Workshops
From Hack.lu 2009
| Wednesday 28.10.2009 Workshops Room __Europe__ | Wednesday 28.10.2009 Workshops Room __Fischbach__ | Wednesday 28.10.2009 Workshops Room __Diekirch__ | Thursday 29.10.2009 Workshops Room __Fischbach__ | Friday 30.10.2009 Workshops Room __Fischbach__ | |||||
| 9:00 | 9:00 | 9:00 |
OWASP Luxembourg - Owning your network with just one phone call | 9:00 |
tba | 9:00 |
Lock Picking Workshop by Toool.nl | ||
| 10:40 | Refreshment Break | 10:40 | Refreshment Break | 10:40 | Refreshment Break | 10:40 | Refreshment Break | 10:40 | Refreshment Break |
| 11:00 | DAVIX - Visualization Workshop continued | 11:00 | Identifying security weaknesses in your VoIP systems continued | 11:00 | tba | 11:00 | tba | 11:00 | Soldering: How not to burn your fingers |
| 12:20 | Lunch Break | 12:20 | Lunch Break | 12:20 | Lunch Break | 12:40 | Lunch Break | 12:40 | Lunch Break |
| 14:00 | 14:00 | 14:00 | 14:00 | 14:00 | |||||
| 15:40 | Refreshment Break | 15:40 | Refreshment Break | 15:40 | Refreshment Break | 15:40 | Refreshment Break | 15:40 | Refreshment Break |
| 16:00 |
| 16:00 |
| 16:00 | 16:00 | 16:00 | |||
| 18:00 |
| 18:00 |
| 18:00 |
| 18:00 | 18:00 | ||
Contents
|
List of the Workshops that will be held at hack.lu 2009
Bypassing the Perimeter: Client Side Exploitation
Instructors: Nitesh Dhanjani, Billy K Rios
Workshop Description
As more of our valuable data moves to online services, it is important that the attacker understand that compromise of a client system does not stop at the local file system. Once the client is compromised, data from the compromised client can be used to gain access to various online accounts and services. This workshop will cover some techniques that show how the compromise of a client system not only leads to compromise of local files and data, but can also serve as a stepping stone for compromise of online accounts and services. The workshop walks through 4 different scenarios involving traditional and non-traditional exploitation techniques and information gathering. The focus of the workshop is not the individual exploits, but the process used to gain access to sensitive data. The course provides a mixture of lectures and hands-on exercises, with a focus on the hands on exercises. The lecture provides the conceptual information needed for successful completion of the exercises. The exercises will walk the attendee through the various techniques culminating with a challenge the attendee to “capture the flags” established by the instructor.
Items to be covered:
Module I: Memory Corruption leading to arbitrary code execution Module II: Client side Arbitrary Command Execution Module III: Client Side File theft vulnerability Module IV: iPhone Applications
Prerequisites
Attendees should be familiar with traditional client side exploitation techniques (memory corruption, command execution…etc). Attendees should also have a solid understanding of web technologies and online services. Attendees should bring a laptop capable of running two different VMs simultaneously.
Bio Billy K Rios
Billy Rios is currently a Security Engineer for Microsoft where he studies emerging risks and cutting edge security attacks and defenses. Before his current role as a Security Engineer, Billy was a Senior Security Consultant for VeriSign. Billy performed network, web-application, wireless, social engineering security reviews for various clients in the Fortune 500. Most importantly, Billy helped clients understand the existing and emerging security risks that their businesses face, so that they could make an informed business decision. Prior to joining VeriSign, Billy worked as a penetration tester for the Advanced Security Center (Ernst and Young), breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks. Before his life as a consultant, Billy helped defend US Department of Defense networks as an Intrusion Detection Analyst and was an active duty Officer in the US Marine Corps.
Billy has presented at numerous conferences including: Blackhat, RSA, Bluehat, DEFCON, PacSec, HITB, the Annual Symposium on Information Assurance (ASIA), as well as several other security related conferences.
Billy currently holds an undergraduate degree in Business, MBA, and a Master of Science Degree in Information Systems.
DAVIX Visualisation Workshop
Instructor: Jan P. Monsch
Description
Need help understanding your gigabytes of application logs or network captures? Your OS performance metrics do not make sense? Then DAVIX, the live CD for visualizing IT data, is your answer! To simplify the analysis of vast amounts of security data, visualization is slowly penetrating the security community. There are many free tools available for analysis and visualization of data. To simplify the use of these tools, the open source project DAVIX was put to life. At this "Bring Your Own Laptop" workshop, we will introduce you to DAVIX and enable you to start visualizing your own security data in a quest for hunting down anomalies and security issues.
Contents
The workshop starts with an introduction to security visualization, its principle and the basic visualization process. The second part gives an overview of DAVIX, its tools and the integrated manual. During the third part, a walkthrough of a sample analysis scenario is presented, which includes a discussion of different visualizations and the techniques to create them. In the fourth part, a set of sample problems are handed out for participants to tinker with and sample solutions are given after a while. Finally, we will introduce you to the hack.lu visualization contest where you can win security metrics and visualization books if you hand in the best and coolest solution to the posed problem.
Prerequisites
For you to be able to participate in the analysis part of the workshop, you should have basic Linux operating skills and bring an Intel or AMD x86 based notebook with at least 1GB of memory, a wireless LAN adapter and VMware Player 6.5 installed on it. The DAVIX VMware image, which contains all required tools and sample data for the workshop, will be distributed during the workshop on DVD and USB stick.
Bio Jan P. Monsch
Jan P. Monsch is security analyst and has 10 years experience in the field of IT security and most of it in the Swiss banking and insurance industry. His talent in understanding and assessing security in large environments has got him involved in several outsourcing projects with international participation. Apart from reviewing security, he has trained many software developers, IT engineers and security officers in the fields of application and content security. His passion for application security and interest for better understanding security in real-world applications has lead him to the field of security visualization. The lack of broadly available solutions for security data analysis and visualization has motivated him to create DAVIX - The Data Analysis & Visualization Linux.
Identifying security weaknesses in your VoIP systems
Instructors: Joffrey Czarny and Sandro Gauci
Content of the Workshop:
The Goal of this workshop is to learn the risks and the weaknesses of default deployments of VoIP and the threaths posed by the misconfiguration of some telephony features. The workshop will provide specific guidelines and advice on how to build a secured VoIP architecture. An example of this is the use of SRTP combined to DIA/ARP guard as one of the ways to block wiretapping... Several of such features will be presented and discussed during the workshop.
Some comparative information will be presented about the security aspects of different voice vendors like Alcatel, Nortel, Cisco and Asterisk.
Overview:
* Identification of the VoIP Product * VLAN hopping, accessing the voice VLAN from the data VLAN * VoIP accounts enumeration * Communication wiretapping and injection of sound during a call * Spoofing of phone profiles and identity spoofing * UNISTM attack on Cisco IP phones * Bypass of call restrictions and voice gateway abuse * Grab of SIP or IAX credentials * Denial of Service on VoIP servers and IP phones
Prerequisites
* Python >= 2.5 * An editor > notepad * Scapy * Wireshark (optional)
Bio: Joffrey Czarny, Sandro Gauci
Joffrey CZARNY (France), working for Devoteam Security Business Unit (FR). Since 2001, Joffrey is a pentester, he has released advisories on VoIP Cisco products and spoken at various security-focused conferences (Wireless Conference at Infosec Paris and Wireless Workshop at Hack.lu 2005, VoIP at Hack.lu 2007/2008, ITunderground 2008/2009, BruCON and Hacktivity.hu ). On his site, www.insomnihack.net, he maintains the Elsenot project ("http://insomnihack.net/elsenot/") and posts video tutorials and tools on several security aspects.
Sandro Gauci is the owner and Founder of EnableSecurity(www.enablesecurity.com) where he performs R&D and security consultancy for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious (sipvicious.org) and VOIPPACK for CANVAS.
Advanced Network Based IPS Evasion Techniques
Instructors: Olli-Pekka Niemi, Antti Levomäki
Content
Intrusion Prevention Systems are used to protect vulnerable hosts from remote exploits. Exploits can apply multiple evasion methods to bypass the detection of Intrusion Prevention Systems and break into the remote system. Security testing products such as Core Impact, Canvas and Metasploit contain multiple evasion techniques, but these tools are still exploit and endpoint-security testing oriented. There is no tool nor product publicly available that can be easily and reliably used for measuring how well an IPS system decodes and blocks attacks enhanced with various evasion techniques.
While developing the StoneGate IPS solution, we have researched various protocol based evasion techniques and created a tool that can be used in testing how well an IPS device decodes various evasion techniques. After all, if the IPS is supposed to protect vulnerable hosts from remote attacks, it must stop the attacks regardless of the evasion used.
In this presentation we will look into various known evasion methods as well as discuss a couple of possibly previously unknown evasion techniques. We will also demonstrate our in-house developed evasion tool, which will be available upon request.
Bio:Olli-Pekka Niemi, Annti Levomäki
Olli-Pekka Niemi has been working in the area of Internet security since 1996. Since 2000, he has worked at Stonesoft’s R&D department, developing Stonesoft's StoneGate network security solutions. His main areas of responsibility include the analysis of network based attacks and attack methods as well as the writing of attack and application detection signatures for StoneGate network security solutions. Mr. Niemi is also the team leader of the Stonesoft Vulnerability Analysis Goup (VAG). Before joining Stonesoft Mr. Niemi worked at KPMG Information Risk Management, where he mainly focused on penetration testing and security audits. He has also worked as a system administrator at the Helsinki University of Technology.
Antti Levomäki has been working at Stonesoft R&D since 2004. His main tasks include the analysis of network based attacks and attack methods as well as the writing of attack and application detection signatures for the StoneGate Network Security Products. His main areas of expertise include the writing of exploits and hacking tools. Mr. Levomäki holds a Master Of Computer Science degree from the University of Helsinki.
Soldering: How not to burn your fingers
Only 7 places per Workshop. Only the 14 first persons to register at info (AT) hack (dot) lu will be able to attend. Use Soldering as subject and specify what date.
Instructors: Steve Clement, Bartek Kostrzewa
Content
In this workshop the HackerSpace syn2cat will get you up to speed on the Basics of Soldering. We will get you boot strapped on how to solder your own little kit without the frustration of a defunct piece of funk. But in case it really doesn't work, you will get the inside knowledge on how the Multimeter works and why it is the ultimate debugger for nearly any situation.
Prerequisites
- A steady hand
- Patience
- Ideally buy a Kit from us Prices et al.
We will provide EVERYTHING you need to solder (Irons/Solder/Wick/Suckers/Magic_wands etc...)
We will also have Kits you can actually buy for a very social price and you even support the local HackerSpace with your purchase BUT the first dry steps are on us and you can participate and test your new skills on a Few LED's
Bio:Steve Clement, Bartek Kostrzewa
Active in the Local Hacking scene both are avid Fans of Electronics and anything that makes noise or blinks. They are the living proof that anyone can Solder and Transfer the knowledge to you, the audience, as they too once sat in a similar workshop to get started.
OWASP (Luxembourg local chapter) Workshop
Owning your network with just one phone call
Content
We will present in this talk new attack vectors against the internal network that leverage IP telephony and Web specific attacks. We will start with real world vulnerabilities that have been discovered and disclosed by our team. We will show how SQL injection and XSS attacks can be executed over SIP and how devastating this mixture can be. A practical demonstration of one attack will be performed live against a VoIP server.
In the second half of the talk, we will address the fuzzing framework KIF that is developed by our team. We will show how closed loop fuzzing is performed using system related tracing capabilities. At the end of the talk, a short tutorial on KIF will be included.
Bio: Radu State, Humberto J. Abdelnur , Jorge Lucangeli Obes and Olivier Festor
Radu State holds a Ph.D from INRIA and a Master of Science in Engineering from the Johns Hopkins University (USA). He is a researcher in network security and network management with more than 60 papers published in international conferences and journals. He is member in the technical program committees of IEEE/IFIP Integrated Management, IEEE/IFIP Network Operations and Management and IEEE/IFIP DSOM, IEEE RAID. He lecturers at major conferences on topics related to security and network management and control. His activities range from network security assessment, software security to VoIP intrusion detection and assessment
He is currently on leave from INRIA and is associated with the University of Luxembourg.
Humberto J. Abdelnur is a Ph.D research engineer at INRIA Nancy - Grand Est.
He received his Ph.D on vulnerability assessment from the Université Henry Poincaré in Nancy, France, in 2009 and his MSc in Computer Science from National University of Cordoba (U.N.C.), Argentina, in 2005.
His current research and interests are concerned to the fields of Software Reliability, Fuzz Testing and Network Fingerprinting.
Jorge Lucangeli Obes got his MSc in Computer Science at the Facultad de Ciencias Exactas y Naturales, Universidad de Buenos Aires, in April 2009.
He worked at Google USA from December 2007 to March 2008, on the Platforms team, evaluating the hardware platforms that were going to be introduced in the company's datacenters.
He worked at the Dependable Systems Research Group at the university, from May 2006 to October 2006 and is currently on internship at INRIA, Nancy, France
Olivier Festor is a research director at INRIA Nancy—Grand Est where he leads the MADYNES research team. He has a Ph.D. degree (1994) and an Habilitation degree (2001) from Henri-Poincare University, Nancy, France. He spent 3 years at the IBM European Networking Center in Heidelberg, Germany and one year at the EURECOM Institute in Nice, France. His research interests are in the design of algorithms and models for automated security management of large scale networks and services. This includes monitoring, fuzzing and vulnerability assessment. Application domains are IPv6, Voice over IP services and dynamic ad-hoc networks.
He has published more than 70 papers in network and service management and serves in the technical program and organization committees as well as in the editorial boards of several international conferences and journals. He was the TPC Co-chair of the IFIP/IEEE IM’2005 event. Since 2006, he leading the EMANICS European Network of Excellence dedicated to Management Solutions for the Future Internet and was named co-chair of the IFIP TC6 Working Group 6.6 co-chair in 2007
The Traveling Hacksmith by Saumil Shah
This qualifies more as a barcamp. There have been times where a hack or two has saved us time, energy, money and loss of temper. There have been times where a hack or two have helped us gain an edge. There have been times where a hack or two have saved our butts.
This workshop features some creative-yet-simple hacksmithy during my travels worldwide. Topics in this session feature more-expensive-than-satellite-phones hotel WiFi access, exit row seating, fine-print dirty tricks, kiosks, and more. All of these have been from my own personal experience and digging around.
This talk welcomes participants to contribute a hack or two to the growing bag of tricks. All discussions shall be limited to the room. There are no slides - just fun and games and learning something new.