Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Friday, May 20
 

8:00am

Registration Opens
Friday May 20, 2016 8:00am - 9:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

9:00am

Intro to automotive security
Automotive security has received a major buzz recently, mainly due to researchers like Charlie Miller and Chris Valasek and major recalls in the news.
During the last 3 years our team has performed security evaluations on a large number of ECUs of various models, suppliers and manufacturers. In this talk we will attempt to give an overview of some of the findings we discovered. We will talk about the specific techniques and tools we used and what are some of the recurring bugs we keep encountering. Do not try this at home :)

Speakers

Friday May 20, 2016 9:00am - 10:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

9:00am

Peeking under the hood with Frida
Ever wanted to peek beneath the hood of an application running on your desktop or smart-phone? Want to know what data is passed to a particular crypto function? Frida is for you!

Frida is a powerful and modern binary instrumentation framework which makes it simple to hook and trace arbitrary functions within target executables, and otherwise explore their functionality, using easy-to-write javascript. It's like greasemonkey for binary applications! It supports Windows, Linux, OSX, iOS, Android and QNX.

This talk will introduce Frida and show how it can be used to aid in analysis of binary applications. It will be packed with demos.

Time permitting, we will also discuss some of the effort that was required to port Frida to QNX.

Speakers

Friday May 20, 2016 9:00am - 10:00am
KEC 17 Market Square #101, Knoxville, TN 37902

9:00am

How we pwned Riscure's Rhme+ challenge in two days
Earlier this year, Riscure issued a challenge where they provided an Arduino Nano with special software to interested parties, who would then try to break the authentication mechanism implemented by that software. The STARE team participated in this challenge and was declared one of the winners. This talk will walk you through what we did to crack this challenge and extract its secrets.

NOTE: This speaker was not able to make it into town for this talk, so it will be given remotely using web conferencing software. 

Speakers

Friday May 20, 2016 9:00am - 10:00am
Preservation Pub 28 Market Square, Knoxville, TN 37902

10:00am

Scripting Myself Out of a Job - Automating the Penetration Test with APT2
The review board likes submissions that include references to prior works and research you used in developing your presentation.
Every penetration test begins the same way. Run a NMAP scan, review the results, choose services to enumerate and attack, and perform post-exploitation pillaging. What was once a manual process is now automated!
Nearly every penetration test begins the same way; run a NMAP scan, review the results, choose interesting services to enumerate and attack, and perform post-exploitation activities. What was once a fairly time consuming manual process, is now automated!
Automated Penetration Testing Toolkit (APT2) is an extendable modular framework designed to automate common tasks performed during penetration testing. APT2 can chain data gathered from different modules together to build dynamic attack paths. Starting with a NMAP scan of the target environment, discovered ports and services become triggers for the various modules which in turn can fire additional triggers. Have FTP, Telnet, or SSH? APT2 will attempt common authentication. Have SMB? APT2 determines what OS and looks for shares and other information. Modules include everything from enumeration, scanning, brute forcing, and even integration with Metasploit. Come check out how APT2 will save you time on every engagement.

Speakers
avatar for Adam Compton

Adam Compton

Senior Security COnsultant, Rapid7
Adam Compton currently works as a penetration tester and has over 20 years of infosec experience, 15 years as a penetration tester. He has worked in both the government and private sectors for a variety of customers ranging from domestic and international governments, multinational corporations, and smaller local business.


Friday May 20, 2016 10:00am - 11:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

10:00am

CryptoMalware: The persistent, ubiquitious threat
Despite security technologies advancing to keep in-stride with increasingly sophisticated threats, many companies are still feeling the pain that “Crypto Ransomware” inflicts on their business operations. In this talk, we’ll explore the problem, prevention, detection and remediation of these threats & variants, present case study analysis, law enforcement responses, discuss related resources and learn how you can act now to keep your data freedom.


Speakers
avatar for Aaron Lancaster

Aaron Lancaster

InfoSec Team Lead, TekLinks
Cloud Services, MSPs and IaaS


Friday May 20, 2016 10:00am - 11:00am
KEC 17 Market Square #101, Knoxville, TN 37902

10:00am

(Go)pher anatomy 101
This talk will be a primmer on the golang runtime engine, with a specific focus on the memory protection functionalities present within both the historical, and current contexts of the golang language. Beyond a primmer on the protections applied by runtime at various stages of the language's maturity, this talk will also focus on bypass strategies for performing memory execution based tasks, such as calling shellcode.

NOTE: The speaker was not able to make it to BSides in person, so this talk will be given remotely via WebEx. 

Speakers

Friday May 20, 2016 10:00am - 11:00am
Preservation Pub 28 Market Square, Knoxville, TN 37902

11:00am

Hack Yourself: Building A Test Lab
We all want to improve our skill sets, right? Reading is great, but there is no experience like actually 'doing it'. In this module, we will discuss how to build your own hacking lab from the ground up, for next to no cost. We will also discuss the various free penetration testing distributions, as well as the intentionally vulnerable virtual machines you can practice anything on from phishing, to web app testing, to exploits, and more.

Speakers
DB

David Boyd

Security Analyst, Contextual Security Solutions


Friday May 20, 2016 11:00am - 12:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

11:00am

Hello Kitty
Kitty is a new open source fuzzing framework. It's modular, extensible and flexible. Kitty allows stateful fuzzing of targets over unconventional
communication channels, such as USB, Bluetooth, SPI, UART and CAN. It features a rich context-aware data modeling syntax, along with mutation fuzzing engine. In this session I will talk about our reasons for developing Kitty, its main features and concepts, and hopefully get to show a short demo.

Familiarity with fuzzers is recommended for this talk. 

Speakers
avatar for Binyamin Sharet

Binyamin Sharet

Security Researcher, Cisco


Friday May 20, 2016 11:00am - 12:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

12:00pm

Catered Lunch
Friday May 20, 2016 12:00pm - 1:00pm
Preservation Pub 28 Market Square, Knoxville, TN 37902

1:00pm

Keynote (Title TBA)
Speakers
SB

Sergey Bratus

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D. in Mathematics from Northeastern University and worked at BBN Technologies on natural language processing research before coming to Dartmouth.


Friday May 20, 2016 1:00pm - 2:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902
  • Talk Goal Tell a story
  • Tags Keynote

2:00pm

Forensics Impossible: Self-Destructing Thumb Drives
Many people do not understand that a USB thumb drive is a mini computer, capable of making decisions and reading and writing memory all on its own. Each drive has firmware responsible for implementing the responses to any read or write requests sent to it by a host computer. Forensic tools such as write blockers can prevent certain commands from being sent to the drive, but they have no impact at all on what the drive's firmware chooses to do. What if it chooses to erase everything if it isn't continuously sent a special sequence of commands that only the user knows?
In this talk, I will demonstrate (through code only, no hardware tinkering) how to modify the firmware on a standard USB thumb drive to erase everything (including itself) if custom software isn't running on the PC that the drive is plugged into.

Speakers
BW

Brandon Wilson

Brandon Wilson is an East Tennessee State University graduate, software developer and hacker of random things like game consoles and TI graphing calculators. An avid tinkerer of anything USB-related, he has spoken at DerbyCon about BadUSB and appeared in the Wall Street Journal and several other publications. He also collects DMCA takedown notices for fun.



Friday May 20, 2016 2:00pm - 3:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

2:00pm

The Natural Laws and Consequences of Cyber Insecurity
This talk will cover the common, underlying vulnerability issues and solutions found after performing numerous assessments for a range of different types of clients. The issues include those of both human and technical failings.

Speakers
avatar for Matt Smith

Matt Smith

Principal Security Analyst, Sword & Shield
Matt has been active in professional and technical security services for government and commercial clientele for more than 20 years. He is experienced in working all aspects of the system security life cycle from planning and design to implementation and testing. At Sword & Shield, Matt performs network vulnerability assessments/penetration testing utilizing a combination of commercial, open source, and custom software packages and assists in... Read More →


Friday May 20, 2016 2:00pm - 3:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

3:00pm

Level Up! - Practical Windows Privilege Escalation
For attackers, obtaining access to a Windows workstation with limited privileges can really put a damper on your day. Low privileged access can be a roadblock for even the most skilled "undocumented administrators". Local administrator access to a windows machine within an active directory domain often results in the ability to compromise the whole domain. This talk will walk through how attackers and defenders can learn to identify and exploit practical Windows privilege escalation vectors on the Windows 7 OS.

Speakers

Friday May 20, 2016 3:00pm - 4:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

3:00pm

Powershell for CyberWarriors
Powershell, the new hotness, is an interactive object-oriented command environment that has revolutionized the ability to interact with the Windows operating systems in a programmatic manner. This environment significantly increases the capabilities of administrators, attackers, defenders, and malware authors alike. This presentation introduces popular PowerShell tools and techniques used by penetration testers and blue team members. Tools range from in-memory only remote administration tools to Active Directory enumeration and from reverse engineering to incident response. Additionally, we will review a couple of pieces of malware that leverage PowerShell and provide information on detecting or defending against previously discussed attacks. If you're a CyberWarrior, this presentation will undoubtedly up your game by equipping you with knowledge on the almighty PowerShell.

Speakers


Friday May 20, 2016 3:00pm - 4:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

4:00pm

The Joy of Sandbox Mitigations
When researchers think of Microsoft Windows process mitigations they’re likely to come up with DEP and ASLR. However Microsoft has been adding a number lesser known mitigations ranging from blocking Win32k system calls to reducing a sandbox’s attack surface which already assume RCE has been achieved. This presentation will describe the implementation of these less well known mitigations, some silly bypasses and bugs in their implementations as well as how you can use them in real world code to improve the security of your own applications.

Speakers
avatar for James Forshaw

James Forshaw

James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he has numerous disclosures in a wide range of products from web browsers to virtual machine breakouts as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has... Read More →


Friday May 20, 2016 4:00pm - 5:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

4:00pm

Stack Smashing Protection Bypass via Pthreads - A case of MiniUPNP Buffer overflow
In 2015 Talos identified and reported a buffer overflow vulnerability in client side code of the popular MiniUPnP library. The vulnerability was promptly fixed by the vendor and was assigned TALOS-CAN-0035 as well as CVE 2015-6031. Martin Zeiser and Aleksandar Nikolic subsequently gave a talk at PacSec 2015 ("Universal Pwn n Play") about the client side attack surface of UPnP and this vulnerability was part of it.

Talos has developed a working exploit against Bitcoin-qt wallet which utilizes this library. The exploit developed by Talos includes a novel Stack Smashing Protection (SSP) bypass. As the bypass technique lies in the way pthreads work it perfectly illustrates how a seemingly hard to exploit issue can still be exploited due to unforeseen consequences arising from the complexity present in modern process execution chain.

In this talk, we will introduce the details of stack smashing protection implementation, discuss the relevant libc and pthread mechanisms, introduce the steps required for the successful bypass and conclude with a demonstration.


Friday May 20, 2016 4:00pm - 5:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

5:00pm

The Best Campfire Tales that Reverse Engineers Tell
At a conference, I don't much give a damn what the target was or how big the pwnage was; I watch talks for the clever tricks that the presenters used to get their results. This lecture is just the best tricks from a dozen or more projects, the techniques that we reverse engineers share over drinks and next to campfires.

So gather round, children, and I'll teach you how to distinguish code and data pointers at a glance on the Thumb architecture. I'll teach you how easy it is to write an X86 bootloader, and ways to write an exploit blind, without already having the code of your target. Some of these tricks are easy, some of them are advanced, but all of them are clever and one or two just might be the missing piece to your next reverse engineering project.

Speakers

Friday May 20, 2016 5:00pm - 6:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

5:00pm

Car Talk
In 2015, Wired reporter Andy Greenberg asked Charlie Miller and Chris Valasek to show him something interesting. Andy completely forgot what hackers consider “interesting” and they famously shut down the engine of a Jeep Cherokee while he was driving on the highway. While the concept of compromising our cars seems like something out of “Hackers,” software security is a new avenue for vehicles. Software is just as important to a modern car as its wheels and like the wheel, was not designed with security in mind. This talk aims to address the new and old problems in four frontiers of vehicle security and where security experts can make a difference.


Friday May 20, 2016 5:00pm - 6:00pm
KEC 17 Market Square #101, Knoxville, TN 37902