«
Expand/Collapse
45 items tagged "abu dhabi"
Related tags:
web [+],
security [+],
code [+],
android [+],
scada [+],
sandbox [+],
presentation [+],
mitigation steps [+],
kernel mode [+],
black hat [+],
xss [+],
writing secure code [+],
web developers [+],
uae [+],
u.s. [+],
transport security [+],
tiffany rad [+],
teensy [+],
technology of the future [+],
system [+],
survey [+],
sun java runtime environment [+],
sun java runtime [+],
steganography [+],
steganographic software [+],
ssl tls [+],
ssl [+],
smart [+],
server capability [+],
secured transactions [+],
secret paths [+],
scada systems [+],
ryan jones thomas mackenzie [+],
rootkit [+],
root privileges [+],
robert [+],
risk [+],
rich lundeen [+],
real security [+],
protocol application [+],
protection mechanisms [+],
privilege levels [+],
privilege [+],
power [+],
phone [+],
papers [+],
paper [+],
novel strategy [+],
nikhil mittal [+],
network [+],
memory [+],
mainstream tv [+],
linux kernel [+],
linus [+],
laurent oudot [+],
korean institutions [+],
korea [+],
kautilya [+],
jurisdiction [+],
jpeg [+],
joshua drake tags [+],
jonathan pollet [+],
joe cummins [+],
jesse ou [+],
jean philippe aumasson [+],
java runtime environment [+],
java [+],
japanese android [+],
ivan ristic [+],
internet [+],
international [+],
integrity [+],
information [+],
indiana jones 4 [+],
indiana [+],
human interface devices [+],
human interface device [+],
https [+],
html [+],
holy grail [+],
gsm [+],
geographic challenges [+],
framework level [+],
forensic analysts [+],
extrusion [+],
exploitation techniques [+],
exploitation activities [+],
evidence [+],
electronic funds transfers [+],
edge cases [+],
device [+],
demonstration [+],
ddos attacks [+],
ddos attack [+],
ddos [+],
cyber [+],
cryptography [+],
cryptanalysis [+],
covert channel [+],
country [+],
corruption [+],
confidentiality [+],
compromise [+],
code execution [+],
cloud [+],
call for papers [+],
call [+],
bridge theory [+],
attack [+],
assessment methodology [+],
application profiling [+],
application [+],
abu dhabi uae [+],
wpa wpa2 [+],
wpa [+],
workshop [+],
wep wpa [+],
using open source tools [+],
technological focus [+],
stephen a. ridley tags [+],
showcase examples [+],
security models [+],
security initiatives [+],
scada protocols [+],
russell spitler [+],
rich internet [+],
rfid implementation [+],
rfid [+],
recent technological advances [+],
rapid evolution [+],
protection [+],
phone base [+],
passports [+],
open source tools [+],
open source tool [+],
night dragon [+],
mobile os [+],
mobile apps [+],
mobile [+],
memory trade [+],
matt conover [+],
malware [+],
lukas grunwald [+],
lifting [+],
life challenges [+],
legacy software [+],
jamal bandukwala [+],
ios [+],
hard [+],
hacking [+],
government id [+],
government [+],
google searches [+],
google [+],
fog [+],
flash content [+],
flash authors [+],
flash [+],
felix [+],
evasion and escape [+],
electronic id [+],
dmitry sklyarov [+],
design elements [+],
design decisions [+],
data [+],
custom search engine [+],
custom [+],
credit card numbers [+],
commodity hardware [+],
cloud model [+],
aurora [+],
attacking [+],
approach [+],
air interface [+],
adobe [+],
Software [+],
Hardware [+]
-
-
![Permalink for '[Paper] Software Security Goes Mobile'](/themes/lilina/web//media/mark_off.gif)
13:32
»
SecDocs
Authors:
Russell Spitler Tags:
phone Event:
Black Hat Abu Dhabi 2011 Abstract: Mobile devices and the risk posed by vulnerabilities in the software that runs them are proliferating. This talk scrutinizes challenges faced in securing mobile apps and contrasts them with legacy software security initiatives. We discuss how outsourcing confounds security efforts, how the mobile app lifecycle makes risk a hot potato, and conclude with the top mobile threats and how to avoid them.
-
12:54
»
SecDocs
Authors:
Amol Sarwate Tags:
SCADA Event:
Black Hat Abu Dhabi 2011 Abstract: This talk will present technical security challenges faced by organizations that have SCADA or control systems installations. The presentation will take a packet level dive into SCADA protocols and provide examples of attacks . It will also showcase examples of security controls for attack mitigation and introduce a new open-source tool to help identify and inventory SCADA systems.
-
-
14:40
»
SecDocs
Authors:
Vivek Ramachandran Tags:
WiFi Event:
Black Hat Abu Dhabi 2011 Abstract: This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks and taking on the live Wi-Fi CTF!
-
-
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
3:09
»
SecDocs
Authors:
Tsukasa Ooi Tags:
Android rootkit Event:
Black Hat Abu Dhabi 2011 Abstract: Android devices have been repeatedly hacked for root privileges. Sometimes by malware authors, and sometimes by users themselves. This is because if someone gains root privileges, he or she can gain control of the parts of the system which are most useful for attackers (and for users as well). But this is not the end of the story - we need a bit more knowledge to gain much privilege inside the Android application system. On the other hand, some Japanese Android smartphones have an extra Linux Security Module (LSM) to prevent these rooting issues and protect the system from being overwritten. But because of Android's security weaknesses and incomplete LSM protection, the Android application system can still be taken over by exploitation. This presentation explains what we can/cannot do if we gain root privileges on an Android device, and introduces a new kind of Android rootkit. This rootkit needs only root privileges (no kernel-mode, no ptrace) and bypasses all existing security modules. This fact implies the possibility of advanced Android malware.
-
3:09
»
SecDocs
Authors:
Tsukasa Ooi Tags:
Android rootkit Event:
Black Hat Abu Dhabi 2011 Abstract: Android devices have been repeatedly hacked for root privileges. Sometimes by malware authors, and sometimes by users themselves. This is because if someone gains root privileges, he or she can gain control of the parts of the system which are most useful for attackers (and for users as well). But this is not the end of the story - we need a bit more knowledge to gain much privilege inside the Android application system. On the other hand, some Japanese Android smartphones have an extra Linux Security Module (LSM) to prevent these rooting issues and protect the system from being overwritten. But because of Android's security weaknesses and incomplete LSM protection, the Android application system can still be taken over by exploitation. This presentation explains what we can/cannot do if we gain root privileges on an Android device, and introduces a new kind of Android rootkit. This rootkit needs only root privileges (no kernel-mode, no ptrace) and bypasses all existing security modules. This fact implies the possibility of advanced Android malware.
-
3:04
»
SecDocs
Authors:
Nikhil Mittal Tags:
penetration testing embedded Event:
Black Hat Abu Dhabi 2011 Abstract: As hackers, we have been exploiting the inherent trust by Operating System on Human Interface Devices for some time now. Teensy is a USB Micro-controller; a device which can act as a Human Interface Device when connected to a computer and is able to do the job pre-programmed in it. Many interesting things have been done using Teensy as a keyboard. We have mostly seen shells, many types of them. It is time we start looking at Teensy as a pentesting device capable of doing much more than popping shells. Introducing Kautilya, a toolkit which can be used to perform various pre-exploitation and post-exploitation activities. Kautilya aims on easing the use of attack vectors which traditionally require human intervention but can be automated using Teensy. Kautilya contains some nice customizable payloads which may be used for enumeration, info gathering, disabling countermeasures, keylogging and using Operating System against itself for much more. The talk will be full of live demonstrations.
-
3:02
»
SecDocs
Authors:
Nikhil Mittal Tags:
penetration testing embedded Event:
Black Hat Abu Dhabi 2011 Abstract: As hackers, we have been exploiting the inherent trust by Operating System on Human Interface Devices for some time now. Teensy is a USB Micro-controller; a device which can act as a Human Interface Device when connected to a computer and is able to do the job pre-programmed in it. Many interesting things have been done using Teensy as a keyboard. We have mostly seen shells, many types of them. It is time we start looking at Teensy as a pentesting device capable of doing much more than popping shells. Introducing Kautilya, a toolkit which can be used to perform various pre-exploitation and post-exploitation activities. Kautilya aims on easing the use of attack vectors which traditionally require human intervention but can be automated using Teensy. Kautilya contains some nice customizable payloads which may be used for enumeration, info gathering, disabling countermeasures, keylogging and using Operating System against itself for much more. The talk will be full of live demonstrations.
-
-
8:45
»
SecDocs
Authors:
Ryan Jones Thomas Mackenzie Tags:
exploiting Event:
Black Hat Abu Dhabi 2011 Abstract: Meticulous attackers can subvert audit controls to the point where a compromise is almost undetectable. We look at the tools and techniques which can be used by attackers to minimise evidence left behind and propose a novel strategy for managing this issue. Fully identifying the method and impact of a data compromise is heavily reliant on the forensic information available to investigators. Commonly this is dependent on having logs for the compromised period. However, in the cases where an attacker has taken steps to reduce their footprint on the system, investigations can be more challenging. We explore the various evidential sources which are commonly used to identify the extent and method of a web application compromise. We then discuss an attack which, due to its nature, is more complicated to identify and understand. The presentation will draw together the techniques used in investigating a data compromise and create an attack which is designed to completely compromise the web server while leaving the least amount of evidence on the system. Incident readiness specialists can often recommend that verbose logging is put in place. Logging such as full http request and response logging fits the bill for the investigator but by their nature these logs have serious drawbacks for the day to day management of the server; large storage requirements, incidental storage of sensitive data and performance issues are common problems. We suggest a new approach, restricting access or logging anomalies at the framework level. By blending the information gained at the framework level with automated application profiling techniques we can create heavily targeted logs bespoke to the specific application. This can be implemented for all applications regardless of whether source code is available. This method gives us the best chance of keeping logging to an absolute minimum whilst ensuring that techniques used to minimise forensic evidence left by an attack are unsuccessful.
-
8:44
»
SecDocs
Authors:
Ryan Jones Thomas Mackenzie Tags:
exploiting Event:
Black Hat Abu Dhabi 2011 Abstract: Meticulous attackers can subvert audit controls to the point where a compromise is almost undetectable. We look at the tools and techniques which can be used by attackers to minimise evidence left behind and propose a novel strategy for managing this issue. Fully identifying the method and impact of a data compromise is heavily reliant on the forensic information available to investigators. Commonly this is dependent on having logs for the compromised period. However, in the cases where an attacker has taken steps to reduce their footprint on the system, investigations can be more challenging. We explore the various evidential sources which are commonly used to identify the extent and method of a web application compromise. We then discuss an attack which, due to its nature, is more complicated to identify and understand. The presentation will draw together the techniques used in investigating a data compromise and create an attack which is designed to completely compromise the web server while leaving the least amount of evidence on the system. Incident readiness specialists can often recommend that verbose logging is put in place. Logging such as full http request and response logging fits the bill for the investigator but by their nature these logs have serious drawbacks for the day to day management of the server; large storage requirements, incidental storage of sensitive data and performance issues are common problems. We suggest a new approach, restricting access or logging anomalies at the framework level. By blending the information gained at the framework level with automated application profiling techniques we can create heavily targeted logs bespoke to the specific application. This can be implemented for all applications regardless of whether source code is available. This method gives us the best chance of keeping logging to an absolute minimum whilst ensuring that techniques used to minimise forensic evidence left by an attack are unsuccessful.
-
8:09
»
SecDocs
Authors:
Jesse Ou Rich Lundeen Tags:
web application cookie vulnerability XSS Event:
Black Hat Abu Dhabi 2011 Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn't even the hard part, it's keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90's RFCs and 2010's HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let's never talk about that again. Ever. Take Facebook, Office 365, MSN, and Wordpress. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we'll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks.
-
8:09
»
SecDocs
Authors:
Jesse Ou Rich Lundeen Tags:
web application cookie vulnerability XSS Event:
Black Hat Abu Dhabi 2011 Abstract: Writing secure code is hard. Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn't even the hard part, it's keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90's RFCs and 2010's HTML5 compatible browsers. A lot like how Indiana Jones bridges the ancient and the modern... Except for Indiana Jones 4. Let's never talk about that again. Ever. Take Facebook, Office 365, MSN, and Wordpress. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we'll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks.
-
-
21:37
»
SecDocs
Tags:
malware DoS Event:
Black Hat Abu Dhabi 2011 Abstract: A Distributed Denial-of-Service(DDoS), one of the simplest and most powerful cyber attacks is a big problem nowadays. It has existed since the past, but now attackers can give greater damage to their target due to the development of more effective attack techniques and the propagation of high-speed internet and so on. Especially DDoS attack is now getting a huge problem because the unspecified individuals(called zombie PCs) are used in loading malicious codes while attacking a single site or system. DDoS attack is directly related to targeted companies, institutions and even governments, security companies and users as well. Plus, there is a possibility of running malicious code onto many other types of electronic devices such as smart phones, game consoles, home appliances and even cars. Therefore a new type of DDos attack might be seen in various places. In this presentation, we will figure out the large-scale DDoS attacks occurred in Korea(July 2009, March 2011) with detailed analysis and reverse tracking and how defenders(Korean institutions and security companies) coped with the attack. WE WILL NOT MENTION WHO THE ATTACKER IS. Also we will show the new type of DDoS attacks (by PC, smart phone, game console and so on) through demonstration. In this demonstration, we will handle the mechanism of DDos attacks including the type of attack, damage and preparation stage as well. Finally, we will suggest a solution of this problem. *IMPORTANT* This presentation tries not to include boring stuff. It will be fun with easy explanation and interesting demonstration.
-
21:37
»
SecDocs
Tags:
malware DoS Event:
Black Hat Abu Dhabi 2011 Abstract: A Distributed Denial-of-Service(DDoS), one of the simplest and most powerful cyber attacks is a big problem nowadays. It has existed since the past, but now attackers can give greater damage to their target due to the development of more effective attack techniques and the propagation of high-speed internet and so on. Especially DDoS attack is now getting a huge problem because the unspecified individuals(called zombie PCs) are used in loading malicious codes while attacking a single site or system. DDoS attack is directly related to targeted companies, institutions and even governments, security companies and users as well. Plus, there is a possibility of running malicious code onto many other types of electronic devices such as smart phones, game consoles, home appliances and even cars. Therefore a new type of DDos attack might be seen in various places. In this presentation, we will figure out the large-scale DDoS attacks occurred in Korea(July 2009, March 2011) with detailed analysis and reverse tracking and how defenders(Korean institutions and security companies) coped with the attack. WE WILL NOT MENTION WHO THE ATTACKER IS. Also we will show the new type of DDoS attacks (by PC, smart phone, game console and so on) through demonstration. In this demonstration, we will handle the mechanism of DDos attacks including the type of attack, damage and preparation stage as well. Finally, we will suggest a solution of this problem. *IMPORTANT* This presentation tries not to include boring stuff. It will be fun with easy explanation and interesting demonstration.
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
-
21:41
»
SecDocs
Authors:
Andrey Belenko Dmitry Sklyarov Tags:
forensic iPhone Event:
Black Hat Abu Dhabi 2011 Abstract: iOS 5 is the latest and most advanced mobile OS from Apple. Besides tweaking UI and UX, Apple has made some changes to Data Protection mechanisms that were introduced in iOS 4. Those changes provide better security for users, but they also impose additional hurdles for mobile phone forensic process. This talk will provide detailed discussion of iOS Data Protection, focusing on both technical description of defenses and on circumventing certain protections to provide forensic access to the data stored on the iOS devices. iOS versions from iOS 3 (iPhoneOS 3) to iOS 5 will be covered.
-
21:41
»
SecDocs
Authors:
Christiaan Beek Tags:
malware intelligence malware analysis Event:
Black Hat Abu Dhabi 2011 Abstract: Over years the use of malware has dramatically changed. Ranging from programmers exploring the malicious possibilities of their programming code, copycats trying to combine code snippets, to organized crime and governments using custom made malware for their purposes. Where financial gratification is the main drive for cybercrime, it seems that the hunger for secrets and intellectual property is taking over. Some examples of cases are: Operation Aurora, Night-Dragon and recently Shady-RAT. These are examples of investigations that started with the detection of unknown customized malware, hiding on corporate networks and ended in large investigations regarding Data Loss. So how is it possible that this malware was undetected? How can you detect hidden malware on your network using open-source tools, what patterns to look for? What countermeasures can you take? How to build a layered malware defense to keep unknown malware out of your network. In my talk I will give some demo's how you can use Wireshark to investigate networkdata for traces of malware, how to filter for suspicious connections.
-
-
21:31
»
SecDocs
Authors:
Jamal Bandukwala Tags:
intelligence Google Event:
Black Hat Abu Dhabi 2011 Abstract: Traditional Google searches can generate millions of results many of which are not relevant to what a user is looking for and when a user searches for items with various advanced operators they are still limited to searching one site at a time. This means that an individual can have to peruse through several different pages of sometimes questionable quality looking for relevant and usable information. My custom searches allow a user to peruse multiple relevant sources at the same time. I have put together three different custom searches/ engines; each of these searches goes through different types of online sources/ content and consequently provides different types of information/ intelligence. My presentation goes over each of these custom searches and provides examples of the type of information one can obtain from them and also examines how they can be used both in an offensive manner (ie. attacks) and defensively as well. One can find everything from credit card numbers to passport information and even do things like interrupt travel plans and take over identities. Additionally you can also find significant information on various individuals even if they do not have their own presence online; this can allow an attacker to craft a much more convincing attack to get the information they need. It would appear that the custom search engine owner/ creator and the individual using the searches are both only limited by the content in the search engine and their imagination. The possibilities on what you can find with the appropriate search are endless.
-
15:47
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
15:46
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
-
19:14
»
Packet Storm Security Recent Files
The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011) Call For Papers has been announced. It will be held December 11th through the 14th, 2011, in Abu Dhabi, UAE.
-
19:14
»
Packet Storm Security Misc. Files
The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011) Call For Papers has been announced. It will be held December 11th through the 14th, 2011, in Abu Dhabi, UAE.
-
-
14:27
»
SecDocs
Tags:
web cloud computing memcached Event:
Black Hat Abu Dhabi 2010 Abstract: Cloud services continue to proliferate and new users continue to flock, in a clear demonstration that cloud computing is more than simply a flash-in-the-pan. Coupled with this rapid evolution of services are protection mechanisms for the services, which often lag. Last year we highlighted weaknesses in the cloud model and demonstrated a number of vulnerabilities in large cloud providers. In this talk, we examine a particular technology underlying the scalability of many cloud applications, namely memcached. We discuss the possibility of memcached mining which would be a natural exploitation path once a vulnerability inside a cloud application is discovered and will demonstrate this with a new tool aimed at discovering and mining memcached servers.
-
14:13
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
14:12
»
SecDocs
Authors:
Ivan Ristic Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.
-
-
0:46
»
SecDocs
Authors:
Stephen A. Ridley Tags:
exploiting Event:
Black Hat Abu Dhabi 2010 Abstract: As many have predicted, 2010 will be the “Year of the Sandbox”. We will probably see many Commercial Off-The- Shelf (COTS) products using these sand-boxing technologies in the very near future starting this year. This presentation will discuss and demonstrate practical techniques for the evasion and escape of “Sand-boxing” technologies. Many techniques have been discussed but only vaguely at popular security conferences. Very little *actual* code and demonstrations have been performed. This presentation will consist mostly of demonstrations and review of actual code. I believe that most technical security talks these days don’t need to be longer than 20 minutes, so I only want to use my time to talk about real things and demonstrate real tools. I will demonstrate tools and techniques using Chromium and custom written “sandbox” examples. Some such subversion techniques discussed will be: * Injecting Interpreters into Sandboxes to test from the inside out * Using Kernel Mode debuggers to assist you (token exchange, IO, handle creation, IPC) windbg scripts incl. * Token Sniping/Stealing (whatever you call it) * Token inspection tools (includes a .h’d and dll’d version of Matt Conover’s dumptoken.c modified to include more Native API helpers) * Handle Sniping/Stealing (whatever you call it) * User32 Messaging tricks (no, not just SetWindowsHook ;-) None of these above techniques in this talk will be without example code or demonstrations! In addition to the above, this presentation will try to “fill in the gaps” where there seems to be a lot of vagaries around tokens and DACLs. Additionally I will talk about some of the practical considerations that makes deploying a sandbox with COTS products impractical on WindowsXP. There will be some other “goodies” that were also discovered in the course of this research such as: how to detect kernel mode debuggers from userspace, how userspace debugging works under the hood, (yet) undisclosed Chrome bugs, etc. I will also talk a bit about some areas of interest I wish to focus on in the future regarding these topics.
-
0:19
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
0:17
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
-
21:25
»
SecDocs
Authors:
Joe Cummins Jonathan Pollet Tags:
SCADA Event:
Black Hat Abu Dhabi 2010 Abstract: SCADA Systems control the generation, transmission, and distribution of electric power, and Smart Meters are now being installed to measure and report on the usage of power. While these systems have in the past been mostly isolated systems, with little if no connectivity to external networks, there are many business and consumer issuing driving both of these technologies to being opened to external networks and the Internet. Over the past 10 years, we have performed over 100 security assessments on SCADA, EMS, DCS, AMI, and Smart Grid systems. We have compiled very interesting statistics regarding where the vulnerabilities in these systems are typically found, and how these vulnerabilities can be exploited. Of course, we can not disclose any specific exploits that will allow you to steal power from your neighbors, but we can give away enough meat in this session to expose common vulnerabilities at the device, protocol, application, host, and network layers.
-
21:25
»
SecDocs
Authors:
Joe Cummins Jonathan Pollet Tags:
SCADA Event:
Black Hat Abu Dhabi 2010 Abstract: SCADA Systems control the generation, transmission, and distribution of electric power, and Smart Meters are now being installed to measure and report on the usage of power. While these systems have in the past been mostly isolated systems, with little if no connectivity to external networks, there are many business and consumer issuing driving both of these technologies to being opened to external networks and the Internet. Over the past 10 years, we have performed over 100 security assessments on SCADA, EMS, DCS, AMI, and Smart Grid systems. We have compiled very interesting statistics regarding where the vulnerabilities in these systems are typically found, and how these vulnerabilities can be exploited. Of course, we can not disclose any specific exploits that will allow you to steal power from your neighbors, but we can give away enough meat in this session to expose common vulnerabilities at the device, protocol, application, host, and network layers.
-
5:42
»
SecDocs
Authors:
Laurent Oudot Tags:
web application web server exploiting covert channel Event:
Black Hat Abu Dhabi 2010 Abstract: This technical talk will focus on web attackers and how they try to handle extrusion issues. Indeed, when intruders get an illegal access on a web resource, it might become complex for them to keep a stealth and remote control without being caught. They usually try to create easy channels that allow them to get the very best from their target. But sometimes, they need to improve those concepts, especially against a hardened or monitored network. Based on real technical examples, we will describe how web attackers can anonymously talk to web backdoors, either by playing with HTTP issues or by finding secret paths to bounce out of DMZ (cover channels, etc). For this presentation to be accurate, we will also propose solutions, so that the defenders might detect or contain those attacks on their sensitive networks.
-
5:41
»
SecDocs
Authors:
Laurent Oudot Tags:
web application web server exploiting covert channel Event:
Black Hat Abu Dhabi 2010 Abstract: This technical talk will focus on web attackers and how they try to handle extrusion issues. Indeed, when intruders get an illegal access on a web resource, it might become complex for them to keep a stealth and remote control without being caught. They usually try to create easy channels that allow them to get the very best from their target. But sometimes, they need to improve those concepts, especially against a hardened or monitored network. Based on real technical examples, we will describe how web attackers can anonymously talk to web backdoors, either by playing with HTTP issues or by finding secret paths to bounce out of DMZ (cover channels, etc). For this presentation to be accurate, we will also propose solutions, so that the defenders might detect or contain those attacks on their sensitive networks.
-
5:27
»
SecDocs
Authors:
Karsten Nohl Tags:
GSM phone Event:
Black Hat Abu Dhabi 2010 Abstract: Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
5:25
»
SecDocs
Tags:
Android Event:
Black Hat Abu Dhabi 2010 Abstract: The well-known way of breaking out of the Android sandbox is using a recent local Linux kernel exploit for privilege escalation. However, why always pick on Linus in Ring-0 when there is so much more to explore in user mode. Join me in a fascinating journey through Android's sandbox implementation with a lot of IPC endpoints, Services, Content providers, Serialisation, Permissions, Activities and much more, all scattered through multiple processes with different privilege levels. From a single point of entry we will build our majestic sandcastle in Android's sandbox, spanning multiple processes to hopefully obtain the holy grail of Android permissions: android.permission.INSTALL_PACKAGES
-
5:25
»
SecDocs
Tags:
Android Event:
Black Hat Abu Dhabi 2010 Abstract: The well-known way of breaking out of the Android sandbox is using a recent local Linux kernel exploit for privilege escalation. However, why always pick on Linus in Ring-0 when there is so much more to explore in user mode. Join me in a fascinating journey through Android's sandbox implementation with a lot of IPC endpoints, Services, Content providers, Serialisation, Permissions, Activities and much more, all scattered through multiple processes with different privilege levels. From a single point of entry we will build our majestic sandcastle in Android's sandbox, spanning multiple processes to hopefully obtain the holy grail of Android permissions: android.permission.INSTALL_PACKAGES
-
2:23
»
SecDocs
Authors:
Lavakumar Kuppan Tags:
web application XSS HTML Event:
Black Hat Abu Dhabi 2010 Abstract: HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is no more just the technology of the future as many believe, it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible. Web developers and users assume that just because their site does not implement any HTML5 features they are unaffected. Also a large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality. This presentation will show how existing 'HTML4' sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally we look at an attack where the attacker is not interested in the victim's data or a shell on the machine but is instead after something that might perhaps even be legal to steal!
-
2:23
»
SecDocs
Authors:
Lavakumar Kuppan Tags:
web application XSS HTML Event:
Black Hat Abu Dhabi 2010 Abstract: HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is no more just the technology of the future as many believe, it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible. Web developers and users assume that just because their site does not implement any HTML5 features they are unaffected. Also a large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality. This presentation will show how existing 'HTML4' sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally we look at an attack where the attacker is not interested in the victim's data or a shell on the machine but is instead after something that might perhaps even be legal to steal!
-
-
21:25
»
SecDocs
Authors:
Christofer Hoff Tags:
cloud computing Event:
Black Hat Abu Dhabi 2010 Abstract: Mass-market, low-cost, commodity infrastructure-as-a-Service Cloud Computing providers abstract away compute, network and storage and deliver hyper-scaleable capabilities. This "abstraction distraction" has brought us to the point where the sanctity and security of the applications and information transiting them are dependent upon security models and expertise rooted in survivable distributed systems, at layers where many security professionals have no visibility. The fundamental re-architecture of the infostructure, metastructure and infrastructure constructs in this new world forces us back to the design elements of building survivable systems focusing on information centricity -- protecting the stuff that matters most in the first place. The problem is that we're unprepared for what this means and most practitioners and vendors focused on the walled garden, perimeterized models of typical DMZ architecture are at a loss as to how to apply security in a disintermediated and distributed sets of automated, loosely-coupled resources. We're going to cover the most salient points relating to how IaaS Cloud architecture shifts how, where and who architects, deploys and manages security in this "new world order" and what your options are in making sustainable security design decisions.
-
13:35
»
SecDocs
Authors:
Robert 'Rsnake' Hansen Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: HTTPS was created to protect confidentiality and prove integrity of content passed over the web. It has essentially become the de-facto standard for internet commerce transport security. Over the years a number of exploits have attacked the principle, underlying PKI infrastructure and overall design of HTTPS. This presentation will drive another nail in the HTTPS coffin through a number of new exploitation techniques leveraging man-in-the-middle attacks; the goal of which is to break confidentiality and integrity of HTTPS traffic. The impact of these flaws suggests a need for changes in the ways we protect the transmission of data online.
-
13:34
»
SecDocs
Authors:
Robert 'Rsnake' Hansen Tags:
X.509 SSL Event:
Black Hat Abu Dhabi 2010 Abstract: HTTPS was created to protect confidentiality and prove integrity of content passed over the web. It has essentially become the de-facto standard for internet commerce transport security. Over the years a number of exploits have attacked the principle, underlying PKI infrastructure and overall design of HTTPS. This presentation will drive another nail in the HTTPS coffin through a number of new exploitation techniques leveraging man-in-the-middle attacks; the goal of which is to break confidentiality and integrity of HTTPS traffic. The impact of these flaws suggests a need for changes in the ways we protect the transmission of data online.
-
13:23
»
SecDocs
Authors:
Lukas Grunwald Tags:
RFID Event:
Black Hat Abu Dhabi 2010 Abstract: This presentation is showing some risk of the use of "Insecure" RFID implementation on Passports and Government ID Documents for Automatic Immigration (E-Gates) as well how easy a identity could be stolen. A overview of already existing electronic ID will be given, as well new work of the new German eID with Multi-Usage for Government, Legal as well private use for Parking-Meters, home Banking as well e-commerce.
-
13:20
»
SecDocs
Tags:
GSM phone Event:
Black Hat Abu Dhabi 2010 Abstract: Recent technological advances have placed GSM tools within the reach of today's security researchers and hackers. It is finally possible to directly explore the lowest levels of the GSM stack. This talk focuses on both sides of the GSM network where the users and network directly interact: the Um (air) interface. The primary technological focus of this talk is on the exposed interfaces between the GSM networks and users. This covers the base station system—the network components which communicate with mobile phones—and the base band—the component of the mobile phone which communicates with the network. During the talk the two main components of the attack system will be demoed - malicious basestations and malicious basebands. The base station enables fuzzing mobile phone basebands, as well as other attacks. The baseband is used to test GSM network equipment for flaws, as well as exploit backend systems. Trust us, you'll want to turn off your phone for the duration of this talk!
-
13:18
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Rich Internet Applications Flash Event:
Black Hat Abu Dhabi 2010 Abstract: The talk presents a simple but effective approach for securing Adobe Flash content before using it. The security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.
OSVDB Vulnerabilities
Bugtraq
Penetration Testing
Carnal0wnage
The Exploitant