As adversaries become more advanced with their techniques and tactics, security professionals must draw on effective tools, processes, and emerging technologies to mount a successful defense. In this talk, we will review the challenges and the current state of threat management and threat intelligence sharing. We will also discuss how AI-based threat management can help […]
Read moreDigital Forensics, Incident Response, Troubleshooting, Compliance, and Deep Packet Inspection are important use cases for packet capture. However, as environments continue to adopt virtualized, cloud-based infrastructure, network security practitioners will find it necessary to understand the specific tactics and protocols available for use in each environment. This paper catalogs and details the state of packet […]
Read moreSoftware Bill of Materials (SBOMs) provide numerous security benefits such as software transparency, software integrity, and software identity. SBOMs are being included in a lot of regulatory requirements, such as the U.S. Presidential Executive Order 14028 and the U.S. Food and Drug Administration (FDA) for medical devices. Come learn about the specific benefits SBOMs provide, […]
Read moreSuccessful incident response requires swift action to contain. Whether it is a breach, insider threat or other attack the longer the adversary pivots in your network, the more difficult the event will be to contain. There are numerous tools available today to perform key orchestration tasks referred to as EDR or Endpoint Detection and Response […]
Read moreCNCF provides great solutions for managing security of Kubernetes Environment, like OPA and Kyverno for Policies, but what about threats or strange behaviours that may happen inside running containers? In your Cloud account? In the SaaS you use? Falco, the runtime security engine provides a way to detect all these patterns by analysing syscalls with […]
Read moreJavaCrypto is easy-to-use, light-weight, modern library for all core cryptographic operations needed to build higher-level cryptographic tools. It’s a drop-and-hook bundle of APIs responsible for performing various cryptographic primitives, such as encryption, decryption, digital signatures, password storage etc in the most secure way possible while using Java Cryptography Architecture (JCA). Why do we need this […]
Read moreAt SecTor 2021, as part of the IoT Hack Lab, I demoed a new toy I was working on – a Raspberry Pi Pico that would emulate an HID when plugged into a device and issue commands. I called it my poor person’s USB Rubber Ducky. The demo was a hit and numerous people were […]
Read moreThis talk will uncover the amazing detection capability available from Azure AD Reports and how any organization can utilize it in the most efficient ways to help detect malicious actors. On top of that, the talk will walk attendants through a tool that can be used to help threat hunters and analysts anywhere to work […]
Read moreLinux seccomp is a simple, yet powerful tool to sandbox running processes and significantly decrease potential damage in case the application code gets exploited. It provides fine-grained controls for the process to declare what it can and can’t do in advance and in most cases has zero performance overhead. The only disadvantage: to utilise this […]
Read moreIt’s 2021, so why are developers still spending so much time writing custom code to validate data? Does the custom code cover all vulnerabilities? Is it secure? This presentation introduces a new open-source framework called Sanitation Web Application Firewall (SanWAF) that uses a declarative approach to validate data on both the client and server tiers. […]
Read moreAs more businesses move to Azure for their cloud computing, there is a growing gap in visibility of the security of cloud resources. Azure Sentinel is the cloud native SIEM solution from Microsoft. Turning it on potentially means another location for piles of logs and noise. Attend this session to learn how to get the […]
Read moreA recent study suggests that cloud misconfiguration is the number one risk to cloud environments in 2021. As more developers deploy infrastructure across clouds using infrastructure-as-code, the security risk is only going to grow. To quote Albert Einstein: “Intellectuals solve problems, geniuses prevent them.” With IaC, we have an opportunity to scalably prevent security risks […]
Read moreMalware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. One place malware cannot easily hide itself is within volatile computer memory (RAM). Although an essential part of detection engineering and exploit development, memory analysis is not trivial to […]
Read moreIn talking about Cloud Security, I believe that there are 3 main points to take care of: IAM Permissions, Control Plane Configuration (AWS API), and Cloudtrail for Control Plane Monitoring. When we are talking about Cloud Misconfiguration, Permissions, and Monitoring, we are mostly talking about second stage attacks (unless some configurations that make information public) […]
Read morePE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Aimed at the reverse engineering community, PE Tree also integrates with HexRays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping […]
Read moreBlackBerry, like many other companies, is on the move to containerized production environments. As containers become more ubiquitous, container security becomes crucial as well. Scanning container images for known vulnerabilities caused by vulnerable software is a critical security activity of the CI/CD process. Both commercial and open-source tools exist for container image scanning, however, not […]
Read moreMonitoring events will always be a big challenge for defensive teams. Now, with the increasing adoption of cloud by enterprises, new data sources are needed to monitor these services and detect security incidents. In the AWS Cloud ecosystem, the primary source of visibility of the control plane activities is called CloudTrail. Leveraging CloudTrail allows you […]
Read moreNo, this is not a talk about the Beverly Hills Police Department. It is about a new tool that I built based on a methodology I developed for Destroying Active Directory Attack Paths found by BloodHound. This talk will cover the methodology and the various options that the script provides. All the features are aimed […]
Read moreRemote Desktop Protocol (RDP) is the de facto protocol to remotely access Windows systems. Two years ago, we released PyRDP, a free and open-source RDP Monster-In-The-Middle (MITM) tool to tangibly demonstrate some of RDP’s common misconfigurations and associated risks. Since then, more RDP servers are exposed online and Microsoft’s RDP implementation has been the target […]
Read moreIntuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security audits, intrusion testers typically face hundreds, or even thousands, of assets early in an engagement. Their ability […]
Read moreWhether you do Pentesting or Bug Bounty Hunting, Recon is an important phase for expanding your scope. However, not everyone does that as they are busy filling forms with random payloads. Effective Recon can often give you access to assets/boxes that are less commonly found by regular Pentesters or Bug Hunters. More assets mean more […]
Read moreThe intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]
Read moreDuring a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]
Read moreThis talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]
Read moreCars are no longer simply mechanical. While they may be getting more advanced that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking a car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN […]
Read moreModern software applications are complex, highly integrated collections of components, authored by dozens or even hundreds of individuals, and the rise of open source has taken this complexity to the next level. As an end-user, how well do you understand what a piece of software is *actually* doing, under the hood? Is your favorite string […]
Read moreThe Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, “Find Security Bugs” (FSB). It is an extension of the SpotBugs project, formerly known as FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug […]
Read moreAs organizations continue their love affair with cloud services, critical components are increasingly exposed to threats in ways that can be easy to miss with traditional on-premises tools and technology. On the other hand, major cloud-services providers have been stepping up their game and are (for a price!) providing the blue team with new ways […]
Read moreExecutives and the board face difficult decisions to determine whether cyber insurance is worth the spend and what limit to buy. Quantifying the financial costs of potential cyber incidents provides objective grounding for decision-making and reduces reliance on gut feeling, fear or intuition. However, cyber risk assessments usually don’t quantify the financial cost to the […]
Read moreThis quick-moving talk will cover techniques for reducing the range of combinations or keys you need to attack to successfully open a lock. There will be some math…but I’m not particularly good at math so it definitely won’t get complicated. We will cover a number of fun topics like decoding combination locks, figuring out how […]
Read moreIn this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry.
Read moreThis presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? We will look at the Sysmon tool and compare its outputs to standard EVT logs Look at how Sysmon […]
Read moreHeimdall assumes that when a new vulnerability is disclosed, and an exploit goes public, criminals build scanners in order to detect the machines reachable on the internet which are affected by the new vulnerability. If these machines are found and compromised, they are often used by criminals for other activities (C&C panel, redirect to cloned […]
Read moreAngad is a framework to automate classification of an unlabeled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in several feature vectors. These vectors are individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection […]
Read moreMalware is everywhere. Every organization has been infected by malware to some extent. Yet, most don’t have the expertise on staff to know if they are being targeted or if they are hit with mass-spreading malware. Knowing the difference is vital for a proper response plan. This is where Malboxes comes in. It is a […]
Read moreElytron is a set of Java APIs and SPIs for application server security. Although it was developed to unify security across the WildFly application server, Elytron is an open-source, standalone library that can theoretically be used in other Java server environments. Within WildFly, Elytron has replaced the combination of PicketBox and the Java Authentication and […]
Read moreLet’s talk Metasploit! Come learn how the community is building tools that work not just for the single user, but for the whole team. Jeffrey will begin the presentation by discussing basic usage and capabilities, and then explore the roads less traveled as well as some new paths currently being explored in Metasploit Framework. Audience members will […]
Read moreTLS can cause problems for security teams, breaking TLS or ignoring TLS are common modus operandi, both are flawed and expose organizations to weaknesses. This session focusses on the management of TLS from a blue team perspective, without either ignoring or breaking TLS implementations. We will discuss specific tooling, FingerPrinTLS and TLSProxy will be the […]
Read moreIn this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry. Tools that will be demonstrated and showcased include: Metasploit (Exploit Framework) BeEF (Browser Exploitation Framework) Physical lock testing (Lock pick set – Snap gun, and lock pick card) Hak5 – […]
Read moreWe have designed a virtual training environment that allows the user to step through the quintessential phases of an attack: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. Licensed for reuse under Creative Commons, the materials can immediately be used for education and training purposes by attendees. We focus on what can be expected from […]
Read moreImagine the moment when you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response. We have built an open source Incident Response framework based on PowerShell to help security investigation responders gather a vast number of […]
Read moreBloodHound has changed how red and blue teams approach risk in Active Directory environments. The interface is slick, the install is painless enough considering the dependencies, and the pre-built analytics deliver actionable intelligence. BloodHound provides the foundational elements – a reliable backend, a means for ingesting, querying, and displaying data – for users to extend […]
Read moreChkrootkit will be 20 years old in 2017! The first Chkrootkit release was in 1997 and was written by my friend Klaus (CERT.br team) and I. Chkrootkit is a suite of posix shell scripts and tools written in ansi C, intended to run smoothly in virtually all Unix environments without dependencies. It is able to detect several rootkits, […]
Read more