Talk Line up - All talks posted
Here are the talks that you voted on for BSidesChicago posted in no particular order.
| Robert R
||Let's talk web app sec with a sort of "state of web security" talk
|I will discuss the most common logged attacks against our network (1 million+ websites hosted) and provide some nice visuals so you have something to stare at while I detail these threats. This will provide the audience with a knowledge of how severe each type of exploit can be, as well as identify the life cycle of vulnerabilities. If there is time (or maybe I can get it bumped up to 50 minutes), I think the crowd would also enjoy a detailed dissection of a handful of common backdoors we find on compromised sites (of course choosing the most unique and interesting backdoors available.) This is not to help the audience on how to design backdoors *cough* it provides a basic overview of the attacker's knowledge base and intent (why the bad guys do the things they do.)"
||Rapid Fire - 30 Mins
| @securitymoey (Panel mod), Elizabeth Martin, Kizzmyanthia, Todd Haverkos, and Rafal Los
||The Info Sec Career Ladder
||Everyone in Info Sec wants to be a PEN TESTER? An Info Sec Pro's ultimate goal is to become CISO? Right? Wrong! Info Sec while a maturing profession lacks a clear career path and more importantly a good way to get there. The goal of the panel is to help the audience understand how to go about establishing their own career paths. The panel will be made up of people who work for a vendor, deliver security services, PEN Tester, and a corporate Info Sec Manager This panelist will explain how each of them climbed their career ladder that got them into the positions today. We will explore thoughts on is there a real career path for Info Sec pros, certifications, and degrees.
||MiniPwner – Pen Testing with the TL-WR703N
||TLink recently released the TL-WR703N portable router. This device sells for less than $25 and makes a great Pen Testing drop box when rebuilt with OpenWrt and some other inexpensive components. My talk will introduce this handy router, race through the parts and process to rebuild it for pen testing, talk about some of its uses and then give some demos of using tools like nmap and kismet on the router. Finally I'll flip through some enhancement projects in the works - like embedding the router in an Altoids tin or building a kit for "wardriving" with the router from a weather balloon. I have a website www.minipwner.com describing the project.
||Rapid Fire - 30 Mins
||How I hacked your web application
||This talk will demonstrate some real world vulnerabilities we've found during web application penetration tests, how we detected them and how we took advantage of them. Actual testing and exploiting will be done against websites that were created to duplicate the sites containing the actual vulnerabilities. These are not your traditional injection attacks. The first example will show the discovery and exploit of Cross Site Request Forgery vulnerabilities to steal a user's password. The second example will show how to execute automated account credential guessing attacks against vulnerable web forms.
||Big Tent - 50 Mins
|Matt K, Jonathan C @mkonda @claudijd
||Builders vs Breakers - Head to Head
||Extending the Builder vs. Breaker concept for a second year, this talk will feature heavy audience participation with head to head debates on questions that pit software developers against (application) pen testers. With specific detailed examples, such as how to avoid the problem with a default rails configuration that left github exposed, the goal is to deep dive into both sides of the story for problems that make security so hard in the real world. As with last year, questions will be posted on google docs for preview and participation. Also, we will be bringing back the game show host. There will be drinking, but hopefully not b......!
||Big Tent - 50 Mins
|@RogueClown a.k.a Nicolle
||Python: Because Sometimes, The Most Useful Tool Is The Ability To Make Your Own
||Python is a high-level language, good for both scripting and full-fledged application development, with a rich selection of standard and add-on library modules. It is designed for clear and readable code. This combination of intuitive syntax and a wide range of available modules makes it useful for quickly and easily writing tools tailored to your specific problems. This talk will be aimed at people who are familiar with the basics of writing code, but are looking for a roadmap for developing their own security scripts. No Python experience is expected, but knowing the basic building blocks of scripting (such as what a string, list, function, or for loop is) will be helpful.
||Tools Teach - 30 Mins
|Bharat J @jogibharat
||Reversing patches for exploit creation, pen-testing or just fun!
||How many times have you wondered what really gets fixed in the security patches pushed by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that common mortals like me can use to read what exactly gets fixed in patches. These techniques can be used to write your own exploit which can be helpful for pen-testing. Malware authors use similar techniques to create malware which targets un-patched systems. This is a fast and very cost effective approach and has been used extensively by malware authors. The talk will demo how easy it is to reverse patches and will highlight the urgent need to apply patches to protect against such attacks.
||Big Tent - 50 mins
|Steven F @securelexicon
||How to Create Social Illusions: A Social Engineering Case Study
||This presentation will describe a psychological framework that informs a social engineer’s reconnaissance, pretext formulation, and social exploit activities. A case study will illustrate the use of the Social Engineer’s Toolkit, Maltego, and Google Hacking to collect information that contributed to a successful engagement. Attendees will learn how to analyze information for psychological and social indicators that enables a social engineer to model a target’s culture. They will also learn how social engineers use this model to identify opportunities for social exploits. This presentation goes through the planning, data collection and reconnaissance, analysis and testing phases required to prepare for an engagement. It also illustrates techniques to use remain flexible when interacting with individual targets while still focusing on the tactical objective.
||Big Tent - 50 Mins
|Prutha P @parikhprutha
||Attacking Apache Reverse Proxy
||This talk will discuss Apache Reverse Proxy vulnerability (CVE-2011-4317) that I discovered while developing vulnerability signatures for Apache. Depending on the reverse proxy configuration, the vulnerability allows access to internal systems from the Internet. The presentation will start with discussion on reverse and forward proxies and look at some older reverse proxy vulnerabilities and patches. It will go in the thought process behind bypassing the latest patch to discover a new vulnerability to remotely gain access to the internal network. It will also describe the tools, techniques and ideas that went behind discovering the new variant of the vulnerability and constructing a proof of concept to exploit the issue. Along with exploring the root cause of the issue, it also talks about the issue from an attacker’s perspective and finally recommends protection mechanisms against the attack. The talk will also give the audience a peek into the process of vulnerability signature creation and discovering new vulnerabilities. I exercised responsible disclosure of the vulnerability to Apache and only after the patch was released I went public with my findings in a blog post. I will release a standalone tool during the conference which will help system administrators identify the vulnerability in their environment.
||Big Tent - 50 Mins
|David S @DSchwartzberg
iOS Hash Cracking
|The training presentation will cover how to access a jailbroken iOS device using itunnel and ssh while tethered and how to crack the hash in /etc/master.passwd. The training will begin with explaining the environment and how the iOS device was jailbroken using greenpois0n. The cracking tool used is John The Ripper v 1.7.9. The tool training will cover using John commands to crack hashes using dictionary attacks and brute force attacks. The commands on how to execute the attacks with John are obviously to be covered, as well as, some others.
||Tool Teach - 30 Mins
||Save your IR customer $273,000
||another senseless LFI attack, tons of customer&payment data stolen. Respectable pros took weeks and about $300,000 to "fix the holes" except they failed. I show the audience the tools & techniques I used to succeed. Hopefully a few audience members can explain why the pros didn't use them (request for audience participation/mini panel)
||Rapid Fire - 30 Mins
|War Dining and Stroll Trolling with a Robot
||Abstract: The pervasiveness of mobile devices like smart phones are often overlooked as a valid and effective attack vector in regards to the confidentiality of sensitive data in the general public and IT/Security Enterprise communities. This talk aims to educate both the laymen and professional on how exploitation and social engineering can occur in regards to smart phone attacks against public Wi-Fi networks and what behaviors and technologies can be utilized to minimize the impact of sensitive data loss for both individuals and businesses. This discussion will include an application based presentation and live demonstration on how to sniff data from public wireless hotspots using a smart phone or tablet referred to as “War Walking” or “War Dining”. It will also introduce the social engineering concept called “Wi-Fi Phaking” and “Stroll Trolling” which results from the act of tricking a local device such as a phone or a laptop into joining a smart phone enabled Wi-Fi hotspot with the sole intent of collecting and identifying sensitive information from that connected device. More alarmingly, this can be accomplished by utilizing freely available applications found on the Internet and the Android Market which makes this threat incredibly pervasive and cost effective. The presentation will conclude with discussing security practices and procedures users and businesses can take to help mitigate the risk of these vulnerabilities being exploited both personally and professionally.
||Rapid Fire - 30 Mins
You will be required to have a BSIDESCHICAGO ticket in order to register for the workshop. Workshop Only registrations will not be allowed!
Metasploit for Pentesting - Georgia Weidman
Description: The class will begin with the basics of using the Metasploit Framework. We will continue on following the penetration test methodology to use Metasploit to exploit vulnerable systems in a lab. Students will learn to exploit provided systems as well as test their knowledge in a CTF style challenge at the end of class. This class is suitable for those with no background in Metasploit or penetration testing as well as penetration testers who want to add the Metasploit Framework to their arsenal.
Student Requirements: In order to follow along in the lab, students will need a computer with specs capable of running virtual machines. Victim and attack virtual machines will be provided to each student along with installers for free/trial versions of Vmware.
Bio: Georgia Weidman is a penetration tester, trainer, and security researcher. She is the founder and CEO of Bulb Security LLC, an infosec startup. Georgia holds a M.S. degree in computer science, a CISSP, and a OSCP certification. She got her start in information security as a team member in the Collegiate Cyber Defense competition, and continues to serve as a red team member. Since making her speaking debut at Shmoocon, Georgia has spoken and provided security training at conferences around the world. She recently received a DARPA Cyber Fast Track grant to continue her smartphone security research.
Arduino Workshop for Security Professionals - Workshop88
Description: Arduino is a low-cost open-source electronics prototyping platform that you do not need to be an electrical engineer to leverage. This 3 hour workshop will be focused on Arudino applications for security professionals. Learn about what exactly makes up the Arduino platform and walk through creating practical tools that can be used to test and explore areas you may thought were out of reach.
Student Requirements: A laptop computer with a USB port and Java RunTime Environment are required.
Registration fee is $62.49 *includes kit & processing fee*. This small fee is for prototyping kit that you will use during the workshop and will be yours to keep! P.S BSidesChicago or Workshop88 won't profit from this!
What you'll get from the workshop:
- An Arduino experimenter's kit to take home with you. Including all the essential circuit elements: resistors, capacitors, switches, and various diodes. You'll also receive a set of sensors popular in DIY open hardware projects.
- An understanding of what Arduino is, how to leverage its flexibility for any type of hardware project, and the different hardware profiles available.
- An understanding of how to load code to help you accomplish security related tasks.
- Demos of capabilities to give you ideas you can try to implement after the class.
Bio: Workshop 88 is a hackerspace located in Chicago’s western suburbs. The members of Workshop 88 have been teaching hobbyists, home automation enthusiasts, and robotics engineers how to create all kinds of useful projects based around the Arduino. Please visit them on the web at http://workshop88.com/
Lockpicking Village - Toool
Description: By examining locks, safes, and other such hardware and by publicly discussing our findings we hope to strip away the mystery with which so many of these products are imbued.
The more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sportpicking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research.
||Doors Open Opening comments at 9:25
||Alexi P: Save your IR customer $273,000
|Workshop88: Arduino Workshop for Security Professionals
||SecurityMoey, Elizabeth Martin, Todd Haverkos, KizzmyAthnia and Rafal Los: The Info Sec Career Ladder
||Kevin B: How I Hacked Your Web Application
||Robert R.: Let's Talk Web App Sec
||Nicolle N: Python: Because Sometimes, The Most Useful Tool Is The Ability To Make Your Own
||Kevin B. MINIPWNer – Hacking with the TLWR703N
||David S: iOS Hash Cracking
||John M: War Dining and Stroll Trolling with a Robot
||Setup for Metasploit Workshop
||Matt K, Jonathan C: Builders vs. Breakers – Head to Head
||Georgia Weidman: Metasploit for Pen Testing
||Prutha P: Attacking Apache Reverse Proxy
||Steven F: How To Create Social Illusions: A Social Engineering Case Study
||Bharat J: Reversing patches for exploit creation, pen-testing, or just fun!
||Closing Comments...Tear Down!
- Michael (@securitymoey)
- Elizabeth (@elizmmartin)
- Adviser - Erin (@secbarbie)
- Adviser - Will (@wgragido)
- Scott (@Secureholio)
- Juan (@kongo_86)
- Nicole (@rogueclown)
- Patrick (@coffeetocode)
- Bob C
- Todd (@phoobar)
- Ben (@Ben0xA)
- @JillianLoslo winner for our logo contest
- @RayDavidson winner of our slogan contest who throw back to Chicago politcs rung a bell in our heart!
Tags for flickr, twitter, blog, etc.
Please use the tag #BsidesChicago for content related to this event