The Source of Knowledge will be onsite to sell audio and video recordings of the Briefings sessions. Quynh Nguyen Anh, Kuniyasu Suzaki Virt-ICE: next generation debugger for malware analysis Dynamic malware analysis is an important method to analyze malware. The if tomorrow comes novel free download pdf important tool for dynamic malware analysis is debugger. However, because debuggers are originally built by software developers to debug legitimate software, they have some significant flaws against malware.
This research presents a new debugger named Virt-ICE, which is designed to address the problems of current malware debuggers. Using virtualization technology, Virt-ICE is totally invisible to malware, thus renders most available anti-debugging techniques useless. Thanks to the isolation provided by virtual machine, Virt-ICE is out of the reach of malware, and cannot be tampered with. We conclude the talk with some live demos to show how Virt-ICE can debug some real malware. James Arlen SCADA and ICS for Security Experts: How to avoid Cyberdouchery The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES! Let’s sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: “I’m not an expert at everything, I can help some, may we work together on a solution?
Learn some truth, look behind the curtain, bust some FUD, Oh – and make government agents have kittens. B Standing on the shoulders of the blue monster – Hardening Windows applications Microsoft has implemented lots of useful functionality in Windows that they use in their own products. Many of these features can be used to enhance the security of third party applications, but not many developers or software architects know about them. The global telephone network is often an opaque and muddy environment where many false assumptions of privacy are made by its users. Providers do their best to compartmentalize as much privacy-centric data as possible. However, information must be shared for the sake of network interoperability.
Demonstrations will reveal how location data can be augmented and used in several fashions. First, the speakers will show how information can be leveraged to develop fairly accurate physical boundaries of a particular mobile switching center and how this information changes over time. Second, the speakers will overlay cellular tower data to depict coverage in a particular mobile switching center. Lastly, the speakers will elaborate on mitigation strategies for these attacks at the subscriber level and potential mitigation strategies for the provider level. Distributed computing is a alive and well in 2010. When Hadoop development began in 2004 no effort was expended on creating a secure distributed computing environment. In 2009 discussion about Hadoop security reached a boiling point.
The developers behind Hadoop decided they needed to get some of that “security” stuff. After a thorough application of kerberos pixie dust Hadoop is now secure, or is it? This talk will describe the types of attacks the Hadoop team attempted to prevent as well as the types of attacks the Hadoop team decided to ignore. We will determine whether Hadoop was made any more secure through the application of copious amounts of kerberos.
We will complete the talk with a short discussion of how to approach a Hadoop deployment from the perspective of an penetration tester. Christiaan Beek Virtual Forensics This presentation will be about the problems we are facing when forensic research has to be done on environments which are virtualized. What about VHD file format with Windows 7 and what do we need for future research? Our system, we call it Avatar, detect failed attempts to download eggs, and ships back to the suspected malware what we call a “red pill”.
When the malware executes the red pill, this performs some preliminary checks and can send to an instrumented host a copy of the parent process’ executable. Kenton Born PSUDP: A Passive Approach to Network-Wide Covert Communication This presentation analyzes a novel approach to covert communication over DNS by introducing PSUDP, a program demonstrating passive network-wide covert communication. While several high-bandwidth DNS tunnel implementations are freely available, they all use similar strategies. The method and tool discussed in this paper allows a network of computers to participate in passive covert communication by piggy-backing on legitimate network DNS traffic.
While low-bandwidth passive tunnels have been built using techniques such as timing channels and field manipulation, no passive high-bandwidth DNS tunnels exist. A novel approach is used to provide significantly higher bandwidth in network-wide covert communication by manipulating legitimate DNS traffic. In addition to PSUDP, this presentation will briefly cover a few other recent findings I have had in DNS tunnel creation and detection. Secondly, I will show my work in detecting DNS tunnels using n-gram frequency analysis. Grant Bugher Secure Use of Cloud Storage Cloud storage systems like Microsoft’s Windows Azure Storage and Amazon’s Simple Storage Service allow web sites and services to cheaply store large amounts of data and make it available in a controlled manner.
Gustav Rydstedt Bad memories No matter which kind of cryptography you are using to defend your network, , sooner or later to make it work you will have to store somewhere a password, a key or a certificate. If the attacker is able to tamper with its storage mechanism then even the strongest encryption mechanism became irrelevant. In this talk we will show how to attack storage mechanisms to tampers with SSL session and break into Wifi network that use WPA encryption. For SSL we will show how to exploit warning inconsistency and caching mechanisms to trick the user into accepting a bad cert and gets his credential stolen. But there’s obviously more to writing a secure application than making the UI nice and shiny. This presentation will demonstrate how to exploit common vulnerabilities in GWT applications, particularly with RPC functionality.