Villages




Car Hacking Village

Schedule: October 7, 2020 - Day ZerØ

ROOTCON Car Hacking Village is organized by the Car Hacking Village Philippines and blessed by the elders of the main CHV community: https:// www.carhackingvillage.com/about.

The CHV PH share the same primary goal of the Car Hacking Village which is to "build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today".

With ROOTCON's Recovery Mode activated, CHV PH will be conducting workshops and will be giving talks about automotive security and basic diagnostics this year.

Agenda

October 7, 2020 - Day ZerØ

20:00 - 20:45
Car Hacking Village PH 101 by: shipcod3 and Eman0n

We don’t need roads and seat belts! This is your guide to this year’s Car Hacking Village PH and what it is all about. Not just a talk, also with actions! We will be introducing our awesome speakers and current updates about the CHV in the Philippines like how far we’ve come.

About the speakers
Jay Turla aka shipcod3 is a Manager, Security Operations (PH) at Bugcrowd Inc., and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Yahoo, Microsoft, Mozilla, etc. for his responsible disclosures. He has also contributed auxiliary and exploit modules to the Metasploit Framework. He has presented at ROOTCON, HITCON, PEHCON, DEFCON’s Packet Hacking Village, LevelUp 0x06, DragonCon, Bsides Myanmar, Nullcon and TCON. He used to work for HP Fortify where he performed Vulnerability Assessment, Remediation and Advance Testing. His main interest or research right now is about car hacking and is currently one of the main organizers of the Car Hacking Village of ROOTCON / Philippines which is recognized and supported by the Car Hacking Village community.

[email protected] is a clinical psychology major who has a knack for information security, most definite to identifying vulnerabilities when it comes to the human participation in processing information and its transition from user-to-user. He has been a consultant for different companies, helping them develop their best practices in information handling to avoid malicious attacks like fraud and confidential information leakages. His contribution is also found in testing revenue generating platforms through social engineering, targeting flaws in transactional processes for banks, finance groups, telco, etc. He was fortuned by Rootcon to be one of its Goons, with this he has been one of the contributors that brings about the largest hacking conference that takes place in the Philippines yearly (ROOTCON). Jami on the other hand is also the resident grease monkey of the team, which comes very handy in organizing and researching for the car hacking village of Rootcon. To your surprise, he is also your humble HR guy during the day.


20:45 - 21:30
You Are Also A Car Mechanic by: Jayjack (J4yJ4ck)

Nowadays, cars are also considered a necessity. In our lifetime, it is a privilege to learn how to drive one. And a choice to know how to fix and maintain your own. This talk will help you understand the basics of an automotive system and how you’ll be able to find courage to try and fix your own. Learn about the fundamentals of EUT (Engine, Underchassis, Transmission).

About the speaker
Jayjack is an experienced Automotive Technician / Mechanic of different brands of automobile and a CyberSecurity enthusiast. A walking wrench with a hackers mindset combined. His interests lies in Vulnerabilities of Automotive Systems. #AlsoAHardcoreGamer #AlsoAScratchGolfer




21:30 - 22:15
A Modern Day of Tweaking Your Ride by: Jef D.( JCDTUNED )

Know your limits and maximize the capability of your car. Modify the existing code of your car's ECU or completely replace it with a new code to deliver more optimized performance. Do you want better fuel efficiency? Then, let's target the brain to gain power in this talk that will tackle the basics of ECU remapping.

About the speaker
Jef D. is an experienced car tuner and enthusiast for more than 10 years. He is a Computer Engineer and also an Aircraft Mechanic. He is currently a Cybersecurity Consultant. His interests are Hardware Hacking, IoT/OT and Penetration testing. #JCDTuned
#ECUTuner
#Dragracer
#EngineBuilder
#AfterMarketSupplier


22:15 - 23:00
The Tale of Two Benches by: Peisi, Alina, and Edmund

When a car is as expensive as a house (in Singapore), no one in the right mind would inject malcode into his/her vehicle. The only sane way is to learn through a test bench. This talk will feature two benches built by the Car Security Quarter (CSQ), our journey and lessons learned. We will also describe the challenges faced when building a vehicle IVI system and how we overcome it.

About the speakers
Peisi Tan Pei Si (Kaskrex) is a seasoned developer with a strong interest in cybersecurity. Pei Si is an active advocate in the Singapore cybersecurity community — she actively contributes to Division Zero (Div0) and Infosec In the City/SINCON. She is also the pioneer member of Div0’s Car Security Quarter (CSQ). Pei Si’s interest lies in Digital Forensics & Incident Response (DFIR), hardware hacking and DevSecOps.

Alina Alina (0x410x54) Tan is the founder of Division Zero’s (Div0) Car Security Quarter (CSQ). Her expertise lies in securing Operational Technology (OT), Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems — specifically on the offensive security of these systems. Her interest lies in pentesting OT and automotive systems.

Edmund is an experienced software functional tester & vehicle tester. He is also the pioneer member of Div0’s Car Security Quarter (CSQ). Making a switch into cybersecurity, his interest lies in hardware hacking & pentesting in automotive systems as a start. #animallover #gamer

Operators

shipcod3 (@shipcod3)
[email protected]



Red Team Village

October 8, 2020 - Day 1

Red Team Village (https://redteamvillage.org) is a community driven combat readiness platform for Adversarial attack simulation, Red teaming tactics and Offensive security operations. This community is managed by a group of cyber security and red team tactics enthusiasts. A red teamer needs to be skilled in every aspect of Adversarial Simulation and offensive security operations. We can consider this as a platform to share tactics, techniques, and tools related to various domains of adversarial attack simulation. We have been organizing workshops, talks, demonstrations, open discussions, Capture the flag challenges (CTF) and other exercises at Cyber Security conferences for the past 4 years. We do design real life corporate CTF scenarios with the same network architecture and defensive mechanisms used by the organizations. The CTF players needs to do the red teaming against this infrastructure which protected and monitored by Blue teams. This village welcomes Red teams, Blue teams and Purple teams. Blue teams get to know the attack tactics used by the adversaries, and Red teams get to learn the security monitoring/detection techniques used by the SoC teams. A collaborative purple teaming culture can be cultivated.

Community URL: https://redteamvillage.org/
Twitter: https://twitter.com/redteamvillage
Facebook: https://www.facebook.com/redteamvillage
Discord: https://discord.gg/5Tq9ebE

Agenda


10:00 - CTF Opening


10:00 - 12:00
Workshop - Adversarial Simulation Lab using Splunk Attack Range by: Rod Soto, Principal Security Research Engineer at Splunk

Abstract: The Splunk Attack range framework provides different tools to allow security analysts to test network, host and applications against a number of known adversarial TTPs based on Mitre ATT&CK framework. The Splunk Attack Range framework allows the security analyst to quickly and repeatedly replicate and generate data as close to "ground truth" as possible, in a format that allows the creation of detections, investigations, knowledge objects, and playbooks in Splunk Phantom. This 2 hour workshop will provide attendants with access to Splunk Attack Ranges containing adversarial simulations engines (Caldera, Atomic Red Team), target machines and a Splunk server receiving attack data. Instructors will provide step by step instructions on where to get the code for the framework, how to build it and how to use it to simulate attacks, create detections and defense artefacts.

About the speaker
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.


13:00 - 13:45
AMSI.FAIL(s) by: Melvin Langvik

Showcase and background information for the AMSI.FAIL project, as well as examples of possible operational usage.

About the speaker
Melvin Langvik - Melvin Langvik is a 24-year-old computer engineer with a life-long passion for offensive-security. He is currently working for BDO CyberSecurity in Norway as a penetration tester and previously worked as a C# Azure Developer and Integrations engineer. Melvin considers himself passionate in the field and loves contributing to the community. In late 2019 he broke into the HackTheBox hall of fame.


13:45 - 14:30
Gathering Vulnerability Intelligence from Darkweb by: Nandakishore Harikumar

It’s not new for Red teams and offensive hackers to buy 0day exploits from Darkweb. In last two year there has been a lot of Incidents where Red Teams/ offensive Security researchers need to regularly keep their third vision in these darkweb portals where they sell 0day exploits and other vulnerabilities ensuring the anonymity. Zoom to Tor, Exploits were easily accessible. Threat intelligence has opened up a scope of a new extended area of Vulnerability Intelligence that need to be gathered from Darkweb and other deep web platforms. The network of anonymous groups are extended from Darkweb to the Telegram/Jabber and to their marketing side on twitter handles which helps them to gain attention from Cyber Security journalists.

About the speaker
Nandakishore Harikumar - is a cyber security entrepreneur. He is the CEO and Founder of a Cyber Security Start-up named Technisanct. Widely quoted in national and international media. He is an Engineer turned Entrepreneur. His start up is backed by IIT Mandi, Data Security Council of India (DCSI), India Accelerator Program and GAN(Global Accelerator Network). He was also the co-founder of the private intelligence firm Seclabs and Systems based out in Noida, Delhi


14:30 - 15:15
The Year of the C2 (Command & Control) by: Quentin Rhoads-Herrera & Charles Dardaman

DeimosC2 is a Golang built command and control application that supports multiple communication methods such as QUIC, TCP, HTTPS, DOH, and pivot TCP. We have agents that are run on Windows, Linux, Darwin, and Android with iOS to come. For security purposes each listener has its own public and private RSA key that wraps AES encryption with the agent to make forensics more difficult. Each agent also supports functionality such as jitter, delay, EOL, and live hours to make it harder to detect. We also support webshells for the times that you have an arbitrary file upload on a website that allows you to manage your webshell. You can than take that webshell access and deploy a C2 agent to further your control over the victims device. DeimosC2 also supports modules for multiple operating systems that have both agent and server sections. This allows us to collect looted data. DeimosC2 has a GUI that is built with Vue.js that makes it easier to use and supports collaboration between multiple red teamers. It supports MFA, password length restrictions, and two user roles (admin and user). The C2 server also supports archiving of the database and all log files for historical purposes which can also be replayed if the C2 infrastructure needs to be stood back up, to include the compiled agents that were used during the engagement. One of the key features of DeimosC2 is that agents and modules can be developed in any language as long as the responding format to the C2 server is in the correct format which we made as JSON to simply everything. This makes it easily extendable. It is also easy to add custom agent functions like we did after a DefCon talk released the concept of Domain Hiding which we instantly added for our HTTPS agent. DeimosC2s future is moving towards mobile as a way to highlight the lack of security around enterprise mobile devices.

About the speaker
Quentin Rhoads-Herrera - As CRITICALSTART’s director of professional services, Quentin leads the offensive and defensive teams known as TEAMARES. He is an experienced security professional with expertise in security analysis, physical security, risk assessment, and penetration testing. Quentin’s diverse background is built from a variety of staff and leadership positions in IT, with specific experience in threat and vulnerability management, penetration testing, network operations, process improvement, standards development and interoperability testing.

Charles Dardaman - As a Senior Adversarial Engineer on TEAMARES, Charles brings numerous years of experience in both offensive and defensive security. He is an expert in both network and web application penetration testing, as well as reverse engineering and binary analysis. He is an active member of the local security community, and often speaks at cybersecurity meet-ups.


15:15 - 16:00
Data Enrichment and Intels to automate operational intelligence by: Haran Kumar

Recent problems in mitigating cyber attacks are the threats evolving into a highly sophisticated landscape. It is challenging to address “Known unknowns and unknown unknowns”. As data sets increase in size and complexity, the human effort required to inspect dashboards or maintain rules for spotting infrastructure problems and cyber attacks. Enriching your internal telemetry and automated threat intel lookups even at pre ingestion phase of the data provides more value to the data set in efficient hunting and automates the production of highly valuable operational intelligence. This Paper talks about the automation of enriching data alerts and telemetries both at pre ingestion and post ingestion methods to addressing sophisticated threat landscapes.

About the speaker
Haran Kumar - Skills driven and passionate security professional with extensive experience in SOC architecture, SIEM log Management, Endpoint security, Incident Response and cybersecurity operations. Currently living his security passion by helping projects and prospects in architecting security solutions with Elastic stack. Working as a solutions architect managing cybersecurity use cases as security specialist with Elastic.


16:00 - 16:45
DockerENT: Open source docker runtime analysis framework by: Rohit Sehgal

DockerENT is activE ruNtime application scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and Web Interface written with StreamLit. DockerENT is designed keeping in mind that during deployments there weak configurations that are sticky in production deployments and lead to severe consequences. This application connects with running containers in the system and fetches the list of malicious runtime configurations and generates a report. If invoked through CLI it can create JSON and HTML report. If invoked through web interface, it can display the scan and audit report in the UI itself. More at https://github.com/r0hi7/DockerENT

About the speaker
Rohit Sehgal - OSCP Certified, Master’s degree from IITK with specialization in System Security and more than 3 years of professional security experience, across Development of security services, Penetration Testing, SecOps, System Security, SSDLC and Security Architecture. Experience in writing Checkmarx SAST Audit Queries (CxQL). Experience working with SAST & DAST tools. Currently Cybersecurity Engineer at Visa. A proud Author, Engineer, Maintainer, and Architect of extremely reliable and privacy friendly hosted disposable email service TrashEmail. Also Engineer and maintainer of a tool that can identify the weak configurations inside running dockers containers DockerENT. Authored a book and delivered various security sessions at International conferences. Inventor of 2 Patents and 1 Trade-secret. An active open source contributor. Drop by his GitHub too, there are really cool and awesome stuff, and you will love it. Delivered various global security trainings at past and current organization. Loves to create challenging problems for CTFs. Hosted a couple of CTF events organization wide and in public domain. Actively working to make security simple and reachable to every developer. An adventure freak, who loves to travel and call himself a philanthropist, a coder and ctf-player in his free time. Involved in active research in and around security.


16:45 - 18:45
Hacking Modern Desktop apps with XSS and RCE by: Abraham Aranguren, Security Trainer, Director of Penetration Testing - 7A Security

If you are the kind of person who enjoys webinars with practical information that you can immediately apply when you go back to work, this webinar is for you, all action, no fluff :)“Hacking Modern Desktop apps: Master the Future of Attack Vectors” is a desktop app security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your desktop app security auditing kung-fu to the next level. The course covers attacks and mitigation against desktop apps on Linux, Windows and Mac OS X. The focus focuses on Electron but the techniques covered will be helpful against other desktop platforms, as well as CSP bypasses and other web security techniques. In this brief 60-minute webinar we will explain what the course covers and give you a few lab samples covering the following topics:

- Essential techniques to audit Electron applications
- What XSS means in a desktop application
- How to turn XSS into RCE in Modern apps
- Attacking preload scripts
- RCE via IPC

Attendants will be provided with training portal access to practice the attack vectors covered. This includes: Lifetime access to a training portal, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises

About the speaker
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” - a hands-on eLearnSecurity attack / defense course(www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP,OSCP, GWEB, OSWP, CPTS, CEH, MCSE: Security, MCSA: Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/


Operators

Abhijith (https://twitter.com/abhijithbr)
Sreehari (https://twitter.com/sr33h4ri)
Thoufeeque (https://twitter.com/thoufeequens)
Vishnu Prasad
Adithya (https://twitter.com/adithyps)