Loading…
BSides Austin 2018 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Technical [clear filter]
Thursday, March 8
 

9:00am

Containers: It’s Not Your Mamas Tupperware
The technical community is all a buzz about containers but does anyone really know what they are? We will take the journey together , learning about the evolution of containerization technology. Understanding virtualization, Linux containers, and then moving on to cover the basics of Docker and Kubernetes.

Speakers
avatar for Ell Marquez

Ell Marquez

Ell s been part of the Rackspace family for three years as a Linux Administrator and OpenStack Technical Trainer. In this time she has developed a strong passion for education, mentorship and helping breakdown the barriers keeping new blood from our industry.Brandon has been involved... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Stadium

9:00am

SniffAir – An Open-Source Framework for Wireless Security Assessments
SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.

Speakers
SD

Steven Darracott

Steven Darracott works as a Security Consultant on Optiv’s Attack and Penetration team. Steven’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing detailed remediation procedures in order to provide... Read More →
ME

Matthew Eidelberg

Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv’s Attack and Penetration team. Matthew’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing... Read More →


Thursday March 8, 2018 9:00am - 10:00am
Lil Tex Auditorium

10:00am

Security Development: Going Beyond the Tool
Development is not only something that software developers do. As security professionals, we need to continuously grow our development skills and bolster our team’s efficacy. Contributing to and expanding security tools is a vital task that requires more attention and further advancement. This presentation addresses the need for security development in the security industry, personal success within the role, and how to make that terrifying wall of source code on GitHub less intimidating.

Speakers
ZE

Zach Evens

Zach Evens joined General Motors in 2016 and works on the Information Security and IT Risk Management team.  He is based in the GM IT Innovation Center in Austin, TX.   Zach earned his Computer Science degree from the University of Utah, and achieved his Certified Ethical Hacker... Read More →


Thursday March 8, 2018 10:00am - 11:00am
Stadium

10:00am

Target-based Security Model: Mapping Network Attacks to Security Controls


This talk will present a categorization of network-based attacks for the purpose of mapping to appropriate security controls. Using a layered security-zone model allows easy visualization of how/where various security controls can be applied to protect against network-based attacks at different layers. Categorizing network-based attacks according to the targeted zone then allows for direct mapping of security controls to the types of attacks they can be used to prevent.
The goal is a simple, publicly available reference model, allowing vendors, customers, and 3rd-party testers to all speak the same language.

Speakers
GM

Garett Montgomery

I've been working in InfoSec for the past 10+ years, first as a blue-teamer (Security Analyst) followed by IPS-Signature developer, and now as a red-teamer developing attacks for BreakingPoint. I've spent the last couple of years raising awareness around problems with IPS devices... Read More →


Thursday March 8, 2018 10:00am - 11:00am
Big Tex Auditorium

11:00am

Quick and Dirty Malware Analysis for the Rest of Us
Have you ever been under attack by an APT group using new malware families and novel techniques that security vendors have never been seen before? Having the ability to quickly perform your own malware analysis can be the difference between being in business and going out of business.

In this talk I’ll share some of what I’ve learned from dealing with this very scenario over the last several years. I’ll give you actionable information on how to build your own mini malware lab and perform quick and dirty malware analysis so that you can better prepare, defend and respond to attacks against your environment.

You won’t need years of experience in Intel architecture or expensive training. Everyone who attends will be able to walk away from this talk and start building their own lab tomorrow. I’ll also be releasing a new tool that will help make this easier than it has ever been before.

Speakers
avatar for Ian Robertson

Ian Robertson

Ian Robertson has over [mumble] years of experience in the security industry, ranging from engineer, architect, pentester, software developer, CISO and just about everything in between. He holds a Bachelor’s of Science in IT Security, and is nearing completion of his Master’s... Read More →


Thursday March 8, 2018 11:00am - 12:00pm
Big Tex Auditorium

1:30pm

50 Shades of Graylog
Abstract: Everywhere you turn, there’s a vendor trying to sell you the latest in “AI-powered triple-next-gen threat detection.” While some of these solutions may hold up to the claims, it’s becoming more and more difficult to tell apart truly effective solutions from overhyped marketing. Worst of all, the average cost for good or bad enterprise defense technologies is somewhere between ‘unaffordable’ and ‘is that even a real number?’

This is the talk SIEM vendors don’t want you to attend. We’ll explore some incredible open source solutions that you can implement to not only add significant value to your detection efforts, but even provide active defense capabilities. I encourage you to reach out to your vendor of choice and get a quote for “magic box that can detect and then automatically defend from attacks.” Take the amount they quote you and use it to hire 4 new FTEs, get a new RedBull machine for the SOC, send your entire team to ShmooCon 2019, buy yourself something nice, and then donate the rest to the open source projects I’ll share with you in this deep dive.

Speakers
avatar for Eric Capuano

Eric Capuano

CTO, Recon InfoSec
Eric Capuano injects his passion for forensics into every facet of his life. "There is nothing dull or boring about studying advanced adversarial tactics in an effort to become a highly effective defender," he says, comparing this work to a never-ending game of chess where the impacts... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Big Tex Auditorium

1:30pm

Security instrumentation: Be the hero getting value from security
You have many security products, probably too many. But you are still not secure because it's nearly impossible to know if your security products are actually doing what you want. Through live network and endpoint attack demonstrations, see how to use attack behaviors with Bartalex, Vawtrak, Mimikatz, PowerShell, Tunneling and others to validate your actual security products are working. See startling statistics, based on real-life case studies, that illustrate how ineffective many organizations, some with massive security budgets and teams, actually are because of a lack of validation. See how you can turn these attacks into an opportunity to instrument more effective security.

Speakers
avatar for Brian Contos

Brian Contos

CISO, Verodin
Brian Contos is the CISO & VP, Technology Innovation at Verodin. He is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Stadium

1:30pm

The Human Pentest
The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, we will cover tactics and approaches that can be leveraged to achieve client goals and provide value, even when having to operate within tight logistical constraints. Various stories will be used to provide examples of merging social engineering with physical and logical access during physical red team assessments to ultimately achieve success.

The talk will follow a network pentest theme to help bridge the gap between logical and physical pentesters and also provide examples of how these two types of skills can complement each other, especially in more physically locked down environments.

We will start off with covering the planning process for three different scenarios: brute force, insider attack, and planned attack. Next, we will review “needed” vs. “would be nice to have” tools (for achieving both physical and logical access as well as persistence) and the prep work once a methodology has been agreed upon with the client.

We will then go into tips on what a red teamer should know and do while conducting the assessment such as identifying cameras, sweeping the office before sitting at a computer and preparing hiding areas for nighttime patrols. The talk will also cover more in-depth tactics such as tips for achieving logical access as well as what to focus on once you obtain domain administrator or other high-level privileges within the network. Finally, we will cover worst-case-scenarios and tips for moving forward with an assessment when nearly all hope of reaching the final objective is lost.

Speakers
SL

Summer Lee

Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active... Read More →


Thursday March 8, 2018 1:30pm - 2:30pm
Lil Tex Auditorium

2:30pm

Hiding in the Clouds - Leveraging cloud infrastructure to evade detection
The information security landscape is changing. More organizations are taking the right steps to detect attackers operating against their network environments. This is why penetration testers need to start leveraging tactics and techniques that further obfuscate their operations in order to provide a robust and realistic attack simulation.

Cloud infrastructure has introduced unique solutions to new problems that have arisen with the issue content delivery. These very same solutions can be repurposed and leveraged to create a robust and resilient attack infrastructure which will give blue teams a very hard time. Techniques to be covered will include, but not limited to, domain fronting, managing c2 infrastructure, and obfuscating traffic ranging from scanning to web application attacks.

Speakers
avatar for Mike Hodges

Mike Hodges

Senior Consultant, Optiv
Mike Hodges is a senior consultant for the Optiv Attack and Penetration Practice. He has a background in application development and is currently OSCP, Assoc CISSP, and CEH certified. He is currently interested in evasive penetration tactics and techniques and is constantly looking... Read More →


Thursday March 8, 2018 2:30pm - 3:30pm
Lil Tex Auditorium

2:30pm

Rise of the Machines
Many of the top security vendors, InfoSec specialist, and cyber security professional are claiming how artificial intelligence and machine learning are changing the face of defending against the most advanced attacks. Most vendors fail to be transparent on how these technologies work. We are bombarded with buzzwords, yet we don't understand what they mean, what the technology does, and how we should keep vendors accountable. When we look for the details on the specifics of what makes these products effective we are usually given vague answers or told it is a proprietary technology. The truth is there is no magic behind machine learning.

This talk will examine the details behind the mechanics on artificial intelligence and machine learning. How different techniques are being used to detect malware, malicious domains, phishing emails, and other threats. We will examine how these systems need to be setup, trained, and what are some of the inherent weaknesses built into them.

We will examine why these technologies fail and how attackers routinely bypass these methods for detection to infiltrate systems. Attendees will learn about advance attacker techniques and how hackers are using machine learning against organizations that use them.

Learn to look past the marketing hype and understand the true value and limitation of cyber security AI. You will understand what the technology actually has the capability of achieving and how to hold vendors who claim they utilize the technology accountable.

Speakers
avatar for Aamir Lakhani

Aamir Lakhani

Senior Security Strategist, Fortinet
Aamir "Dr. Chaos" Lakhani is a leading senior security strategist. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks... Read More →


Thursday March 8, 2018 2:30pm - 3:30pm
Stadium

3:30pm

Choose Your Own Adventure: A Career Guide to InfoSec
Information security (infosec) is a very broad field that may seem to have a high barrier of entry from the outside. If all you know of infosec is from exaggerated news or security conference press coverage, it may seem that many of the engineers and researchers in the fields are as much magicians as they are scientists. That’s rarely the case. STEM fields have many different specialities that each have their own skill sets and focus. Practitioners form a base set of foundational skills and then dive deeper into specialized skills depending on the focus; infosec is no different. This talk intends to break down the field of infosec into some high-level fields of expertise and break down the skills needed to pursue one of the many types of professional jobs available in the industry. This will reveal foundational skills that are helpful no matter which field of infosec you might focus on, as well as some recommendations for next-steps to enhance your field-specific knowledge.

Speakers
avatar for Aaron Portnoy

Aaron Portnoy

Vulnerability Research Group Lead, Raytheon CSI
Aaron has worked professionally in the vulnerability research space for over a decade. He specializes in reverse engineering and exploit development and has given numerous training classes on the topics to beginners. He currently works at Raytheon where he manages a team and works... Read More →
avatar for Andre Protas

Andre Protas

Vulnerability Researcher, Raytheon CSI
Andre has worked professionally in infosec since 2005. Over his career he has been involved in most aspects of offense, fromvulnerability research to operations. He holds a few diplomas but avoids work that require them.Currently he supports Raytheon customers and happily spends all... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Stadium

3:30pm

How (Not) to Patch Command Injection Bugs
In 2014 ZDI received a report of a command injection vulnerability in Dell's Sonicwall GMS Virtual Appliance. Normally this type of analysis is relatively simple. However, this analysis took a windy path from the JSP web interface through two XMLRPC sockets, to a binary, which delegated to shell scripts, which sourced yet another shell script that actually parsed attacker-supplied input. All this, just to make simple host modifications. Presumably, the code complexity drove the developers to patch this bug at the webapp level, instead of closer to the root cause. The resultant patch was immediately bypassed and the subsequent patch was also flawed.

A few months later, other researchers reported an additional attack vector involving direct communication with one of the XMLRPC sockets to trigger the same underlying vulnerability outlined in the very first ZDI report.

Ultimately, it appears the soft chewy center remains, but the crunchy outer shell has been significantly hardened, and thus, the hunt continues. This talk will detail the various patch attempts, how they failed or succeeded, and how they were analyzed, bypassed, and exploited with a Metasploit module we are releasing. We'll also discuss the much more comprehensive defense measures currently implemented by the developers.

Speakers
MF

Michael Flanders

Michael Flanders is a Vulnerability Intelligence Intern at Trend Micro's Zero Day Initiative. His focus includes analyzing and performing root-cause analysis on zero-day vulnerabilities submitted to the world's largest vendor-agnostic bug bounty program by researchers from around... Read More →
JS

Joshua Smith

Kernelsmith is a senior security researcher and the "FuzzOps" Manager at Trend Micro's Zero Day Initiative. When he's not herding cats or managing infrastructure, they let him think he's still analyzing vulnerabilities submitted to the program.  He was a pentester in the United States... Read More →


Thursday March 8, 2018 3:30pm - 4:30pm
Lil Tex Auditorium

4:30pm

Building an Empire with (Iron)Python
Exploring the outer limits of the .Net universe, find out about how a former Microsoft project is allowing Python Empire stagers to come to Windows.

Speakers
JS

Jim Shaver

Jim Shaver is a penetration tester and Open Source contributor.  Jim has spoken at DerbyCon and other BsidesDFW


Thursday March 8, 2018 4:30pm - 5:30pm
Lil Tex Auditorium

4:30pm

Develop the Best: Artifact Based Mentoring for Security Engineers
Many security engineers struggle in a few key areas when it comes to professional career development. Artifact based mentoring can help address these challenges. In this talk we will discuss how to select the right mentoring artifacts to create, learn to be “lucky” and how to drive influence via authority management. A free mentoring template will be provided to help kick-start engineers interested in artifact based mentoring.

Speakers
JS

Josh Stevens

Josh is a Sr. Security Engineer for Amazon's Vulnerability Management program.  Prior to Amazon, Josh was Chief Architect for Security Operations at Hewlett Packard where he led the technical direction for adaptive response and automated IR. Before HP, Josh was instrumental in building... Read More →


Thursday March 8, 2018 4:30pm - 5:30pm
Stadium
 
Friday, March 9
 

10:00am

Caught my WebApp cheating on me!
We trust that the web application code executed inside the browser is exactly the code that was sent by our application servers, but that is often not the case. The reality is that current WebApps are very susceptible to client-side injections and tampering. This can be performed by malicious extensions, Man-in-the-Browser trojans, or any kind of injection attack (e.g. reflected XSS).
These attacks are very concerning not only because they change the behavior of the webpage right on the website that the user trusts, but can also be used to leak sensitive information that the webpage has access to. All of this, without the web application owner knowing anything about it.
In this talk, based in our work, we demo a new set of techniques that can be used to monitor a webpage for malicious modifications (DOM-tampering, code injection, event-hijacking, code poisoning, etc) and how to remove them in real-time. The techniques are a combination of recent browser features (such as Mutation Observers) and integrity checks from tamper-resistant JavaScript code running in the webpage.

Speakers
avatar for Pedro Fortuna

Pedro Fortuna

CTO, Jscrambler
Pedro Fortuna is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade... Read More →


Friday March 9, 2018 10:00am - 11:00am
Lil Tex Auditorium

10:00am

Compromise Assessments: Best Practices & Lessons from the Field
Compromise Assessments are a recent and hotly demanded service designed to inform organizations whether their networks are compromised or not. This is not an easy task, especially when it is not a network you are familiar with.

In this talk, we will discuss some of the real-world challenges and best practices of conducting proactive hunts in other peoples' networks. From gaining access to finding persistent threats, malware, and misuse of credentials. We will explore defining, scoping, and conducting these types of assessments to effectively find possible threats while being as efficient and non-invasive as possible.

Speakers
CG

Chris Gerritz

Chris is co-founder of Infocyte, a developer of threat hunting solutions focused on proactive breach discovery and response.Prior to founding Infocyte, Chris was an incident responder for the Air Force CERT. While there, he helped establish and led the DoD's first Enterprise-scoped... Read More →


Friday March 9, 2018 10:00am - 11:00am
Big Tex Auditorium

10:00am

Introduction to Smart Cards and leveraging them in attacks
Most admins assume that deploying the cumbersome smart card will secure their identity challenges. The fact is, PKI smart cards suffer similar vulnerabilities that most other security controls do and can be bypassed using reasonable software attack vectors. In this workshop, pen testers will get an overview of how smart cards work including example call stacks, common use cases and deployment configurations, learn workarounds for poor policies and configurations, how a smart card defends itself, and how to leverage their high trust in attacks. This high level overview will cover OS-level and software based attacks, and will not cover hardware, wireless, or physical attacks on smart cards.

Speakers
avatar for Tim Honker

Tim Honker

Security Solutions Engineer II, Rapid7
Tim Honker enjoys building things and breaking other people’s things. Since 2010, Tim has served at several cybersecurity companies specializing in IAM, MFA, vulnerability management, and penetration testing. Currently a Senior Solutions Engineer at Rapid7, Tim previously worked... Read More →



Friday March 9, 2018 10:00am - 11:00am
Stadium

11:00am

A day in the life of a pentester
Have you ever wondered what its like to be a pentester. Are there questions you would love to be able to ask but you don't know any professional pentesters? Well here is your chance join us for a fun, lighthearted, and informative panel with some of the penetration testers from optiv's attack and pen team. We will tell stories answer questions and most of all have a good time.

Speakers
TE

Tim Elrod

Tim Elrod is a professional penetration tester with over 15 years of pentesting and security research experience.  On top of being a black hat and defcon presenter Tim has discovered multiple vulnerabilities in everything from network applications to medical hardware. 


Friday March 9, 2018 11:00am - 12:00pm
Lil Tex Auditorium

11:00am

Credential Stealing Emails - What you need to know
The latest vector in email attacks is credential stealing.  This is nothing new, but there has been a serious increase of activity in this space and it is VERY successful.  Why? Because they criminals are manning the phishing campaigns with live people who are logging into people’s Internet facing systems without 2-Factor Authentication and sending out more campaigns.  Better yet, they are sending it to recent contacts, in small amounts so people are falling for it since they are actively, or have recently communicated with the victim giving the phishing campaign legitimacy.
This talk will walk through several examples of these credential stealing emails, what the emails look like, and what the cred stealing websites tend to look like once clicked.  The discussion will focus on how to investigate this type of attack, what kinds of things you will need, what to look for, what works, and why time is ultimately critical for this type of attack.

Speakers
avatar for Michael Gough

Michael Gough

Founder, Malware Archaeology
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free... Read More →


Friday March 9, 2018 11:00am - 12:00pm
Big Tex Auditorium

1:30pm

ELK - Not Just for Application Logging
The ELK stack (Elasticsearch, Logstash, Kibana) is an open source centralized logging stack. However, it can do so much more. Any file or event can be sent to ELK and then searched using Kibana. ELK can easily be stood up on one system in a few minutes. If you can write something to STDOUT you can send to ELK for searching and storage. If you've ever needed to show or demonstrate findings from scripts or logs ELK can easily do it. I will go through the installation and configuration of ELK and Filebeats and then show some demos on how easy it is to get events into Elasticsearch as well as searching in Kibana. ELK can be set up in a very simple and easy manner but can also be extended to enrich data in a multitude of ways. You should be able to leave with all the knowledge you need to get started with your own ELK stack and some ideas on how to use it.

Speakers
MM

Mark McLauchlin

I am a security enthusiast ever since taking an Ethical Hacking Class. I have an MS in IT from Southern Polytechnic State University in Marietta. Georgia.  I was an Atlanta OWASP Chapter Co-Lead from 2013 to 2015 before moving to Austin. I also enjoy playing with Pi's and Arduin... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Stadium

1:30pm

Make Vishing Great Again
The purpose of this talk is to describe methodologies which one could follow when performing telephone pretexting. Social dynamics have changed over the years causing the entry barrier to being successful with Vishing more difficult and talking on the telephone less comfortable. The aim of this speech will be to crack the code for a newb getting started so he or she can hit the ground running, jump on the horn, and start pwning some folks like it’s 1989.

Speakers
avatar for Jonathan Stines

Jonathan Stines

Pen Tester, Rapid7
Jonathan Stines is a Senior Security Consultant with Rapid7 and has 5 years of penetration testing and consulting experience. Jonathan has worked on a wide breadth of projects which range from social engineering and internal penetration tests to controls audits and maturity asses... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Lil Tex Auditorium

1:30pm

Peering into the Abyss - Understanding the dark side of Uninitialized Structures
Structures are an important data type within programming languages. However, they are often improperly initialized, which results in vulnerabilities ranging from information leaks to memory corruption resulting in arbitrary code execution. Be it a local struct or a global variable, improper initialization could have dire consequences with real-world security implications.

This talk covers many of the various ways structures can be initialized and the types of vulnerabilities that can occur if done incorrectly. By reviewing examples in the Apple macOS kernel and in the Microsoft Windows kernel, we identify code patterns to seek out to enable researchers to find bugs and for developers to prevent them. Finally, we’ll end by looking at how developers can make modifications to their compilation process to avoid these issues.

Speakers
W

WanderingGlitch

WanderingGlitch is a security researcher with Trend Micro’s Zero Day Initiative (ZDI). In this role, he analyzes and performs root-cause analysis vulnerabilities submitted to the program, which represents the world’s largest vendor-agnostic bug bounty. His focus includes performing... Read More →


Friday March 9, 2018 1:30pm - 2:30pm
Big Tex Auditorium

2:30pm

Enhancing SOC1 by using feedback loops
Cloud enabled Security Operations Center level 1 workflows can be enhanced
by using security outcome data. This feedback becomes a force multiplier that
helps experience analyst to create more accurate threat profiles and the
possibility of predicting new attack campaigns. The proposed approach is based
on crowdsource operator feedback. This crowdsourced operator feedback is possible by creating a global reinforcement crowdsourced learning engine.

The objective is to provide defenders/operators with the ability to compare their
local responses/feedback about threats and malicious campaigns against global data by providing a distributed learning network with open standards that reflect patterns and behaviors of experienced defenders/operators. These feedback loops can then be used to train algorithms and implement automated functions that will enhance less experience SOC operators.

Speakers
RS

Rod Soto

Rod SotoDirector of Security Research at JASK.AI. Joseph ZadehDirector of Data Science at JASK.AILonger Bios --> https://www.blackhat.com/eu-17/presenters/Rod-Soto.htmlhttps://www.blackhat.com/eu-17/presenters/Joseph-Zadeh.html


Friday March 9, 2018 2:30pm - 3:30pm
Big Tex Auditorium

2:30pm

Research Baron
Automated Teller Machines (ATMs) are uniquely interesting targets. They are computer-based systems connected to global financial networks, meant to be unattended and open to the public 24 hours a day, and on top of all that, contain boxes of cold hard cash, sometimes totaling in the tens of thousands of dollars in a single machine. This talk will discuss the challenges in securing ATMs, the areas you should focus on when assessing the security of an ATM, various common flaws found when assessing ATMs, and some successful real-life attacks against ATMs.

Speakers
DC

Dan Crowley

Daniel directs research at X-Force Red, has been working in infosec since 2004, makes his own beer, and is a baron in Sealand.


Friday March 9, 2018 2:30pm - 3:30pm
Lil Tex Auditorium

3:30pm

A story of writing malware for 5 years
I am writing malware simulators; ShinoBOT family for 5 years.
ShinoBOT family includes…
-ShinoBOT; the backdoor.
-ShinoBOT Suite; the APT framework.
-ShinoLocker; the ransomware simulator.
-ShinoC2; the C&C server provided as a server (C&C as service)
-And other modulable components.
Those tools are used to test the security products, to perform penetration testing by a few clicks. After publishing those malwares, many security solutions added signatures, black-listed the IP address, domain name. In this talk, I will explain how I implemented ShinoBOT to evade the detection of those security solutions including AV, IPS, Sandbox, AI-based AV. Steganography, special encoding method, cryptography, fileless malware, polymorphic malware and some techniques that will be introduced. And this will give an idea about how the attackers observe those security solutions and how they reacts.

Speakers
avatar for Shota Shinogi

Shota Shinogi

Security Researcher, Macnica Networks Corp
Malware simulator ShinoBOT Family author. Penetration Tester/ Red Team tool developer. My hobby is breaking the security solution.


Friday March 9, 2018 3:30pm - 4:30pm
Big Tex Auditorium

3:30pm

Metasploit Minus Metasploit
What do you get when you take a million-line, open-source security project and remove all its code?

With Metasploit Framework, the answer used to be "not much": a couple of test payloads, some dangling database tables, and a few dusty modules stashed in your home directory. While our monolithic design has served well for over a decade, Metasploit has also become the victim of its own success: tight coupling between components has made adding new features increasingly difficult. As the open-source security ecosystem grows more diverse, it is clear that Metasploit needs to evolve in order to continue being fun and hackable for the next generation of coders and researchers.

Last year, the Metasploit team rethought how modules run and how to store and query data, giving careful thought to documentation, usability, testability, automation, and performance. The fruits of this labor include new Python modules, improved performance, better usability, and reduced start time.

During this presentation we will cover the challenges we face isolating modules and data and the solutions we are working on. We will demonstrate new open-source additions to Metasploit: a Python module, a pivoting proxy, and a way to store and query data without the console.

Speakers
JB

James Barnett

James is a sysadmin turned developer and has spent the last 3 years applying his real-world experience to enhancing Nexpose and Metasploit. He has also applied his knowledge to Metasploitable3, and the principles learned to expanding Metasploit Framework through the Goliath API p... Read More →
AC

Adam Cammack

Adam Cammack and James Barnett are Software Engineers for Metasploit at Rapid7. Adam is relatively new to security, coming from application development with emphasis on distributed computing and systems programming. He enjoys breaking things (then fixing them) and abusing protocols... Read More →


Friday March 9, 2018 3:30pm - 4:30pm
Lil Tex Auditorium