Abstract:
We will cover our take on mobile app security from basic methods to advanced. While developing our encrypted communication app Biocoded we had to be paranoid about our security. During this talk we will share some of the methods we employed to ensure top-to-bottom security. At the beginning we will look at standard principles of protecting the application and it’s data. Then we will move on to the advanced stuff such as encrypted signatures, forgery protection, distributed keys for data protection and end-to-end data encryption.
Bio:
Co-founded Biokoda d.o.o. in 2008. Lead software architect for Biocoded with lead roles on multiple other large scale projects. Started off by designing and integrating distributed systems and backends that need to have high availability uptime. Such systems include streaming backends, distributed file stores and soft-real time systems.
For the past few years his field of work was researching and integrating security elements and solutions.
Most of his and his teams work got gathered in the Biocoded Hybrid VoIP Communication platform which is the showcase product of Biokoda. Primarily works in Erlang and Elixir. He loves open-source software. He’s also a cycling addict and an aquarist with a few gorgeous discus fish.
Contact him on:
- https://si.linkedin.com/in/denisjustinek
- https://twitter.com/djustinek
- https://about.me/djustinek
Video/recordings:
[Recording (MP4)] [Recording (OGV)]
Posted in talks | Comments Off on Beef-up your mobile app security (Denis Justinek)
Abstract:
2015 was the culmination of a simple and efficient criminal business model: extortion. Either via ransomware, sextortion or threats with DDoS attacks against companies that do most of their business on-line. Which cases were reported to SI-CERT during the year and what did we learn from it?
How to deal with ransomware, what were the common delivery methods, how is that related to exploit kits and where the perpetrators are. On the other hand, how does the simple social engineering look like behind sextortion attacks and where does the money go. And lastly: will arrests of DD4BC extorion group also mean that the copycats like Armada Collective will at least temporarily dissapear to ponder on their future?
Bio:
Gorazd Božič is the Head of the Slovenian national Computer Emergency Response Team (SI-CERT) which was established in 1995. Between 2000 and 2008 Gorazd was the Chairman of the European CERT group TF-CSIRT, which brings together all known CERTs in the wider European region and provides the accreditation and certification programme for CERTS – the Trusted Introducer. Gorazd is involved in national awareness-raising programmes for cyber security and has been the Slovenian representative to the the Management Board of ENISA, the European Network and Information Security Agency, since its formation in 2004.
While studying, Gorazd was involved in natural language processing and lexical analysis at the Jozef Stefan Institute and was the co-author of the software package OKUS used for text analysis. He was the sysadmin for VMS, Irix and SunOS systems in the lab and Stolls “”Coockoo’s Egg”” and the Mitnick story got him interested in network and information security.
Slides/Video/recordings:
[Recording (MP4)] [Recording (OGV)]
Posted in talks | Comments Off on All faces of on-line extortion (Gorazd Božič)
Abstract:
The Data Exfiltration Toolkit (DET) makes the process of exfiltrating data from networks simpler. It supports numerous protocols and techniques, and can use them simultaneously.
Typically, depending on where you are located on a network, different types of traffic restrictions may be in place; either protocol/destination network restrictions or content/application proxy restrictions. Several separate tools and techniques exist to assist in circumventing these restrictions, but most exist as stand alone tools, each with different requirements and setup overhead.
DET has numerous plugins that can be used to attempt different egress techniques from the same tool, including both applications such as Gmail, Skype, Twitter but also protocols such as HTTP, DNS, ICMP or even Tor. Additionally, DET has a simple plugin architecture that allows for the rapid development of new plugins.
Additionally, DET can make use of multiple techniques simultaneously, chunking the data between them. This prevents the requirement for a single external server and further allows DET to hide extracted data in plain sight. It has been found effective against several DLP solutions.
Moreover, data obfuscation techniques have been used such as Markov chains obfuscation (initiated by Brian Wallace) making the data looks like proper text. Few other steganography techniques are also investigated such as hiding text using common Least Significant Bit (LSB) technics.
In this talk, Paul will present the concepts behind DET, new ways of exfiltrating data, release the tool with some live demos (demo god, brace yourself) including the DLP bypasses..
Bio:
Paul is an analyst for SensePost in London. There he performs penetration-testing exercises against FTSE 100 clients and trains in SensePost’s offensive security courses. Paul was previously a software developer who enjoys developing and contributing to open source security projects. He’s previously presented some of them at conferences such as DeepSec in Vienna and BSides London. He’s also a bouldering enthusiast who enjoys snowboarding.
Posted in talks | Comments Off on Introducing DET [Data Exfiltration Toolkit] (Paul Amar)
Abstract:
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Bio:
Robert Simmons is the Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert is also the author of PlagueScanner, an open source virus scanner framework.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.
Video/recordings:
[Slides (PDF)] [Recording (MP4)] [Recording (OGV)]
Posted in talks | Comments Off on Open Source Malware Lab (Robert Simmons)
Abstract:
Understanding, anticipating, and identifying the wide array of evolving threats facing organizations today requires well-developed skills, experience, and analytical prowess. Current Incident Response programs can integrate Red team exercises to simulate an adversary’s mindset and tactics, techniques, and procedures (TTPs) to mature processes, validate system protections and enhance the skills of staff. We will be discussing the use of adaptive red team exercises to create a cycle of rapid improvement in both detection and response within today’s Blue Team programs.
Bio:
Chris is Senior Group Manager of the Cyber Security Incident Response Team at Target. In his role, Chris has responsibility for investigation and response to cyber security events across the Target enterprise. In addition, founded the annual cyber security conference GrrCON. Chris was also an Adjunct Professor at Davenport University, teaching graduate and undergraduate Information Security courses Chris has earned a Master’s degree Information Assurance, a Bachelor’s degree in Network Security, a Bachelor’s degree in Computer networking, and is currently finishing his MBA in Strategic Management from Davenport University. Chris has also achieved a myriad of industry certifications. Chris is a national speaker on information security topics and has been featured by multiple television, radio, internet and print organizations.
Posted in talks | Comments Off on Steel Sharpens Steel: Using Red Teams to Make Blue Teams Better (Christopher Payne)