameters and installing aproppriate debugger on device to identify memory corruption vulnerabilities."

Quark Engine - An Obfuscation-Neglect Android Malware Scoring System
by: JunWei Song / KunYu Chen

"Android malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.

We have an order theory of criminal which explains stages of committing a crime. For example, crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we're sure that the crime is practiced.

According to the above principle, we developed our order theory of android malware. We develop five stages to see if the malicious activity is being practiced. They are

1. Permission requested.

2. Native API call.

3. Certain combination of native API.

4. Calling sequence of native API.

5. APIs that handle the same register.

We not only define malicious activities and their stages but also develop weights and thresholds for calculating the threat level of a malware.

Malware evolved with new techniques to gain difficulties for reverse engineering. Obfuscation is one of the most commonly used techniques. In this talk, we present a Dalvik bytecode loader with the order theory of android malware to neglect certain cases of obfuscation.

Our Dalvik bytecode loader consists of functionalities such as 1. Finding cross reference and calling sequence of the native API. 2. Tracing the bytecode register. The combination of these functionalities (yes, the order theory) not only can neglect obfuscation but also match perfectly to the design of our malware scoring system.

Further, we will also show a case study of Android malware and demonstrate how the obfuscation technique is useless to our engine. Last but not least, we will be open-sourcing everything (Malware Scoring System, Dalvik Bytecode Loader) during our presentation."

Index

Blockchain Based OT Monitoring Solution (BBOTMS)

Cracking Financial Systems

Hackers Don't Wear Black Hoodies, They Wear Capes

I've Injected a DLL - You Won't Believe What Happened Next!

Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing

Quark Engine - An Obfuscation-Neglect Android Malware Scoring System