Talks

Legend
Demo    Video    Tools


7 sins of ATM protection against logical attacks


by: Timur Yunusov
Everyone is perfectly familiar with logical and black-box attacks on ATMs. But hardly any countermeasures have been taken so far: banks are sure that their devices are perfectly protected, until hackers prove them wrong. The most frequent reason why this happens is developers, engineers, and security staff' lack of expertise: they have a vague idea on attacks sources and vectors and what they should monitor and improve. In this presentation, we'll discuss in detail how exactly hackers break into ATMs and bypass security measures to make machines spit out all the money.

     

Breaking into the iCloud Keychain


by: Vladimir Katalov
Do you remember 'celebgate'? Well, iCloud is not just about backups and private pictures. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud. iCloud Keychain (that keeps your passwords and credit card data) is the most protected data among all other iCloud-synced categories, but still there is a way to break into it, and funny enough, it is *easier* for the accounts with two-factor authentication enabled.

     

Demystifying The Ransomware and IoT Threat


by: Christopher Elisan
We have seen a rise in Ransomware attacks in the past year. While we are recovering from these attacks a new wave of DDoS attacks using IoT devices suddenly thrust into the limelight. In this talk, I will discuss all the stages of a ransomware attack. How it works and how a researcher can handle each of the stages with tried and true analysis techniques. I will then shed light on how IoT are used in DDoS attacks by discussing how the malware used in the latest IoT DDoS attack works and how it can be manipulated for future attacks. Then I will discuss how a combination of Ransomware and IoT attacks can be a bigger threat in years to come.

     

Dissecting Exploit Kits


by: Daniel Frank
The Exploit Kit market has been evolving during the past two years, while APJ users are among the most affected victims. The presentation will briefly overview the Exploit Kits market, guiding the audience through the infection flow, from the landing page, through malicious JS and Shellcode execution, to the final payload, such as Ransomware or Banking Trojans. Live demos of stepping through the infection flow of two Exploit Kit variants will include: JavaScript deobfuscation, Shellcode and other malicious payload Reverse Engineering and analysis.

     

Drone Hijacking and other IoT hacking with GNU Radio and SDR


by: Arthur Garipov
Internet of things is surrounding us. Is it secure? Or does its security stand on (deemed) invisibility? SDR (Software-defined radio) and GNU Radio can answer these questions. In this presentation, we will play some modern wireless devices. They have similar protocols, and none of them encrypts its traffic. We will show how easy it is to find them using SDR and proprietary chipsets, and how to sniff/intercept/fuzz these devices using a small python script and GNU Radio. As an example we will show a Mousejack attack to wireless dongles, wireless keyboard keylogger and even a drone hijacking.

     

Finding Your Way to Domain Admin Access and Even So, the Game Isn’t Over Yet.


by: Keith Lee
In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues. We want to fill the gap from after cracking a password hash (normal user) from NetBIOS/LLMNR/WPAD attacks to compromising the entire Domain as well as solving a few tricky issues that we as penetration testers face.

     

Hunting Hunters with OSint


by: Michael Rebultan
Passive and reactive are the common denominators of a security breached. With this presentation, proactive approach will be showcase for the IT security professionals who are specially into SOC's, Analysis, and Forensics; where using Open Source Intelligence, adversaries can be defeated in no time. Just like any Hacktivists, they enumerate as much data as possible on their targets; from Social Engineering up to the C2 level in utilizing the OS Intelligence. Reversing the kill-Chain by proactively anticipating their attacks (DDOS, Brutefore, Ransmware, Unauthorized Scanning, etc…) is an efficient way of defending everyone's turf. I would be presenting and demonstrating different ways and tools that a security analyst and a cyber-forensic investigator could leverage as their Arsenal.

     

The future of ApplePwn. How to save your money.


by: Timur Yunusov
It was obvious that this attack was possible by default: if the phone is jailbroken, then it's possible to steal the money, but for some reason everyone claimed about the opposite, considering "Apple Pay is the Most Secure Form of Payment". This is exactly what I would like to refute, considering in detail the flaws of Apple Pay on the phone (payment in applications and the web). The Apple Pay API allows you to do a lot on the client side (phone), which increases the possibility of attacks: request additional fields, do not sign the current fields, etc., which makes it possible to turn Apple Pay into a really "the most popular system for fraudsters".

When people ask about wireless payments (PayPass, ApplePay, SamsungPay, etc), everyone certainly claims that ApplePay is one of the most secure systems. The separate microprocessor for payments (Secure Enclave), absence of card data storing/transmitting in plaintext during payments - it looks like an ideal defense. However, the devil is in the details! We'll present the specially developed opensource utilities which demonstrate an example how hackers can reconnect your card to their iPhone or make fraud payments directly on the victim's phone, even without a jailbreak.

     

The rise of security assistants over security audit services.


by: Yury Chemerkin
Mobile applications have not only become daily things of our lives, but they have also become a part of XXI culture. Corporate IT and security professionals have same needs with typical customers who manage personal information only. To understand a security, users should keep in mind what happens with their OS, applications, and its data and divide risks into vulnerability and privacy group. The first group refers to actions that break either application or OS. It usually designed to rare involve any user actions to break security mechanisms and get access to user data. The second group refers to privacy issues and describes cases when data stored or transmitted insecurely. Developers ignore the data protection until they faced something or someone who makes them implement a protection, as it should be designed. Developer's privacy policies describe how much every developer cares about data, protect everything and assure users his app provides 100% guarantees. Many security companies develop their risky applications to show customers how much good their data protected. They use (or develop their own) automatic scanners to analyze application code and provide an auto-generated report. Anyway, no one of them can clearly say what data items protected and how bad that protection is. In other words, should user worry about non-protected HTTP connection if he does not know what data transferred over it? The downloading news might be acceptable; transmitting device information, geolocation data and credentials over the network in plaintext is not acceptable. Same to out-of-date OS. Is previous version so bad to worry to rush into an update or not? How was many user data items consumed by 3rd party services like Google/Flurry analytics? The last question is usually how much money user data does worth? The cheapest software costs less than $50; the average one does in 10 times more and forensics software costs over thousand dollars up to $20,000 that gives access to thousand devices and million data items. The saddest part of this story is 'Speed-to-market' idea that helps them to grab data from thousand applications improperly protected, especially, if customers use same data among more than one applications and have at least one bad protected the application. More same data shared between applications and more applications you use, the higher risk of data leakage customers obtains eventually. A new set of security challenges has been already raised. To answer this, we have been examining many applications to have the opportunity make results widely useful and available for IT and security professionals as well as non-technical customers to stay informed about app insecurity. The goal is integrating and introducing security, data privacy compliance to mobile application development and management. It helps to educate customers with useful security & privacy behavior mindset. Spreading information in different ways such as bulletins, EMM integrated monitoring service, or simple reports is a way to solve insecurity issues and help to reduce risks when using mobile applications.