“All you ever wanted to know about BeEF” Speaker: Michele "antisnatchor" Orru, Senior Spider (â Trustwave SpiderLabs) BeEF is a powerful platform for client-side pwnage, XSS post-exploitation and generally victim browser security-context abuse. Every browser is in a different security context: browser and operating system type/version, plugins installed, specific domain hooked could open different security holes. Imagine Internet Explorer 8 on Windows XP-SP3 lacking patches, vulnerable to the Aurora exploit, or maybe Firefox fully patched with a vulnerable Java plugin. The framework allows the penetration tester to select specific modules (in real-time) to target each browser, and therefore each context. During this workshop we will start with BeEF in action on a number of simulated attack scenarios, employing techniques like:
Finally, we'll finish the workshop covering internal network compromise from within the victim browser, introducing the new BeEF bind shellcode and explaining how Inter-Protocol Exploitation is used. Inter-protocol Exploitation removes browser-based attacks from being dependent upon browser vulnerabilities. It increases the number of potential exploits to include many service vulnerabilities throughout the internal corporate network. This includes whatever service can be contacted via a browser request. This increases the success rate of client-side exploitation attempts by dramatically increasing the number of vulnerabilities accessible to the attacker. We'll have more live demos than slides, so fun is assured. If you want to fall in love with BeEF, and you like application security, you must come to this workshop. Requirements for participants to workshop: Computer with VMware Player 5. |
||
“Random Numbers. Take Two” Speakers: Arseny Reutov, Timur Yunusov, Dmitry Nagibin At BlackHat 2012, George Argyros and Aggelos Kiayias presented their research concerning attacks on random number generator in PHP, which shows the pseudoness of the random numbers. We have conducted our own research which led to the creation of a program to attack session generators and other PHP defense mechanisms. We have also prepared some exploits to conduct such attacks on the latest versions of popular web applications. The workshop will feature:
Computer with VMware Player 5. |
||
“Advanced Exploit Development (x32). Browser Edition” Speaker: Alexey Sintsov The browser is a window into the world of the Internet, so it is not surprising that various adverse figures use the window to climb right into our home. This workshop is designed for those who are interested in understanding how these figures enter the house by exploiting browser (or plugin) vulnerabilities such as a buffer overflow or use-after-free. Furthermore, we will discuss in details how various defense mechanisms that should prevent penetration work and how they are deceived. We will study the types of attacks on the defense mechanisms of OS and software, such as DEP/ASLR/SafeSEH/GS, learn the technique of HeapSpray, and execute arbitrary code to bypass all the protections! All attacks and exploits will be reproduced by participants during the workshop so they can independently evaluate the threats and the real capabilities of such attacks. Included:
At all key stages, calc.exe will be obtained. Participants themselves will bypass the defense methods and build exploits. A participant will receive:
|
||
“RFID: Jokers up our sleeves” Speakers: Kirill Salamatin (aka Del), Andrey Tsumanov Included:
Requirements for participants to workshop:
|
||
“Reversing banking trojan: an in-depth look into Gataka” Speaker: Jean-Ian Boutin Seldom do we see a new banking Trojan with the size and complexity of Win32/SpyEye appearing. This happened last year with the discovery of Win32/Gataka: a banking Trojan able to inject content in HTML pages and exhibiting a modular architecture easily extensible with plugins. Once installed on a computer, Win32/Gataka can be used by botnet operators to steal personal information. As of now, it has been used to steal banking credentials in various countries such as Germany, the Netherlands and Australia. The workshop documents the discovery of this banking Trojan along with its internal design and its similarities with another well-known banking Trojan: Win32/SpyEye. Among other things, both share the same webinject configuration file syntax. This is a good example of malware writer specialization: webinject file targeting specific institutions are interoperable between different malware platforms. Advanced webinject configuration file and how scripts contained in these files can be used to automatically steal personal information and/or attempt fraudulent bank transfers will also be discussed. Finally, we will go over some of the campaigns we have tracked in the past year and show how this new strain of malware is targeting national institutions and how it is evading different two-factor authentication processes. Throughout the workshop, we will have reversing sessions that will highlight some of the steps needed to analyze this threat. Aliases: Tatanga, Hermes. Requirements for participants to workshop:
|
||
“Exploitation of XML-based attacks” Speaker: Alexey Tyurin XML (Extensible Markup Language): being simply a markup language in essence, it has become a base for various data storage and transmission formats. Currently, XML (broadly speaking) and XML based technologies are a common thread in most information systems, from small to huge. This is why knowing and understanding the attacks connected to XML will be useful for any pen-tester: because they are universal. The workshop will feature:
|
||
“Forewarned is forearmed: AddressSanitizer and ThreadSanitizer” Speakers: Alexander Potapenko, Dmitry Vyukov We'll talk about two bug-hunting tools, AddressSanitizer and ThreadSanitizer, describe their design and their applications to industrial development and vulnerability testing. The workshop will feature some known bugs (buffer overflows, use-after-free, race conditions) in opensource projects and their impact on program stability and security. We'll also show how those bugs could've been prevented. Agenda:
|
||
“DDoS” Speakers: Alexander Azimov, Artyom Gavrichenkov, Alexander Lyamin About DDoS in three chapters:
|
||