Attacking Modern Environments Series: Attack Vectors on Terraform Environments Inbox
by: Mazin Ahmed
Ever come across an environment in an engagement that uses Terraform for IAAC (infrastructure-as- code) management?Almost every modern company does now.
In this talk, I will be sharing techniques and attack vectors to exploit and compromise Terraform environments in engagements, as well as patterns that I have seen that achieve successful infrastructure takeover against companies. I will be also covering detection and prevention methods for each attack vector discussed in my talk.
This is part of my work-in-progress research in cloud security and attacking modern environments.
Burnout: The Security Risk
by: Chloé Messdaghi
Did you notice a shift in your mental health and/or your colleagues? Burnout was at an all time last year due to the surreal 2020. As we approach the end of the pandemic, we recognize how critical mental health plays when accomplishing goals and productivity output. This talk dives into the factors that lead to burnout among security professionals, the clear line between burnout and failure to retain team members, and how to invest in your team to make sure your team is able to thrive during stressful times.
Buzzard : Crafting your post exploitation framework against odds
by: Aravindha Hariharan and Subhajeet (ElementalX)
Quality & Innovation over quantity. Post-exploitation is a crucial part of red-team assessment as the other phases can be carried out passively but not post-exploitation. Also one of the very important aspect of this entire process of this maintaining access to the compromised host should be leveraged with keeping stealth in mind starting from performing enumeration to leveraging administrator level privileges and lateral movement, as modern day sophisticated EDRs and SIEM solutions and other detection engineering based software aim on staying ahead detecting these malicious implants & beacons. However in this game of cat & mouse the conventional part of red teaming also involves discovering bypass techniques for all the security mechanisms deployed. Once the red teamer gains an initial foothold into the host, he can implants an adversary in the host to achieve persistence. The adversary is capable of staying dormant and performing operations in stealth. It is capable of operating without internet access and can send data or receive commands when connected to the internet. This happens via the command and control server of the red teamer. It is crucial that the command and control server is secure and fast to reduce latency and improvise data transmission. Above all, the server must be easy to deploy and maintain and must be user-friendly, in a few instances the red teamer might have to pivot the data through another internal system that is connected to the internet. During such conditions, the C&C server must stay as it is crucial that the C&C server stays light, fast too Buzzard which is built by two undergrad students has been developed to operate under such intense circumstances, easy to deploy, with both command line and web interface giving the user the freedom to choose the beacons and implants of his own choices, as buzzard aims to provide implants programmed using C, Python, Rust, Go. Although some of the implants & beacons are built upon languages which are not "write once & run everywhere" we aim to build small additional beacons which helps to get all necessary feasible environment which helps other beacons for easy execution.
Buzzard is a hybrid architecture that is put together into a docker container. We have a web interface where the attacker interacts to manipulate tasks according to the requirements. The Web front-end is made up of HTML, CSS, and Jquery, it serves through Node JS which acts as a middleware between REST API and the front-end. The API follows the principle of CRUD(Create Read Update Delete) which is a function like a stateless API and connects to a MongoDB database to store and retrieve information about the tasks. The API also serves the beacons directory for sharing the scripts which interact through the implant. We have a dedicated module that is defined to create tunnel sessions.During each session creation a unique URL is created and some beacons are depended on it, which is dynamic modified to the respective files. When the server is stopped, it will be rewritten back to default. We have a separate module that creates a channel for WebSocket connection for updating real-time notification about the task as well it is used to update the target page for online status. The Monitor module is a multi-thread module to run in the background to check the status of the target machine and update the profile page whether the respective target machine is online or offline by sending an ICMP packet to the target and checks for the status of the machine.
Buzzard currently supports 9 post-exploitation modules and more to be added. Regarding providing a multi-platform support, the implants are only capable on running in Windows & Linux machines . Therefore buzzard is a flexible, easy to deploy, monitor and user friendly C2 server with a support providing the user a choice to choose it's favorite programming language for beacon making it easy for him to debug them . The main goal still remains to make the beacons more persistent and making it more user-friendly & applying anti-reverse engineering traits making it a bit tougher for the defender to analyze these beacons.
Click Here For Free TV! Chaining Bugs to Takeover Wind Vision Accounts
by: Leonidas Tsaousis
Wind Vision is a streaming service offered by a top Greek telecommunication vendor. With over 40.000 active subscribers, a user can just download the Android application and watch TV from anywhere ...And so could a malicious third party, by exploiting a series of vulnerabilities to go from one wrong click by the user - to complete takeover of their account. This talk will present the findings of independent research conducted in 2020 that led to the discovery of several bugs which, although posing low-impact individually, they could result in a much greater attack when chained together.
We will dive deep into the analysis of the vulnerabilities, discussing the common mobile development pitfalls and the psychology behind confusing prompts. Attendees will also have the chance to install the demo Proof of Concept malware application that was developed (it's safe, I promise) to see for themselves how the full chain worked. Mobile developers in the audience will gain insight into how to prevent such attacks, to create apps that are fun, but also keep their users' watchlists safe from targeted malware. Finally, we will close up with a review of the disclosure process, the aftermath of resolution, and other lessons learned that will hopefully set aspiring researchers on the right path to find vulnerabilities in products they use day-by-day.
The vulnerabilities were released in a technical advisory:
And the in-depth analysis was presented in a follow-up technical blog post:
Crafting your own combat hardware
by: Luis Angel Ramírez Mendoza (@larm182luis) and Mauro Eldritch (@mauroeldritch)
In this talk, we would like to present two of our newest Hardware Hacking experiments. Our Armory consists of all sorts of weaponized domestic hardware (BadUSB power banks, USB speakers, keyboards, and more) and infiltration devices, which are available as open-source projects. In this new visit to our Armory, we would like to showcase our newest tools: DIY Movement Sensors with integrated cameras for Physical Hacking and WiFi Deauther Charges. The sensors can be deployed while doing physical penetration testings or red teaming exercises, and are connected to the attacker's smartphone to give early warnings about any movement detected on the covered zone. The Electronic Charges are portable throwable devices, covered in a special adhesive coating which allows them to stick to ceilings or other surfaces. Upon being activated, a countdown starts and when it reaches zero, the device will start to run a pre-selected routine which can consist of WiFi deauthing floods, to bruteforcing, or even simply led-light flashing and making noise to attract attention. Demo videos will be shown during the presentation.
Main topics are Hardware Hacking and Hardware Programming.
Discovering C&C in Malicious PDF with obfuscation, encoding and other techniques
by: Filipi Pires
Fuzzing: Revisiting Software Security
Software exploitation has been done for many years and the research keeps continuing, resulting in different types of attacks that have been approached to prove the issue in the software itself are breakable. Back in the early days of software exploitation, vendors kept denying vulnerability exists in their products and some took years to fix the problem. Until then, full disclosure was introduced to the public and everyone doing the same research keeps posting the exploits on the Internet and being abused either in a good or bad way.
Vulnerability research is one of the methods of securing a software that usually involves complex processes, such as reverse engineering, fuzzing, secure code auditing, developing proof-of-concept or could be a full chain exploit. These days, we can see many resources that could help in this process, including tools that can be used for fuzzing or even libraries to speed up exploit development. The speed of mitigations developed by giant tech vendors such as Microsoft has brought some attention to researchers and reduced many attack surfaces. With this, the cost of vulnerability research has slightly changed.
Disclosing vulnerability to a vendor could be a pain process, months of conversation over email, either with updates or no progress at all. In our talk, we will be discussing research that has been done on different types of software, including our approach and analysis. We will discuss the vulnerability we found and the exploitation strategy. To add some fun facts, we will talk about how we approach one of the Malaysia government agencies on coordinating vulnerability disclosure about software security.
Gathering Cyber Threat Intelligence from the Cybercriminal Underground
by: Eric Reyata
CTI focuses on data collection and information analysis so we can gain an insight about threats against our organization. An often overlooked, but very important source of intelligence is the Criminal Underground.
In this talk, we will discuss how to produce and deliver relevant, accurate, and timely curated information from the CU so that your organization can learn how to protect itself from a potential threat. We'll also look into data breaches, ransomware leak sites and criminal marketplaces to have a better understanding of the underground economy.
Hack the Planet! Desecuritise Cyberspace
by: Emil Tan
I'm in cybersecurity. You're in cybersecurity, or interested in cybersecurity. But, what are we securing? Are we getting better at it? In this talk, I'll deconstruct the concept of (cyber)security and discuss why and how hackers — you and I — should desecuritise cyberspace and hack the planet instead.
Keeping Up With Modern Automotive Exploitation
by: Kamel Ghali
It is common knowledge that vehicles are becoming more connected to the world around them with each passing year. Transportation itself is undergoing a connectivity revolution, with cars, trucks, trains, and even boats being synchronized into the increasingly IoT-influenced world. Appropriately, the global automotive industry and international legislative bodies have begun to prioritize the inclusion of cybersecurity measures into vehicles – passing regulations and industry standards to guide the future of connected transportation.
Despite these strides in awareness of the need for security in vehicles, we still see numerous instances of vehicles being remotely compromised every year. This research is almost always done in a benevolent, white-hat setting (thankfully) but recent disclosures in automotive security have highlighted the importance of security processes in the automotive and greater transportation security industry. This presentation aggregates the most significant vehicle security research presented in the past few years, draws valuable lessons from analysis of the types of attacks used and technologies targeted, and explores ways in which similar attacks can be prevented in the future by adhering to developing industry standards and global legislation.
Malware Hunting - Using python as attack weapon
by: Filipi Pires
The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we`ll show a defensive security analysis with an offensive mind performing an execution some python scripts responsible for downloading some malware in Lab environment. The first objective will be to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running this script, the idea is to download these artifacts directly on the victim's machine. The second objective is to run more than one python script with daily malware, made available by MalwaresBazaar upon request via API access, downloanding daily batches of malwares .
With the final product, the front responsible for the product will have an instrument capable of guiding a mitigation and / or correction process, as well as optimized improvement, based on the criticality of the risks.
OAuth Authentication Bypass
by: Sheikh Rizan
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. We often see websites with “Sign in with Facebook” option. This facility provides convenience to the users that do not wish to sign up using the traditional username and password option. However, there exist a small number of websites that have poorly implemented OAuth allowing an attacker to bypass the authentication and impersonate another user to gain access to websites’ protected resources. This technique is known in the Bug Bounty community and is regarded as an authentication bypass or an account take-over. While there are various write-ups with regards to OAuth authentication bypass, this technique is not widely covered. We would like to present the technical details of the vulnerability we had found.
During this talk, we will present technical findings pertaining how this exploit works. We will show screenshots of traffic intercepted in Burpsuite and which parameters are tempered by the attacker to gain an account take-over. When successful, an attacker will be able to impersonate another user and will be able to access the protected resource on the Resource server. The incorrect implementation of OAuth to authenticate users could lead to unauthorized access containing sensitive PII user data. This vulnerability is trivial to exploit and identify, a well-trained web penetration tester should be able to spot this vulnerability during a black box test and make recommendations to rectify the problem. It is important to summarize that the fault is not within the Authorization Server (Google, FB or Twitter) but rather due to the failure of the Resource Server to properly validate certain parameter. It is imperative that the Resource server never trust any user supplied parameters.
Phishing & Education: Applying security principles during the pandemic
by: IJ Puzon
Based on a true story, it details the analysis of an email phishing attempt against an ordinary Filipino, an understanding of why the threat of phishing is common and the application of security principles by an educational institution during the pandemic.
Securing Process Control Data Transmission to the Blockchain Network
by: Lloyd Kenneth Tugbo and Arian Hills
Integrating Blockchain into Industrial Control Systems (ICS) offers several benefits, but securing its data is a significant issue. This concern slowed the development of this technology in the ICS Industry, preventing it from achieving the level of disruption seen in other industries such as electronic gaming and finance. While encryption is a secure technique in and of itself, it is insufficient to address the data privacy issue inherent in data transmission to the blockchain, rendering it unsuitable for use in the industrial sector where process control data is critical. End-to-end encryption is seen as a solution for L3 to the Blockchain network; however, the optimal end-to-end implementation from the Purdue model's L0/L1 to L3 remains a study topic. This paper will examine existing technologies that can be chained to enable simple and secure transfer of plant data from L0/L1 to Internet Blockchain networks.
To integrate Blockchain in ICS, we considered embedding a blockchain inside a plant network; however, this approach is appropriate for a different use case. The second option is to build a framework around existing technologies. We begin by identifying the main issue that requires attention, which is securing the data transmission. The issue we identified is with data transfer from the Purdue Model's L0/L1 to the Blockchain network and the study examined a variety of potential solutions to this issue. End to End encryption was chosen as the primary method of connecting L3 to Blockchain, either through the use of pre-existing E2EE messaging protocols such as Matrix or through the development of a new E2EE protocol that meets the blockchain and ICS integration criteria in the L3 to Blockchain network chain. These E2EE solutions are limited to L3 to Blockchain networks, which means that there are still issues with E2EE for devices in L0/L1 networks up to Level 2.5 of the Purdue Model, for which we introduced the concept of developing E2EE protocols for embedded devices such as the E4, which is still in its early stage of development and thus not widely used by device manufacturers. Additionally, we recommend the FDI Technology end-to-end solution, which securely connects plant devices to business layers through the use of digital signature technology in the plant devices and secure data transfer via the OPC UA messaging protocol, which is used in the L2.5/3 layer. Although this technique does not utilize end-to-end encryption, we can guarantee that it is not tampered with during transmission due to the digital signature and timestamping features. A sample architecture was presented in which two technologies were integrated. To begin, we'll use Matrix as an E2EE solution for safe data transfer from L3 to Blockchain, followed by FDI technology for securely transmitting data from L0/L1 to L3 network to complete the end-to-end solution.
Skrull Like A King: From File Unlink to Persistence
by: Sheng-Hao Ma
The king is dead, long live the king! There is a well-known feature by which anti-virus or EDR can capture ambiguous or suspicious program files and send them back to security response center for researcher analysis. For malware designers, playing cat and mouse with security solutions in the post exploitation stage while hiding their backdoors from malware detection and forensics is a crucial mental challenge.
Many methods used in the wild by hackers against researchers have already been discussed, for example using a COM hijack to obscure their malware, deploying a kernel hook-based rootkit, bypassing signature-based scanning, and others besides. There's still no method robust enough to counter these techniques, as researchers often cannot totally understand how the malware works internally even if it's caught and analyzed.
Imagine a situation: malware acquires DRM protection, and thereby naturally damages itself when copied from the infected machine. Is it possible? How would it happen? In short, security vendors should be prepared to handle this situation within the Maginot line of their own defenses.
In this talk, we are going to share a breakthrough discovery obscured from even the most through researchers, which can be weaponized and used in the wild with wide applications. We'll show how it links up three different vulnerabilities, and is then weaponized to form three different methods of abuse. At the end of our talk, we'll live demo three proof-of-concepts, share our source code, and propose several mitigation plans for security vendors.
1. Well-Known Methods of Post-Exploitation (~3min)
- Techniques for Hiding Malware: COM Hijacking, Rootkits and More
- Anti-Debuggers, Sandboxes, Virtual Machines, and Custom Packers
- Masquerade Methods: Hollowing, Doppelganging, and Herpaderping
- Defects in current techniques
2. NTFS Abuse Features in Windows (~13min)
- Alternate Data Streams (ADS)
- How Windows Locks Exe Files of a Running Process
- Abusing ADS to Unlink the Exe File of a Process
- (Demo) Remove The Exe File from a Running Process (Like a Fileless Attack)
- (Demo) Woohoo! We're signed by Microsoft ;)
3. Win32 Application Loader Features (~10min)
- Application Loader Task to Fix Up PE Image in Dynamic
- Import Table & Win32 ABI by Function Ordinals from the Compiler
- (Demo) Designing Malware DRM: Homogenize Backdoors' Import Table with a Victim's ABI
4. Conclusion (~4min)
- Doppelganging vs. Herpaderping vs. Skrull
- Patch Suggestions & Mitigation for Security Vendors
- Closing Remarks
The Curious case of knowing the unknown
by: Vandana Verma Sehgal
Modernisation the applications is the need of the hour. However, we still see the vulnerabilities that keep creeping in. When the loopholes in applications (such as legacy, desktop, web, mobile, micro services) are exploited, it can give threat actors visibility and access to the organisation’s data.
As per one of the research 96.8% code on the internet is OpenSource. When Open Source is eating up the whole internet. It becomes imperative to know the aspects of the open source’s usage, if the open source libraries are not used properly or updated on time, open source can make the applications severely vulnerable. With the talk, we will find the hidden treasures with open source projects and will try and see how we can find them before someone else finds it.
The Kill Chain: Future of Cyber in Defense
by: Harshit Agrawal
Modern military forces rely heavily on a variety of complex, high technology, electronic offensive, and defensive capabilities. A well-timed Tweet, an errant Facebook group, or a seemingly harmless WhatsApp forward holds the potency to be even more dangerous than artillery fire and airstrikes. This session aims to reflect the opportunity for attendees to learn about emerging technologies, threats, and practices that will shape the future of warfare and cyberspace operations.
The main topics are Information Warfare, Cyber Reconnaissance, Internet of Battlefield Things. This session will introduce attendees to the Era of Convergence of Cyber and EW, Operations in Multi-domain, along with case studies of Cyber-Reconnaissance, C-UAS, Space warfare, and a glimpse of future warfare from a technological perspective (IoBT).
Using Wordpress comments section as a C&C for fun
by: Juan Karlo Licudine (accidentalrebel)
I explore the possibility and feasibility of using the comments section of abandoned Wordpress-powered blogs as command and control servers. There would be no site take-over nor use of APIs. Communications will be done by disguising commands as legitimate comments or as spam. I'm sharing this as a fun experiment with a novel approach to C&Cs that can offer anonymity with zero hosting costs.
An experienced python developer and student by day & offensive security researcher by night. I love to make tools focused on offensive security, and I love to tinker around web exploitation & reverse engineering.Currently a part of AX1AL reverse engineering community.
Chimmy Arian Hilis is a Software Security Engineer working for Emerson's PSS Technology Group. Her current role led to her interest in looking for solutions to further secure Industrial Control Systems as they transition to Industry 4.0. Her past work as an application security tester for Micro Focus Fortify (formerly known as HP), and as a member of the Vulnerability Management Team for a telco and an oil & gas company greatly contributed to her desire in helping developers build applications with security in mind. She is a self-confessed Swiftie.
Chloé Messdaghi is an award-winning changemaker who is innovating tech and information security sectors to meet today and future demands by accelerating startups and providing solutions that empower organizations and people to stand out from the crowd. She is an international keynote speaker at major information security and tech conferences and events, and serves as a trusted source to reporters and editors, such as Forbes and Business Insider. Additionally, she is one of the Business Insider’s 50 Power Players. Outside of her work, she is the co-founder of Hacking is NOT a Crime and We Open Tech. Learn more: https://www.standoutintech.com
Emil has experience in many cybersecurity trades —including R&D, cybersecurity operations, governance, policies and regulations, and consultancy. Emil is an active contributor in the cybersecurity ecosystem. He plays an active role in catalysing cybersecurity conversations and thought leadership in the community. Amongst many things, he co-founded Division Zero (Div0) —a cybersecurity community group in Singapore—, and Infosec In the City, SINCON —a techno-centric cybersecurity conference. Emil is also often found speaking under various spotlights —including 44CON, Black Hat Asia, BSides London, Hack In the Box (HITB) Singapore, The Honeynet Project Workshop, and at universities and many various cybersecurity plenaries.
Eric is a Cyber Security professional who has been working as a TI Analyst focused on CTI Collection, OSINT, HUMINT, Criminal Underground monitoring and tools development and automation. After working at iSight Partners and FireEye, he joined the Fox-IT InTELL team in The Netherlands. He is also the founder of Rightsec, a cyber security solutions and services provider based in Manila, Philippines.
I’ve been working Principal Security Engineer and Security Researcher at Talkdesk and Security Researcher and Instructor at Hacker Security…I’m Hacking is NOT crime Advocate. I’m part of the Staff team of DEFCON Group São Paulo-Brazil, International Speakers in Security and New technologies events in many countries such as US, Canada, Germany, Poland and others, I’ve been served as University Professor in Graduation and MBA courses at brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis - Fundamentals (HackerSec Company).
Harshit Agrawal is currently working as a Radio Security Researcher. He is enthusiastic about SIGINT, Drone Pentesting, and IoT Security. He presented his research at International Security conferences like RSAC USA, DEFCON, HITB Cyberweek, HITB Amsterdam, etc. Previously, he was President at CSI Chapter and Vice President for Entrepreneurship cell at MIT, where he also headed the team of security enthusiasts, giving him a good insight into cybersecurity and increased his thirst to explore more in this field. Learn more: https://www.linkedin.com/in/harshitnic/
A child of a Pastor & School Teacher, IJ is an Information Security Professional with ~6 years of experience in the field. He specializes in Vulnerability Assessment & Penetration Testing (VAPT) primarily focusing on Host, Web & Mobile Assessments as a member of the Synack Red Team & with his current employer. He is also skilled in Digital Forensics & Incident Response (DFIR), having handled multiple incidents in his previous employments & testifying as an expert witness in a case involving Computer-related Grave Threats & Unjust Vexation. Albeit in a long hiatus, he occasionally plays CTFs with hackstreetboys & TheManyHatsClub CTF Team. Recently, he's taken a bit of interest in Web Development & Graphics Design to help with the ministry started by his parents.
Juan Karlo Licudine is currently employed as a Cyber Security Engineer where he uses his programming and technical skills in helping companies protect themselves from cyber threats. In his free time, he works on cybersecurity-related programming projects like malware analysis tools and remote access tools. He jumps between the red or blue camps depending on which project currently interests him.
Kamel Ghali is a veteran of the automotive cybersecurity community, having spent over 3 years as an expert car hacker, technical trainer, and contributor to worldwide industry-focused communities such as the SAE, ASRG, and the Car Hacking Village. His particular areas of focus within vehicle security are IVN, Bluetooth, RF, and in-vehicle networks. He currently works at White Motion – subsidiary of the global automotive supplier Marelli – where he leads the vehicle security research team, assessing vehicle systems and training customers in state-of-the-art car-hacking techniques. He has presented at numerous security conferences and communities including DefCON, ASRG, GRIMMCon, and more – sharing his automotive security expertise with audiences of every background.
A programmer in JS , C# and student by day & security researcher & ROM maintainer for Raphael, Raphaelin by night. I love to build custom ROMs as my hobby and breaking android applications, Currently a part of AX1AL reverse engineering community.
I had a genuine interest in offensive security ever since the first years of university. Amazed with the exciting and original assignments for the relevant course, it wasn't long before I landed my first job in the infosec industry, which brought me to sunny Cyprus, where I learned a lot, attended conferences and earned certifications. Nowadays, I live in the fascinating, though less sunny city of Manchester in the UK, working as a security consultant at F-Secure, which I followed and admired from the MWR years. Beyond helping clients globally keep their web, mobile and network infrastructure safe, this position has also allowed me to perform lots of research, which resulted in several CVEs for well known products by companies like Cisco and Xiaomi.
Lloyd Kenneth Tugbo works for Emerson's PSS Technology group as a Software Security Engineer, where he leads on researching and implementing security needs in hybrid technologies such as Distributed Control Systems and SCADA.
He is a former resource speaker and college instructor with a passion for Automation, Instrumentation and Control, and Systems Security. A SAFe Certified Architect with a granted US Patent [11,042,147] related to Blockchain, which is the technology he is now focusing on. Khen (his nickname) is also an online gamer wannabe! :)
Luis Ángel Ramírez Mendoza (@larm182luis) is a colombian electronic engineer, hacker and speaker. He spoke at DragonJAR Colombia (Biggest hacking spanish speaking conference in LATAM), DEF CON Las Vegas, GrayHat USA and P0SCon Iran.
Mauro Eldritch is an Argentine Hacker & Speaker, Founder of BCA and DC5411.
He was a Speaker at DEF CON (six times!), ROADSEC (LATAM’s biggest security conference), DEVFEST Siberia, DragonJAR Colombia (biggest spanish-speaking conference in LATAM), P0SCON Iran, Texas Cyber Summit and EC-Council Hacker Halted among other conferences (25+).
Mazin Ahmed is a security engineer that specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle to name a few. Mazin is the developer of several popular open-source security tools that have been integrated into security testing frameworks and distributions.
Mazin also built FullHunt.io, the next-generation continuous attack surface security platform. He’s is also passionate about cloud security where he has been running dozens of experiments in the cloud security world.
Nafiez (@zeifan) is an independent security researcher, enthusiast with memory corruption and found dozens of security vulnerabilities in various applications from open to closed source. He has passion in vulnerability research, fuzzing and reverse engineering. Occasionally blog about his security findings in http://zeifan.my. Nafiez has been part of HITB organizing international Capture The Flag (CTF) events and local (Malaysia) CTF, Wargames.MY.
Rizan is a passionate information security professional with more than 20 years of experience. He loves anything Linux or open-sourced. He had spent over 13 years securing one of the largest oil and gas company in the world from cyber threats. He holds several industry relevant certifications including OSCP, OSCE, OSWE, CISSP & CREST CRT. He had reported security bugs to the US Department of Defense (US DoD), Spotify, Amazon, General Motors, Toyota, Alibaba, Airbnb, Dell, Starbucks & Rockstar Games.
Rizan was also part of a cyber security surveillance group supporting law enforcement agencies globally in the area of lawful interception for mobile and desktop technologies. Prior to his current assignment, he worked at Telenor as a Cyber Security Advisor specializing in offensive security. He has conducted dozens of on-site and remote penetration tests in Sweden, Finland, Thailand, Bangladesh, Malaysia and Myanmar.
Sheng-Hao Ma (aaaddress1) has over 10-year experience in reverse engineering, machine language, and Intel 8086. He has published articles about Windows vulnerability, and Reverse Engineering analysis, and was invited as a guest speaker at Black Hat, DEFCON, HITB, HITCON (Hackers In Taiwan Conference), VXCON, CYBERSEC events, and more. On top of all this, Sheng-Hao Ma is a core member of CHROOT Security Group in Taiwan and is an instructor of HITCON, Ministry of National Defense, and Ministry of Education for Windows Exploit and Malware Analysis.
Low level programmer, undergrad student by day & malware reversing guy by night . Founder & currently leading AX1AL a reverse engineering community.
Vandana is a Security Relations leader at Snyk with current focus on DevSecOps. In her previous experience, she has dealt with Application security, Vulnerability management, SOC, Infrastructure security and Cloud Security.
She is a seasoned speaker / Trainer and presented at various public events ranging from Global OWASP AppSec events to BlackHat events to regional events like BSides events in India. She is part of the OWASP Global board of directors (Vice - Chair). She also works in various communities towards diversity initiatives InfosecGirls, InfosecKids and WoSec .
Vandana is a member of the Black Hat Asia Review Board as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few. She is also one of the organisers of BSides Delhi.
She has been the recipient of multiple prestigious awards like Resilient CISO award by Dynamic CISO, Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource to name a few. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.
Car Hacking Village
Automating your CAN Bus Hacking
This is a n00bs talk for CAN Bus Hacking by applying some automation, fuzzing, and tools that could get the job done in exploring and hacking your car. We will be discussing the following:
- CAN Bus 101
- How to use nano-can
- Python for Car Hackers
- Metasploit for Car Hackers
Career 101 - 0wning Your Cyber Security Career
There's a huge global demand of talent in the Cyber Security Industry and everyone is eager to get on it. But despite the rise of interested candidates, how come companies are still not able to hire? How come many candidates are still not able to land a job in an industry where almost every company is in need of one?
This presentation will talk about the Cyber Security Industry, the current landscape, the gaps and opportunities and a step by step guide on how to hack your way into the industry and land that dream job in cyber security. Whether you are a newbie just graduating from college, an experienced worker wanting to shift to cyber security, or already in the industry just hoping to pivot your way to another role or hoping to escalate and pawn that coveted executive role, this presentation will cover practical tips and techniques to do just that.
This presentation will cover not only how you can get into the industry, but how you can keep it and be great at it.
Bug Bounty 101 - wHACKING your first bug
Interested in bug bounty hunting? The "wHACKING your first bug" talk will help noob bug bounty hunters in finding joy on their journey to crushing their very first bug report. This presentation will introduce techniques on how to spot functionalities in the application that might have common vulnerabilities or misconfiguration. The talk will also guide you on how to create your first bug bounty report that has a good explanation of security impact.
Hacking 101 - Offensive Operation
Want to start offensive security operations but have no idea where? Wonder how they hack machines and gain privileges? Do you ever wonder how hackers think? What mindset is needed and how you'll formulate your attack plans? Enroll in our talk and discover your own Path to Pwnage, a 101 talk on how to take baby steps and hack your first machines.
Unfortunately there isn't too much we can take picture of since it's virtual. We do have screenshots :)