Click here for Keynote
* – 20 minute talk
Android Application Function Hooking with Xposed
Jaime Geiger
The Xposed Framework can be used to hook and replace Java methods in Android applications. This talk explores ways to take advantage of the framework for reverse engineering, fun, and (perhaps) even profit. Prior knowledge of Java and Android application programming recommended but not required!
Bitclamp: A Permanent and Anonymous Publishing Platform Over Bitcoin
Joe Testa
This presentation introduces Bitclamp, a new open-source project that uses the Bitcoin blockchain to permanently and anonymously publish files.
* Bringing a project back from hibernation – Reviving Kismet
Mike Kershaw
After several years in hibernation, Kismet is back under development with lots of new features to bring it up to speed. New features and functionality in Kismet to bring it up to modern functionality, including support for protocols beyond 802.11 (such as Bluetooth and SDR-enabled data) an embedded webserver, REST interface, binary object passing, and other fun features.
* BSidesROC CTF: QA Session
Jon Szymaniak
QA session about CTF Challenges. Teams can get additional hints and/or explanations of challenges solved by other teams.
* Cluster Pi
Gary Dewey
A few months back, I started a project of making a mini-super computer with 4 Raspberry Pi 2’s. I have been exploring possible uses, including clustered pyrit and an mpi version of John the Ripper. I am also looking into other uses, such as a portable target platform using qemu for virtualization.
* Counter UAS (C-UAS)
Jeff Foley
With the boom in private ownership of small, unmanned aircraft systems (UAS) – as many as one million sold during the 2015 holiday season alone – the above scenario is becoming more and more likely. Even with restrictions banning UASs within five miles of airports, there are many scenarios that place rotor-based aircraft well beyond an airport’s perimeter, including: • News gathering • Terrain mapping and management • Crop and livestock management • Police, rescue and EMS operations • Sightseeing and short-distance travel To mitigate the potentially dangerous situations where UAS’s may impede a pilot’s ability to safely hover, land or launch an aircraft, Alion developed a unique Counter Unmanned Aerial System (C-UAS) capability that will scan an area to identify and safely land one or more UASs in the immediate vicinity.
* CSRF Attack & Defense
John N. King
Cross-site request forgery vulnerabilities are often poorly understood and considered a low priority, making them strong candidates for exploitation. This session will feature an attack demonstration against a web application that utilizes a Java stack, followed by a defense demo using OWASP CSRFGuard.
Deconstructing The Cyber Kill Chain of Angler Exploit Kit
Artsiom Holub
In my research I try to deconstruct cyber kill chain involving one of the most notorious exploit kits used by cybercriminals – a kit Known as Angler exploit kit
Economics of Information Security
Fernando Montenegro
Following a very short introduction to Economics, this session will be a discussion of how economics affects many of the typical problems we come across in Information Security.
Enterprise Class Threat Management like a Boss
Rockie Brockway
Attribution is hard. And in most business cases unnecessary. Threat Management, like Vulnerability Management, is a core pillar in most Enterprise Security Architectures (ESA), yet is a very different beast with completely separate functions, processes and skillset requirements. Similar to my previous talk on Enterprise Class Vulnerability Management, this talk takes the framework of the OWASP ASVS 2014 framework and applies it to Enterprise Threat Management in an attempt to make a clearly complicated yet necessary part of your organization’s ESA much more manageable, effective and efficient with feasible recommendations, based on your business’ needs.
* eSDP – Rings Around Things in the Cloud
Duncan Sparrell
This talk will describe an open source project to implement an additional security layer on https restful API’s between cloud apps. Cloud use will continue to grow, ipv6 use will grow, and https restful API’s will be the lingua franca among the cloud apps. I posit the ‘big box’ (or virtualized big box) security is not the solution and we need easily-implemented layers of security at the cloud app itself. The Cloud Security Alliance (CSA) defines five principles to create a Software Defined Perimeter (SDP): – Single Packet Authorization (SPA) – Mutual Transport Layer Security (mTLS) – Device Validation – Dynamic Pinhole Firewalls – Application Binding The CSA process hasn’t been as transparent as I would have liked, so I decided to code and open-source a specific SDP implementation for a server-server ipv6 https restful api between cowboy webservers in the cloud. The project is called eSDP since it is coded in erlang. This talk will cover the problem trying to be solved and review the proposed solution including links to the open source software under development. It will also include info on the CSA activities, including their $10K prize for hacking into their implementation.
Exploring SecAccessControl Obj in iOS 9 Keychain
Nitin Jami
iOS’s keychain has gone through a lot of improvements since its inception. One notable feature is the introduction of access controls from iOS 8 which allows more granular control over an item. This presentation aims to explore the new access control object, by taking help from apple open-source code and reversing Security.Framework. The talk also presents a new tool (GUI and CLI) that allows dumping of keychain items, supporting iOS 9, with the additional information of the access control of an item. Furthermore, the tool allows to edit or delete existing keychain items.
Fault Tolerant Command and Control Networks
Nicholas Piazza
The Command & Control (C2) network is the heart of any botnet. If you lose your command and control channel, then your bots are left in the wild with no way to reach them, stuck on their last instruction. In this talk we will explore ways to ensure that your command and control network is tolerant to changes and can adapt to servers being dynamically added to and removed from the network, as well as the organization of bots and how they connect to your C2 infrastructure.
How Secure is your Linux Distro?
Matthew Arnold
Talk will cover how security in a Linux distribution actually works. Topics will include Repository Security . CVE response procedures, Why you shouldn’t ever use Linux Mint and more
* How to Hug a Hacker
Holly Turner
Over the years, manufacturers have been schooled many times by hackers and ethical researchers. Manufacturers realized that they were treading the path of Wu Gang or Sisyphus, take your pick. The wisest learned to avoid the potholes and pack a snack. This presentation shares stories of that learning experience and some best practices to achieve ‘win-win’ results for hackers, manufacturers, and the user community.
* I Know Where You Live: Privacy Issues in Location-Based Apps
Gabe Kirkpatrick
This talk will discuss the privacy issues that arise in location-based apps, show real world examples, and explore mitigations and bypasses.
* Letting the Crap Out of the Bag: Adventures Disclosing IoT Bugs
Max Sobell
Carve has been hacking IoT device since… well, before they were called “IoT”! Believe us: we’re tired of raising the alarm about IoT insecurity, too. We’re going to walk you through some of the coolest bugs we’ve responsibly disclosed to manufacturers and how we go about this daunting task. How do you balance a) the consumer’s right to know that they’ve got a gaping hole in their device with b) the vendor’s time to patch and update? We’ll also share our approach to dealing with unresponsive vendors and time sensitive disclosures.
* Let’s Check Let’s Encrypt: A Tool for Code-Driven Threat Modeling
Christopher Wood
Threatspec is a tool for code-driven threat modeling. It allows threat models to be codified alongside software as it is developed. This enables the threats to evolve organically in the software development lifecycle. In this talk we will present Threatspec and show how it can be applied to Let’s Encrypt.
Let’s Go To The Movies!
Dennis M. Allen
* The Life and Times of Hans Ostmaster
Chaim Sanders
In this talk we investigate certain security ramifications of the security architecture of registering SSL certificates
A (not so quick) Primer on iOS Encryption
David Schuetz
I try to explain, in simple terms and with useful diagrams, just how the complex encryption models on iOS work, where there are things we don’t know or understand, and how it protects (or doesn’t) against forensics, law enforcement, and hackers.
Passive detection doesn’t work: lessons from a hunter of elusive nation-states
Devon Kerr
The objective of this presentation is to outline why reactive detection frameworks are inherently flawed and propose an alternative – a methodology which includes collection and analysis of artifacts on a routine schedule; this approach ensures greater institutional knowledge while also increasing analyst expertise. Simply put: you cannot find what you do not look for.
* Real security incidents, unusual situations
Adam Dean
Incident Response is a dynamic process where the unsuspected often becomes the root cause. From insider threats to unauthorized access with a bit of extortion, it isn’t always what it seems. Take a walk with us down some seemingly normal paths that lead to the unexpected. Real security incidents, unusual situations.
Red Ops: Scaling & Automating Your Pwnage
Jared Stroud & Bryan Harmat
The term “DevOps” has tunneled into every organization that is managing infrastructure in some way shape or form. These utilities enable a Systems Engineer to quickly deploy servers, provision disks, as well as assist in software/configuration management. While these tools offer great assistance to the ever growing number of EC2 instances any given organization may be responsible for, the offensive capabilities of these utilities is often greatly ignored. RedOps: Scaling & Automating Your Pwnage analyzes how you can use these tools to effectively manage your footprint in an environment without bringing in bloated executables or shell scripts to maintain presence on a machine. Additionally, we will analyze the possibility of stumbling across these tools already deployed in an enterprise and what they mean for System Engineers and Penetration Testers.