| Hulto |
Goofkit - Getting goofy with kernel functions |
Two easy techniques to make your rootkit stealthier and more robust! Goofkit is a new Linux Kernel Module (LKM) rootkit being released. It uses both inline hooking and trampolining to create a more robust, and stealthy rootkit. This talk will cover how traditional LKM rootkits are made, what can be done better, and why. This talk is aimed at those who are interested in building a rootkit, looking to improve their own, or just learn more about how Linux works. |
20 Minute |
Hulto is a student who’s trying to learn about security and share a little bit in the process. |
| Matt Metzger |
SMS MFA MITM WTF |
Have you ever compromised someone’s account that was protected with SMS based MFA and thought “Hey, this is a nice account, I wish I had some way of maintaining access to it”? Are you the only kid on your block without Signaling System 7 access to hijack SMS messages? Does social engineering a telco into a SIM swap attack just seem like too much work? I have a new tool for you! |
20 Minute |
Matt Metzger is an Application Security Engineer at Stitch Fix. Sometimes he likes to find new ways to break old things, but mostly spends his time on the blue team. Find him on twitter at @almostwhitehat |
| Chloé Messdaghi |
How to Fix the Diversity Gap in Cybersecurity |
In this talk, we will discuss our brains and how we label and prejudge, hear experiences of underrepresented people in the space, what can be done to fill the gap, and how to increase and retain the number of qualified candidates in cybersecurity. |
50 Minute |
Chloe Messdaghi is a Security Researcher Advocate/PM @Bugcrowd. Since entering cybersecurity space, she sees security as a humanitarian issue. Humanitarian work includes advising as a UN Volunteer, serving as a board member for several humanitarian organizations. Chloe also heads WIST, mentors and advocates for inclusion in tech, and founded a nonprofit called Drop Labels. |
| Mike Lisi |
What I’ve Learned About Students by Running a CTF |
This is a talk geared toward students looking to get into the information security field. As an infosec professional and designer of a student-focused Capture the Flag competition held each semester for the past five years, I’ve had the opportunity to gather information about which areas in information security that students have shown strength in and where they’ve lacked some essential skills. I’ll discuss these areas and suggest resources that students can use to supplement their course curriculum to help position them better for internships and a job after graduation. |
20 Minute |
Mike Lisi is a Senior Consultant at HALOCK Security Labs and a co-founder of the hacker meetup group IthacaSec. Before hacking full time, Mike worked as a network administrator, a programmer/analyst, and a developer of offensive and defensive DoD technologies. Mike received a BS in Computer Science from SUNY Poly as well as a handful of infosec certifications. Mike is the lead designer for the CNY Hackathon CTF, a security competition for students held each semester in Utica, NY. |
| Jeff Man |
More Tales From the Crypt…Analyst |
“More Tales from the Crypt…analyst” picks up with the speaker’s third “tour of duty” at NSA where he became one of the founding members of NSA’s first penetration testing or Red Team. While the thought of NSA hiring hackers or engaging in cyber warfare might be fairly common today, it was not always the case. Somebody had to be first, and the policies, procedures, methodologies, and rules of engagement had to be developed for not only conducting what we called Vulnerability and Threat Assessments, but for successfully navigating the politics, bureaucracy, and reticence of this often-misunderstood clandestine organization. The first NSA penetration testing team was assembled as a part of the newly formed center of excellence called the “Systems and Network Attack Center” (SNAC). To quote Charles Dickens, “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…” Come hear some war stories from the early days and see how this industry and the practice of penetration testing has evolved in the past 25 years. |
50 Minute |
Respected Information Security expert, advisor, evangelist, and co-host on Paul’s Security Weekly. Over 35 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing “red team” at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies. |
| Jessica Hyde |
Methods for Parsing New Mobile Apps – All about that data |
Every day new mobile applications hit the App Store / Google Play. Often these new apps contain chat functions or other storage that can be crucial digital forensic evidence in a case. Often these apps are not yet supported by commercial tools. This talk will discuss methodologies for discovering and parsing data from unsupported applications. We will go through the methodologies we utilized to discover, test, find, parse, and script to obtain forensic evidence dealing with new applications. This presentation will outline the process we went through in order to meet this need for two game applications that had chat functionality not supported by commercial tools. We will provide attendees with a method to find the data when the tools do not yet parse the application provided a physical forensic image. |
50 Minute |
Jessica Hyde has experience performing computer and mobile device forensics in both the commercial and government sectors. Jessica earned an MS in Computer Forensics from George Mason University. She is the Director of Forensics for Magnet Forensics and an Adjunct Professor at George Mason University where she teaches Mobile Forensics. Prior to her current role, she was a Senior Mobile Exploitation Analyst and team lead for Basis Technology, was part of the Cyber Crime Investigations team at EY, and worked as a Senior Electrical Engineer for American Systems where she specialized in the analysis of damaged mobile devices. She is currently working on a book on Digital Forensics for the Internet of Things anticipated for release in 2019. Jessica is also a veteran of the United States Marine Corps. |
| Chaim Sanders |
Playing the short game: the effects of data breaches on share prices |
The security industry is quick to point out that data breaches can negatively affect the public perception of an organization. While regulatory fines and lawsuits may impose tangible financial penalties, they often represent only a slap on the wrist compared to the possible cost of maintain an effective security program. With over two hundred breaches disclosed against public companies in the last thirteen years, we investigate if security shortfalls breached organizations can be measured via their stocks. In this talk we will examine and expand upon existing work on identifying the effects of announced breaches on publicly traded companies. Using this expanded dataset we will conjecture on possible future trends that may occur as a result of breaches and try to better quantify the question of how much a breach may costs. |
20 Minute |
Chaim Sanders is the Security Lead at digital risk protection firm, ZeroFOX. Outside of ZeroFOX he teaches for the Computing Security department at the Rochester Institute of Technology. His areas of interest include web security with a focus on defensive web technologies. Chaim contributes to several Open Source projects including ModSecurity and the OWASP Core Rule Set, where he serves as the project leader. |
| Jeff Foley |
OWASP Amass: Beyond Subdomain Enumeration |
Today, large organizations deal with the challenge of running their infrastructure across many networks and namespaces due to the use of cloud and hosting services, legacy environments and acquisitions. This can make it difficult for an organization to maintain visibility of its Internet-facing assets and an ability to track down systems that pose a risk to its security posture. The OWASP Amass Project attempts to help organizations perform network mapping of its attack surface and better understand how its assets are distributed across the networks of trusted partners. During this talk, contributors to the project will discuss how OWASP Amass takes subdomain enumeration to the next level, providing both attackers and defenders better visibility. |
50 Minute |
Jeff Foley, Project Leader of the OWASP Amass Project Jeff has spent the last eighteen years as an innovative technologist and technical leader taking on challenges in the area of cyber warfare. He started the Amass project after noticing the need for robust and practical OSINT tools that aid information security professionals in mapping complex networks. Anthony Rhodes, Contributor to the OWASP Amass Project Anthony has over five years of industry experience as a penetration tester, red teamer, and software engineer. He has been following the OWASP Amass Project since its inception and has recently joined as a contributor to help enrich its functionality beyond DNS enumeration and network mapping. |
| Francis Lee |
Pwning a cheap IP camera for fun, but not profit. |
This talk will detail how Francis dove into the hardware of an inexpensive IP camera and explored its inner workings in search of an external exploit. This talk is meant to help inspire inexperienced pen-testers to dig into embedded/hardware pwning and to be more familiar with embedded Linux. |
50 Minute |
Francis Lee is a software engineer in Central New York that is also a hobbyist that likes to tinker with Linux, explore IoT, participate in the “maker movement,” play with electronics, pick locks, etc. |
| Mark Manning |
Kubernetes: DevOps vs “Security People” |
In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what Devops teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future. |
50 Minute |
Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from container, run architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, and Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018. |
| Robert C. Seacord |
Jackson Deserialization Vulnerabilities |
The Jackson JSON processor offers an alternative to Java serialization by providing data binding capabilities to serialize Java objects to JSON and deserialize JSON back to Java objects. Poorly written Java code that deserializes JSON strings from untrusted sources can be vulnerable to a range of exploits including remote command execution (RCE), denial-of-service (DoS), and other attacks. These attacks are enabled by polymorphic type handling and deserialization to overly general superclasses. This talk describes the features of Jackson serialization that makes it susceptible to exploitation, demonstrates a working exploit, and identifies effective mitigation strategies. |
50 Minute |
Robert C. Seacord is a Technical Director with NCC Group where he works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. |
| Matt Wright |
Using Deep Learning to Undermine Tor |
Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection and can even reveal information sent over the Tor anonymity system. In this work, we present Deep Fingerprinting (DF), a new website fingerprinting attack against Tor that leverages a type of deep learning called Convolutional Neural Networks (CNN). The DF attack attains over 98% accuracy on Tor traffic and can even defeat some recently proposed defenses against website fingerprinting. The success of this attack shows the value of deep learning techniques in security applications. |
20 Minute |
Matt Wright is the Director of the Center for Cybersecurity at RIT and a Professor of Computing Security. He graduated with his PhD from the Department of Computer Science at the University of Massachusetts in May, 2005, where he earned his MS in 2002. His dissertation work examined attacks and defenses for systems that provide anonymity online. His other interests include adversarial machine learning and understanding the human element of security. |
| Amber Welch |
Data Access Rights Exploits under New Privacy Laws |
New privacy laws such as the GDPR and CCPA have greatly advanced individual data rights, although the ability to request access to all personal information held by a company has created new attack vectors for OSINT. These data access requests are usually managed by legal or compliance teams without security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk covers regional personal data access options, how most companies respond to data access requests, and exploits for common privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways to exploit these emotions, as well as the best targets for a weak privacy program. For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt such attacks. We’ll consider strategies for working with legal teams, getting security review into the process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws to know for exploits and defense will be highlighted. |
20 Minute |
Until she’s accepted for a Mars mission, Amber Welch is pursuing the advancement of personal information privacy and data protection as a Privacy Technical Lead for Schellman & Company. Amber been assessing corporate privacy compliance programs for the past year and prior to that, managed security and privacy governance for a suite of SaaS products. She has previously worked in companies creating ERP, CRM, event planning, and biologics manufacturing software. |
| Frank Fazio |
Shock & Awe: Training the Humans |
Every human in your organization must now become part of your security team. We need them to be experts at recognizing malicious emails, credential stealing webpages and weaponized USBs. Unfortunately, the current security training we offer them is boring and not effective. Let’s take a step back and see how we can change the way we teach the humans by using real world examples and non-technical terms. |
50 Minute |
Frank has had the privilege of training the employees & executives of all levels in the public sector and members of law enforcement. He has a degree in Computer Science and has recently been published in Municipal World magazine. Over the last 30 years, Frank has held positions in computer programming, database administration, cyber security and competes regularly in hacker competitions in the US and Canada. |
| Jason Scott |
The Annihilation |
Jason Scott of Internet Archive and http://TEXTFILES.COM talks about history, deconstruction, reconstruction and how not everything pieces back together after you pull it apart. |
50 Minute |
He is the creator, owner and maintainer of textfiles.com, a web site which archives files from historic bulletin board systems. He is the creator of a 2005 documentary film about BBSes, BBS: The Documentary, and a 2010 documentary film about interactive fiction, GET LAMP. |
| Zach Bevilacqua |
Threat Hunting and Other Arcane Magic |
Threat hunting is often misunderstood. This talk is meant to dispel some misconceptions as well as build a foundation to perform hunts in any network. It’s not about just tools or just data, you’ll need both and an understanding of the stories they tell. After building the fundamentals, we will walk though some hunt scenarios to find those dark hooded intruders. Happy hunting. |
50 Minute |
I’m just a security guy in a security world, hoping to enlighten the security boys and girls. In real life I’m a security engineer in the healthcare industry who believes compliance is achieved through security, not security being achieved through compliance. I’ve been called a certificate sherpa, a PowerShell oracle, and a computer wizard. I’m not not sure how true any of that is but you can make your own judgments. |