That time of the year is quickly approaching and there will
be nothing but great talks and enjoyment. As a leading security and research
company, IOActive will be sharing a lot of our latest research at BlackHat USA
2012, BSidesLV 2012, and IOAsis. And, of
course, we'll also be offering some relaxation and party opportunities, too!
This year we are proud to be one of the companies with more talks
accepted than anyone else at BlackHat USA 2012, an incredible showing that
backs up our team's hard work:
·
SEXY DEFENSE - MAXIMIZING THE HOME-FIELD
ADVANTAGE, by Iftach Ian Amit
· EASY LOCAL WINDOWS KERNEL EXPLOITATION, by Cesar
Cerrudo
· THE LAST GASP OF THE INDUSTRIAL AIR-GAP, by
Eireann Leverett
· HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF
INDUSTRIAL FIRMWARE, by Ruben Santamarta
We also will be showing interesting tools at BlackHat
Arsenal:
·
BURP EXTENSIBILITY SUITE by James Lester and
Joseph Tartaro
…and we will be presenting at BSidesLV 2012, too:
·
SEXY DEFENSE - MAXIMIZING THE HOME-FIELD
ADVANTAGE, by Iftach Ian Amit
·
OCCUPY BURP SUITE: Informing the 99% What the 1%
are Taking Advantage Of, by James Lester and Joseph Tartaro
But wait, that’s not all—at same time as BlackHat and
BSidesLV we will be running IOAsis, where VIPs can meet with our team and also attend
exclusive talks, where our team will present their latest research. For more
information, check out the IOAsis schedule: http://info.ioactive.com/BH2012agenda.html
Enough already? No, there's still more. For the second year
IOActive will be sponsoring BarCon, an exclusive, invitation-only event where
the great hacking minds get together to talk about who knows what. And to
drink. More information available here: http://thebarcon.org/
And last, but certainly not least, IOActive will present the
fifth annual Defcon Freakshow, the freakiest party for celebrating Defcon 20! More information is available on the Facebook
page: http://www.facebook.com/events/409482889093061/
If you are not tired of reading yet, continue and find more
information about our talks at BlackHat USA 2012 and BSidesLV 2012:
HERE BE BACKDOORS: A JOURNEY INTO THE SECRETS OF INDUSTRIAL
FIRMWARE, by Ruben Santamarta
July 25, 2012. 5:00–6:00pm. BlackHat USA 2012
PLCs, smart meters, SCADA, Industrial Control
Systems…nowadays all those terms are well known for the security industry. When
critical Infrastructures come into play, the security of all those systems and
devices that control refineries, and water treatment or nuclear plants pose a
significant attack vector.
For years, the isolation of that world provided the best
'defense' but things are changing and that scenario is no longer valid. Is it
feasible to attack a power plant without ever visiting one? Is it possible to
hack into a smart meter…without having that smart meter? Yes, it is. This talk
discusses the approach followed to do so, mixing theory and practice.This presentation pivots around the analysis of firmware through reverse engineering in order to discover additional scenarios such as backdoors, confidential documentation or software, and vulnerabilities. Everything explained will be based on real cases, unveiling curious 'features' found in industrial devices and disclosing some previously unknown details of an interesting case: a backdoor discovered in a family of smart meters.
We will navigate through the dark waters of Industrial Control Systems, where security by obscurity has ruled for years. Join us on this journey, here be backdoors…
THE LAST GASP OF THE INDUSTRIAL AIR-GAP, by Eireann Leverett
July 25, 2012. 2:15–3:15pm. BlackHat USA 2012
Industrial systems are widely believed to be air-gapped. At
previous Black Hat conferences, people have demonstrated individual utilities
control systems directly connected to the internet. However, this is not an
isolated incident of failure, but rather a disturbing trend. By visualizing results
from SHODAN over a 2-1/2–year period, we can see that there are thousands of
exposed systems around the world. By using geo-location and vulnerability
pattern matching to service banners, we can see their rough physical location
and the numbers of standard vulnerabilities they are exposed to.
This allows us to look at statistics about the industrial
system security posture of whole nations and regions. During the process of
this project, I worked with ICS-CERT to inform asset-owners of their exposure
and other CERT teams around the world. The project has reached out to 63
countries, and sparked discussion of convergence toward the public internet of
many insecure protocols and devices. The original dissertation can be found here: http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf
and a bit of previous press here: http://www.wired.com/threatlevel/2012/01/10000-control-systems-online/
EASY LOCAL WINDOWS KERNEL EXPLOITATION, by Cesar Cerrudo
July 26, 2012. 5:00–6:00pm BlackHat USA 2012
For some common local kernel vulnerabilities there is no
general, multi-version, reliable way to exploit them. While there have been
interesting techniques published, they are neither simple nor do they work
across different Windows versions most of the time. This presentation will show
easy and reliable cross-platform techniques for exploiting some common local
Windows kernel vulnerabilities. These new techniques even allow exploitation of
vulnerabilities that have been considered difficult or almost impossible to
exploit in the past.
SEXY DEFENSE - MAXIMIZING THE HOME-FIELD ADVANTAGE, by Iftach
Ian Amit
July 25, 2012. 10:15–11:15am.BlackHat USA 2012
July 25, 2012. 5:00–6:00 pm. BSidesLV 2012
Offensive talks are easy, I know. But the goal of offensive
security at the end of the day is to make us better defenders. And that's hard.
After the penetration testers (or worse, the red team) leaves, there's usually a
whole lot of vulnerabilities, exposures, threats, risks and wounded egos. Now
comes the money time—can you fix this so your security posture will actually be
better the next time these guys come around?
This talk focuses mainly on what should be done, not what should
be BOUGHT—you probably have most of what you need already in place and you just
don't know it yet.The talk will show how to expand the spectrum of defenders from a reactive one to a proactive one, will discuss ways to perform intelligence gathering on your opponents, and will model how that can assist in focusing on an effective defense rather than a "best practice" one. Methodically, defensively, decisively. The red team can play ball cross-court, so should you!
BURP EXTENSIBILITY SUITE, by James Lester and Joseph Tartaro
July 25, 2012. 3:30–4:30 pm BlackHat USA 2012 - Arsenal
Whether it be several Class B Subnets, a custom web application
utilizing tokenization, or the integration of third-party detection/exploitation
software, there comes a time when your go-to testing application is insufficient
as is. With Burp Suite Extensibility you can push these requirements to the
next level by building functionality that allows you to perform your required
task while maintaining efficiency, value, and, most of all,
detection/exploitation of the specified target. Several extensions along with a
common extensibility framework will be on display to demonstrate its ability,
adaptation, and ease of use while still reaching your testing requirements.
Along with the demonstration, these extensions will be released to the public
during the week of BlackHat to encourage further development and extensibility
participation.
OCCUPY BURP SUITE: Informing the 99% What the 1% are Taking
Advantage Of, by James Lester and Joseph Tartaro
July 26, 2012. 3:00–4:00 pm BSidesLV 2012
In this presentation, James Lester and Joseph Tartaro will
focus on building demand, support, and an overall desire around the creation of
Burp Suite extensions with the hope of bringing extensibility to the forefront
of web application testing. Lester and Tartaro will introduce up to a dozen
extensions they've created that utilize currently-accessible functionality
within the extensibility suite. Along with the release of these extensions, a
campaign will be presented to organize and develop an extension community that
documents tool primers, lessons learned, and tips/tricks; and hosts extensions
and tools catered to Burp. Something learned isn't research until it's shared—putting
this statement into practice, the duo believes that BSides is the perfect
environment to help collect data, convey interests, and share results.
No comments:
Post a Comment