Thursday, July 18, 2013

Defcon 21 Talks - By Category

For those of you going to Defcon this year, I went through and categorized the talks. Clicking the link will take you to the abstract on the Defcon site.

Some of the talks would easily fit into multiple categories but to keep it simple, I arbitrarily assigned them as I saw fit. I found it easier to verify that I would be hitting a good cross-section of the available talks this way. I hope you also get some use out of it.

Business of Security

Meet the VCs

Cryptography

ACL Steganography - Permissions to Hide Your Porn

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It

De-Anonymizing Alt.Anonymous.
Messages


Culture

Making Of The DEF CON Documentary

Suicide Risk Assessment and Intervention Tactics

Reality Hackers

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All!

Made Open: Hacking Capitalism

Data Analysis

Open Public Sensors, Trend Monitoring and Data Fusion

Detection/Evasion

The Dirty South ? Getting Justified with Technology

EDS: Exploitation Detection System

Enterprise Software

So You Think Your Domain Controller is Secure?

Abusing NoSQL Databases

Doing Bad Things to 'Good' Security Appliances

Java Every-Days: Exploiting Software Running on 3 Billion Devices

Exposé

DragonLady: An Investigation of SMS Fraud Operations in Russia

How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers

Forensics

Offensive Forensics: CSI for the Bad Guy

This Presentation Will Self-Destruct in 45 Minutes: A Forensic Deep Dive into Self-Destructing Message Apps

Fast Forensics Using Simple Statistics and Cool Tools

Forensic Fails - Shift + Delete Won't Help You Here

Hardware/Firmware

10000 Yen into the Sea

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

Decapping Chips the Easy Hard Way

Please Insert Inject More Coins

Dude, WTF in my car?

Phantom Network Surveillance UAV / Drone

Hardware Hacking with Microcontrollers: A Panel Discussion

Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

Data Evaporation from SSDs

GoPro or GTFO: A Tale of Reversing an Embedded System

JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces

OTP, It won't save you from free rides!

Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation (and defense!)

Incident Response

The Government and UFOs: A Historical Analysis

Information Exchange

How to Disclose or Sell an Exploit Without Getting in Trouble

Intelligence

Ambassador Joseph R. DeTrani:

Torturing Open Government Systems for Fun, Profit and Time Travel

The Growing Irrelevance of US Government Cybersecurity Intelligence Information

The Dark Arts of OSINT

Legal/Privacy

Backdoors, Government Hacking and The Next Crypto Wars

Ask the EFF: The Year in Digital Civil Liberties

The ACLU Presents: NSA Surveillance and More

The Politics of Privacy and Technology: Fighting an Uphill Battle

The Road Less Surreptitiously Traveled

Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine

Legal Aspects of Full Spectrum Computer Network (Active) Defense

Privacy In DSRC Connected Vehicles

An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet

Malware

Prowling Peer-to-Peer Botnets After Dark

Combatting Mac OSX/iOS Malware with Data Visualization

A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading

Mobile

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

The Secret Life of SIM Cards

Business Logic Flaws In Mobile Operators Services

Do-It-Yourself Cellular IDS

Android WebLogin: Google's Skeleton Key

Building an Android IDS on Network Level

Defeating SEAndroid

Network

Evil DoS Attacks and Strong Defenses

MITM All The IPv6 Things

Kill 'em All ? DDoS Protection Total Annihilation!

VoIP Wars: Return of the SIP

Examining the Bitsquatting Attack Surface

Fear the Evil FOCA: IPv6 attacks in Internet Connections

Safety of the Tor Network: a Look at Network Diversity, Relay Operators, and Malicious Relays

DNS May Be Hazardous to Your Health

Defending Networks with Incomplete Information: A Machine Learning Approach

Conducting Massive Attacks with Open Source Distributed Computing

Let's Screw with Nmap

Password Cracking

gitDigger: Creating useful wordlists from public GitHub repositories

Physical Control Systems

Adventures in Automotive Networks and Control Units

Hacking Driverless Vehicles

RFID Hacking: Live Free or RFID Hard

How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles

Physical Security

Insecurity - A Failure of Imagination

Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock

Policy/Governance

Wonk Lounge

Post-Exploitation

Getting The Goods With smbexec

PowerPreter: Post Exploitation Like a Boss

PowerPwning: Post-Exploiting By Overpowering PowerShell

Reconnaissance

Stalking a City for Fun and Frivolity

The Dawn of Web 3.0: Website Mapping and Vulnerability Scanning in 3D, Just Like You Saw in the Movies

Social Engineering

Predicting Susceptibility to Social Bots on Twitter

Software Research

Evolving Exploits Through Genetic Algorithms

Tactics - Blue Team

Pwn'ing You(r) Cyber Offenders

From Nukes to Cyber ? Alternative Approaches for Proactive Defense and Mission Assurance

Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices

Tactics - Red Team

We are Legion: Pentesting with an Army of Low-power Low-cost Devices

Collaborative Penetration Testing With Lair

Tools - Defense

EMET 4.0 PKI Mitigation

Web App Security

HTTP Time Bandit

How to use CSP to Stop XSS

Exploiting Music Streaming with JavaScript

Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys

Resting on Your Laurels Will Get You Pwned: Effectively Code Reviewing REST Applications to Avoid Getting Pwned

Transcending Cloud Limitations by Obtaining Inner Piece

Utilizing Popular Websites for Malicious Purposes Using RDI

C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood

Wireless

All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio

Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks

BYO-Disaster and Why Corporate Wireless Security Still Sucks

Noise Floor: Exploring the World of Unintentional Radio Emissions

Blucat: Netcat For Bluetooth

BYOD PEAP Show

The Bluetooth Device Database

Tuesday, July 16, 2013

Black Hat 2013 Briefings - By Category

For those of you going to Black Hat this year, I went through and categorized the briefings. Clicking the link will take you to the abstract on the Black Hat site.

Some of the talks would easily fit into multiple categories but to keep it simple, I arbitrarily assigned them as I saw fit. I found it easier to verify that I would be hitting a good cross-section of the available talks this way. I hope you also get some use out of it.

Cryptography

Black-box Assessment of Pseudorandom Algorithms

Password Hashing: The Future is Now

Power Analysis Attacks for Cheapskates

TLS 'Secrets'

TOR??? ALL-THE-THINGS!

Truncating TLS Connections to Violate Beliefs in Web Applications

The Factoring Dead: Preparing for Cyptopocalypse

SSL, Gone in 30 Seconds - A BREACH beyond CRIME

Detection/Evasion

Combating the Insider Threat at the FBI: Real-world Lessons Learned

Evading Deep Inspection for Fun and Shell

Hot Knives Through Butter: Bypassing Automated Analysis Systems

Enterprise Software

Mainframes: The Past Will Come to Haunt You

With BIGDATA comes BIG responsibility: Practical exploiting of MDX injections

Java Every-Days: Exploiting Software Running on Three Billion Devices

Practical Pentesting of ERPs and Business Applications

Methodologies of Hacking Embedded Security Appliances

Espionage

Hunting the Shadows: In-Depth Analysis of Escalated APT Attacks

Above My Pay Grade: Cyber Response at the National Level

Is that a Government in Your Network or are you Just Happy to See Me?

Exposé

OPSEC Failures of Spies

Spy-jacking the Booters

Hardware/Firmware

A Tale of One Software Bypass of Windows 8 Secure Boot

Flying In the Dark - All the Things Not to Do When Hacking Hardware

BIOS Security

Embedded Devices Security and Firmware RE

Untwining Twine

HACKING, SURVEILLING, AND DECEIVING VICTIMS ON SMART TV

Hiding @ Depth -Exploring, Subverting, and Breaking NAND Flash Memory

The Outer Limits: Hacking The Samsung Smart TV

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions

UART THOU MAD?

Stepping p3wns: Adventures in Full Spectrum Embedded Exploitation

Funderbolt: Adventures in Thunderbolt DMA Attacks

JTAGulator: Assisted Discovery of On-Chip Debug Interfaces

Teridian SoC Exploitation: Exploration of Harvard Architecture Smart Grid Systems

Information Exchange

CMX: IEEE Clean File Metadata Exchange

Keynote

Keynote Speaker: General Keith B. Alexander

Keynote Speaker: Brian Muirhead

Legal

Beyond the Application: Cellular Privacy Regulatory Space

What Security Researchers Need to Know About Anti-Hacking Law

Legal Aspects of Full-spectrum Computer Network (Active) Defense

Malware

CrowdSource: An Open Source, Crowd Trained Machine Learning Model for Malware Detection

Million Browser Botnet

End-to-end Analysis of Domain Generating Algorithm Malware Family

PDF Attack: A Journey from the Exploit Kit to the Shellcode

Clickjacking Revisted: A Perceptual View of UI Security

Malicious File for Exploiting Forensic Software

BinaryPig - Scalable Malware Analytics in Hadoop

Mo' Malware, Mo' Problems - Cuckoo Sandbox to the Rescue

Press ROOT to Continue: Detecting OSX and Windows Bootkits with RDFU

Mobile

BlackberryOS 10 From a Security Perspective

How to Build a SpyPhone

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

LTE Booms with Vulnerabilities

A Practical Attack Against MDM Solutions

Mactans: Injecting Malware Into iOS Devices via Malicious Chargers

Mobile Malware: Why the Traditional AV Paradigm is Doomed

Abusing Web APIs Through Scripted Android Applications

Mobile Rootkits: Exploiting and Rootkitting ARM TrustZone

Bluetooth Smart: The Good, the Bad, the Ugly, and the Fix!

Do-It-Yourself Cellular IDS

Android: One Root to Own them All

Mobile Forensics Sudden Death Workshop

Rooting SIM Cards

Multiplexed Wired Attack Surfaces

Network

New Trends in FastFlux Networks

Lessons from Surviving a 300Gbps Denial of Service Attack

Denying Service to DDoS Protection Services

Denial of Service as a Service - Asymmetrical Warfare at its Finest

Universal DDoS Mitigation Bypass

Fully Arbitrary 802.3 Packet Injection: Maximizing Ethernet Attack Surface

What's on the Wire? - Physical Layer Tapping with Project Daisho

Defending Networks With Incomplete Information: A Machine Learning Approach

Owning the Routing Table - Part II

Operating System Vulnerability

Smashing the Font Scaler Engine in Windows Kernel

Bochspwn: Identifying 0-Days via System-Wide Memory Access Pattern Analysis

Physical Control Systems

Let's Get Physical: Breaking Home Security Systems and Bypassing Building Controls

The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices - Part Deux!

Honey, I'm Home!! - Hacking Z-Wave Home Automation Systems

Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus)

Out of Control: Demonstrating SCADA Device Exploitation

Implantable Medical Devices: Hacking Humans

Compromising Industrial Facilities from 40 Miles Away

RFID Hacking: Live Free or RFID Hard

Exploiting Network Surveillance Cameras Like a Hollywood Hacker

Home Invasion v2.0 - Attacking Network-Controlled Hardware

Post-Exploitation

Pass the Hash and other credential theft and reuse: Preventing Lateral Movement and Privelage Escalation

Pass-the-Hash 2: The Admin's Revenge

Post Eploitation Operations with Cloud Synchronization

Reconnaissance

Maltego Tungsten As a Collaborative Attack Platform

USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER

CreepyDOL: Cheap, Distributed Stalking

Reverse Engineering

How to grow a TREE (Taint-Enabled Reverse Engineering Environment) from a CBASS (Cross-platform Binary Automated Symbolic-execution System)

Virtual Deobfuscator - A DARPA Cyber Fast Track Funded Effort

Secure Coding

Shattering Illusions in Lock-Free Worlds: Compiler/Hardware Behaviors in OSes and VMs

Just-In-Time Code Reuse: The More Things Change, the More They Stay the Same

Social Engineering

Predicting Susceptibility to Socialbots on Twitter

Software Research

Javascript Static Security Analysis Made Easy with JSPrime

OptiROP: hunting for ROP gadgets in style

Bugalyze.com - Detecting bugs using decompilation and data flow analysis

Hacking Like in the Movies: Visualizing Page Tables for Local Exploitation

Vulnerability Management

Buying into the Bias: Why Vulnerability Statistics Suck

How CVSS is DOSsing Your Patching Policy (and wasting your money)

Web App Security

The Web IS Vulnerable: XSS Defense on the BattleFront

Pixel-Perfect Timing Attacks with HTML5

Big Data for Web Application Security

Dissecting CSRF Attacks and Countermeasures

') UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Techniques???)

Wednesday, June 5, 2013

Defensive PowerShell

It has been a long time since I've posted anything here and I think that's because I lacked focus. Having too many options of what to post left me stalling; unsure of which idea to write about first.

I'm going to change the focus of my blogging from "I'm not doing any" to "maybe I could blog about something specific." I'm a huge PowerShell fan and I use it every day for just about every task imaginable. That will be my new focus. Little scripts, little tips, stuff I'm working on from an Information Security Defender's viewpoint.

You can find the new content on DefensivePowerShell.blogspot.com.

For those of you not into PowerShell, give it a shot. It is the management tool for the future of Windows.

For those of you who don't care about securing or managing Windows systems, it probably won't be that exciting. In exchange, here's a picture of a frog who is WAY too excited to see you.