Speaker - Bios
|
Keynote: Code Blue in the ICU! - Thinking about network safety in a public health light - Thinking about network safety in a public health light. Jeff MossFounder of Black Hat & DEF CON. Chief Security Officer, ICANN, Advisor at the U.S. Department of Homeland Security Advisory Council. Known for bridging the hacker community with government agencies and has presented at numerous international security conferences and other world renown media conferences. Member of Council on Foreign Relations. Keynote:CTF: All the Cool Kids are doing it The past decade has seen a proliferation of network security games euphemistically known as "Capture the Flag" exercises. The fun of participating in these exercises is well known to those who choose to play. These exercises expose participants to new challenges, offer them the chance to meet new people with similar interests, build "street cred" and increasingly, offer significant prizes. Perhaps most significantly, when done properly, these exercises offer a considerable opportunity to spark interest in the computer security field in the next generation of computing professionals. This talk will take a look at the challenges of using such exercises as training or evaluation opportunities and will consider how to improve our ability to do so. Chris EagleChris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School (NPS) in Monterey, CA. A computer engineer/scientist for 28+ years, his research interests include computer network operations, forensics and reverse engineering. He has been a speaker at conferences such as Black Hat, Defcon, Infiltrate, and Shmoocon and is the author of "The IDA Pro Book", the definitive guide to IDA Pro. He is a multiple winner of the Defcon Capture the Flag Competition and was the organizer of that competition from 2009-2012. He is currently working with DARPA to build their Cyber Grand Challenge competition. various tricks for remote linux exploits Modern operating systems include hardened security mechanisms to block exploit attempts. ASLR and NX (DEP) are two examples of the mechanisms that are widely implemented for the sake of security. However, there exists ways to bypass such protections by leveraging advanced exploitation techniques. It becomes harder to achieve code execution when the exploitation originates from a remote location, such as when the attack originates from a client, targeting server daemons. In such cases it is harder to find out the context information of target systems and, therefore, harder to achieve code execution. Knowledge on the memory layout of the targeted process is a crucial piece of the puzzle in developing an exploit, but it is harder to figure out when the exploit attempt is performed remotely. Recently, there have been techniques to leverage information disclosure (memory leak) vulnerabilities to figure out where specific library modules are loaded in the memory layout space, and such classes of vulnerabilities have been proven to be useful to bypass ASLR. However, there is also a different way of figuring out the memory layout of a process running in a remote environment. This method involves probing for valid addresses in target remote process. In a Linux environment, forked child processes will inherit already randomized memory layout from the parent process. Thus every client connection made to server daemons will share the same memory layout. The memory layout randomization is only done during the startup of the parent service process, and not randomized again when it is forking a child process to handle client connections. Due to the inheritance of child processes, it is possible to figure out a small piece of different information from every connection, and these pieces can be assembled later to get the idea of a big picture of the target process's remote memory layout. Probing to see if a given address is a valid memory address in context of the target remote process and assembling such information together, an attacker can figure out where the libc library is loaded on the memory, thus allowing exploits to succeed further in code execution. One might call it brute force, but with a smart brute forcing strategy, the number of minimal required attempts are significantly reduced to less than 10 in usual cases. In this talk, we will be talking about how it is possible to probe for memory layout space utilizing a piece of code to put the target in a blocked state, and to achieve stable code execution in remote exploit attempt scenarios using such information, as well as other tricks that are often used in remote exploit development in the Linux environment. Seokha Lee (wh1ant)A member of 'Wiseguys' team, which is a hacking crew in South Korea. When He was a kid, he started getting into software developments, and as time went by, he got interested in security research. In 2011, he started working in a company, doing security research with linux kernel module development to create a security solution. He has found multiple vulnerabilities and talked about security-related topics in Korean conferences. He has also organized and helped various CTF competitions in Korea as challenge-maker with exploitation challenges. Preventing hard disk firmware manipulation attack and disaster recovery In this talk I will explain strategies prior to and after a hard disk has lost its ability to be used as a storage device due to human manipulation or natural disaster that will allow a high possibility of data recovery. The clicking sound of the hard disk's head is synonymous with hard disk failure , however its is not widely know that this clicking sound can happen even when there is nothing wrong with the head. Changing the hard disk's head merely because it is acting up is a very risky action because it can increase the dangers of damaging the clean insides of a hard disk. So what is causing the hard disk's head clicking sound? The answer is a damaged firmware. At this talk I will explain how to utilize the firmware to control the device and use in a disaster recovery situation. Dai ShimogaitoCEO of Osaka Data Recovery Founded in 1998. Director of Data Recovery Association Japan. o-checker : Malicious document file detection tool - Malicious feature can be detected based on file size In the targeted email attacks, it is often used the documentation file embedded with the execution files. To detect this kind of malicious documentation file, researching with the malcode detection approach has been focused. However, because the attacker can write the arbitrary code, thus it is always behind of the attacker to find the unknown malcode by focusing the traditional malcode detection methods. Yuuhei OotsuboStarted to be interested in programming around 1987. Secret of Intel Management Engine Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details. Igor SkochinskyIgor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU. The Current State of Automotive Security Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcherís point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, weíll discuss aspects of reading and modifying the firmware of ECUs installed in todayís modern automobile. Chris ValasekChristopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh. A Security Barrier Device That Can Protect Critical Data Regardless of OS or Applications by Just Installing It.
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port. Kenji TodaAt the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems) Networked Home Appliances and Vulnerabilities. A decade has passed since the introduction of network enabled home appliances into the market. Every year these appliances advance in functionality and inter device integrations, such as the integration with cell phones/smart phones , service servers/ cloud services and more. This has lead to a significant increase in the information and value that the network enabled house hold appliances handle. Under such circumstances a vulnerability in the house hold appliance could be leveraged to gain access to other devices and information. In this presentation I will present whether such risks can be actualised and the changes of functionality and vulnerabilities in network enabled house hold appliances,looking at those changes from a user's and developer'sperspective. Yukihisa Horibe
Panasonic Corporation Analysis Cente
Fight Against Citadel in Japan
Lately in Japan the malware Citadel has been implicated in multiple internet banking unauthorised transaction incidents. You Nakatsuru
You 'Tsuru' Nakatsuru, CISSP is a "just married" Information Security Analyst of Analysis Center at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center) since April 2013. IDA Vulnerabilities and Bug Bounty IDA Pro is an advanced disassembler software and often used in vulnerability research and malware analysis. IDA Pro is used to analyse software behavior in detail, if there was a vulnerability and the user is attacked not only can it have impact in a social sense but also impact legal proceedings. In this presentation I will discuss the vulnerabilities found and attacks leveraging the vulnerabilities and Hex-rays's remediation process and dialogue I had with them. Masaaki ChidaTBA HTML5 Security & Headers - X-Crawling-Response-Header -
HTML 5 enables data storage within the website visitor’s browser , bidirectional communication between the client and server, the gathering of location information all of which allow for a highly usable website however all of these new technologies can also be leveraged by malicious actors and the impact that this will affect the visitors to the site are not being fully discussed or researched and there is a significant danger that the technology will be widely adapted without sufficient security precautions.
Tomoyuki Shigemori
Tomoyuki Shigemori is an Information Security Analyst of Watch and Warning Group at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center). SCADA Software or Swiss Cheese Software?
The talk is about SCADA vulnerabilities and exploiting. We will answer some specific questions about SCADA software vulnerabilities with technical details.
Celil UNUVERCelil Unuver is co-founder & security researcher of SignalSEC Ltd. He is also founder of NOPcon Security Conference. His areas of expertise include Vulnerability Research & Discovery, Exploit Development, Penetration Testing and Reverse Engineering. He has been a speaker at CONFidence, Swiss Cyber Storm, c0c0n, IstSec, Kuwait Info Security Forum. He enjoys hunting bugs and has discovered critical vulnerabilities affect well-known vendors such as Adobe, IBM, Microsoft, Novell etc. libinjection: from SQLi to XSS libinjection was introduced at Black Hat USA 2012 to quickly and accurately detect SQLi attacks from user inputs. Two years later the algorithm has been used by a number of open-source and proprietary WAFs and honeypots. This talk will introduce a new algorithm for detecting XSS. Like the SQLi libinjection algorithm, this does not use regular expressions, is very fast, and has a low false positive rate. Also like the original libinjection algorithm, this is available on GitHub with free license. Nick Galbreath
Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges.
Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security,
authentication and other enterprise features. Prior to Etsy, Nick has held leadership positions in number of social and
e-commerce companies, including Right Media, UPromise, Friendster, and Open Market.
He is the author of ""Cryptography for Internet and Database Applications"" (Wiley).
Previous speaking engagements have been at Black Hat, Def Con, DevOpsDays and other OWASP events.
He holds a master's degree in mathematics from Boston University and currently resides in Tokyo, Japan.
In 2012 |