***************************************************************************
***BEGIN THOTCON TRANSMISSION**********************************************

████████╗██╗  ██╗ ██████╗ ████████╗ ██████╗ ██████╗ ███╗   ██╗
╚══██╔══╝██║  ██║██╔═══██╗╚══██╔══╝██╔════╝██╔═══██╗████╗  ██║
   ██║   ███████║██║   ██║   ██║   ██║     ██║   ██║██╔██╗ ██║
   ██║   ██╔══██║██║   ██║   ██║   ██║     ██║   ██║██║╚██╗██║
   ██║   ██║  ██║╚██████╔╝   ██║   ╚██████╗╚██████╔╝██║ ╚████║
   ╚═╝   ╚═╝  ╚═╝ ╚═════╝    ╚═╝    ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝

*** SPEAKERS **************************************************************

Confirmed 0x8 Speakers/Abstracts/Bios
Keynotes (50 Minute)
  • Allan Cecil - "TASBot"
    • Abstract: TASBot is an augmented Nintendo R.O.B. robot that can play video games without any of the button mashing limitations us humans have. By pretending to be a controller connected to a game console, TASBot triggers glitches and exploits weaknesses to execute arbitrary opcodes and rewrite games. This talk will explore the idea that breaking video games using Tool-Assisted emulators can be a fun way to learn the basics of discovering security vulnerabilities, finishing by connecting an SNES directly to the internet and allowing the audience to interact with it. An overview of some of the details that will be described in the talk can be found in an article I coauthored for the PoC||GTFO journal (Issue 0x10, Pokemon Plays Twitch, page 6).
    • Bio: Allan Cecil (dwangoAC) is the President of the North Bay Linux User's Group (http://NBLUG.org). He acts as an ambassador for TASVideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick (http://gamesdonequick.com) charity speedrunning marathons using TASBot to entertain viewers with never-before-seen glitches in games. By day, he is a senior engineer at Ciena Corporation working on OpenStack Network Functions Virtualization orchestration and Linux packet performance optimization testing.
  • Samy Kamkar - "The Less Hacked Path"
    • Abstract: Since the dawn of the Internet and the Web, a broad series of hacking attack vectors have descended. Malicious hackers, researchers, and governments have demonstrated and deployed these attacks onto computers, mobile devices, and nuclear power plants. While we continue to build sophisticated technology to defend against many of these attacks, a new field of exciting research is taking place that uses side channels, physics, and low cost tools to employ powerful attacks against modern technology. We'll explore some of these fascinating, and often secretive, methods and how you can use them or secure against them.
    • Bio: Samy Kamkar is an independent security researcher, best known for creating The MySpace worm, the fastest spreading virus of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies to SkyJack, a drone that wirelessly hijacks and autonomously controls other drones. His work has been cited by the NSA, triggered hearings on Capitol Hill, and has been the basis for security advancements across virtually all web browsers, smartphones, and other technologies.
  • Micah Zenko - "Red Teaming Insights and Examples From Beyond the Infosec Community"
    • Abstract: Red teaming isn't just pen testing. Red team approaches and techniques are used widely in the military, intelligence community, and throughout the private sector. Every institution, from the Marine Corps to pharmaceutical giants, experiences the same organizational pathologies that make them unable to identify blind spots, challenge assumptions, or consider adversarial perspectives. In this talk, Iíll share examples of where red teams were sorely needed (yet not used), where they were authorized (yet failed), and where they actually made a difference. Iíll also offer some "best practices" (an unfortunate phrase) for what tends to make red teams succeed. Some may be useful to the community
    • Bio: Micah Zenko is a senior fellow at the Council on Foreign Relations. Previously, he worked at Harvard's Kennedy School of Government, Congressional Research Service, and the State Department's Office of Policy Planning. His blog, Politics, Power, and Preventive Action, covers US national security policy and conflict prevention, and he writes a column on ForeignPolicy.com. Zenko consults with military commands, law enforcement agencies, the private sector, and nonprofit research organizations. He is the author or co-author of five Council Special Reports, on topics such as armed drones and nuclear weapons, and author of two books: Between Threats and War and Red Team: How to Succeed by Thinking Like the Enemy. Zenko has a PhD in political science from Brandeis University, and a Wisconsin bartender license.
  • $NAME - "$TITLE"
    • Abstract: TBA
    • Bio: TBA
FULL Length (50 Minute)
  • Itzik Kotler - "I'm In Your $PYTHONPATH, Backdooring Your Python Programs"
    • Abstract: Does the flap of a butterfly's wings in Brazil set off a tornado in Texas? I don't know, but a change of a shell variable can lead to a malicious Python code injected into any Python program running afterwards. In this talk, I'll release pyekaboo and demo how it can be used to hijack Python module(s) and then steal passwords/sensitive data, tamper with security tools, and turn any Python program that uses sockets into an interactive backdoor. In other words, a rootkit for Python. Last but not least, I'll discuss how to detect and mitigation this attack. Come, it will be fun!
    • Bio: I'm a father, husband, hacker, and the Co-Founder & CTO of SafeBreach. What more can I say? `perl -e 'print q|A| x 1024'`
  • Ian Klatzco & Adam Ringwood - "University Privacy: How to Doxx 60,000 Students"
    • Abstract: Lightweight Directory Access Protocol (LDAP) is at the heart of most large universities. A student may use it to login into campus computers, access campus email, and use it as a single sign on provider for university services. LDAP servers also store a student's personal information. This data can have poorly-chosen security settings that reveal sensitive data. We will discuss the privacy and implementation details at two Illinois public universities with a combined population of above 60,000. The directories contain many individuals affiliated with the schools, including graduates and faculty. We found almost every student's major, year in school, email address, phone number, and home address, using just a single student's credentials. University officials didn't find this information to be terribly problematic, citing a law passed in the 70s called FERPA. FERPA protects student educational information such as grades, but gives the university the ability to release student directory information without individual user permission. We will discuss how FERPA outlines the process of opting out of directory information as a student, and its shortcomings, such as limiting employer ability to check university records. The risks aren't limited to just personal directory information though: we will discuss what information can be mined from a user's password changed timestamp and last login timestamp. We show that attacks against user privacy are being carried out using university directories: businesses on campus harvesting emails using LDAP for marketing, and an individual who was scammed using personal information probably gathered from the system (http://bit.ly/uiucredditscam). We will discuss how these attacks can be prevented by changing technical policy and educating users."
    • Bio0: Ian is a student at UIUC who gets into trouble at school (http://bit.ly/CATFACT) and plays dance games.
    • Bio1: Adam is a ');DROP TABLE Bios;--
  • Caleb Madrigal (metem) - "Intercepting, modifying, and generating wireless signals with SDR"
    • Abstract: In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing). I'll also be demoing some brand new tools I've written to help in the interception, manipulation, and generation of digital wireless signals with SDR.
    • Bio: Caleb Madrigal is a software engineer working on Incident Response software at Mandiant/FireEye. He does a good bit of LAN/Radio/IoT hacking.
  • Jeff Man (badguy) - "I was the first Edward Snowden"
    • Abstract: NSA takes very seriously its mandate to do "what NSA does" against foreign entities and NOT U.S. citizens. The rules were clarified in the late 70's in the Foreign Intelligence Surveillance Act (FISA). FISA was written after the findings of the "Church Proceedings" were published as part of the fallout of the Watergate scandal. In 1996 I was investigated for violating NSA's charter when I led a forensic team to help the Dept. of Justice after their website was defaced. I will share the story of how I was almost fired from NSA for violating the same law that NSA has been accused of violating based on the information disclosed by Edward Snowden several years ago, which is why I'm sometimes heard to say, "I was the first Edward Snowden". The goal is to shed some light on how NSA really operates, from someone who used to be on the inside, in order to take the whole Snowden debate to a different level. I do not intend to sway anyone's opinion, but merely want to offer some details that should help anyone make a more informed decision about NSA, its mission, and the laws by which it is governed.
    • Bio: Jeff is an Information Security expert, Cryptanalyst, ex-NSA Pen Tester, Security Evangelist, SecurityWeekly host, and Curmudgeon.
  • Ryan McCombs - "Bears...Bears Everywhere"
    • Abstract: Did you hear that there was a Presidential election recently? I saw a headline about Russians and Bears somewhere. On June 14, 2016, the Washington Post published an article stating that the Democratic National Committee had been compromised by two nation state adversaries, COZY BEAR and FANCY BEAR. This expose will describe, in depth, the tactics, techniques, and procedures leveraged by these adversaries discovered during the DNC breach.
    • Bio: Consultant @ CrowdStrike. Did the stuff and the things at the DNC breach.
  • Ben Herzberg - "The Mirai BotNet and where DDoS attacks are headed"
    • Abstract: The Mirai BotNet was used to take down large parts of the Internet during October 2016. This marked a new era for MDoS (Massive Denial of Service) attacks, based on the exponential growth in IoT devices and Mobile devices, as well as the security issues involved with these devices. In this talk we will explore the Mirai attacks through its source code, the attacks seen in the wild, and how those attacks looks like in a NOC/SOC of an organization being attacked. We will demonstrate the attacks themselves, and see what needs to be done in order to prevent this from being a catastrophe by 2020.
    • Bio: Ben was red team leader, and technical leader as a CTO. Now the group manager of Imperva-Incapsula's security research group.
  • Melody Haase & Chad Gough - "It Came from the Garbage!"
    • Abstract: Was it caused by an out of control experiment gone awry? Does it have the power to read your mind? One thing is clear: it has almost every detail about your personal life and is likely living in a garage, recycle bin, or landfill. It's your phone. This presentation will resurrect an abandoned zombie phone by extracting forensic mobile data, fusing it together with information gathered using open source intelligence techniques, and visualizing a timeline of an individual's life. By the end of the presentation, attendees will think twice before creating a monster with an abandoned phone.
    • Bio: Melody is an OSINT nerd. Chad loves reversing and taking things apart. Together, they figure out ways to extract and exploit data.
  • Marc Bown - "Wearable Security - Perspectives on Attack and Defense"
    • Abstract: Fitbit is a household brand and the leader in the overall wearables category and as such we're an attractive target for attackers and researchers. We have learned a lot as we've grown from wearable device startup to global company in just under ten years. Our hope is to can share some of our security-specific learning and help improve the IoT and wearable security ecosystems as a result. In this talk, I'll introduce Fitbit's ecosystem before diving into how we think about security and how we've set ourselves up to design, implement and operate it. I'll cover some of the lessons we've learned, which will provide insight for researchers looking at other wearables and IoT devices, as well as to defenders in the wearable / IoT space.
    • Bio: Marc is a Security Engineer at Fitbit, where he manages the company's Security Feature Engineering and Incident Response teams. Before joining Fitbit Marc was the Head of Security for sportsbet.com.au. He also spent a few years running Trustwave SpiderLabs for the APAC region.
  • Jason Kent - "IOT web of intrigue"
    • Abstract: Everyone is afraid of IOT and its insecure protocols and communications that leak out data like Wifi Passwords in the clear. But have we done enough experimentation with the web side of this menace? In this talk we will look at the Web Services side of IOT and the protocols and communications that are there, gotta be safer ... right? What are we really doing when we start using IOT device mobile apps in our daily lives? What happens when the normal app communication and protocols aren't really designed or built with security in mind? These and some other questions will be addressed with example communication and protocol captures along with some standard pen-testing results to point out who's doing it right and a little schadenfreude on who isn't. We will dwell on the technical and learn how to instrument ourselves so we all can test these things and provide feedback to those that need it. I will also cover a responsible disclosure I went through with an IOT company and what that looks and feels like for them.
    • Bio: Jason Kent is an information security and web application security professional with 20 years in IT. Jason's curiosity has led him to responsible disclosures, web security automation as well as product development for some of the largest security organizations. If you have a web security problem, api security concerns or simple curiosity, Jason is happy to help navigate the waters of the waves the Internet can bring.
TURBO Talks (25 Minute)
  • k3ggy & Chris Carlis - "Borders for Dummies"
    • Abstract: Sometimes the Internet just can't get you where you need to be. Whether for offense or defense, showing up onsite is often key to success. It's important to not screw it up. This talk, tentatively called 'borders for dummies', takes a look at successfully getting your (or your friend/colleague/whoever's) human body across an international border with minimal interruption to the necessary hax. A range of issues will be addressed including travel prep, what to expect at customs and best practices for when things go sideways. Expect war stories, gifs, and role playing exercises with possible audience participation. Oh and there might be puppets.
    • Bio0: k3ggy was born as the result of an extraordinary accident involving an experimental teleporter and a kegerator. With teleportation still a dangerous fantasy, k3ggy has built years of experience crossing many many borders - friendly and otherwise - the old fashioned way around the world, both for fun and for serious. His experience in forensics and reverse engineering have informed a strong awareness of the technical threats faced by border crossers.
    • Bio1: Chris Carlis is a Principal Consultant on the SecureWorks Red Team where his focus is goal based testing and process development. An experienced penetration tester and social engineer with over 10 years in IT and Security he has experience in both the corporate IT and security arenas and has experience dealing with the security challenges inherent to different environments. Locally, Chris is a community organizer in the Chicago area and coordinates a number of monthly gatherings designed to help connect like-minded information security professionals. Chris has spoken at THOTCON and Security BSides conferences and, in his spare time, enjoys practicing operational security and the spreading of misinformation.
  • John Downey - "Cryptography Pitfalls"
    • Abstract: Developers tend do a poor job of implementing cryptography and other security measures in their systems. However, we as security people aren't doing very much to help them be successful. Often the primitives used are out of date and overlook very subtle flaws. These mistakes lead to systems that are hopelessly insecure despite our perception that we've build an impenetrable fortress. Fortunately there are a few tools and techniques at our disposal that can ease some of the pain. In this talk we'll get our laughs by exploring some of the most common pitfalls developers encounter with cryptography, but also try and restore some of our sanity.
    • Bio: John Downey is the Security Lead at Braintree. There he has worked on their HA infrastructure and integrations into the banking system.
  • Ian Kilgore - "Practical optical key-duplication attacks via superresolution sensing"
    • Abstract: "The optical duplication of physical keys via decoding of bitting patterns from images is a known threat. However, since the features being analyzed are small and differences between each bitting value amount to only a few pixels, the stealthy application of this attack in practice is limited by the difficulty of obtaining clean high-resolution imagery of a target key. We use image processing techniques to overcome the common drawbacks of surreptitious or field-captured imagery. Superresolution sensing can be used to reconstruct high-resolution images from a series of low-resolution images from mostly-redundant viewpoints. Furthermore, related image processing models can, with or without the availability of motion data from the sensor, overcome motion blur (e.g. from smartphone video captures). Results presented in this talk will demonstrate that a stealthy optical key duplication attack can be plausibly performed without sophisticated equipment or logistical support. We will also consider the implications for entirely remote, opportunistic attacks."
    • Bio: Ian is a PhD student at North Carolina State University
  • Karl Fosaaen (gLoBuS) - "Nothing personal, It's just Skype for Business"
    • Abstract: Many organizations are turning to Microsoft to help with their internal communication needs, and some are exposing themselves to external attacks by federating their Skype for Business (formerly Lync) deployments. Federation allows organizations to talk to other external Skype users, but do they really need to? In this talk, we'll go over how you can use the Lync SDK (and a federated account) to automate attacks against federated Skype for Business deployments. We will start with user enumeration and social engineering recon, move on to some password brute force attacks, and wrap things up by automating Skype phishing attacks.
    • Bio: Karl is a Managing Consultant with NetSPI. He has spent a bunch of time this year digging into the Skype for Business SDK using PowerShell.
  • rinne_parad0x - "Rootkits : Modern Era and Future Perspective"
    • Abstract: With the ever increasing computerized devices in our daily life, the attack surface for cyber attacks is increasing rapidly. Hackers have been targeting devices ranging from PCs to routers to smart TVs and cars to gain more and more control on their victim, and to get the juicy details to maximum extent possible. Although the attack methods vary, one thing is common among nearly all of them: rootkits. Rootkits have been, and are being actively used to gain stealth and persistence, as well as to perform mind-bogglingly sophisticated attacks. This talk is based on analysis of rootkits that are currently being used and what techniques they employ to hide themselves, control processes, subvirt the operating system and will discuss the same. The talk then discusses some of the POCs and the techniques employed by them that have been developed to make use of current advancements in the OS/microprocessor technology for greater stealth and to avoid detection or to bypass current security methods currently being deployed.It then moves on to discuss the detection of rootkits and possible ways to mitigate.
    • Bio: Author has a deep interest in playing with low level stuff that includes malwares, rootkits, shellcodes and alike.
  • Peter Shipley - "TCP Exploits"
    • Abstract: Security expert, beer connoisseur, and all-around bad boy of technology Peter Shipley will be delivering a timeless talk on the inherent security flaws of TCP/IP.
    • Bio: Old-school hacker
  • VideoMan - "You did what with SHA1 again?"
    • Abstract: In this talk, I will show off real-world examples of misuse & abuse, and improper data handling of sensitive passwords that has happened inside an application that contained 1.2M user credentials. When doing penetration testing, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done. I will talk about how our attack progressed, what controls were missed, and how we used 4xGraphic Processing Unit (GPU) video cards to recover 600 thousand user passwords in <24 hour period.
    • Bio: David M. N. Bryan has over 16+ years of experience & is part of IBM's X-Force Red. He also helps run Thotcon.
  • Scott Sutherland (nullbind) - "SQL Server Hacking on Scale using PowerShell"
    • Abstract: This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally I'll show how PowerShell automation can be used to execute the SQL Server attacks on scale with PowerUpSQL. All scripts demonstrated during the presentation are available on GitHub. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.
    • Bio: Scott is a security consultant that performs application and network penetration tests at NetSPI.
  • Will Caruana - "Hacking your local government"
    • Abstract: We live in an age defined by an increasing prominence of technological improvements and innovations. As hackers, it is our responsibility to properly inform decisions in the public realm that have a direct consequence on technology-oriented decisions. An ideal way to enact such small, relevant changes is to become involved in local government. This has the benefit of both beneficially shaping local communities and serving as a platform to educate local politicians on technological issues as they seek higher office. As a case example, I will discuss my experience working to construct a municipally owned fiber network in a suburb of Springfield, MA.
    • Bio: I served on the a few committees for the town of Wilbraham MA. I have a BS in political science from Salem State Univ and enjoy high voltage.
  • M4n_in_Bl4ck - "Threat Intelligence 101: Separating Signal from Noise"
    • Abstract: Threat Intel is the new magic buzzword for what separates one vendor's product from another. However, Threat Intel is as nebulous and mysterious as ever, because vendors hide what it is behind claims it is their Secret Sauce. Threat Intel is a valuable part of any Incident Reponder's arsenal, though the bad actors are making better use of it that we are. This talk is designed to discuss what the world believes Threat Intel means, what it should mean to you, where to get it, and how to find value in it.
    • Bio: Institutional defender and Incident Responder. Spends too much time veting vendor promises looking for nuggets of truth. Decent chef.
  • Benjamin Brown - "Cryptocurrencies: You keep using that word, anonymity. I do not think it means what you think it means."
    • Abstract: Cryptocurrencies are seeing an enormous uptick in use. While much of that use shows through the media as illicit or crime oriented, cryptocurrencies are seeing widespread legitimate use for transfers without the wiring fees, gifts, remittances, basic retail transactions, and as an alternative to an unstable fiat currency (think Argentina, South Africa, Brazil, Myanmar, Malaysia, and Indonesia). So much business is being done via cryptocurrency that the United States IRS just served a ""John Doe"" summons to Coinbase (currently the largest cryptocurrency exchange) requesting the identities of United States Coinbase customers who transferred any convertible virtual currency from 2013 to 2015 to ensure proper reporting and compliance under U.S. tax law. In this talk I will explain what cryptocurrencies are and what related blockchains are. I'll then give an overview of the current markets and valuations as well as the up and comers. With that foundation we can look at the erroneous claims of cryptocurrency "anonymity" and reveal how open transaction ledgers work. I will continue with current research, tools, and techniques for forensic cryptocurrency transaction analysis. We'll then turn to techniques transactors use to further obfuscate their transaction trail and what the weaknesses of those techniques are. Finally, we'll look at the current innovations targeting cryptocurrency privacy concerns, how they work, and what challenges they face.
    • Bio: Benjamin Brown currently works on darkweb research, threat intelligence (drink!), and incident response at Akamai Technologies.
  • H Kapp-Klote - "Why and How to Teach People _Cyber_ Isn't A Thing"
    • Abstract: An organizing group's security is only as strong as the guy who sets their password as "password123". And yet talking to people about cybersecurity who don't ""get it"" is about as appealing to both parties as rusty tool dentistry. This talk and discussion will cover how, why, and when to talk about security to organizers and activists without adding anything to anyone's FBI file.
    • Bio: H Kapp-Klote is not a robot.
  • Phil Gawron - "Something to hide - Why privacy matters and how to get yours back"
    • Abstract: The mindset of "If you aren't doing anything wrong, you've got nothing to hide" is BS. We all have something to hide. Honestly, we all are doing something that someone would consider to be wrong. Using Open-source intelligence (OSINT), I'll demonstrate how easy it is get too much information. For those who decide that they do want privacy, we will discuss various tools and methods to regain as much control of your on-line and off-line information as possible. While TOR and VPNs hide your IP address, they do very little to protect your privacy. Much more is needed. Learn about anonymous phone numbers, purchases, email addresses and even anonymous home ownership.
    • Bio: Phil Gawron is an infosec professional, defender of individual rights and prefers bourbon over beer, dogs over cats and truth over comfort.
  • Natalie Vanatta & Erick Waage - "Unleashing the Dogs of [Cyber] War"
    • Abstract: What role will the digital realm play on the kinetic battlegrounds of future war? Without constraints what would be possible should we find ourselves in a hybrid war with a near-peer adversary? We need a way to penetration test our forces, both combat and cyber, but outside the limitations of today's operating constraints in a ""sandbox"" location. Our enemies do this and are prepared to operate autonomously at the speed of information in the real world. Training against enemies like this is ongoing now at the nation's Combat Training Centers. This talk will explore what happens when pen testing is combined with fierce ground combat (aka death and destruction). This is the story about remote training areas where tens of thousands of Army Soldiers rotate through every year staging massive force-on-force battles with tanks, aircrafts, and missiles; where Soldiers practice the current fight and prepare for the next. We will share how a dedicated group of individuals are changing the military's view of electronic and information warfare one battle at a time through the role of "OPFOR" or opposing forces. Using many of the same concepts that you employ: phishing, blackmail, network reconnaissance, physical security penetration testing, denial of service, and general information mayhem. Unconstrained by law, Geneva Convention, complex approval requests, and chain of command, what could our enemies possibly do to the detriment of our troops engaged in ground combat? We decided to find out. We will talk about our role as the "bad guys" and how we are weaving in elements of electronic and information warfare into the fight. Information is a powerful ally, and those able to wield it quickly, and effectively often gain tactical advantage. Help us provide this tactical advantage to our Soldiers on the battlefield of tomorrow with your ideas today.
    • Bio: Natalie Vanatta & Erick Waage are security researchers with the Army Cyber Institute exploring future digital challenges facing the Nation.
  • Devina Dhawan - "Transitioning to AWS in a Hurry Without Getting Owned"
    • Abstract: There are two kinds of people in this community: those who embrace the cloud and all it has to offer, and those who have the cloud thrust upon them. Amazon Web Services remains the most popular enterprise cloud service and is becoming more ubiquitous every year. In this talk, we'll make the assumption that you're new to AWS and/or have been handed a poorly managed account. I'll cover hardening best practices and how to work with your ops team to properly resource cloud services. If you're using the AWS management console, you aren't using AWS correctly. In order to get you on the right track, I'll help you learn the AWS command line interface so you can control and automate AWS services. Identity and access management (IAM) is central to user provisioning in AWS, but unfortunately it's also one of the largest causes of AWS security incidents. I'll go over the role and service based access, including EC2 security roles, S3 bucket policies, and how to audit them. Finally, we'll discuss how to set up logging and alerting, so you too can wake up in the middle of the night when someone enables Global SSH on all your EC2 instances.
    • Bio: Devina currently works as a security engineer at Etsy - the craftiest of marketplaces - in Brooklyn, NY.
  • Keith Lee & Michael Gianarakis - "Finding Your Way to Domain Admin Access and Even So, the Game Isn't Over Yet."
    • Abstract: In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues. We want to fill the gap from after cracking a password hash (normal user) from NetBIOS/LLMNR/WPAD attacks to compromising the entire Domain as well as solving a few tricky issues that we as penetration testers face. There are also scenarios where after getting Domain Admin access doesn't mean we have access to all hosts/shares/databases on all hosts in the network. Some of the workstations/servers are in workgroup membership. Some file shares are restricted to certain groups/users in the Active Directory. These file shares might contain sensitive cardholder information or router configuration backups or Personally identifiable information (PII) data that are restricted to certain users or groups that are out of bounds to Domain Administrators. How do we get there? It would be easy for an attacker if all hosts in the network were part of the same Domain membership and the Domain Admin group have access to all file shares in the network. However, in complex organizations, these might not be the scenarios. The tricky part for an attacker is to find the right account to gain access and getting in and out of the environment fast. The tool finds creds from SYSVOL, dump hashes/passwords, it also performs the below actions. Enabling RDP, Which Accounts Have Logged into The Host Before, finding docs containing passwords, Listing Installed Programs, Dump Wireless. WinVNC, UltraVNC, Putty, SNMP, Windows AutoLogon, Firefox Stored credentials, Find KeePass Databases, FileZilla sitemanger.xml, Apache Httpd.conf, Unattend.xml, sysprep.xml, sysprep.inf and extracting credentials, PII data and Credit Card Track Data from memory. At the end of the presentation, we will be releasing a new tool to allow attackers to carry out the attacks in an automated fashion with minimal effort and maximum compromise.
    • Bio1: Keith Lee is a Senior Security Consultant with Trustwave's SpidersLabs Asia-Pacific. Keith Lee is based in Singapore.
    • Michael Gianarakis is the Director of Trustwave SpiderLabs' Asia-Pacific practice where he oversees the delivery of technical security services in the region. Michael has presented at various industry events and meetups including, Black Hat Asia, Rootcon, and Hack in the Box. Michael is also actively involved int the local security community in Australia where he is one of organisers of the monthly SecTalks meetup.
Demo Talks (120 Minute)
  • Johnny Xmas & Benjamin Brown - "How I Darkweb Economies (and You Can Too!)"
    • Abstract: Since the infamous Silk Road takedown by the FBI in 2013, the Darkweb economy has been exponentially increasing in both user base and revenue year-over-year. The need for essoteric knowledge in order to engage in transactions via this shadow Internet has subsided greatly, allowing average computer users access to the vast underground of illicit economies. 2016 in particular has seen turbulent growth and high-profile media coverage, puttng it in the forefront of everybody's minds. In this talk, we'll present the cold hard truth behind the various commodities being bought and sold via this pseudo-anonymous marketplace, with a depth and insight The Media is simply not able to provide. Topics covered will include: money laundering via cryptocurrency, Hacking as a Service, hitmen for hire, human trafficking, and much, much more!
    • Bio0: Johnny Xmas ( @J0hnnyXm4s ) is a penetration tester for the Chicago-based Security Assessment Firm "RedLegg." He's been speaking Internationally on the topics of Information Security, Career Advancement and Social Engineering for nearly 15 years, both in and very far outside of the Information Security community. His infamous mixture of humor, raw sincerity and honest love of people often leads to lighthearted, but at their cores, serious discussions revolving around our innate desires to get in our own way.
    • Bio1: Benjamin Brown currently works on darknet research, threat intelligence, incident response, and adversarial resilience at Akamai Technologies. He has experience in the non-profit, academic, and corporate worlds as well as degrees in both Anthropology and International Studies. Research interests include darknet and deepweb ethnographic studies, novel and side-channel attack vectors, radio systems, the psychology and anthropology of information security, metacognitive techniques for intelligence analysis, threat actor profiling, and thinking about security as an ecology of complex systems.
  • Price McDonald - "Hack Mode Enabled - Hardware Hacking on a Budget"
    • Abstract: Over the last few years Hardware Hacking has become a much more prevalent testing and attack avenue. This talk is meant to give a basic to mid-level understanding of Hardware Hacking techniques, tips and tricks for a normal person (read no Enterprise Security budget).
    • Bio: Price's areas of expertise include Hardware Hacking, Penetration Testing, Digital Forensics, Reverse Engineering.
  • Shawn Webb - "Pissing off the bad guys by porting grsecurity to HardenedBSD"
    • Abstract: Work on HardenedBSD began around three years ago, with HardenedBSD becoming official two years ago. We've implemented the strongest form of Address Space Layout Randomization (ASLR) in all the BSDs. We've ported over a number of grsecurity features. FreeBSD, upon which HardenedBSD is based, serves at least 36% of all peak North American Internet traffic, thanks to Netflix. Juniper, Cisco, NetApp, iXsystems, and others all use FreeBSD under-the hood. Yet FreeBSD lacks any low-level exploit mitigation technologies. Exploiting vulnerable applications has never been easier. The NSA must love FreeBSD-based systems. HardenedBSD aims to implement low-level exploit mitigations and security hardening technologies, starting with porting the grsecurity patchset. We've come a long way, and we have even longer to go.This presentation discusses in detail the advancements we've made, including comparisons to Linux and OpenBSD. Attendees will understand why exploit mitigation is an absolute must and will learn the technical details of each feature. There is potential that 0day against FreeBSD that is mitigated in HardenedBSD may be presented.
    • Bio: Shawn Webb is the cofounder of HardenedBSD. Former ClamAV core developer. Member of the OPNsense core team. SoldierX High Council member.
  • JAe - "Ph'ing Phishers"
    • Abstract: Credential phishing is super lame. Sadly it's one of the main workhorses behind financing so much bad stuff that it deserves to be smacked around by a large trout. Over the past year I've written automation to help turn a monumentally mundane task of scraping/screenshotting/archiving and writing snort/suricata signatures for phish. This is not a phishing 101 talk, we will get techincal right off the bat. I will discuss various trends in backend phish templates that have been used to generate Emerging Threats IDS signatures and release scripts that can assist anyone who has an interest in making life harder for these scammers.
    • Bio: JAe is a Security Researcher on the Emerging Threats Research team at Proofpoint who eats a lot of phish.
***END THOTCON TRANSMISSION************************************************
***************************************************************************

THOTCON INFOBLOX v.8 INF-RC1
608K RAM FREE

Ready.

Main Menu:
1. Home 2. About
3. Call For Papers 4. Contests
5. Speakers 6. Schedule
7. Venue 8. Registration
9. Sponsors A. Contact
B. Links C. Archive
D. Exit
Select: _

© 2017 THOTCON NFP