RC18 @ VILLAGE TALKS




Cellphone Security Exposed: Understanding Interception and Other Cellphone Threats
by: Henry N. Caga

Join us at the "Cellular Assault Village" for an eye-opening presentation. In this talk, we will dive deep into the vulnerabilities that lurk within our everyday mobile communications, revealing how both voice calls and SMS messages can be intercepted.

We'll explore the mechanics behind passive and active interceptors, shedding light on how these tools can be used to eavesdrop on seemingly secure conversations. You'll see how the Cellular Assault Village team has developed custom hardware that mimics the functionalities of expensive commercial interceptors, leveraging Software-Defined Radios (SDRs) and other innovative techniques to achieve similar results at a fraction of the cost.

The presentation will also cover the dangers of SMS phishing, including demonstrations of spoofed number attacks and other deceptive tactics used to manipulate unsuspecting users. By the end of this session, you'll have a comprehensive understanding of the threats facing mobile security today and the creative solutions that can be employed to counteract them.

Whether you're a security professional, a hacker, or just someone interested in the dark side of mobile technology, this presentation will equip you with the knowledge to better protect yourself and others from these pervasive threats.



Chip Off Forensics
by: Captain (a.k.a. Forensics and Hardware Ninja)

Chip-off forensics is an advanced digital data extraction and analysis technique which involves physically removing flash memory chips (IC) from a subject device and then acquiring the raw data using specialized equipment. Apart from the rework station, it should have a suitable reader or device to retrieve the data/firmware from the chip. It is a newly developed device which can recognize the chip's detailed information. During the village, the audiences would have opportunity to analyze the common eMMC / UFS chips and discover the secret from it



Enhancing Your Red Team Arsenal: Optimizing Havoc C2
by: Bianca Gadiana

In the evolving landscape of offensive security, staying ahead requires not just the right tools, but an in-depth understanding of how to wield them effectively. "Enhancing Your Red Team Arsenal: Optimizing Havoc C2" dives into the intricacies of using Havoc C2, a powerful command-and-control framework, to elevate your red team operations.

This talk will guide attendees through the process of customizing Havoc C2 to suit specific operational needs. Attendees will gain insights into optimizing Havoc's C2 capabilities by exploring advanced customization techniques from fine-tuning profiles to creating custom modules and integrating them seamlessly into your red team operations.

Whether you're a seasoned red teamer looking to refine your tradecraft or a newcomer eager to enhance your toolkit, this session will equip you with practical insights and actionable techniques to fortify your offensive strategies.



Launching of Siyasat Linux
by: Eric Reyata & Dan Pablo

Siyasat Linux is a specialized distribution designed for Open Source Intelligence (OSINT) investigations, catering to the needs of threat intelligence analysts and other intelligence professionals. Built on the foundations of Debian 12, this provides a comprehensive suite of tools and customized environment to streamline your investigation workflows.

This is the formal launch of this tool developed by Recon Village PH.



Navigating the Network: Active Directory Attacks and OPSEC Strategies
by: CJ Villapando

Active Directory Domain Services (AD DS) is commonly used by small and large organizations today as their primary resource for user account management and access control. It is so common, it is used by approximately 90% of the Global Fortune 1000 companies today. Securing it is a critical mission for an organization; hence, it is required for security professionals to understand what misconfigurations can be abused to compromise the domain.

This presentation will examine the most common attacks used to compromise Active Directory. Beginning with an overview of the Active Directory architecture and how attackers can abuse misconfigurations to achieve their objectives. Seemingly complicated topics such as AD enumeration, Domain Privilege Escalation, Kerberos-based attacks, and gaining credentials will be covered. It will also look into common OPSEC (operation security) fails one red teamer may encounter during an engagement.



Teardown of an EV Charger for Security Research and When EV Chargers Attack!
by: Jay Turla

Electric Vehicle (EV) charger hacking is becoming more common as EV technology advances and more charging stations appear on the map.At the Pwn2Own Automotive 2024 event, several electric vehicle (EV) chargers were successfully hacked by participants. In this talk, we will try to dig into one of the targets by doing a teardown and explain how to turn it on for benchtop experiments and security research plus without burning down your house. We will also explain our modification hack escapade which is a different approach from what we learned from Pwn2Own.