No announcement yet.

Skytalks IV - Speakers and Abstracts

  • Filter
  • Time
  • Show
Clear All
new posts

  • Skytalks IV - Speakers and Abstracts

    In the order presenting (unless things change), here's the speakers I have and the brief abstracts submitted:

    When the Going Gets Wierd, the Wierd Turn Pro

    Imagine a Richard Thieme speech, except more British and more inebriated. Don't let that fool you, however, Databeast is pretty sharp!


    Distributed Denial of Service Attacks for White Hats
    Will Vandevanter

    Unfortunately there is limited information on techniques and processes businesses can use to test their own servers against realistic DDoS attacks. This presentation will give techniques and process for simulating a DDoS attack against a companies own servers or similar systems as part of a penetration test. We will discuss DoS attack types, setting up the bots, performing the attacks, and administering the bots themselves. This presentation is technical in nature. We will also be linking to tools that can be used to perform the DoS attacks (along with tools we've written), AMI instance and Virtual Machines designed specifically for this type of testing, and a simple console we developed to administer the bot herder and bots. The techniques discussed in this presentation have been tested during assessments in which the target organization has asked us to perform DDoS attacks as part of a penetration test or using information gained from packet captures during incident response assessments of DDoS attacks.


    Alice and Bob are Fucked
    Jason Ross

    Pfft. Alice and Bob. They think they're so smart, prancing around thinking up ways to communicate without letting anyone else in on what they're saying. Mallory is tired of their games, but she's even more tired of the hoops she has to go through to get into the middle of their conversations. She's been staring at iptables setup scripts, and sifting through pcaps, and ARP spoofing networks long enough to know that there has to be an better way to do it. So, she made one. Hey Alice and Bob, here's a message for you: Mallory is here with a bunch of new tricks. Good luck keeping her out.


    If you want to go phishing, you need the right bait…
    Jason Malley

    In fishing, if you want to catch the prize winner, it helps to have the right bait. In phishing, if you want that elevated user’s credentials, you also need the right bait. Using Metasploit and VM tools for live bait and a minimum amount of schmooze to chum the waters, we will land us elevated user credentials by exploiting the trust people have for their own networks. After all, if you can’t trust your own server, who can you trust?


    TSA-Proof Get Home Bags
    Joe Schorr

    Geared to savvy business travelers, this presentation will show you how to prepare for getting home during/after a major civil disruption due to terrorism or weather. Carrying an airline-friendly 'Get Home Bag' packed with proven tools and gear can help get you home safe, even across the country.


    Hacking with QR Codes
    Pyr0, Tuna

    [ No abstract available at press time, but I've discussed the concept with Pyr0 -- this promises to be fun! --bluknight ]


    Wireless Dirty Sisters – The other RF shit you aren't Looking at, and why you're going to get fscked!

    This talk to going to be an interactive (get the juices flowing) discussion about numerous existing and emerging wireless technologies that are being deployed and used in organizations and their susceptibility to attack and eavesdropping. NO… there will be no 802.11 anything in this presentation. That topic has been beaten like a $10 whore! The goal of the presentation will be to explorer some of these less attacked technologies and discuss low cost tools / kits that penetration testers can put together to assist on engagements.


    Ikea Hacks -or- Some Assembler Required
    Kevin McGinley

    This presentation will do a quick walk through of "hacking" a simple consumer product. Topics covered will be identification of devices, analysis of circuitry and common circuit design patterns, and an overview of the equipment, software and techniques used in the process. This is not an information security presentation - no proprietary code, kitchen utensil pwnage, sekret 31337 MALM hax0ring tewls, LACK sploits or mad JERKER 0-dayz will be released.


    Meta-Work and Zombie Flows: How Compliance and Standards Strangled Infosec

    Timmay is old enough to remember when there weren't information security jobs. He also wants you to get off his lawn.


    Fame: Not The Musical
    That Guy

    Are you seeking a bargain? Are you looking for fame? I'm not the devil, although some think I do come close. I've been on television, in newspapers, in magazines and radio. I'm not so famous that I can't shop for myself but I'm not so unknown I don't get occasionally recognized. In a short one hour presentation, I want to give a first draft of a talk about fame, the heights it can go and the depths, and how it can work for you and what you're looking for out of it. Oh, and why you might want to steer clear of it forever. No photos, please!


    Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System
    Jay Radcliffe

    As a diabetic, I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor. This combination of devices turns me into a Human SCADA system; in fact, much of the hardware used in these devices are also used in Industrial SCADA equipment. I was inspired to attempt to hack these medical devices after a presentation on hardware hacking at Defcon in 2009. Both of the systems have proprietary wireless communication methods. Could their communication methods be reverse engineered? Could a device be created to perform injection attacks? Manipulation of a diabetic's insulin, directly or indirectly, could result in significant health risks and even death. My weapons in the battle: Arduino, Ham Radios, Bus Pirate, Oscilloscope, Soldering Iron, and a hacker's intuition. After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission. The journey, however, has been an immeasurable learning experience - from propriety protocols to hardware interfacing – and I will focus on the ups and downs of this project, including the technical issues, the lessons learned, and information discovered, in this presentation "Breaking the Human SCADA System."


    Fun with EC2/Amazon Cloud Services

    TO THE CLOUD!! Tired of hearing about cloud computing!? Come see a demonstration of some attack vectors using Amazon Cloud services. Live demos and discussion of things found under the hood of EC2. This is not a resource stealing demo of times gone by... Firewall bypass, admin access theft... and discussion of other possibilities and the countermeasures Amazon uses to try and thwart some of these attacks.


    Tractor Jacking 101
    Chris Roberts, Jesse Diekman

    Fed up with pen-testing in an office? Need to get out into the fresh air, long hours getting to you?? You need to go tractor jacking………we’ll work through the concept (and why) to look at security outside of the traditional realms, and at the same time explain how to decimate global crops.


    Advanced High Security Lock Bypass and Its Implications
    Steve Pordon

    Expensive high security locks can lull businesses and individuals into a false sense of security. Watch two such locks as they are bypassed in seconds and learn what this could mean for accountability.


    Network Migration for Penetration Testers

    Once a penetration tester gains an initial entry into the target network the work is just beginning. Now you need to identify the important systems and begin the process of migrating beyond the one compromised box if there are no other directly exploitable systems on the network.. Unfortunately for many penetration testers this part of the engagement proves to be very difficult.

    This presentation details the methods that will help you move from owning one box to owning all the boxes. You will learn how to go from owning one box to owning the entire Windows Domain, how to migrate from Windows into the *nix environment, and how to compromise vulnerable web services and leverage this to migrate into other systems on the network. Additionally methods used to migrate from a single compromised *nix system into the Windows network (and eventually take of the entire Windows Domain) is covered. This isn’t a PowerPoint presentation. Each technique described in this presentation will be demonstrated on a live (test) network.

    This talk is targeted to penetration testers that understand the basic concepts of system compromise but have had difficulty taking their testing process to the next level. All of the tools utilized in the demonstrations are open source.


    “Out of the basement and into the BEDROOM”

    From the basement to the bedroom: The stash has decided to release his techniques of total and utter OWNING of the female mind. To use the term “Mind Controll” would be a slap in the face. This talk will teach you the REAL ULTIMATE POWER. After this session…. The only box you will be hacking is the girl that is buying YOU the drinks. That’s right… from the man that coined the term “ No ass, no pass” the Stash is here to drop REAL 0day on you and finally get you “Out of the basement and into the BEDROOM.” You think its called Social engineering, but its just a way of life.


    Contractors, Clearances, and Chaos: Tales from the Crypt

    I spent the last six months looking for a new job. Along the way, I was invited to a ton of interviews, actually attended some of them, was surprised at the lack of technical questions in most of them, received some offers, and came away even more impressed with the value of a security clearance (if that is even possible). In the end, I decided to go out on my own as self-employed independent contractor. This is the story of my job search, but even more, it is a story of the cleared infosec world: the stars are contractors, clearances and the chaos that ensues.


    Walking the Green Mile: How to Get Fired After a Security Incident
    Brian Baskin

    Security incidents targeting corporations are occurring on a daily basis. While we may hear about the large cases in the news, network and security administrators from smaller organization quake in fear of losing their jobs after a successful attack of their network. Simple bad decisions and stupid mistakes in responding to a data breach or network intrusion are a great way to find yourself new employement. In this talk I'll show you in twelve easy steps how to do so after, or even during, a security incident in your company.


    Becoming Jack Flack – Real Life Cloak and Dagger
    Dr. Kaos and Arcon

    Are you on too many social networking sites? Have all of your exes found you on facebook? If the fuzz came looking, how easy it would be for them to find you? kaos.theory, the creators of Anonym.OS, bring you this abridged guide to becoming (and staying) anonymous. Privacy is your right, anonymity is your path, and kaos.theory will be your guide.

    We address anonymity at three progressively comprehensive levels - whether you just want to CLOAK your tracks, go undercover like Jack Flack at the DAGGER level, or go completely off the grid and be a HERMIT. In this 50 minute session, arcon (Adam Bregenzer) and dr.kaos (Taylor Banks) explore some of the issues, challenges, and sacrifices you will encounter. After this talk, if you don't cut up your credit cards, we will!


    The REAL cutting edge to hash cracking
    Rick Redman

    In the last few years there have been many advances in both password cracking technology and the community. GPUs have taken off. Brute forcing is back in 'style'. Intruders are starting to post the hashes stolen from compromised sites. The complexity of the "rules" are growing, and the amount of people who can actually understand them is finally increasing. The amount of tools out there to do hash cracking has taken off. And just recently, cell phone hackers have started getting into the game with their SL3 hashes needed to unlock certain phones.

    All of this adds to up an active community of hackers. And lots have changed in the last year.

    This talk will be an "outbrief" of the latest technologies/tricks/tips/rules to do your own password/hash cracking. This is NOT a tutorial!


    Hacking Healthcare
    John Gomez

    Healthcare Information Technology (HIT) is one of the largest industrial segments, second to defense, that relies on advanced technologies. The varieties of systems that are interconnected utilize a variety of security protocols, transports and approaches thereby making them vulnerable. As an industry there are few if any security requirements for healthcare institutions and although government regulations focus on privacy, the only requirement is basic cryptography and O/S security.

    This discussion will discuss the overall structure of HIT technology, potential weak points vulnerable to attack and common attack patterns. The goal of the discussion is to highlight the weakness by HIT in hopes of creating a more secure HIT infrastructure.


    Agnitio: the security code review Swiss army knife. Its static analysis, but not as we know it.
    David Ross

    Teaching developers to write secure code, helping security professionals find security flaws in source code, producing application security metrics and reports with integrity checks and audit trails. If you want to implement an SDLC that produces secure software with the audit trails and reports frequently demanded by auditors and management you need to acknowledge that these are key constituents and implement them in a form that is both easy to understand and use.

    This is far easier to talk about than it is to implement in the real world where well structured SDLC’s are rare and application security programmes are usually under funded. Working with developers, security professionals and management to cultivate an environment where secure code is written and flaws found consistently requires both time and money. The same can be said for producing informative reports and metrics when all of your security code review data resides in notepad, Word and Excel files. With these problems in mind I developed Agnitio to be my security code review Swiss army knife and released it as a free tool in late 2010.

    In this demonstration filled talk I will show how Agnitio can be used to addresses repeatability, integrity and audit trail concerns by requiring the creation of application profiles, the use of a security code review checklist consisting of over 60 application security questions and mandatory integrity checks for reviews and reports created using the tool. I will demonstrate how the inbuilt secure coding and security code review guidance modules allow developers and security professionals to access the information they need precisely when they need it. I will also show how Agnitio automatically creates metrics and reports bringing much needed visibility to the security code review process with no extra effort required from the reviewer, developers or management.

    Agnitio v2.0 will be released during this talk which will see Agnitio’s already powerful feature set expanded to include more secure coding and security code review guidance, additional report types, developer and reviewer focused metrics and an automated source code analysis module.


    Planes Keep Falling On My Head
    Chris Roberts

    Building on the concept of taking the concept of security out of the desktop and server closet from 2010 when we attacked cars and busses….and then earlier this year when we picked on tractors…..we are going to see if we can get ourselves into some hot water by picking on airplanes. This talk will examine the role of the computer systems in the modern plane and the challenges surrounding the implementation of some of the security in the systems that ensure 250+ tons of metal stays in the air. We will put forth some practical ideas and theories on how to compromise the architecture and of course the scenario’s of “what if” will be worked through. The talk is designed to be a back/forth discussion with the audience specifically around the scenarios and the various controls in place within the plane’s network to identify and deal with any such argument we can put forth.

    We are going to focus on the commercial world of passenger transportation, however will touch upon the military crossovers where fully understood. We will discuss the data acquisition and modeling architectures as well as the BUS and core logic systems that are implemented within several identified plane types, and again as above we will run through scenarios and explain the logic involved in bypassing (fooling) the design.

    Quite simply put we will theorize on how to turn the engines off at 35000 feet and not have any of those damm flashing warning lights go off in the cockpit….needless to say this is all theory (Please don’t try this on the way home, and only use on a tame “owned” 747.)
    I check my sanity with a wristwatch. What do you check yours with, a dipstick?

  • #2
    Re: Skytalks IV - Speakers and Abstracts

    And for the speakers who weren't originally listed:

    BNAT Hijacking: Repairing Broken Communication Channels
    Jonathan Claudius

    NAT “just works” – sometimes in ways we don’t expect. Thanks to broken vendor implementations and subtle configuration problems, it’s not uncommon to see a router leaking packets. As it turns out, these packets, even in mangled form, often represent a missed opportunity. In this presentation we are going demonstrate how broken communication channels can be repaired to give an attacker an entirely different functional view of your public facing infrastructure. If you’re planning on attending this talk, expect to check your understanding of an "open port” at the door and be ready to discover what your last penetration test probably missed. A suite of open source tools will also be released during this presentation that will allow you to identify, weaponize and exploit communications channels that "never existed", but have been there all along!


    A Look at Facebook: Privacy, Information Management and the Impact of Social Networking
    Allen Weiss

    With all the risks, are using social network sites such a Facebook worth it? This talk will look at the advent of social media, its impact and its problems. The news media does an OK job of reporting on some of the known Facebook privacy issues and software glitches, but most users still do nothing. We'll spend the back half of this talk on how to maximize your Facebook privacy (like a boss) using their existing options and setting up a type of role based access control with their friends lists.


    Hacking on the Block: Wall Street

    This talk will discuss techniques on how to profit from hacking legally/illegally via stock market trading.
    I check my sanity with a wristwatch. What do you check yours with, a dipstick?


    • #3
      Re: Skytalks IV - Speakers and Abstracts

      I take it Becoming Jack Flack - Real Life Cloak and Dagger is canceled? I see an abstract, but no scheduled time slot.


      • #4
        Re: Skytalks IV - Speakers and Abstracts

        Originally posted by alleyrat View Post
        I take it Becoming Jack Flack - Real Life Cloak and Dagger is canceled? I see an abstract, but no scheduled time slot.
        Yeah -- unfortunately, they couldn't make it. As someone who has fond memories of that movie, I hope they resubmit next year.
        I check my sanity with a wristwatch. What do you check yours with, a dipstick?