PHDays IV Topics
How can you create a virus or a botnet for AndroidWhat else do you get when you buy a hard disk drive at an eBay auction? What threats surround a SIM card owner? How can you get one-time password tokens?
Get answers to these questions and more at Positive Hack Days IV, the international information security event.
The final stage of Call For Papers started on February 17 and lasts until March 31The first group of speakers for the technical program of PHDays IV has been selected. Abstracts of their papers are presented below
Cyberweapon Against Mobile Networks
Mobile networks should protect users on several fronts: calls need to be encrypted, customer data protected, and SIM cards shielded from malware. Many networks are still reluctant to implement appropriate protection measures in legacy systems, but even those who add mitigations often fail to fully capture attacks because they target symptoms instead of solving the core issue. Karsten Nohl will consider mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution.
Karsten Nohl is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them.
Being the leader among mobile platform vendors, Google is now also known for vulnerabilities in Android. Trojans attack millions of users. Malware programs send messages to short numbers, steal money from credit cards and personal data and conduct hidden camera spying. After the 4-hour hands-on lab, participants will find out more about the development of malware programs for Android and take part in Android exploitation.
The hands-on lab will be held by Aditya Gupta, the founder of Attify and a community member of Null (The Open Security Community in India). He will cover topics such as reversing and analyzing Android malware, auditing applications with manual and automated testing, going in-depth into Dex and Smali file manipulation, Webkit based exploitation and finally ARM exploitation for mobile devices.
Give Me Your Data!
We hear news stories every day about malicious hackers compromising the sensitive data of corporations, governments and individuals. But that is only half of the story. You don't have to be a hardcore hacker to get sensitive information. Dave Chronister will present his report “Give Me Your Data!” to show that even today data is still not stored securely. He will not hack any systems during the experiment; all data will be collected legally. From purchasing devices on Facebook and bidding for Hard Drives on EBay, to monitoring public file sharing sites, and anonymously accessible servers, Chronister will unveil methods to retrieve information and show his findings—which are very surprising.
Dave Chronister is the founder and managing technology partner of Parameter Security. Growing up in the wild world of 1980’s BBSes and early Internet, Chronister obtained a unique, firsthand look at the mind, motives and methodologies of hackers. Chronister has provided ethical hacking services, auditing, forensics and training to clients world-wide. Chronister’s expertise has been featured in the media including CNN, CNBC, CNN Headline News, ABC World News Tonight, Bloomberg TV, CBS, FOX Business News, Computer World, Popular Science, and Information Security Magazine.
Breaking One-Time Password Tokens
Side-channel analysis (SCA) is a powerful tool to extract cryptographic secrets by observing physical properties (power consumption, EM, etc.). David Oswald will present an intro to SCA and related methods and then demonstrate the practical relevance of SCA with two case studies: how SCA can be used to circumvent the IP protection (bitstream encryption) of FPGAs, and, in a similar way, how AES keys of one-time password tokens can be extracted, allowing an attacker to steal digital identities.
David Oswald received his PhD in IT-Security in 2013 and is currently working as the Chair for Embedded Security, Ruhr-University Bochum. He is also co-founder of Kasper & Oswald GmbH.
In the Middle of Printers
Big corporations and financial institutions need secure pull printing services which guarantee proper encryption, data access control and accountability. This research is aimed at performing a man-in-the- middle (MITM) attack on multifunction printers with embedded software from the most popular vendors. The results are staggering. Similar vulnerabilities have been found in multiple solutions which are exposed to breaking the encryption, collecting any prints from the server and printing at others' expense.
Jakub Kaluzny, the author of the report, is an IT security specialist at SecuRing. He performs penetration testing, vulnerability assessments and threat modelling of web applications and network environments. He was inducted into the Google Security Hall Of Fame in 2013.
Vulnerabilities in Business Logic
Business logic vulnerabilities are the least studied and are usually ignored by researchers and pentesters. The situation is caused from the lack of automated detection and exploitation tools and testing practices, as well as from the absence of a clear theoretical foundation which would make the categorization process easier. However, considering the goal of business application analysis, business logic vulnerabilities should be the priority for pentesters, since logical attacks may lead to such outcomes that can be compared to remote arbitrary code execution consequences. Vladimir Kochetkov will speak on theoretical issues of business applications that are basic to logical attacks. His report also covers partial domain logic modeling that allows defining potential vulnerabilities and possible attack vectors. Several real-life application business logic vulnerabilities will be analyzed as examples of the practical use of this technique.
Vladimir Kochetkov is an expert of the Positive Research Center (Positive Technologies). He focuses on security analysis of web-application source code and the theoretical side of information systems security. He also participates in the SCADA Strangelove project and is one of the developers of Positive Technologies Application Inspector. He contributes a lot to open code projects, such as rsdn.ru.
People often become rash and chaotic during an IS incident and can destroy crucial evidence. The 4-hour hands-on lab “How to react to IS incidents: Investigation of a cyber-attack” focuses on a practical approach to incident investigation and learning how to act quickly and calmly to collect evidence, to analyze system logs, memory and disks, and to search for traces of a cybercrime. Participants will be provided with special instructional material and virtual machines, and will be offered several effective strategies to respond to simulated incidents.
The hands-on lab will be held by Alexander Sverdlov, an IT security officer at ProCredit Bank Bulgaria. It is not the first time that Alexander will present his work at PHDays. Last year he conducted a hands-on lab on cyber forensics.
Intercepter-NG: The New Generation Sniffer
The report focuses on the Intercepter-NG toolkit. Today it is the most progressive multifunctional tool for a pentester. Ironically, it is more popular outside of Russia. The author will give an overview of the tool's features and will discuss several examples of attack execution. Examples include: MySQL LOAD DATA LOCAL injection recently presented at Сhaos Сonstructions, and DNS over ICMP, a little-known but powerful attack.
The report will be presented by Alexander Dmitrenko, Head of Training Department at PentestIT. He regularly writes articles for the Habrahabr tech blog and Hacker Magazine. Alexander will be assisted by Ares, an expert at PentestIT and the developer of Intercepter-NG.
Side Channel Analysis: Practice and a Bit of Theory
This topic is not often addressed in hacker conferences, so this time at PHDays we will consider two points of view. Besides David Oswald, Ilya Kizhvatov will present research on Side Channel Attacks. The speaker will introduce the conference community to side channels, present an overview, and explain the state of the art in the this area, giving practical examples. Participants will be able to understand if a particular device is falling under the threat of a side channel attack, how to protect it, and maybe become motivated to play around with side channel analysis just for fun.
Ilya Kizhvatov is a senior security analyst at Riscure (Delft, Netherlands). He has 6 years of experience (half academic, half industry) in embedded security, with a focus on side channel and fault attacks on cryptographic implementations.
Nothing Happens by Chance... or Does It?
A sequence of random numbers is widely used by protection systems of modern applications (encryptions keys, session IDs, captcha, passwords). Resistance of such systems depends heavily on the quality of a random number generator. Mikhail Egorov and Sergey Soldatov will discuss vulnerabilities in Java applications that use pseudo-random number generators. Besides successful attack scenarios, the authors will demonstrate a tool that allows getting an internal state of a generator (a seed), as well as preceding and subsequent values. Participants will also learn how they could use the tool to attack real-life Java applications.
Mikhail Egorov is an independent researcher and programmer (Java, Python). He specializes in fuzzing, reverse engineering, web application and network security. Sergey Soldatov is an independent security practitioner with more than 10 years of network security experience and has been involved in large ISP related development projects.
Learning How to Reverse Engineer OS X Drivers Properly
MacBook and Mac are commonly believed to be more secure than computers operated by Windows. However, recent sensational incidents such as free access to built-in iSight cameras speak for themselves. Egor Fedoseev will discuss analysis methods of OS X drivers, related challenges and ways to minimize efforts. His report “Reverse engineering of OS X drivers” also covers Mac driver features, existing problems of reverse engineering in IDA and possible ways to solve them. The research is interesting for analysts and OS X security specialists.
Egor Fedoseev works for the Ural Federal University (Ekaterinburg, Russia). He is the leader of the student group “Hackerdrome” which was founded in 2005 by the Department of Mathematics and Mechanics of the university. Egor Fedoseev has been into reverse engineering since 2004.
Remember, you can apply until March 31 for an opportunity to present your research at Positive Hack Days IV in front of thousands of leading experts in information security. There are other ways to join the forum, too. Presentations that will take place at the forum on May 21 and 22 will be listed on the event's official web-site in April 2014.