ROOTCON 11

September 21-22, 2017 Taal Vista Hotel, Tagaytay City
Media direct downloads|| Back to past events




Presentations

Breaking into the iCloud Keychain
by: Vladimir Katalov
(PDF) (Video)
Do you remember 'celebgate'? Well, iCloud is not just about backups and private pictures. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud. iCloud Keychain (that keeps your passwords and credit card data) is the most protected data among all other iCloud-synced categories, but still there is a way to break into it, and funny enough, it is *easier* for the accounts with two-factor authentication enabled.

Bypass 2FA, Stealing Private Keys
by: Maxwell Koh
(PDF) (Video)
The "knowledge factor" (using passwords for authentication) will never be enough for security. We need the second layer of defense -- a "possession factor" or sometimes called the "Two-Factor Authentication", hence the term, "2FA". In fact, nowadays many organization plans to adopt password-free login to authenticate their systems, thereby completely replacing the password-based authentication with key-based authentication, which they believed is more secure because only the key owner capable to log in. However, the truth is far from reality. Although 2FA creates a formidable barrier against potential security breaches, however it doesn't guarantee much security at all, especially when it comes to the inefficacious and often futile private key protection. In that sense, we can say that the effectiveness of the 2FA depends on how well a user protects "something only the user has". What if there are ways to steal the private keys from someone, without performing social engineering? In this talk, I'll introduce and demonstrate the techniques to bypass Two-Factor Authentication. I'll show you in real life how an attacker steals the server/client certificates and obtaining the private keys, as well as presenting the impacts of the aftermath. I will also introduce my tool (2FAssassin) to exploit the vulnerabilities against the affected software which were responsible for causing the private keys extraction. I'll also show you how to compromise the system or possibly, even the entire network after you had stolen the private keys. Nevertheless, I will end the talk by giving recommendation to protect the private keys from been stolen, as well as what to do during the worst case scenario.

Demystifying The Ransomware and IoT Threat
by: Christopher Elisan
(PDF) (Video)
We have seen a rise in Ransomware attacks in the past year. While we are recovering from these attacks a new wave of DDoS attacks using IoT devices suddenly thrust into the limelight. In this talk, I will discuss all the stages of a ransomware attack. How it works and how a researcher can handle each of the stages with tried and true analysis techniques. I will then shed light on how IoT are used in DDoS attacks by discussing how the malware used in the latest IoT DDoS attack works and how it can be manipulated for future attacks. Then I will discuss how a combination of Ransomware and IoT attacks can be a bigger threat in years to come.

Dissecting Exploit Kits
by: Daniel Frank
(PDF) (Video)
The Exploit Kit market has been evolving during the past two years, while APJ users are among the most affected victims. The presentation will briefly overview the Exploit Kits market, guiding the audience through the infection flow, from the landing page, through malicious JS and Shellcode execution, to the final payload, such as Ransomware or Banking Trojans. Live demos of stepping through the infection flow of two Exploit Kit variants will include: JavaScript deobfuscation, Shellcode and other malicious payload Reverse Engineering and analysis.

Finding Your Way to Domain Admin Access and Even So, the Game Isn’t Over Yet.
by: Keith Lee
(PDF) (Video)
In this presentation, we discuss the tricky scenarios we faced during internal penetration test engagements and how we have developed a tool to solve those issues. We want to fill the gap from after cracking a password hash (normal user) from NetBIOS/LLMNR/WPAD attacks to compromising the entire Domain as well as solving a few tricky issues that we as penetration testers face.

Hacking Robots before Skynet
by: Lucas Apa
(PDF) (Video)
Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, as sex partners, cooking in homes, and interacting with our families.

While robot ecosystems grow and become more of a disrupting force in our society and economy, they pose more of a significant threat to people, animals, and organizations if the technology is not secure. When vulnerabilities are exploited in robots, physical features can be utilized by attackers to damage property, company finances, or cause unexpected consequences where human life can be endangered. Robots are essentially computers with arms, legs and wheels, so the potential threats to their physical surroundings increase exponentially and in ways not widely considered before in computer security.

In recent research, we discovered multiple critical vulnerabilities in home, business and industrial collaborative robots from well-known vendors. With responsible disclosure now completed, it’s time to reveal all the technical details, threats, and how attackers can compromise different robot ecosystem components with practical exploits. Live demos will showcase different exploitation scenarios that involve cyber espionage, harmful insider threats, property damage, and more.

Through realistic scenarios we will unveil how insecure modern robot technology can be and why hacked robots could be more dangerous than other insecure technologies. The goal is to make robots more secure and prevent vulnerabilities from being exploited by attackers to cause serious harm to businesses, consumers, and their surroundings.

HUNT: Data Driven Web Hacking & Manual Testing++
by: Jason Haddix
(PDF) (Video)
What if you could super-charge your web hacking? Not through pure automation (since it can miss so much) but through powerful alerts created from real threat intelligence? What if you had a Burp plugin that did this for you? What if that plugin not only told you where to look for vulns but also gave you curated resources for additional exploitation and methodology? What if you could organize your web hacking methodology inside of your tools? Well, now you do! HUNT is a new Burp Suite extension that aims to arm web hackers with parameter level suggestions on where to look for certain classes of vulnerabilities (SQLi, CMDi, LFI/RFI, and more!). This data is parsed from hundreds of real-world assessments, providing the user with the means to effectively root out critical issues. Not only will HUNT help you assess large targets more thoroughly but it also aims to organize common web hacking methodologies right inside of Burp suite. As an open source project, we will go over the data driven design of HUNT and it's core functionality.

Strategies on securing your banks & enterprises (from someone who robs banks & enterprises)
by: Jayson E. Street
(PDF) (Video)
People who work on the defensive side of computer security only see the landscape from that perspective! In this talk, Jayson will show how an attacker views your website & employees and then uses them against you. We'll start with how a successful spear phish is created. By using the information gathered from the companies’ own 'About' pages as well as scouring social media sites for useful information to exploit employees. The majority of the talk will be covering successful countermeasures to help stave off or detect attacks. This discussion will draw on the speaker’s 15 years’ experience of working in the US banking industry on the side of defense. At the same time, Jayson will be drawing on over 6 years of doing engagements where he took on the role of the attacker. If everything turns out well, everyone will have learned something new that they can immediately take back to their networks and better prepare them against attacks!

The rise of security assistants over security audit services.
by: Yury Chemerkin
(PDF) (Video)
Mobile applications have not only become daily things of our lives, but they have also become a part of XXI culture. Corporate IT and security professionals have same needs with typical customers who manage personal information only. To understand a security, users should keep in mind what happens with their OS, applications, and its data and divide risks into vulnerability and privacy group. The first group refers to actions that break either application or OS. It usually designed to rare involve any user actions to break security mechanisms and get access to user data. The second group refers to privacy issues and describes cases when data stored or transmitted insecurely. Developers ignore the data protection until they faced something or someone who makes them implement a protection, as it should be designed. Developer's privacy policies describe how much every developer cares about data, protect everything and assure users his app provides 100% guarantees. Many security companies develop their risky applications to show customers how much good their data protected. They use (or develop their own) automatic scanners to analyze application code and provide an auto-generated report. Anyway, no one of them can clearly say what data items protected and how bad that protection is. In other words, should user worry about non-protected HTTP connection if he does not know what data transferred over it? The downloading news might be acceptable; transmitting device information, geolocation data and credentials over the network in plaintext is not acceptable. Same to out-of-date OS. Is previous version so bad to worry to rush into an update or not? How was many user data items consumed by 3rd party services like Google/Flurry analytics? The last question is usually how much money user data does worth? The cheapest software costs less than $50; the average one does in 10 times more and forensics software costs over thousand dollars up to $20,000 that gives access to thousand devices and million data items. The saddest part of this story is 'Speed-to-market' idea that helps them to grab data from thousand applications improperly protected, especially, if customers use same data among more than one applications and have at least one bad protected the application. More same data shared between applications and more applications you use, the higher risk of data leakage customers obtains eventually. A new set of security challenges has been already raised. To answer this, we have been examining many applications to have the opportunity make results widely useful and available for IT and security professionals as well as non-technical customers to stay informed about app insecurity. The goal is integrating and introducing security, data privacy compliance to mobile application development and management. It helps to educate customers with useful security & privacy behavior mindset. Spreading information in different ways such as bulletins, EMM integrated monitoring service, or simple reports is a way to solve insecurity issues and help to reduce risks when using mobile applications.

Using R programming in Security Scenarios
by: Wilson Chua
(PDF) (Video)
R is a programming tool especially suited for machine learning. I’d like to showcase a couple of R scripts that can help the security professional in analyzing logs. Id like to present how R can be used to rapidly add ASnum information to a large security log file. This enables sysads to quickly send abuse reports and shortens the feedback loop time.

Trainings

Bug Bountry Operations - An Inside Look by: Ryan Black
Bug bounties are increasingly viewed as a part of an effective AppSec program for companies as well as a means for skilled security researchers to raise both their community profile and personally profit. Join us for a view into the inner workings of a managed bug bounty program. In this presentation we’ll discuss what happens behind the scenes including; how the analyst reviews reports, the types of customer audiences, and internal priorities. Use your security researcher talents together with this presentation’s information to increase your bounty success!
(PDF)

Discovery: expanding your scope like a boss by: Jason Haddix
Whether you do wide scope pentesting or bounty hunting, domain discovery is the 1st method of expanding your scope. Join Jason as he walks you through his tool chain for in-depth discovery including;

Subdomain scraping
Subdomain bruteforce
ASN discovery
Permutation scanning
Port scanning
Discovering Unknown content
Docker automation
and more!
(PDF)

Hacking 101 by: Tikbalang
This is 4-hour training will gear you towards starting your Information Security Career, or just spark the basic, or just simply curious about hacking and hackers.
This training will give the audience an introduction about hacking and it's solid foundation.
(PDF)

Network Forensics by: Raymond Nunez
Network forensics deals with the capture, recording and analysis of network traffic and events in order to discover information about the source of security events or attacks. This training will give an overview of the tools and techniques used for real world traffic analysis.
(PDF)

The Bug Hunters Methodology 2.0 by: Jason Haddix
It's been two years since the original "The Bug Hunters Methodology". This year TBHM will be getting a complete rehaul, incuding tools, methods, and detection logic for several classes of vulnerbilitties that are relvant to anyone security testing web applications. Join Jason as he goes over advents in in the areas of:

Target discovery
SSRF
SSTI
API testing
SQLi
XXE
and more!
(PDF)

Starting Your Bug Hunting Career Now by: Jay "shipcod3" Turla
It happened again today. Another security researcher has bagged 5k $ for a bug he reported to a certain company. It's all over Facebook and Twitter, "19 year old bug hunter finds a Remote Code Execution in an XYZ company". Another bug was released on full disclosure today to the security mailing lists and Twitter but it was not rewarded. It could have been a big scoop for a reward plus he can cooperate with the company without legal threats. He should have adhered to responsible disclosure. It's not too late for a certain individual like you whose crime is that of curiosity. Start bug hunting now and and jumpstart your career. Hack the planet legally and join me in this talk! Together, we will demystify what is bug hunting and how to start your bug hunting career. I am a security researcher and an application security engineer, this is my manifesto. Nobody can stop me, and nobody can certainly stop us all.
(PDF)

Speakers

Christopher Elisan
Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. Aside from speaking at various conferences around the world, he frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Christopher Elisan is also a published author. He authored "Advanced Malware Analysis" and "Malware, Rootkits and Botnets." He co-authored "Hacking Exposed: Malware and Rootkits." All books are published by McGraw-Hill.

Daniel Frank
Daniel Frank is a Security Researcher within RSA FirstWatch for the past 2 years, and altogether is with RSA for the 6th year. Before joining RSA FirstWatch, Daniel was a part of the RSA FraudAction team, first as a Phishing analyst and then as a Malware analyst. On a daily basis, Daniel writes security driven code in Python, researches, dynamically analyses and reverse engineers malware, exploit kits and additional emerging threats. Daniel has presented before at Microsoft DCC 2016 and RSA TechFest 2015. Last year, Daniel received his Bachelor of Science degree in Information Systems from The Academic College of Tel-Aviv ñ Yaffo.

Jason Haddix
Jason Haddix is the Head of Trust and Security at Bugcrowd. At Bugcrowd Jason works with customers, operations, and engineering to design enterprise ready, seamless, bug bounty and responsible disclosure programs. Jason's interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructure security assessments, and static analysis. Jason lives in Santa Barbara with his wife and three children. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and held the #1 rank on the Bugcrowd researcher leaderboard for 2014/2015.

Jayson E. Street
Jayson E. Street is an author of Dissecting the hack: series. Jayson is also the DEF CON Groups Global Coordinator.He has also spoken at DEF CON, ShowMeCon, UCON and at several other CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street”.

He is a highly carbonated speaker, who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are, please note he was chosen as one of Time’s persons of the year for 2006.

Keith Lee
Keith Lee is a Senior Security Consultant with Trustwave's SpidersLabs Asia-Pacific. SpiderLabs is one of the world’s largest specialist security teams, with over 100 consultants spread across North America, South America, Europe and the Asia Pacific. SpiderLabs has a focus on original security research and regularly presents at conferences such as BlackHat, DefCon, OWASP, Hack In The Box and Ruxcon. Keith is based out of Singapore and has primary focus is on providing penetration testing, social engineering and incident response services to clients in the Asia-Pacific region.

Lucas Apa
Lucas Apa is an information security expert and entrepreneur. He currently provides comprehensive security services with cutting-edge firm IOActive (Seattle, USA), both onsite and remotely, for most of Global 500 companies and organizations.

Focused on offensive security, he publicly disclosed critical vulnerabilities and exploits for widely used operating systems, industrial control systems, modern robots, access controls, embedded devices and other groundbreaking technology that shapes the future world.

Lucas’ security research and ideas have been presented at world-renowned security conferences including Black Hat USA, PacSec Japan, Black Hat Europe, Ekoparty, AppSec USA, SecTor and EnergySec. His technical work and opinions have been featured in media outlets such as: The New York Times, Reuters, The Wall Street Journal, Forbes, CNN, CNBC, Financial Times, FOX, VICE and much more. He is currently based in Argentina and advises regularly with local media as a commentator and security analyst.

With an envisioned sense of adventure and experience, Lucas gives the companies he works with the opportunity to partner with global authorities by leading, managing and executing highly technical projects and missions.

Maxwell Koh
Maxwell is a penetration tester with Trustwave's SpiderLabs Asia-Pacific. SpiderLabs is one of the world's largest specialist security teams, with over 100 consultants spread across North America, South America, Europe and the Asia Pacific. SpiderLabs has a focus on original security research and regularly presents at conferences such as BlackHat, DefCon, OWASP, Hack In The Box and Ruxcon. Maxwell is based out of Singapore and his primary focus is on providing penetration testing service to clients in the Asia-Pacific region.

Vladimir Katalov
Vladimir Katalov is CEO, co-owner and co-founder of ElcomSoft Co.Ltd. Born in 1969 and grew up in Moscow, Russia. He studied Applied Mathematics in Moscow Engineering-Physics Institute (State University); from 1987 to 1989, was sergeant in the Soviet Army. Vladimir works in ElcomSoft from the very beginning (1990); in 1997, he created the first program the password recovery software line has started from: Advanced ZIP Password Recovery. Now he coordinates the software development process inside the company and develops strategic plans for future versions.

Vladimir manages all technical researches and product developments in the company. He regularly presents on various events and also regularly runs it security and computer forensics trainings both for foreign and inner (Russian) computer investigative committees and other organizations.

Wilson Chua
Wilson is an IT and business geek from Dagupan, Pangasinan. He finished his masters in IT Program Management at the top of the class from National University of Singapore (NUS). He is now based in Singapore and is currently certified in big data analytics.

Wilson correctly predicted the landslide victory of President Rodrigo Duterte in the last Philippine presidential elections based on twitter sentiment analysis.

He decided not to renew his other certification: Microsoft MCSE, Cisco CCNA, EC Council Ethical Hacker, PMP Project Management

Yuri Chemerkin
Yury Chemerkin has ten years of experience in information security. He is multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance. He published many papers on mobile and cloud security, regularly appears at conferences such as CyberCrimeForum, HackerHalted, DefCamp, NullCon, OWASP, CONFidence, Hacktivity, Hackfest, DeepSec Intelligence, HackMiami, NotaCon, BalcCon, Intelligence Sec, InfoSec NetSysAdmins.

Contest Winners

Receives the Black Badge entitled them for free entrance for next years conference.
Capture The Flag - Ethical Hackers Club
Semprix' Mysterybox - TBA
Hacker Jeopardy - TBA
Bugcrowd CTF - TBA
Coresecurity Challenge - TBA

Pics

ROOTCON 11 Pics

⇑ Back to top