Breaking the Laws of Robotics: Attacking Automated Manufacturing Systems

Automated manufacturing systems (particularly within the paradigm of so-called Industry 4.0) are complex and critical cyber-physical systems. They use robots (highly sophisticated systems themselves, with multiple complex embedded controllers), several types of industrial controllers, and are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and […]

Read more

Hacking & Securing Clinical Technology

This talk highlights the security challenges of securing the clinical and IT infrastructure of healthcare delivery organizations. We’ll dive into two examples of FDA approved devices that connect to clinical equipment common in hospitals today and walk the audience through the development of full device compromise and the discovery of multiple CVEs.

Read more

Common NGINX Misconfigurations That Leave Your Web Server Open to Attack

NGINX is the web server powering one-third of all websites in the world. Detectify’s Security Research team analyzed almost 50,000 unique NGINX configuration files downloaded from GitHub with Google BigQuery and discovered common misconfigurations that, if left unchecked, leave your web site vulnerable to attack. This training will walk through the most common issues, including […]

Read more

hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

In this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take […]

Read more

Full Circle Detection: From Hunting to Actionable Detection

How do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by […]

Read more

FAIL – Notorious* Number 9

Lessons learned over the course of a protracted global emergency that has fundamentally altered society and how we do business are not being well learned and are not yet reflected in how we manage and assess our work. Time to talk through the 9th round of fails with our panel of distinguished guest speakers!

Read more

Large-Scale Security Analysis of IoT Firmware

Today, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis must be performed for every single device. Since manual analysis […]

Read more

Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO

Many studies have discussed the implications of using a training process to develop artificial intelligence: the significant computing capabilities required, the energy wasted, the high cost, the time required for training, the size of the dataset needed. However, the fact that automated driving is considered safer than manual driving proves that the training process is […]

Read more

Detecting Illicit Drone Filming

In an “open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., peeking at a person showering in his/her own house)? In this talk, I present […]

Read more

Escaping Virtualized Containers

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels […]

Read more

Practical Defenses Against Adversarial Machine Learning

Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, but noise and hype have diluted the discourse to gradient-based comparisons of blueberry muffins and chihuahuas. This fails to reflect the attack landscape, making it difficult to adequately assess the risks. More concerning still, recommendations for mitigations are similarly lacking […]

Read more

Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant

Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API’s. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default […]

Read more

Demystifying Modern Windows Rootkits

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “”Hello World”” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that […]

Read more

Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes

Today, with a few commands anyone can have containers running on their machine; at this point, they seem to be neither complex nor complicated to secure. However, the story dramatically changes when the ecosystem grows exponentially and now we have thousands of nodes that fulfill different roles, with different resources, running different applications, in different […]

Read more

Policy Implications of Faulty Cyber Risk Models and How to Fix Them

Bad security data leads to bad security policies; better data enables better policies. That, in a nutshell, is the thesis of this talk. To back that up, we’ll share a FUD-free and data-driven analysis of the frequency and economic costs of tens of thousands of historical cyber incidents, with a special focus on events that […]

Read more

The Paramedic’s Guide to Surviving Cybersecurity

The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between “”online”” and the physical world constantly crumbling. While some deal in theory, many of us deal with […]

Read more

My Cloud is APT’s Cloud: Investigating and Defending Office 365

As organizations increase their adoption of cloud services, we see attackers following them to the cloud. Microsoft Office 365 is becoming the most common email platform in enterprises across the world and it is also becoming an increasingly interesting target for threat actors. Office 365 encompasses not only Exchange, but also Teams, SharePoint, OneDrive, and […]

Read more

Detecting Access Token Manipulation

Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals: logon sessions, access tokens, UAC, and network authentication protocols, such as Kerberos and NTLM, to name a few. Furthermore, some of this information is not easily found and can be […]

Read more

Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from Lamps

Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). These methods pose a great threat to privacy, however they are limited in one of the following ways: they (1) cannot be […]

Read more

Detection Mastery – War Stories from the Hunters Side!

Threat Hunting is a rapidly evolving topic in cyber security. Armed with more than 20 years of enterprise and military experience, being on both red and blue sides – we plan to determine the approach to next generation detection.  The defending industry is shifting from Reactive to Proactive mode by deploying both Red Teams and Threat Hunters to constantly challenge […]

Read more

The fast and the FAIL 8

When it’s 2020 and all you can think about is how fricken awesome 2019 was, what better way to fill your time at a virtual conference than the 8th instalment of “oh, they’re talking about FAIL again” with the added special je ne sais quoi of 2020’s litany of FAIL. Join the yet to be […]

Read more

Submarines in Pirate Waters: Cloud Attack Strategies

For several years now, our application deployment and infrastructure constructs have changed. What have we done to help model and simulate what the attackers are doing on the internet? In this talk we will be discussing features found commonly in cloud environments, and specifically, Kubernetes based attack strategies that a group can simulate. The talk […]

Read more

How to Store Sensitive Information in 2020

It goes without saying never ever store personal/sensitive information in clear text. It is also a well-known fact salting, hashing, or stretching your information can provide little protection against contemporary computer architectures and modern brute force attack constructs. Those abreast with this subject would have come across countless advocatory material suggesting using key derivation functions […]

Read more

Common Flaws in Public and Private ICS Network Protocols

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are both the lifeblood of any critical infrastructure, and play an important role in any operation’s ability to communicate between various ICS components, relay sensitive data, or manage critical sensors and equipment. Due to the specific and unique needs of the industrial control industry, ICS […]

Read more

One Malicious Message to Rule Them All

As the world quickly transitioned to remote work due to COVID-19, companies were forced to make dramatic changes in how they operated. To keep employees safe and productive, companies adopted communication platforms like Teams, Zoom, Slack en masse. And while those tools fundamentally changed the way many of us work, they have also created new […]

Read more

Differential Privacy for Mobile Apps Busted!

In this session we bust Apple on their differential privacy claims for iOS devices by reverse-engineering telemetry data. We’ll illustrate how the privacy-preserving algorithm systemically suffers from implementation issues, how it leads to re-identification risk, how advertising IDs and hardware IDs are being misused to fingerprint users, and what needs to be done to preserve […]

Read more

Security Metrics That Matter

We measure so that we can improve and report. Reporting is for our bosses and job security. Improvement is for us. As an outnumbered security professional, you will never, ever have enough time, money and resources to add every layer of defence you wish you could, which means we need to work smarter. Learn about […]

Read more

Heroku Abuse Operations: Hunting Wolves in Sheep’s Clothing

Abuse Operations, theft of services, and violation of acceptable usage does not get the spotlight it deserves because ultimately, the systems in question are “working as designed”. It is within these “cracks” that the abusers, the malicious users, and outright criminals operate their tools, campaigns, and other questionable interests. We will highlight how they are […]

Read more

Getting Rid of Passwords with FIDO2 and W3C WebAuthn

Most security experts would agree that password-based authentication is dead. The FIDO2 standard aims to replace passwords entirely and there is a good deal of chance that it will succeed. It has gained significant momentum in the past year, as key players like Microsoft, Apple, Google, and Mozilla started to jump on board. This talk […]

Read more

A DECEPTICON and AUTOBOT Walk into a Bar: Python for Enhanced OPSEC

When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that […]

Read more

Cloud Adoption – Trends and Recommendations for Security Teams

Organizations adopting cloud-based delivery are often at a loss as to how to navigate the technological and organizational changes introduced by this movement. Are we ahead? Are we behind? Do we really need to deploy to production hourly? What about security? This presentation provides insights from 451 Research’s view of technology and security trends as […]

Read more

IoT Security: An Insiders Perspective

The IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]

Read more

Profiling Fraudsters from the Darknet to ICQ

Anonymity tools such as the tor network and cryptocurrencies are increasingly adopted by fraudsters to hide their tracks. They have enabled a darknet underground economy that centers around online illicit markets which has generated over USD$500 million in sales in the past year. Within online illicit markets, fraudsters create profiles and post ads for their […]

Read more

Chip.Fail – Glitching the Silicon of the Connected World

All smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]

Read more

Poisoned RDP Offense and Defense

It’s safe to assume that many people reading this text have heard of using the Remote Desktop Protocol (RDP) to connect to other machines. But has anyone ever considered that merely using RDP can compromise their own computer? In this talk, we will not be covering a typical RDP vulnerability where a server is attacked […]

Read more

Powershell is Dead. Long Live C#

The PowerShell bubble has burst. With offensive use going down and detections and defences rising, the need for an alternative means to operate offensively against Windows environments is well underway and a big part of that is due to C# and .NET. In this presentation, Lee will take the audience through the rise of weaponized […]

Read more

FAIL Panel: I Quit Securi7y

In order to save the security industry, someone had to quit or be fired. Is this the ultimate fail or the only way to beat Thanos? This year’s panel includes all the best viewpoints: a vendor, an academic, a startup, and a quitter. Half the panel does more operations work than security work and has […]

Read more

Threat hunting in the cloud

Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]

Read more

Malware in Google Play: Latest tactics used to penetrate the official app store

This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]

Read more

Hashes, hashes everywhere, but all I see is plaintext

I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]

Read more

Post-Quantum Manifesto

In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]

Read more

The SOC Counter ATT&CK

The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]

Read more

Major Pitfalls to Avoid in Performing Incident Response in AWS

When performing Incident Response in a platform where infrastructure and data is just as quickly destroyed as it is created, speed and efficacy are paramount. While AWS provides a wide gamut of tools and capabilities to effectively harness the cloud, it’s often a daunting task to understand which tools to use for what, when, and […]

Read more

Into the Fog – The Return of ICEFOG APT

In 2013, a public report revealed a group of actors conducted targeted attacks leveraging a malware dubbed ICEFOG against mainly government organizations and the defense industry of South Korea and Japan. Little has been published about the activities of ICEFOG malware since the report was released more than six years ago. However, despite a pause […]

Read more

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]

Read more

Cloud Native Security Explained

Have you ever wondered how security is different ‘in the cloud’? What does “Cloud Native” even mean? What is “Zero Trust”? Serverless? Just in Time (access management)? And how do we secure these things? This talk is a whirlwind intro to securing cloud computing with audience participation (open discussion) and demonstrations of various new cloud […]

Read more

Fuzzing for your Offensive and Defensive Teams

Fuzzing is an automated testing technique to find vulnerabilities that can be abused in cyber-attacks in software and/or hardware. In this talk we will delve into how fuzzing is used in both offensive and defensive operations. We will demonstrate how the best security researchers in the world use fuzzing to find 0-days (previously unknown vulnerabilities), […]

Read more

FLAIR (Fuzzy simiLArIty fRamework)

FLAIR (Fuzzy simiLArIty fRamework): A comprehensive study on APT analysis using Fuzzy hash similarity algorithms by providing a framework comprises of more than 25 Fuzzy hashing algorithms Finding similar files has been a long recognized and ever-increasing need in malware research and forensic investigation. Cryptographic hash functions such as MD5, SHA1 and SHA256 are the […]

Read more

One-Person Army – A playbook on how to be the first Security Engineer at a company

How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product to sustain and grow, it often puts the person in charge of securing them in a tricky […]

Read more

Your phone is using TOR and leaking your PII

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!