Malware in Google Play: Latest tactics used to penetrate the official app store

This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]

Read more

Hashes, hashes everywhere, but all I see is plaintext

I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]

Read more

Post-Quantum Manifesto

In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]

Read more

The SOC Counter ATT&CK

The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]

Read more

Major Pitfalls to Avoid in Performing Incident Response in AWS

When performing Incident Response in a platform where infrastructure and data is just as quickly destroyed as it is created, speed and efficacy are paramount. While AWS provides a wide gamut of tools and capabilities to effectively harness the cloud, it’s often a daunting task to understand which tools to use for what, when, and […]

Read more

Into the Fog – The Return of ICEFOG APT

In 2013, a public report revealed a group of actors conducted targeted attacks leveraging a malware dubbed ICEFOG against mainly government organizations and the defense industry of South Korea and Japan. Little has been published about the activities of ICEFOG malware since the report was released more than six years ago. However, despite a pause […]

Read more

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]

Read more

Cloud Native Security Explained

Have you ever wondered how security is different ‘in the cloud’? What does “Cloud Native” even mean? What is “Zero Trust”? Serverless? Just in Time (access management)? And how do we secure these things? This talk is a whirlwind intro to securing cloud computing with audience participation (open discussion) and demonstrations of various new cloud […]

Read more

Fuzzing for your Offensive and Defensive Teams

Fuzzing is an automated testing technique to find vulnerabilities that can be abused in cyber-attacks in software and/or hardware. In this talk we will delve into how fuzzing is used in both offensive and defensive operations. We will demonstrate how the best security researchers in the world use fuzzing to find 0-days (previously unknown vulnerabilities), […]

Read more

FLAIR (Fuzzy simiLArIty fRamework)

FLAIR (Fuzzy simiLArIty fRamework): A comprehensive study on APT analysis using Fuzzy hash similarity algorithms by providing a framework comprises of more than 25 Fuzzy hashing algorithms Finding similar files has been a long recognized and ever-increasing need in malware research and forensic investigation. Cryptographic hash functions such as MD5, SHA1 and SHA256 are the […]

Read more

One-Person Army – A playbook on how to be the first Security Engineer at a company

How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product to sustain and grow, it often puts the person in charge of securing them in a tricky […]

Read more

Your phone is using TOR and leaking your PII

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]

Read more

Internet-Scale Analysis of AWS Cognito Security

This talk will show the results of an internet-scale analysis of the security of AWS Cognito configurations. During this research it was possible to identify 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions. The talk starts […]

Read more

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]

Read more

Twisted Haystack: Protecting Industrial Systems with Dynamic Deception

Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]

Read more

How to Select your Future Hardware Security Module (HSM)

Hardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]

Read more

The New Paradigm of Security Controls

We are seeing a new approach to security that is rippling across network defenders, products, and attackers alike. The approach is based on the idea that you can improve security on data by harnessing data to improve security. This requires transitioning from appliances that shrink data volumes to cloud approaches that capture more data than […]

Read more

Don’t @ Me Hunting Twitter Bots at Scale

Automated Twitter accounts have been making headlines for their ability to spread spam and malware as well as significantly influence online discussion and sentiment. In this talk, we explore the economy around Twitter bots, as well as demonstrate how attendees can track down bots through a three-step methodology: building a dataset, identifying common attributes of […]

Read more

Fail Panel: Revenge of the Sixth

The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]

Read more

Securing Robots at Scale

The International Federation of Robotics estimate that 2.6 million industrial robots will be installed in factories worldwide by 2019. Robots are not only in industrial environments, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this session we will talk about our journey […]

Read more

ATT&CKing the Command Line and Hunting for More

The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]

Read more

Security is an Illusion: How I Rob Banks

A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]

Read more

The Chrome Crusader

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]

Read more

5G: Security Status and Opportunities

The next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]

Read more

Smart Contract Vulnerabilities: The Most Interesting Transactions on the Ethereum Blockchain

Smart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]

Read more

Serverless Infections – Malware Just Found a New Home

With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]

Read more

Alexa, what did I do Last Summer?

Smart things are a big trend nowadays. In more than 47 million households, Alexa is always listening and sometimes recording. What exactly does Alexa know about its master? What information does it collect, where is it stored, and what Amazon does to all that data aside of the “learning and quality assurance” routine? In this […]

Read more

Unblockable Chains – Is Blockchain the Ultimate Malicious Infrastructure?

In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]

Read more

Why Memory Attacks are on the Rise and How to Stop Them

Memory-based, fileless, or living-off-the-land attacks were one of the most prevalent types of attacks in 2017 and are only growing. But how do they happen and why are they on the rise? The short answer is that they work because they are less detectable by traditional and many next gen antivirus solutions. For example, Word […]

Read more

Deep Learning – Classifying Malicious Websites with Image Recognition Models

I will go over how transfer learning can be used to retrain a convolutional neural network (CNN) to accurately predict and label images of botnet C2 web panels and phishing websites. Image recognition to classify malicious websites can benefit in optimizing incident analysis as well as enhancing threat label data.

Read more

Exploiting Hardware Wallet’s Secure Element

Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]

Read more

HomeBrew: Developing Your Own (Threat) Intel

We see “threat feeds” discussed online quite often, but what are these really and how do we employ them? When these “threat feeds” are lists of IP addresses, domains, and file hashes, how do we then make use of these within our own infrastructure or organization? It turns out that if you’re a security analyst as […]

Read more

How to Spot a Fake: Improve Your Security Operations with Real-world AI

AI and machine learning are increasingly popular buzzwords cybersecurity, but not all AI techniques deliver the same value for every use case. Security professionals need to understand the different applications of AI and machine learning and how they can best be applied to address an organization’s specific needs. The potential of data science, artificial intelligence […]

Read more

The Hunt is on! Advanced Memory Forensics Meets NextGen Actionable Threat Intelligence

Cyber attacks continue to increase in severity and sophistication.  A new era of attacks have become more ubiquitous and dangerous in nature.  Malware has become much better at hiding its presence on the host machine.  However, one place it cannot hide for long is in the volatile memory of the computer system. The purpose of this […]

Read more

“BlueBorne” Explained – New Attack Vector Exposing 5B+ Devices

Called “Bluetooth’s Stagefright moment,” the Blueborne attack vector identified in September exposed 5B+ devices to hacking. It impacted major mobile, desktop, and IoT operating systems, including Android, Windows, Linux, and iOS. Blueborne attacks devices via Bluetooth in a manner never seen before, and spreads through the air (airborne). Users do not need to be on […]

Read more

The Cyberwar Playbook: Financial Services as Critical Infrastructure

How would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]

Read more

FAIL Panel Version 5 – EquiFAIL!

In 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]

Read more

Securing Shopify’s PaaS on GKE

Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]

Read more

Breaking the Laws of Robotics: Attacking Industrial Robots

Industrial robots are complex cyber-physical systems used for manufacturing, and are a critical component of any modern factory. These robots aren’t just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial […]

Read more

The quantum threat: what really matters today?

Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. Impressive progress in developing the building blocks of a fault-tolerant […]

Read more

Botract – Abusing smart contracts and blockchain for botnet command and control

In this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]

Read more

Lies and Damn Lies: Getting Past the Hype Of Endpoint Security Solutions

The endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]

Read more

Threat Hunting an Evolving Malware Campaign and the Actors Behind It

Threat actors need to constantly evolve their techniques to remain undetectable or their campaigns, once exposed, will cease operation. This briefing will take an in-depth, entertaining look at the ever evolving campaign that was thought to have been nearly eradicated. This campaign and the actors behind it have not only continued to operate behind the […]

Read more

The Black Art of Wireless Post-Exploitation

Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]

Read more

Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]

Read more

Improving Incident Response for ICS

Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]

Read more

Gitting Betrayed: How agile practices can make you vulnerable

Trust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]

Read more

Disrupting the Mirai Botnet

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]

Read more

Rootkits vs Ransomware 2.0. Using evil to fight for good

Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]

Read more

A Deep Dive into the Digital Weapons of Mysterious Cyber Army

Being one of the most isolated and secretive nations on the earth, from the Sony Picture breach to the WannaCry attack, cyber-attacks from the Democratic People’s Republic of Korea (DPRK) seem to be more and more aggressive than before. Based on our observations, the North Korea cyber army has expanded their campaign to target not […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!