CanSecWest 2012 Speakers and Talk Information
Hardware-involved software attacks & defense - Jeff Forristal, Intel
With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important for understand what is involved in these hybrid attacks so they can be characterized and defended against properly. This talk will introduce many different flavors of hardware-involved software attacks, where they fit in the PC platform security paradigm, and what needs to be done so we can start addressing the risk they represent.
iOS5 - An Exploitation Nightmare? - Stefan Esser
With the release of iOS5 Apple has not only added more than 200 new features to the OS, but also hardened it once again against exploits and jailbreaks. This renders a lot of the public information about iPhone exploitation outdated, because many of the tricks and techniques that were used in public iPhone jailbreaks do not work as expected anymore.
This talk will review the security relevant changes in the iOS5 kernel and discuss how attackers can adapt to still exploit and jailbreak iPhones in the future.
Advanced Persistent Responses - Peleus Uhley, Adobe Systems, Inc.
The last two years have been an interesting for the Flash Player team to say the least. With a change in the threat landscape, multiple zero-day attacks and increasing scrutiny from the security community and the public, we have had to rapidly scale our security efforts to adjust to the new challenges. In the process, we have been provided with a unique insight into the targets and methodologies of malicious hackers. This presentation will discuss the different types of attacks we have seen, our analysis of what the attacks say about the threat landscape, and how the technical analysis influenced our security strategy. We will also share the lessons that we've learned in the process of responding to these threats.
Social Authentication - Alex Rice, Facebook
Passwords suck. Security questions are a joke. Two-factor? Hah. Web authentication is frustratingly broken. Over the past year, Facebook engineers have been experimenting with various attempts to supplement "Something you know" with "Someone you know". A year of iteration and usage by millions of real world users has taught us a great deal about this new approach to authentication. This talk will demonstrate the implementations we've come up with and share much of what we've learned along the way: where it works, where it doesn't, and where it falls apart spectacularly.
Probing Mobile Operator Networks - Collin Mulliner
As a mobile phone hacker I was interested in what kind of mobile
devices site on mobile phone networks. In this talk we provide
a walk through on how to probe mobile networks from start to end.
Finally we show some of our results from our effort.
Legal Issues in Mobile Security Research - Marcia Hofmann, EFF
This presentation will identify and discuss sticky legal
problems raised by researching the security of mobile devices. Using
American law as a jumping-off point, I'll discuss common legal issues
that arise in mobile security research such as reverse engineering,
jailbreaking, and interception of communications. We'll also talk about
practical ways to reduce the risks of your research so that you can go
about your work with less potential for legal trouble.
HDMI - Hacking Displays Made Interesting - Andy Davis, NGS Secure
Picture this scene, which happens thousands of times every day all around the world: Someone walks into a meeting room, sees a video cable and plugs it into their laptop. The other end of the cable is out of sight - it just disappears through a hole in the table. What is it connected to? Presumably the video projector bolted to the ceiling, but can it be trusted to just display their PowerPoint presentation?... This presentation discusses the security of video drivers which interpret and process data supplied to them by external displays, projectors and KVM switches. It covers all the main video standards and also details the construction of a hardware-based EDID fuzzer using an Arduino Microcontroller and a discussion of some of its findings.
Unveiling LTE Security - Dr. Galina D. Pildush, Juniper
Unveiling LTE focuses on LTE networks security. It describes the generic LTE architecture, the change of an operator's infrastructure view from a wall-garden into an IP-based phenomenon and what it truly means for an operator and its subscribers. It covers the protocols deployed and the corresponding network vulnerabilities. The topic expands into architectural positioning of the protection mechanisms that an operator could/should consider deploying and reasons why.cloud security
Playing With Network Layers to Bypass Firewalls' Filtering Policy - Eric Leblond
The presentation starts by the introduction of the concept of application layer gateways, aimed at allowing an accurate filtering of complex protocols such as
FTP or SIP. The presentation will then focus on Netfilter implementation with a view to having a more concrete example. The principle of a new generic attack will be presented subsequently, with a description of how
it leads to the opening of unauthorized connections through a firewall. A detailed description of the attack will be provided,
including a live demonstration of its effects on protocols such as FTP or IRC.
The available protection method for IPv4 and IPv6 will be described with a specific focus
on the Linux case.
Vulnerability Analysis and Practical Data Flow Analysis & Visualization - Jeong Wook Oh, Microsoft
If your daily job was analyzing a daunting amount of 0-day exploits or vulnerabilities where technical details are unknown, or if you needed to dig into a huge number of crashes induced by fuzzing operations, how would you approach it? Theoretically at least, data flow analysis might be the answer. However, in the real world, the application of data flow analysis is a challenging task. Even though these days, it’s hard to find a vulnerability that is straightforward enough to be analyzed automatically, we can still get a lot of benefit using data flow analysis and visualization. In this presentation, we examine a practical way of applying data flow analysis methods using binary instrumentation tools, a CPU emulation engine and visualization. We share our experience analyzing some well-known vulnerabilities using these technologies. We also show how simple visualization can help you understand the root cause of particular vulnerabilities.
Intro to Near Field Communication (NFC) Mobile Security - Corey Benninger and Max Sobell, Intrepidus Group
As Near Field Communications (NFC) is integrated into our daily lives more and more (credit/debit cards and mobile payments, transit systems, ticketing systems), application developers should understand the risks of implementing NFC in mobile applications. This talk covers several current and proposed NFC implementations with case studies including attacks and mitigations, as well as the hardware basics behind NFC to better help developers and security testers understand the inherent strengths and limitations of NFC. The presentation will cover the ISO 14443 A and B standards, waveform modulation, and propagation across the RF channel. Demo attacks against NFC applications, including misdirecting FourSquare check-ins and malware which can intercept NFC intents to launch rogue applications, will be shown. We will show the data popular NFC enabled applications store including how it could be used to track when and where a device had been used. The presentation includes an in depth look at the NFC Data Exchange Format (NDEF) which is found across devices. Understanding and fuzzing this format can lead to parsers failing and crashing on malformed input as will be demonstrated against Android's Tags application. Updated with Google Wallet and Android 4.0!
New Threat Based Chinese P2P Network - Jun Xie, McAfee
Xunlei Network(A.K.A Thunder Network) is the biggest P2P network in china, like uTorrent, this is a new generation
P2P network. I will introduce the Xunlei network architecture, the difference with traditional P2P network,
and its design flaw and potential threat. I will also disclose several vulnerabilities like how to use Xunlei Network to
launch a large scale DDOS attack, malware code injection using Xunlei Network,etc, few demos will show you the
truth.
Root-Proof Smartphones, and Other Myths and Legends - Scott G. Kelly, Netflix
Android is enjoying explosive growth on mobile devices. When provider-controlled
device configurations are unsatisfactory, users who want more control must resort
to "rooting". In an effort to prevent this, providers have designed in various
system protections, and some additional new protections are on the horizon. This
tutorial describes how devices are rooted, why existing mitigation strategies have
failed, how provider designs are evolving, and why most devices will remain
susceptible to rooting despite the evolving design.
Hiding in Plain Sight: How Modern Malware Uses Covert Channels to Hide From Security - Wade Williamson, Palo Alto Networks
Like most modern applications, today's malware depends on network connectivity to do its job. This presentation will focus on the mechanics of how malware establishes these communication channels while avoiding detection by security teams. We will provide case studies based on recent samples of malware and provide best practices to assist with detection.
Mapping The Penetration Tester's Mind: 0 to Root in 60 min - Kizz MyAnthia (Nick D.), Rapid7
"Mapping The Penetration Tester's Mind" will present tools,
methodologies, standards, and frameworks that are used during an active
security engagement. This will give the attendees a broad understanding
of how a penetration tester locates and determines what is a target, how
vulnerabilities are located, what a penetration tester does to actively
gain access, and how one small vulnerability can lead to complete
infrastructure breach. Many participants understand the importance of
having penetration testing performed, but do not understand what is
actively done during the engagement. The presentation will provide a
good base of information into the penetration tester's mindset and allow
all participants an opportunity to have a deeper understanding of how
to provide guidance to their clients for a successful assessment."
Deep Boot - Nicolas Economou and Andres Lopez Luksenberg, Core Security
In this presentation a recently developed generic technique will be
presented to show how to gain control of any operating system in boot
time running on x86/x64 platforms, thus taking over the CPU from the
first executed instruction by the bios boot mechanism to the last stage
of the OS loading time.
Similar techniques can be found in rootkits.
A real time attack simulation will be made to install a rootkit in a
Windows OS (with an antivirus running) to reach persistence and show how
the same rootkit takes control of the OS again from the the beginning by
using the same method.
Scrutinizing a Country using Passive DNS and Picviz - Sebastien Tricaud and Alexandre Dulaunoy
Passive DNS is a known technique to easily mine malware
propagations, fast flux and other stuff. However, when dealing with
country level data, it becomes rather tricky to understand when you do
not really know what you are looking for. Finding the unknown can be
performed using visualization to display interesting structures. This
lecture will give results from an investigation performed with passive
DNS records from the country of Luxembourg and show how visualization
helped to find very quickly unexpected things that citizens and
government are doing.
More announcements pending...
