[Keynote #1] by Cedric Blancher /PDF Slides

[Keynote #2] by Fyodor Yarochkin /PDF Slides

[Keynote #3] by Marc “van Hauser” Heuse /PDF Slides

[Lockpickito Ergo Sum] by Walter Bergers /PDF Slides

[Modern webapp hacking or how to kill a bounty program] by Itzhak Avraham (Zuk) & Nir Goldshlager /PDF Slides

In this presentation we will cover critical aspects of web applications, and how these techniques can be used on real life scenario on big (and highly “secured”) websites. These bugs and methods will be able to assist you in your next bug-hunting in your pentest or (god-forbid) bounty program.
We will reveal several vulnerabilities found on real big scale and important websites.

["Secure Password Managers" and "Military-Grade Encryption" on Smartphones: Oh Really?] by Andrey Belenko & Dmitry Sklyarov /PDF Slides

The task of providing privacy and data confidentiality with mobile applications becomes more and more important as the adoption of smartphones and tablets grows. As a result, there are number of vendors and applications providing solutions to address those needs, such as password managers and file encryption utilities for mobile devices.
In this talk we will analyze several password managers and file encryption applications for Apple iOS platform and demonstrate that they often do not provide any reasonable level of security and that syncing data between desktop and mobile versions of the applications increases the risk of compromise. We will also show that the best way to provide privacy and confidentiality on Apple iOS platform is by adhering to Apple Developer Guidelines and not by reinventing the wheel.

[Hardware backdooring is practical] by Jonathan Brossard & Florentin Demetrescu /PDF Slides

This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.

[Cryptographic Function Identification in Obfuscated Binary Programs] by Joan Calvet /PDF Slides

Therefore we will discuss in this talk the way we implemented a cryptographic function identification technique based on the input-output relationship comparison for obfuscated binary programs. We will insist on the building process leading to the final tool, as we believe it is a generic way of tackling such identification problems, whereas the tool itself is suitable for *some* hard-to-detect cryptographic functions in *some* obfuscated binary programs. Among several examples we will show how we automatically identified algorithms such as RC4 – very often missed by existing tools – and XTEA in heavily obfuscated binary programs, with the appreciable side-effect of knowing precisely their arguments. Finally we will show that our technique allows the recognition of modified versions of well-known cryptographic algorithms.

[Easy Local Windows Kernel Exploitation] by Cesar Cerrudo /PDF Slides

For some common local Kernel vulnerabilities there is no general, multi-version and reliable way to exploit them. There have been interesting techniques published but they are not simple and/or neither they work across different Windows versions most of the time. This presentation will show a couple of easy, reliable and cross platform techniques for exploiting some common local Windows kernel vulnerabilities. These new techniques allow even to exploit vulnerabilities that have been considered difficult or almost impossible to exploit in the past.

[Recent Advances in IPv6 Security] by Fernando Gont /PDF Slides

Fernando Gont will discuss the results of the aforementioned project, discussing the most recent advances in IPv6 security, and providing advice on how to deploy the IPv6 protocols securely. Gont will discusss advances in IPv6 security areas such as Denial of Service attacks, firewall circumvention, network reconnaissance, and First-Hop security, and will note other IPv6 security areas in which further work is needed. Finally, he will provide
demos for some of the discussed issues.

[Strange and Radiant Machines in the PHY Layer] by Travis Goodspeed & Sergey Bratus /PDF Slides

As V.I. Lenin wrote, “the electron is as inexhaustible as the atom.” In “Materialism and Empyriocriticism,” Lenin strongly rejected the Idealist notion of natural phenomena assumed at some level to be indivisible or impenetrable to human cognition. Yet some Comrades still view hardware and PHY as a “thing in itself”, an impenetrable and indivisible package. ??? ???????. These Comrades must be shown the error of their ways. They must be shown that the PHY layer is just as malleable and just as exploitable as any of the layers above it! Under the hood, PHY layer hardware has a number of components that can be used on unintended computation paths, for unexpected results. Weird machines do not stop at software, they extend into hardware and may reside entirely in hardware. Once we get past the illusion of hardware atomicity, it provides enough weird cogs to borrow. Packet-in-Packet enables the remote attacker who can manipulate the higher layer payloads of a digital radio link to inject PHY layer frames — without ever owning a radio. The attacker builds this injection out of the hardware elements of the remote PHY chip and ambient radio noise. Now that’s atomic divisibility and powerful dialectics, Comrade! We will show how the Packet-in-Packet remote PHY layer injection technique is naturally derived from this view, and show other classes of PHY bug (cogs) that can be found that way. We will show that seemingly mundane fingerprinting research into hardware differences can deliver cogs that power much stronger exploits. PHY Fingerprinting is not a mostly-harmless firecracker activity. Playing around with isotopes looking for minute differences may sound silly, but this is the kind of study that delivers nuclear power, Kuzkina Mat’ grade. Da, Tovarisch.

[Hacking the NFC credit cards for fun and debit ; )] by Renaud Lifchitz /PDF Slides

MasterCard and Visa are currently releasing new contactless credits cards worldwide. Payments can become faster, simpler and easier but are they becoming more secure? We have worked on such cards and found nearly no security. Partial card cloning and unsollicited payments are possible.

[All Your Calls Are Still Belong to Us - How We Compromised the Cisco VoIP Crypto Ecosystem] by Daniel Mende and Enno Rey /PDF Slides

Modern “Enterprise” VoIP solutions are complex beasts. They usually encompass application servers (e.g. for mailboxes and to provide CTI functions), “infrastructure systems” for authentication or crypto stuff and “intelligent” phones. In the end of the days the inherent complexity means that – while “traditional” VoIP attacks (like re-directing, sniffing and reconstructing calls) might no longer work – we’ve been able to severely compromise any enterprise VoIP environment we’ve pentested in the last twelve months. Based on a number of warstories, in this talk we’ll first lay out the relevant attack vectors and the protocol or device level vulnerabilities enabling those. We will then focus on Cisco’s Unified Communications solution that seemingly disposes of a mature, certificate based crypto framework protecting both the signaling and the media transport. Well, seemingly. When closely inspecting the relevant parts and messages, it turns out that at some point all the key material can be replaced by attacker chosen keys. Which effectively means that we’re down to cleartext-like attacks again… We’ll publicly provide a detailed technical explanation of the underlying vulnerabilities, show a live demo sniffing calls in a presumably fully encrypted environment and – of course ;-) – present a tool automating a number of steps of the overall complex attack. A discussion of potential mitigating controls, both on a technical and on the provisioning process level, completes the talk.

[Yo Dawg, I Heard You Like Reversing...] by Aaron Portnoy & Brandon Edwards /PDF Slides

IDA Pro presents the reverse engineer with a vast array of tools and capabilities, but after using it for our daily tasks for quite some time, we’ve realized there are some forms of functionality for situations the authors did not build into the tool. This presentation is intended to motivate the audience to think outside the confines of the current capabilities IDA provides. We will present ideas for solutions to help overcome many tedious tasks and common pitfalls faced by reverse engineers. Starting with demonstrating how to extract data from IDA to create an out-of-band database, we will then proceed to show the immediate efficiency improvements this allows. We will show how to store and subsequently query arbitrary metadata, new techniques for navigating code (complete with UI enhancements), an improved marking system, and the ability to collaborate with others by transferring marshaled objects from one IDA instance to another. Additionally, we will demonstrate both intra- and inter-function path finding capability based off of our custom query language and external graph database. The benefits these capabilities bestow will become apparent when we show how you can tie in an external debugger to perform arbitrary analysis (hit tracing, taint analysis, and so on) to complement your static reverse engineering efforts.

[Decomposing the Network to perform Attack Planning under Uncertainty] by Carlos Sarraute /PDF Slides

As penetration testing tools have evolved and have become more complex, the problem of controlling these tools successfully has become an important question. A computer-generated plan for an attack would isolate the user from the complexity of selecting suitable exploits for the hosts in the target network, and contribute to making the assessment of network security more accessible to non-expert users. This issue can be addressed as an attack planning problem. In this talk, I will discuss some ideas to deal with the uncertainty regarding the target machines — about the details of their operating system and running applications, which have a direct influence on the results of the exploits. Planning under uncertainty is more complex, since decisions must be taken based on beliefs about the target machines (and the belief space is infinite!) So there is naturally a tension between two directions: (i) to improve the realism and expressivity of the model and (ii) to improve the performance of the planner and make something actually useful in practice. I will present results obtained in both directions, some of them in collaboration with INRIA (Nancy, France). We have developed new algorithms that exploit the network structure: we decompose the network connectivity graph into logical components, and we approximate the attacks on these components by combining attacks on individual machines. The attacks on individual machines are modeled and solved as partially observable Markov decision processes (POMDP). This new method allows us to retain the expressivity of the POMDP model while making the solution scale to real-life networks.

["The System of Automatic Searching for Vulnerabilities or how to use Taint Analysis to find security bugs"] by Nikita Tarakanov & Alex Bazhanyuk /PDF Slides

In this presentation we will discuss The System of Automatic Searching for Vulnerabilities (SASV). We willl show how to use SASV and how to find vulnerabilities in fully automatic mode. We will demonstrate automatic process of finding security bugs in the kernel drivers of Windows Operating System. We will describe in depth the key mechanisms of SASV. This framework (SASV) was developed based on the integration of IDA Pro and BitBlaze. The key mechanism of SASV is to implement taint propagation algorithm. We will talk about some real life examples, and some advanced algorithms, like: static taint analysis.

[Exploiting a Coalmine: Abusing Complex Bugs in Webkit's RenderArena] by Georg Wicherski /PDF Slides

A wise sort-of role model of mine once taught me about good bugs vs. bad bugs to exploit; from what I can tell, he spends a lot of time understanding really shitty bugs. Analogously, I will present a class of bugs in Webkit that are hard to exploit but also numerous.

Although the involved RenderArena custom heap allocator has no security at all, injecting user controlled data is difficult from an attacker’s perspective. This is even more true for a Webkit running on an embedded platform, where the RenderArena is not built on top of TCmalloc but the system’s native allocator.