HACKER DOUBLE SUMMER 2022 GUIDES — Part Eight: BSides Las Vegas
Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker conventions and shenanigans at the start of July to the end of August both In Person & Digital! 2022 is a GIGANTIC year for hacker hysteria with so many events this will break the most guides we have ever written with the lucky number 13 as the goal. As more blog posts are uploaded, you will be able to jump through the guide via these links:
HACKER DOUBLE SUMMER — Part One: Surviving Las Vegas, New York & Virtually Anywhere
HACKER DOUBLE SUMMER — Part Two: Capture The Flags & MLH INIT Hackathon
HACKER DOUBLE SUMMER — Part Three: SummerC0n
HACKER DOUBLE SUMMER — Part Four: ToorCamp
HACKER DOUBLE SUMMER — Part Five: A New HOPE (HACKERS ON PLANET EARTH)
HACKER DOUBLE SUMMER — Part Six: SCaLE 19X
HACKER DOUBLE SUMMER — Part Seven: Back2Vegas by RingZero
HACKER DOUBLE SUMMER — Part Eight: BSides Las Vegas
HACKER DOUBLE SUMMER — Part Nine: Black Hat USA
HACKER DOUBLE SUMMER — Part Ten: The Diana Initiative
HACKER DOUBLE SUMMER — Part Eleven: USENIX + SOUPS
HACKER DOUBLE SUMMER — Part Twelve: DEFCON 30
HACKER DOUBLE SUMMER — Part Thirteen: Wiki World’s Fair
HACKER DOUBLE SUMMER — Part Fourteen: Blue Team Con
HACKER DOUBLE SUMMER — Part Fifteen: SIGS, EVENTS & PARTIES IN LAS VEGAS
BSides Las Vegas 2022 — Lucky 13
Date & Time: Tuesday, August 9th (9:00 AM) — Wednesday, August 10th (6:00 PM EST)
Location: Tuscany Suites and Casino (255 E. Flamingo Rd.)
Website: https://bsideslv.org/
Tickets: https://www.eventbrite.com/e/bsideslv-2022-registration-322315352897
Virtual Platform(s): NA
Schedule: https://bsideslv.org/schedule
Live Streams:
Virtual Chat: NA
Affordability: Historically, BSidesLV has raised the bulk of the cost of running the conference through corporate sponsorships allowing us to give most badges away free of charge. Given uncertainty of the availability of those funds based on conversations our sponsorship team has had over the past few months, we have decided to require donations for badges this year. The minimum donation for a badge is $100. One big change for this year is that they’ll not be including badges with rooms in their hotel block. Online viewing of talks will be FREE.
Code Of Conduct: https://bsideslv.org/coc
BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community by providing an annual, two-day conference for security practitioners and those interested in entering or looking to enter the field.
What started in 2009 as several conversations on Twitter about the politics of InfoSec conferences and the disappointing CFP rejections turned into a plan to host a small alternative event to create a friendlier space and really put the focus on the conversations that make our community great. What started in a vacation rental grew into larger and larger spaces before making their home at Tuscany Suites and Casino.
Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
One of the many Security BSides throughout the world, this convention truly kicks starts Hacker Summer Camp week every year. Normally free, due to living in this awful timeline, there is a charge for badges this year. That said, BSides LV will still maintain it’s local, down to earth, community aspect as a convention made by hackers for hackers. Often overlooked compared to it’s bigger siblings later on in the week, we urge everyone to check out BSides Las Vegas when vising Hacker Summer Camp for your first time or your hundredth time as something you DON’T want to miss!
FLOORPLAN
COVID-19 Safety
Masks will be required at all times in the indoor conference spaces,
except when actively eating or drinking and for speakers while presenting. This includes the foyer and hallways. We strongly suggest everyone wear disposable N95, KN95, or KF94 respirators and use a fresh mask at least once a day. We understand that there is no local mandate regarding masks, but as a private event we have decided to take this step to reduce the risk of spreading illness. Violating the masking policy will be considered a violation of the code of conduct.
While we are not requiring on-site testing, we do ask you to test yourself frequently while you are in Las Vegas. Please follow CDC quarantine guidelines and do not attend BSides Las Vegas if you test positive for COVID or are experiencing COVID symptoms
We also strongly encourage participants to be vaccinated. While we are not requiring proof of vaccination to attend, we believe that vaccination, including the recommended booster doses, is one of the most important tools we have in protecting ourselves and our community from COVID-19.
We ask that you use common sense. Please do not attend the conference if you are feeling any symptoms of illness or have reason to believe you have been exposed to someone who is ill. We encourage frequent testing when traveling or around large groups of people. If possible, please take a COVID-19 test in the day or days leading up to the conference. Please wash your hands frequently throughout the conference.
Tuscany Suites and Casino
Book a three night stay (min) at Tuscany. Cost: $89 Sun-Thurs, $139 Fri/Sat with the resort fee waived. Register online Or call +1–877-TUSCAN1 and ask for the BSides Las Vegas block
As a reminder, room reservations this year do not include participant badges. To secure your badges, please see the Donor Drive.
Silent Auction & Raffle
BSides Las Vegas has raised tens of thousands of dollars over the years for our charity partners through our annual silent auction and raffle. Items donated by sponsors, individuals, and BSLV are available for your perusal at the table in Middle Ground throughout the conference.
Our charity partners for 2022 will include:
We will have three drawings for the raffle; during Happy Hour each day and at the closing ceremony. To enter the raffle, purchase tickets by making donations right at the table and placing your raffle tickets in the draw boxes for each drawing. You must be present during the drawing to win.
Silent Auction bidding officially closes at 1900h on Wednesday, just before the closing ceremony. To win, you must be present at the time of the auction and you must be able to make payment immediately.
Any other questions? Want to donate something to the raffle or silent auction? Email auction.raffle@bsideslv.org
Memorial Observation
Wednesday 8:30am — 10:00am PST :: Hire Ground
We have lost many people over the last few years. We have not had much of a chance to say goodbye or share what we miss most about them. BSides Las Vegas is setting aside a time and a place on Wednesday morning for quiet observation.
While we are not having a formal program, we want to provide a place where we may gather to be at peace with the loss we have experienced. We will have cards for you to write what you miss most about those that you have lost. We will place the cards on a banner on the wall. And capturing the messages on the banner to post to our YouTube channel to share our tribute with those who could not join us.
This will be a very quiet and respectful place and time. We hope those of you who want a moment to acknowledge those who are not with us will join us for however long you like.
Hire Ground Camp Counselors
Congratulations on realizing that we all need some help with our career search! We have two groups of experts ready to assist you.
Career Coaching
Career coaches are established community professionals who will give you honest commentary on what to look for next in your career or help you strategize how to overcome certain challenges.
- Chris Culling 15:00–17:00 Tuesday, 15:00–17:00 Wednesday
I currently work for Gigamon as a Senior Technical Success Manager. I’m retired U.S. Army (Military Intelligence), live in Stevensville, Maryland, and have been working as a government contractor for the last ten years in the areas of operations management, SOC operations, and CTI analysis. I’ve been married for 31 years to a very patient woman, have three adult children (two who are married and have yet to bless me with any grandkids), two cats, a dog, and a Vietnamese pot-bellied pig. - Chris Merkel 15:00–17:00 Wednesday
I’m a Senior Leader in Cybersecurity and Risk, working in large enterprises for over 15 years. I enjoy coaching both individual contributors as well as new and aspiring leaders. Professional development is important to me, I run or volunteer in career workshops at conferences several times per year across the Midwest. - John Yeoh 15:00–17:00 Tuesday
With over 20 years of experience in research and technology, John provides executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, DevOps, Blockchain, Quantum). John specializes in risk management, third party assessment, threat intelligence, data protection, incident response, and business development within multiple industry sectors, including government. His works and collaborations have been presented in the Wall Street Journal, Forbes, SC Magazine, USA today, CBS, Information Week, and others. - Kelly Nogueras 13:00–15:00 Tuesday
Currently a Software Developer with Aceenture Federal Services - Kevin Mau 13:00–17:00 Wednesday
Over the years Kevin has held many diverse roles including SVP of Incident Response and MDR, Research, Security Engineering, Development, Reverse Engineering, and Threat Hunting. In his current role as a senior threat hunter he leads teams looking for bleeding edge threats in client environments. He also spends time giving back to the community via mentoring and working as a lead for a large defcon village. - Owen Wright 15:00–17:00 Tuesday, 13:00–15:00 Wednesday
Owen has worked in red teaming, adversary simulation and penetration testing for 18 years. He began his infosec career as a penetration tester before moving to a management role at a boutique consultancy where he helped grow a global team of well over 100 technical specialists. He is currently a managing director at Accenture, a large consultancy. Owen is passionate about finding and developing top technical talent. Over the years he’s reviewed thousands of CVs and hired and developed hundreds of offensive security specialists. He also has some perspective of the challenges of joining the industry through a non-typical route, having studied humanities and spent time as an English teacher prior to starting his career in infosec. - Pete Cooper 13:00–17:00 Tuesday
Pete has led and built teams across multiple public and private sectors and worked on everything from global cyber strategies to complex projects with the hacker community, industry and government. His efforts include driving the cyber transformation of the UK Government, founding the Aerospace Village at DEFCON and founding Cyber 9/12 UK, the UK’s first national cyber strategy competition that helps find and act as the launch pad for the next generation of diverse security leaders. - Will Baggett 13:00–15:00 Tuesday, 13:00–15:00 Wednesday
Will Baggett is the Director of Digital Forensics at Operation Safe Escape (volunteer role), a non-profit organization providing assistance to victims of domestic abuse. Will draws from his experience as a former CIA officer specializing in Technical and HUMINT Operations as well as a NATO SOF Cyber Security SME. His experience in the cyber industry covers the gamut from Y2k compliance to Log4J mitigation. He has been selected to present Hacking Remote Interviews at BSidesLV 2022 and looks forward to assisting members of the BSidesLV community with planning their next steps on their career path. - William Chu 13:00–15:00 Wednesday
20 + years of Software Development Life Cycles experience.
Resume Review
Resume reviewers are technical recruiters in our community who are setting aside 30 minutes to review your resume and give you the straight scoop on how to improve your resume.
- Christine Winchester 13:00–17:00 Tuesday
USMC vet as well as a recruiter for over 20 years in both public and private communities - Jamal Drake 15:00–17:00 Tuesday, 13:00–15:00 Wednesday
Experience recruiter performing full cycle recruitment to account management, training, and recruitment management. Very successful partnering with internal business teams and external clients by providing high level of customer service - Kirsten Renner 13:00–17:00 Wednesday
Kristen is a Recruiting Director for a division of a large national cyber security company with 20 years of experience. Specializes in intel and has a passion in connecting talent to the right opportunities. She is a frequent presenter in the community on a variety of job search topics. Can also be found in the Car Hacking Village in a con near you. - Kris Rides 13:00–15:00 Tuesday, 13:00–15:00 Wednesday
Kris is CEO and Co-Founder of Tiro Security, a Cybersecurity Staffing and professional services company. He is a retained advisor to the Cloud Security Alliance and one of the original founding Board Members of the Southern California Cloud Security Alliance Chapter, previous President, and an honorary board member. He serves as an advisory board member to the National Cybersecurity Training & Education Center (NCYTE) as well as for the non-profit; GRC for intelligent Ecosystems (GRCIE). When it comes to cyber security staffing Kris is recognized as one of the most experienced specialists in the industry, he has spoken at some of the most prestigious conferences in our industry including DEFCON, RSA, BSidesLV, and the (ISC)2 Congress. When he isn’t working, Kris is looking forward to a time when family holidays can involve snowboarding and scuba diving with sharks. - Linda Orlosky 13:00–15:00 Tuesday
Senior Talent Manager Accenture Federal Services - Matt Duren 15:00–17:00 Wednesday
Matt Duren has been in recruiting since he graduated college in 2001. Starting out in a technical staffing agency, Matt quickly transitioned to corporate recruiting and has lead recruiting teams responsible for IT and college recruiting, as well as Employment Branding. Matt is currently a Sr. Recruiting Manager at Tenable, located in Columbia, MD. Originally from Virginia, Matt has lived in Maryland since graduating from James Madison University. He also holds a Masters in Organizational Development and Strategic HR from Johns Hopkins. When he’s not recruiting, you can find Matt enjoying family-time with his wife and two daughters, training for the occasional Obstacle Course Race, and eating Gummy Bears…lots of Gummy Bears. To enable screen reader support, press Ctrl+Alt+Z To learn about keyboard shortcuts, press Ctrl+slash - Ricki Burke 15:00–17:00 Tuesday, 15:00–17:00 Wednesday
Ricki is the founder of CyberSec People, Australia’s leading cybersecurity recruitment company. A keen contributor to the infosec community, Ricki is involved as a Co-organizer of BSides Gold Coast, SecTalks Gold Coast, host of the Hacking into Security podcast, run career villages, workshops and speaker at a number of cons, including BSides Canberra, Perth and Melbourne.
PROVING GROUND
This year, Proving Ground is trying something different. Instead of our normal 4-month program, we’re going to run a two-day workshop to focus specifically on public speaking in the professional sphere.
Accepted applicants will come to BSLV and spend day 1 working with a small team of mentors to build a 10-minute presentation based on one of these scenarios:
- Presenting the results of a penetration test or security audit to a customer;
- Assembling a technical presentation for consumption by an audience of one’s peers;
- An internal engineering “pitch” (requesting funding or resources for an internal project)
On day two, they’ll present their prepared talks to an audience, in a style similar to high school forensics.
Just like the normal Proving Ground experience, we’re limiting applications to those who haven’t spoken at a major international hacker conference. If you’re interested, please apply!
Tuesday, August 9th
10:30–12:25
Wednesday, August 10th
How to Succeed as a Freelance Pentester
10:30–10:55
Have you ever thought about what it would take to work as a freelance penetration tester? How do you ensure that you’re not putting your financial life at risk? How do you approach all the legal aspects that come along with penetration testing? How do you actually find work? Join Mike as he discusses the lessons he’s learned and the steps he’s taken to succeed as a freelance penetration tester.
Oauth third party not departing
11:00–11:25
This talk is about persistent infections with OAuth third-party apps connected to business SaaS platforms. Unveiling our developed technique to keep a watchdog app persistent to restore an app after attempts to disable it and we will go over the latest techniques to keep persistent and to bypass MFA on Office 365 and Google workspace even after a malicious app is disabled.
In this talk, we will go over the new risks introduced by OAuth integrations into business SaaS and how to use them to keep persistence in users who took your bait and installed an app or sent you their auth flow grant and now you are connected to their cloud account.
Solid Tradecraft for Cryptomarket Drug Trafficking
11:30–11:55
A review of common DEA and Law Enforcement attacks against cryptomarket narcotic vendors. The talk will discuss forensics minimization procedures to deanonymize criminal operators including fingerprint, DNA, hair, and saliva recovery. Good mailing OPSEC is discussed and contrasted with replacing the mail system with one-time dead drops for mid-level trafficking. Minimizing risk during a controlled delivery and the factors unique to using mail drops are considered. Narcotics manufacturing OPSEC, organizational compartmentalization, and frequent teardown reorganizations are discussed. Finally, OPSEC failures of high profile cryptomarket traffickers such as DPR/Ulbricht and Le Roux are compared and contrasted with those of Guzman, a more “traditional” transnational narcotics trafficker. Cryptomarket operators using the OPSEC and COMSEC procedures discussed will be substantially more difficult for state-level actors to deanonymize.
PG Forensics. (No, the other Forensics.)
14:00–15:55
PG Forensics. (No, the other Forensics.)
17:00–18:55
TRAINING GROUND
Some things just can’t be covered in an hour. BSides Las Vegas is happy to offer half-day Training Ground workshops free to anyone with a BSides Las Vegas badge. Workshop spots must be reserved ahead of time by going to our eventbrite page.
Registration will open at 12:00 Pacific on Jul 16, 2022 and will fill up fast.
If you do not have a badge secured via the Eventbrite link above, please remember that badges will require a $200 donation at the event.
Tuesday, August 9th
Speeding Up AWS IAM Least Privileges with Cloudsplaining, Elastic Stack & AWS Access Analyzer
Training Ground
There are two main problems at Cloud Security World: IAM Permissions & Control Plane Misconfigurations.
In the current Cloud Security World, access keys are the new perimeter, and permissions associated with those keys are the limits for this perimeter. So most of the time, the initial vectors to get into some company cloud environments are leaked keys. There are a couple of ways to have access to a key.
So based on the fact that an access key is a new perimeter, IAM with Least Privilege becomes a mandatory part of the security posture in an AWS account. It will mitigate problems when an access key is leaked, stolen, or accessed for some reason from an unauthorized one. To help in this process of least privilege, the SalesForce Cloud Team developed a tool to identify those violations called Cloudsplaining.
In this training, we will demonstrate the pipeline we created. From extracting and analyzing permissions with Cloudsplaining, ingesting and enriching with elastic stack, and finally using Access Analyzer Policy Suggestion (based on principal actions logged at Cloudtrail) to generate a better policy to mitigate over permissive policy problems.
Sandboxing and Static analysis for 3rd party apps
Training Ground
An average organization has over 500 hundreds of productivity apps connected to their cloud tenant installed by the organization users. These apps on the cloud are equivalent to programs on your OS. They can access your data, share it, encrypt it, delete it and allow a backdoor into your tenant. This talk will share our recent discoveries on the key ways to research and determine if a third-party app is who it claims it is, what it claims it is and what weaknesses it introduces into your organization.
Prowler Open Source Cloud Security: A Deep Dive Workshop
Training Ground
Whether you are a long time Prowler user or if you are just getting started, this workshop will give you the tools to get AWS security up and running and under control at your organization.
Prowler, the beloved AWS security open source tool, has some new features and important changes coming in v3.0. This includes a new check architecture, python support, and a load of new checks for compliance and AWS services.
We will cover how to get started and how to take advantage of all the new features in Prowler v3.0.
Toni De la Fuente, Sergio Garcia
Wednesday, August 10th
Adding DAST to CI/CD, Without Losing Any Friends WORKSHOP
Training Ground
Everyone wants to put tests into the release pipeline, but no one wants to wait hours for them to finish. In this workshop we will discuss multiple options for adding dynamic application security testing (DAST) to your CI/CD, in ways that won’t compromise speed or results, such as limiting scope, using HAR files, using test subsets, etc. Then we will do it! Learn to setup a CI/CD in GitHub using Actions, create a Bright Sec DAST account, and scan BrokenCrystals.com to find many, many vulnerabilities.
Requirements: Users will need a laptop with wifi and admin access to install a repeater tool on their laptops in order to participate. They will also create a GitHub and Bright Sec account, which are both free. They can run the repeater using windows, npm or docker for the workshop.
Introduction to Cryptographic Attacks
Training Ground
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020–0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.
CICD security: A new eldorado (training)
Training Ground
CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with the rise of solutions such as Infrastructure as Code, the sensitivity level of such pipelines is escalating. In case of compromise, it is not just the applications that are at risk but the underlying systems themselves and sometimes the whole information systems. Attackers are beginning to exploit those weaknesses both for supply chains attacks but also to escalate their privileges within the victim IS.
In this fully hands-on workshop, we’ll guide you through multiple vulnerabilities that we witnessed during numerous penetration tests. You’ll learn how to:
- Get a foothold within a CI/CD pipeline
- Find interesting secrets and other information within code repositories
- How to pivot and exploit weak configuration on the orchestrator
- Compromise building nodes in order to add backdoors to artifacts
- Pivot on cloud infrastructure
- Escape kubernetes thanks to common misconfiguration
- Perform a privilege escalation in AWS
Hand-on exercises will be performed on our lab environment with a wide variety of tools. For each attack, we will also focus on prevention, mitigation techniques and potential way to detect exploitations.
Remi Escourrou, Xavier Gerondeau
Building Security Automation Using Jupyter Notebooks
Training Ground
Security Orchestration, Automation, and Response (SOAR) is sweeping SOCs and helping reduce workload and increase accuracy. In a world that’s ever more API driven, being able to create your own automation workflows is a competitive advantage for companies and a career advantage for staff.
This session will show how to use an interactive computational platform called Jupyter Notebooks can be used to prototype security orchestration (or even build production quality automation). We’ll get hands-on with data enrichment APIs to show just how quickly and easily tools can be built.
A web browser and keyboard are required for the interactive parts. Basic knowledge of Python is useful but not strictly required.
Middle Ground
The Main Stage in Florentine C & D is ground zero for all of our off-track activities. Ongoing announcements, music, and other surprises will happen throughout the conference. Stop in and relax, talk with your friends, visit our sponsors, or just enjoy the music.
Lock Pick Village
Want to try your hand at the art of lockpicking? Come visit the Lockpick Village! We bring the locks and picks. All you’ll need is a sense of curiosity. We’ll also have contests and beginner sessions on both days of the conference. All skill levels are welcome, as volunteers will be on hand to help you get started. Beginner sessions will be held at 11:30 each day. If you’re feeling competitive, drop by for one of the contests held at 16:00 daily!
Security BSides Organizers Meet-Up
The Security BSides Las Vegas Meet-Up for current organizers of existing Security BSides events is a wonderful opportunity to share stories and commiserate. Come meet and mingle with your fellow security cultists. Join us Tuesday at 19:00.
Happy Hour
Each afternoon at 16:00, we pause our program for an hour of networking and libations. Join us in Middle Ground for raffle drawings and other shenanigans on the main stage.
DCG 201 TALK HIGHLIGHTS FOR BSIDES LAS VEGAS 2022 (PST)
This is the section where we have comb through the entire list of talks on both days and list our highlights for the talks that stand out to us. Note that this does not invalidate any talks we didn’t list, in fact, we highly recommend you take a look at the full convention schedule beforehand and make up your own talk highlight lists. These are just the talks that for us had something stand out, either by being informative, unique or bizarre. (Sometimes, all three!)
Tuesday August 9th
Russian Malware in the Ukraine War
Common Ground
Ukraine has been hit with wave upon wave of malware by Russia. During the build up to the war and everyday since. During my time in Kiev, evacuating and working on efforts to evacuate over 1000 people with humanitarian orgs. Targets have ranged from the Ukraine government to everyday citizens and refugees. With grave human effects. From banking, foreign exchange, ATMs, water infrastructure attacks, Ukrainian border patrol, orphan database, surveillanceware against refugees and humanitarian organizations. A constant flow of digital harassment and pain. Including the first known instance of a digital Geneva Convention violation I witnessed and brought to international media attention. A journey into the worst side of cyberwar from a defender that fled Ukraine.
Lessons Learned from the CISA COVID Task Force & Healthcare Attacks
I Am The Cavalry
The session will explore Lessons Learned from the Pandemic, and the work of the CISA COVID-19 Task Force. It will specifically focus on the work done by the Task Force’s Strategy Cell and Risk Analysis Cell focused on COVID-19’s impact on the Provide Medical Care National Critical Function. A highlight of the task force’s work was the CISA Insight analysis and publication on “Provide Medical Care is in Critical Condition: Analysis and Stakeholder Decision Support to Minimize Further Harm”. As the COVID-19 pandemic continued to evolve, with increased and protracted strains on the nation’s critical infrastructure and related National Critical Functions such as Provide Medical Care, CISA undertook a renewed push for cyber preparedness and resilience, as well as decision support for stakeholders within critical infrastructure sectors.
Kendra L Martin, Michelle Holko
Ask the EFF
Underground
“Ask the EFF” will be a panel presentation and question-and-answer session with the Electronic Frontier Foundation, featuring Kurt Opsahl, Deputy Executive Director and General Counsel; Andrés Arrieta, Director of Consumer Privacy Engineering; Bill Budington, Senior Staff Technologist; Eva Galperin, Director of Cybersecurity; and Mukund Rathi, Stanton Legal Fellow.
Half the session will be given over to question-and-answer, so it’s your chance to ask EFF questions about the law and technology issues that are important to you.
Whose encryption key is this? It’s a secret to everybody.
Common Ground
Imagine the critical moment where you need logs written to an S3 bucket, but you find they are encrypted with a key unknown to your organization. Is there an AWS account you own that you are not aware of? Were you hacked and are now a victim of ransomware? Are you misunderstanding some functionality of your cloud provider? Join us on our journey to answer these questions…
Utilizing providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure carries a level of shared responsibility. In this talk, we share a cautionary tale of how that shared responsibility can fail in a way you may never have expected, and how following best practices can lead you to a worse place than you were before. We’ll discuss how using an AWS-managed service in a common configuration can result in your log data being silently encrypted with a “rogue” encryption key, rendering your data completely inaccessible and outside of your control.
This talk will center around what we found, how we found it, implications, and our recommended remediation responses surrounding the issue. We will also provide scenarios blue teamers will want to investigate in their own environments.
David Levitsky, Matthew J Lorimor
bscrypt — A Cache Hard Password Hash
PasswordsCon
This talk will cover the different types of key stretching algorithms (“password hashing”). The differences in memory hard and cache hard algorithms. How to design and spot problems in key stretching algorithms. The design of a cache hard algorithm and specifically how bscrypt works and why it’s the current best cache hard algorithm.
Honey, I’m Home! (Customizing honeypots for fun and !profit)
Common Ground
Honeypots AND live demos all in one place? Yes, why YES I tell you! Oh sure, honeypots aren’t new, but how they are used is what makes this talk different. Presented for your viewing pleasure: How to customize honeypot configurations and how they are used to detect attacks against your environment.
Follow the Rabbit
Underground
What happens when you’re a malware author and have bad OPSEC? You get exposed, that’s what. This talk will show you what information can be gathered from malware analysis all the way to attribution. Follow the rabbit with me and discover the power of threat intelligence and really bad OPSEC.
Clean Forensics: Analyzing network traffic of vacuum bots
Ground Floor
Have you ever wondered how vacuum bots work under the hood? How safe is your home’s floor plan that these bots automatically scan? This talk will walk you through a step by step procedure on how you can perform network forensics all from the comfort of your own home. For a particular set of bots, we uncovered and reported issues like plaintext transmission of passwords and a way to manipulate their cleaning schedules. The audience walks away with not only the awareness of security and privacy issues with vacuum bots but also a method to research on their own.
Putting Driver Signature Enforcement Tampering to Rest?!
Breaking Ground
Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE).
Threat actors usually tamper with DSE on runtime to disable it and run their rootkits. In response, Microsoft introduced different measures to prevent that. One of those is leveraging Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks.
In this talk, we’ll present two novel techniques we found to bypass KDP-protected DSE, one of which is feasible in real-world scenarios, and run them on live machines. We will also show how it’s possible to create an effective mitigation to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.
From Vulnerability to CTF
Ground Floor
What happens when you find vulnerabilities by day, and write capture the flag challenges by night? Answer: teachable moments! At their core, most long-lived vulnerabilities have a little kernel of something at their core that makes them interesting: are they hard to find? Hard to exploit? Part of a multi-part attack? In a place nobody thought to look? Too obvious? Distilling what makes a vulnerability cool, then making that into a CTF challenge, is an unusual skillset that qualifies one for a distinguished career in “edutainment”.
In this presentation we’ll do a deep-dive into some interesting vulnerabilities and what makes them unique, then talk about the CTF challenges where the vulnerabilities lived on in eternal undeath.
Wednesday August 10th
Security and Privacy Observability
Breaking Ground
M33t the Press: CyberSafety Got Real… Now What?
I Am The Cavalry
Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this! Josh Corman will add this!
Penetration Testing Experience and How to Get It
Hire Ground
There are many resources to learn how to become a pentester but the lack of experience can be an obstacle when getting that dream role in pentesting. The Pentester Blueprint coauthor Phillip will share ways to get experience and demonstrate the experience and skills that are helpful in getting started in a pentesting career.
Solid Tradecraft for Cryptomarket Drug Trafficking
Proving Ground
A review of common DEA and Law Enforcement attacks against cryptomarket narcotic vendors. The talk will discuss forensics minimization procedures to deanonymize criminal operators including fingerprint, DNA, hair, and saliva recovery. Good mailing OPSEC is discussed and contrasted with replacing the mail system with one-time dead drops for mid-level trafficking. Minimizing risk during a controlled delivery and the factors unique to using mail drops are considered. Narcotics manufacturing OPSEC, organizational compartmentalization, and frequent teardown reorganizations are discussed. Finally, OPSEC failures of high profile cryptomarket traffickers such as DPR/Ulbricht and Le Roux are compared and contrasted with those of Guzman, a more “traditional” transnational narcotics trafficker. Cryptomarket operators using the OPSEC and COMSEC procedures discussed will be substantially more difficult for state-level actors to deanonymize.
ICS Security Assessments 101 or How da Fox I Test Dis?
I Am The Cavalry
We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?
In this talk, I’ll show how we can scope and address an ICS security engagement aligned with the industry’s needs. I’ll talk about real-world planning, attack surface identification, exploitation, and reporting from the understanding of what is giving value to our ICS clients. To keep things spicy, I’ll also include short demos to better show what we can do for each assessment type and yea some exploitation as well.
Cracking passwords for good, bad & commercial purposes: second thoughts on password cracking
PasswordsCon
Who am I to speak? I’ve been cracking passwords for more than two decades, privately for hobby & research, and as part of my job. Heck, I’ve always said that what you learn at PasswordsCon should only be used for good. But what is “good”, and is there a chance others might not like what we do when cracking passwords from public or private leaks, customers or our own employer?
Weaponizing Your Fitness Tracker Against You: Health, Fitness, & Location Tracking in a Post-Roe World
Common Ground
Many women wear fitness trackers, use period tracking software, and geo tag photos on their phone without thinking about the data ever being used against them. But in a world where states are now exploring private citizen bounties against women suspected of receiving abortions, could the digital trails you create be used against you? Privacy leaks through fitness tech are nothing new -see the secret military bases exposed by Strava a few years ago. But now the confluence of health trackers which record a woman’s body temperature (Oura rings), their locations (maybe you logged a walk in a new city with Apple Fitness), and even period tracking applications can be used to implicate women, even if they just missed periods due to stress, took a work trip to a city, or any other benign reason. What legal and technical protections are in place to shield women from a techno-dystopia in a post-Roe world?
Code Dependency: Chinese APTs in Software Supply Chain Attacks
Ground Floor
In their current drive for innovation and cloud migration, organizations increasingly rely on software development and all its dependencies: third-party code, open source libraries and shared repositories. Recent attacks have shown how easy it is to create confusion and send malicious code undetected through automated channels to waiting recipients. State-sponsored threat actors have engaged in software supply chain attacks for longer than most people realize, as governments seek out access to information and potential control. SolarWinds delivered a hard truth to defenders: everyone is vulnerable when trust can be abused. While Russian APTs have garnered much attention, Chinese APTs have been the force behind more attacks than people may realize, targeting the technology sector for economic espionage and intellectual property theft. As we innovate our enterprises line by line, adversaries are finding their strength in our weaknesses and vulnerability in our dependencies. Are we ready for what else comes down the CI/CD pipeline?