Speakers 2017

Schedule

Soon

Speakers list

Mahdi Braik & Thomas Debize

madhi

Hadoop safari : Hunting for vulnerabilities

With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current most popular Big Data framework. As every new domain in computer science, Hadoop comes (by default) with truly no security. During the past years we dug into Hadoop and tried to understand Hadoop infrastructure and security.

This talks aims to present in a simple way Hadoop security issues or rather its “concepts”, as well as to show the multiples vectors to attack a cluster. By vectors we mean practical vectors or to sum it up: how can you access the holy “datalake” after plugging your laptop onto the target network.

Moreover, you will learn how Hadoop (in)security model was designed explaining the different security mechanisms implemented in core Hadoop services. You will also discover tools, techniques and procedures we created and consolidated to make your way to the so-called “new black gold”: data. Through different examples, you will be enlightened on how these tools and methods can be easily used to get access to data, but also to get a remote system access on cluster members.

Eventually and as Hadoop is the gathering of several services and projects, you will apprehend that patch management in this field is often complicated and known vulnerabilities often stay actionable for a while.

Biography

Mahdi BRAIK and Thomas DEBIZE are French security enthusiasts and work as infosec auditors at Wavestone, a French consulting company. They work on all kinds of security audits, penetration tests and incident responses through the company CERT. They both developed a specific interest in Hadoop technologies few years ago: as they got to know how immature this ecosystem was, they decided to hunt for vulnerabilities in it. That said, they both like to git push new infosec tools (check https://github.com/maaaaz) and write some blog posts, either in the corporate blog or in infosec-specialized french magazines.

Swaroop Yermalkar

swaroop

(Workshop) Exploiting IoT Devices over Software Defined Radio, ZigBee, WiFi and BLE

With arrival of new smart devices every day, Internet of Things is one of the most upcoming trends in technology. Most of these devices have component to communicate over Wireless. However many of these devices communicate over proprietary protocols and it’s important to know the process of analyzing and finding flaws in it. This paper will start with implementations of SDR (Software Defined Radio), ZigBee (802.15.4), and then will cover practical approach for identifying attack surface and exploiting IoT Devices over SDR, ZigBee and WiFi. This paper will cover ZigBee Sniffing Hardware, SDR Hardware - RTL SDR, HackRF, Radio Frequencies Basic, ZigBee Profiles, WiFi Attacks and ZigBee Security with IoT devices Practical Exploitation and also walkthrough of audacity, GNU radio. This talk will help you to perform security audit of proprietary protocol communication and also ZigBee, WiFi

Biography

Swaroop Yermalkar works as a Senior Security Engineer at Philips and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications. He is OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc. He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps. He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.

Christopher Ellis

chris

Genetic Algorithms for Brute Forcing

Machine Learning algorithms have many applications in Cyber Security; while, most of these applications are directly related to defensive aspects such as intrusion detection and prevention, machine learning algorithms may be used to attack systems as effectively as it can be used to defend them.

This brief talk introduces a tool that leverages a basic machine learning solution–a genetic algorithm–as a way to brute force obfuscated or randomly generated URLs. Compared to some traditional methods (such as a naive brute force) this approach can have a high success rate.

Biography

Chris entered into the security space accidentally as a hobby first, and now works for a large company as part of a red team and penetration testing group.

In his spare time, Chris builds security-related tooling and scripts that fall in a wide variety of spaces from data exfiltration and ransomware distribution to brute forcing and vulnerability scanning.

Gabriel Ryan

gabriel

The Black Art of Wireless Post-Exploitation

Wireless is an inherently insecure protocol. Most companies recognize this, and focus their resources on minimizing the impact of wireless breaches rather than preventing them outright. During red team engagements, the wireless perimeter is cracked within the opening days of the assessment, or it isn’t cracked at all. From an attacker’s perspective, the real challenge lies in moving laterally out of the isolated sandbox in which network administrators typically place their wireless networks. Enterprise network teams are typically aware of this fact, and many will attempt to justify weak wireless perimeter security by pointing out how difficult it is to pivot from the WLAN into production.

However, preventing an attacker from doing so is only easy when the network in question is used exclusively for basic functions such as providing Internet connectivity to employees. When wireless networks are used to provide access to sensitive internal infrastructure, the issue of access control gets significantly messier. A door must be provided through which authorized entities can freely traverse. As with cryptographic backdoors, a door that requires a key is a door no less.

In this presentation, we will focus on methods through which red team operators can extend their reach further into the network after gaining their initial wireless foothold. We’ll begin with a quick recap on how to use rogue access point attacks to breach all but the most secure implementations of WPA2-EAP. We’ll then demonstrate methods of evading the most commonly used methods of WLAN access control, and explore whether segmentation of a wireless network is truly possible. Finally, we will demonstrate how contemporary network attacks can be combined with wireless man-in-the-middle techniques to create brutal killchains that would be impossible to achieve over a wired medium.

Biography

Gabriel Ryan is a security consultant and researcher with a passion for wireless and infrastructure testing. He currently works for Gotham Digital Science at their New York office, where he provides full scope red team penetration testing capabilities for a diverse range of clients. He also contributes heavily to his company’s research division, GDS Labs. Previously, Gabriel has worked as a penetration tester and researcher for the Virginia-based defense contractor OGSystems, and as a systems programmer for Rutgers University. He also is a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys live music, exploring the outdoors, and riding motorcycles.

Gabriel Ryan

gabriel

(Workshop) Advanced Wireless Attacks Against Enterprise Networks

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.


Areas of focus include:

  • Wireless reconnaissance and target identification within a red team environment
  • Attacking and gaining entry to WPA2-EAP wireless networks
  • LLMNR/NBT-NS Poisoning
  • Firewall and NAC Evasion Using Indirect Wireless Pivots
  • MITM and SMB Relay Attacks
  • Downgrading modern SSL/TLS implementations using partial HSTS bypasses
Biography

Gabriel Ryan is a security consultant and researcher with a passion for wireless and infrastructure testing. He currently works for Gotham Digital Science at their New York office, where he provides full scope red team penetration testing capabilities for a diverse range of clients. He also contributes heavily to his company’s research division, GDS Labs. Previously, Gabriel has worked as a penetration tester and researcher for the Virginia-based defense contractor OGSystems, and as a systems programmer for Rutgers University. He also is a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys live music, exploring the outdoors, and riding motorcycles.

Gal Bitensky

gal

Vaccination - An Anti-Honeypot Approach

Malware often searches for specific artifacts as part of its “anti-­VM\analysis\sandbox\debugging” evasion mechanisms, we will abuse its cleverness against it.

The “anti-­honeypot” approach is a method to repel (instead of luring) attackers, implemented by creating and modifying those artifacts on the potential victim’s machine.

Once the created artifacts are found by the malware – it will terminate.

The session will include motivations for attackers to use evasion techniques, some in-­the-­wild examples and effective countermeasures against it.

Biography

Gal Bitensky 29 years old geek from Tel-­Aviv Senior analyst and security researcher, currently repelling attackers on enterprise scale at Minerva. “Full stack researcher” – experienced in anything from debugging exploit kits to ICS protocols reverse engineering.

Guillermo Buendia & Yael Basurto

guillermo yael

How to obtain 100 Facebooks accounts per day through internet searches

Back in 2016, it was very new the way how the Facebook mobile application implements content through “Instant articles”. A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on.

In this talk, we will share how this Instant articles, and the way the were shared, lead us to the possibility to access Facebook accounts and how through internet searches this became a huge problem! We’ll discuss how we identify the issue and how it was tested, reported, fixed, rewarded and also we talk about a new vector attack for further research.

Biography

Guillermo is a Cyber Security Penetration Testing Consultant at Deloitte Mexico; he has worked for many Financial Institutions and Public sector for the last 5 years.

Yael is a Cyber Security Snr. Consultant at Deloitte Mexico and has been working as a Security Specialist in different organizations for the last 4 years. He is really into programming and his laziness has lead into writting some code to automatize certain things at work; nmap and nessus reports for instance (github.com/zkvL7), and some other work not ready to see the light.

Matthew Eidelberg & Steven Daracott

Matthew Eidelberg Steven Daracott

SniffAir – An Open-Source Framework for Wireless Security Assessments

SniffAir is an open-source wireless security framework. Its primary purpose is to provide penetration testers, systems administrators, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files, manually reviewing the information, and subsequently formulating an attack. SniffAir allows testers to thoroughly cross-examine and analyze traffic while looking for potential security flaws or malicious traffic. Testers can also employ SniffAir to carry out attacks based on this information. We created SniffAir to collect all the traffic broadcasted and sort it by Client or Access Point. Testers can create custom rules to help define the scope, and SniffAir can be instructed to parse collected information based on those rules. SniffAir then uses the rules to move the in-scope data to a new set of tables, allowing the framework to compare filtered data against the original table for anomalies. If applicable, the tester can then load the desired information into SniffAir’s wireless attack modules, allowing them to carry out various sophisticated wireless attacks directly through the framework. By making this project open-source, our hope is to stir the community’s interest in wireless security, whether it be by contributing to the framework directly, or by discovering new methods to assess or attack wireless networks which can then be incorporated into the framework.

Biography

Matthew Eidelberg is a husband, father, and big security fanatic. Matthew works as a Security Consultant on Optiv’s Attack and Penetration team. Matthew’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing detailed remediation procedures in order to provide the best value to Optiv’s clients. Previously, Matthew worked as a Security Consultant for the Herjavec Group in Canada, providing the same type of work for clients in Canada, the United States and Asia. Matthew received his Bachelor of Technology in Informatics and Security, [email protected] University in 2012 and was certified as an Offensive Security Certified Professional in March of 2015.

Steven works as a Security Consultant on Optiv’s Attack and Penetration team. Steven’s primary role is to conduct security penetration testing and red teaming assessments for Optiv’s clients, while also developing detailed remediation procedures in order to provide the best value to Optiv’s clients. Previously, Steven worked as a Space Systems Operator for the US Air Force, conducting space based missile defense for North America. Steven was certified as an Offensive Security Certified Professional in September of 2014.

Swaroop Yermalkar

OWASP iGoat – A Self Learning Tool for iOS App Pentesting and Security

OWASP iGoat is a learning tool for iOS developers (iPhone, iPad, etc.) and mobile app pentesters. It was inspired by the WebGoat project, and has a similar conceptual flow to it. As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:

  • Brief introduction to the problem.
  • Verify the problem by exploiting it.
  • Brief description of available remediations to the problem.
  • Fix the problem by correcting and rebuilding the iGoat program.

This talk is all about how iOS developers, security analysts can dive deep into iOS App Security using iGoat tool. This talk will start from setting up iGoat to exploiting latest exploits in iOS app. I’ll also release a major version of iGoat with tons of new exercises at hackfest 2017

Biography

Swaroop Yermalkar works as a Senior Security Engineer at Philips and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications. He is OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, by Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc. He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps. He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.

Francois Gagnon

francois gagnon

Fingerprinting Android malware packaging process through static analysis to identify their creator

In this talk, we will look at some elements of Android malware static analysis: what interesting information can be extracted from an APK and what might allow to distinguish between malware and legitimate apps.

Statistics from an effort to analyze >200,000 malware will be presented. This will help us understand the current situation and possible artefacts present in malware samples.

Finaly (at most importantly), we’ll look at some strategies that allow us to cluster malware samples around their origin. That is, how can we tell that two samples are form the same creator, without knowing exactly who that creator is, by fingerprinting the malware packaging process.

This project is the result of a collaboration between cybersecurity R&D lab at Cegep Sainte-Foy and the Canadian Cyber Incident Response Center (Public Safery CCIRC).

Biography

François is teaching computer science at Cégep Ste-Foy where he leads the cybersecurity R&D lab. He holds a Ph.D. in computer science (network security) from Carleton University and a M.Sc. in computer science (crypto) from Université Laval. He worked on several R&D projects in security in partnerships with private and public sector organizations.

Damien Bancal

damien

Élection présidentielle Française 2.0

Comment Internet a failli transformer une élection démocratique en une immense anarchie numériques entre fuite de données, piratage, failles et fake news. Suivez sept mois de l’élection Française sur le web.

Biography

Experienced Journalist with a demonstrated history of working in the computer and network security industry (zataz.com, …). Skilled in News Writing, Communication, Editing, Media Relations, and Journalism. Bref, en Français, je suis pas beau, mais rigolo :)

Raul Alvarez

raul

Dissecting a Metamorphic File-Infecting Ransomware

Virlock is a polymorphic file-infecting ransomware. It is capable of infecting executable files and at the same time, hold your computer hostage.

Running a single infected file is a sure way of infecting your computer all over again. That is one of the main goals of Virlock. As a ransomware, the malware makes sure that you won’t be able to use your computer until you pay the ransom demand. And to make our lives, even harder, Virlock employs an on-demand polymorphic algorithm, where each and every copy of the infected executable file is different from each other. And there is more, Virlock is not only a polymorphic file-infecting ransomware. The initial set of the malware code is metamorphic in nature.

Biography

I am a Senior Security Researcher/Team Lead at Fortinet. I am the Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering.

I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, DefCamp, BCAware, AtlSecCon, BSidesCalgary, TakeDownCon, MISABC, and InsomniHack.

I am a regular contributor to the Fortinet blog and to the Virus Bulletin publication, where I have published 22 articles.

Nikhil Kulkarni

nikhil

How my SV Machine nailed your Malware

As we know the Android Application Industry from a security perspective, it is also quite well known that the Android platform is succeptible to malicious applications. And with the recent trend where all the vendors and customers going completely mobile, android has now become an attack surface for most of the malicious attacks. Moreover, the mechanisms used for android malware detection comprise of several known methods, and we also know that most of these mechanisms are permission based or based on API usage. But, when we go deeper in the analysis, we also realise the fact that these mechanisms are open to instruction level obfuscation techniques. Hence, we decided to bring in the approach of Machine Learning to the Android Malware analysis such as using the functional call graphs, and Hash Graph Kernel (Hido & Kashima) method which could be combined to implement a mechanism that could be used to find the similarities among the binaries while being stringent against these obfuscations used. This Project implementation is based on well known machine learning algorithm which is Support Vector Machines for solving the problem of android malware analysis. This method involves the mechanism of detection of android malware by effeciently embedding the functional call graphs along the feature map. The gamechanger in this concept would be the optimal utilization of the SVM Algorithm(Support Vector Machine) that proves to be better than other approaches with a minimalistic amount of false positives found and a higher detection rate. With the help of clean & real malware android application samples, an explicit classification model is developed. The functional call graphs are extracted out of the android applications, then the linear-time graph kernel based explicit mapping is deployed in order to efficiently map all the call graphs to the explicit feature space. After the above methods are implemented, the SVM algorithm is then trained to thoroughly differentiate between the real and the malicious applications.

Biography

Nikhil.P.K is an Independent Security Researcher and an International Trainer. His area of interest includes Web Application Penetration Testing, Network Forensics, Mobile Application Security. He is currently pursuing an extensive research in “Implementing Machine Learning into Security”. He has presented his talks at International and National level Conferences and meets such as Cocon International Cyber Policing and Security Conference, DEFCON Bangalore 2012, Null Open Security Meet Bangalore, Null Open Security Meet Mysore. He is also a Bug Bounty Hunter and has been listed and Acknowledged in the Hall Of Fames of top Companies such as Microsoft, Apple, Adobe, Nokia, Engine Yard, AVIRA Antivirus, etc. He will also be presenting this paper at “Nuit Du Hack” conference in Paris on 24th June 2017.