Talks « BSidesROC



Big Game Hunting: Internet Scan Data and You
Silas Cutler

Internet scanning requires a considerable amount of time, preparation and legal hurtles. However, thanks to groups like Rapid7, University of Michigan, and the Project 25499, anyone can leverage publicly available data from these scans.
Using this data, researchers can collect metrics on services, identify malicious control servers, and gain a deeper understanding of things that are publicly available on the Internet.

Enterprise Class Vulnerability Management like a Boss
Rockie Brockway

A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk applies the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization’s ESA much more manageable, effective and efficient with feasible recommendations, based on your business’ needs.

Tackling the Hard Problem of Surveillance: Toward Privacy Protecting Protocols
Robert Olson
The better part of the last decade has been spent with prominent media stories about tales of Internet surveillance. In most cases, this has led to calls for both better policy solutions for preventing privacy violations and better tools for protecting privacy. However, both approaches have failed to address a fundamental problem; the Internet was not designed to be private. Even the best tools for protecting user privacy rely on protocols designed to expose data that could be used for surveillance. They don’t solve the problems that permit surveillance. This talk will consider the requirements to a solution to the surveillance problem along with several methods for attacking the problem head on. While none of the techniques presented will get the Internet to a point preventing surveillance, they may help to define what a solution would look like.

Exploring Layer 2 Network Security in Virtualized Environments – DHCP Attacks
Ronny Bull

Cloud service providers offer their customers the ability to access virtual private servers hosted within multi-tenant environments. Typically these virtual machines are connected to the physical network via a virtualized network within the host environment. This could be as simple as a bridged interface connected to multiple virtual interfaces attached to each virtual machine, or it could entail the usage of a virtual switch to provide more robust networking features such as VLANs, QoS, and monitoring. All client virtual machines are essentially connected to a virtual version of a physical networking device. In this talk we will continue to explore whether Layer 2 network attacks that work on physically switched networks apply to their virtualized counterparts. Preliminary results on the effects of mac flooding presented at DerbyCon 4.0 will be reviewed, and new information and results concerning DHCP attacks within virtualized networks will be introduced.

Pretending To Be A Terrorist
Steve Stasiukonis
Detailed talk explaining collection of OSINT data for Social Engineering a power distribution company. Then covers the use of the intelligence to execute the effort.
1. Collection Tools
2. Sources of Intelligence
3. Managing Intelligence
4. Using Intelligence for Reconnaissance
5. Execution of the Effort
6. Explain the Successful Effort and the Failures

Accidentally Awesome: How You Might Already Be an Effective Pentester
Mike Lisi

This talk is geared toward anyone in a development, sysadmin, or helpdesk position that’s interested or potentially interested in getting into penetration testing. The purpose is to provide insight into the skills that the listener may already have gained in their current position that would make them effective as a penetration tester. The talk also describes skills that the listener may be lacking and should work to improve. My background as a student, helpdesk technician, network admin, system analyst, developer and now penetration tester, has allowed me to relate to anyone currently in these positions and realize what skills that each of those positions has contributed toward my successful transition into penetration testing. This talk will touch on many aspects of penetration testing (internal and external engagements, web applications, social engineering, exploit development, etc), revelevent skills that can be learned from the positions described above, as well as some tools and resources that the listener can refer to in order to build skills that they need to work on.

Multipath TCP – Breaking Today’s Networks with Tomorrow’s Protocols
Catherine (Kate) Pearce

MultiPath TCP (MPTCP) is an extension to TCP that enables sessions to use multiple network endpoints and multiple network paths at the same time, and to change addresses in the middle of a connection. MPTCP works transparently over most existing network infrastructure, yet very few security and network management tools can correctly interpret MPTCP streams. With MPTCP network security is changed: how do you secure traffic when you can’t see it all and when the endpoint addresses change in the middle of a connection?

This session shows you how MPTCP breaks assumptions about how TCP works, and how it can be used to evade security controls. We will also show tools and strategies for understanding and mitigating the risk of MPTCP-capable devices on a network.

This session is an updated version of her BlackHat USA 2014 talk.

Know Thy Enemy – Web Attacker Attribution
Chaim Sanders

The vast majority of customer facing applications now travel via HTTP. With the advent of modern web applications we have seen the amount of customers and their demands rise. With this increase the traditional IDS/WAF model becomes difficult to maintain. Decreasing latency coupled with increased attack surface means that the traditional inline detection mechanism has very few cycles available for security analysis to take place.
We will take a look at current IDS/WAF techniques for dealing with this ever increasing amount of data and how effective the solutions are (or aren’t). We will then discuss current solutions possible to this problem along with how we hope to see the industry evolve.

IPLOG? A beginner’s IDS for the WIN!
Nathan Gibbs

Providing the beginner sysadmin with actionable network intelligence, without the deployment and administration complexities of more advanced IDS solutions.

Hacking Embedded Devices
Nolan Ray

The difficulty of attacking embedded devices can range from hilariously easy to maddeningly frustrating. What happens if there’s no published disassembler for the CPU your target is using? What if its MMU has lost its mind? In this talk we will cover the basics of how to approach attacking an embedded device; then we’ll dive into some specific scenarios in a way that’s approachable to the n00b, but hopefully still interesting to the advanced hardware hackers out there.