TROOPERS09 Archive - Presentations

Troopers09 was taking place at April 22th and April 23th 2009.


Keynote: Stop the Madness – The Role of Security Basics in a Complex World

Enno Rey

April 22, 2009 (at 10:30 a.m.) in

This year Enno Rey is opening Track C with his keynote speech on ‘The Role of Security Basics in a Complex World’.

Embedded Systems – “Invisible” Devious Devices?

Sergey Bratus

April 22, 2009 (at 11:15 a.m.) in

“Embedded systems” used to imply highly specialized hardware, custom operating systems, and a close-to-assembler programming style to wring out as much performance as possible out of platforms that had no spare computing power. Thus embedded systems were generally trusted to harbor no malicious surprises as long as they performed their intended tasks. However, the embedded world has changed, and none of these assumptions holds true anymore.

These days, expect your embedded system such as a printer or a set-top box to be based on a commodity OS with a stock kernel, which supports all kinds of unexpected functionality such as packet routing, sniffing, and forging. The proverbial “networked toasters” could just as easily turn into man-in-the-middle bots and covert gateways into your networks, while never failing in their direct duties, and with all of their warranty seals intact.

He will talk about subverting commodity stock-kernel embedded systems, and ways to prevent it.

Rootkits are Awesome: Insider Threat for Fun and Profit

April 22, 2009 (at 1:30 p.m.) in

Addressing the Insider Threat is now rightly recognised as playing a crucial element in improving the security posture of organisations and preventing all kinds of embarrassment. Recent years have seen a growth in all manner of vendors promising panaceas to address ordinary user activities, but what exactly are the solutions offered? In a lot of instances, legitimate rootkits. This talk examines the current state of the insider threat marketplace, the technical solutions to the issues presented, and an actual analysis of user activities in RL and how they may well negate the the promises of vendors and the expectations of security minded organisations.

.NET Access Control Service: Analysis of Microsoft’s Cloud Based Authorization Service

Dominick Baier

April 22, 2009 (at 2:15 p.m.) in

Authentication and Authorization is well understood as long as you stay in your own trust domain. These tasks get much harder as soon as external users need to access your applications or you need to establish authorization for cloud based services (which are not “attached” to any trust domain at all). This talk takes a close look at Microsoft’s Access Control Service which promises to solve the above problems in a general purpose and standards based fashion.

All Your Packets Are Belong to Us – Attacking Backbone Technologies

Daniel Mende & Simon Rich

April 22, 2009 (at 3:30 p.m.) in

The year 2008 has seen some severe attacks on infrastructure protocols (SNMP, DNS, BGP). We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today’s carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It’s about making the theoretical practical, once more!

Advanced Payload Strategies: “What is new, what works and what is hoax?”

Rodrigo Branco

April 22, 2009 (at 4:15 p.m.) in

This talk focuses on the shellcode perspective and it’s evolution. From the simplest {shell}code to the polymorphism to bypass filters and I{D|P}S (which has lots of new ideas, like application-specific decoders, decoders based on architecture-instructions, and many others), passing through syscall proxying and injection, this talk will explain how it works and how effective they are against the new evolving technologies like network code emulation, with live demonstrations. There is long time since the first paper was released about shellcoding. Most of modern text just tries to explain the assembly structure and many new ideas have just been released as code, never been detailed or explained. The talk will try to fix this gap, also showing some new ideas and considering different architectures.

SQL Injections: More Fun and Profit

Sumit Siddharth

April 23, 2009 (at 9 a.m.) in

SQL Injection vulnerability still remains a big threat for web applications. Statistics show that more than 40% of the websites are still vulnerable. This talk will demonstrate a variety of exploitation techniques including some not very popular yet very useful techniques. A number of examples will be discussed where this vulnerability goes undetected even from the most popular “commercial” scanners. The talk will have a number of demonstrations to show how by exploiting this vulnerability an attacker can not just compromise the data in the database and the underlying operating system but also use the compromised database host to attack the internal network. A number of freely available tools for exploiting this vulnerability will also be discussed along with their pros and cons.

Browser Design Flaws – Hacking by Breaking in Architectures

Aditya Sood

April 23, 2009 (at 9:45 a.m.) in

The design level stringencies in browsers give birth to a number of vulnerabilities and weaken the security model. We will break into the architecture level complexities. In order to accomplish this we will jump directly into security architectures of open source browsers, for example Google Chrome and Mozilla Firefox. Then we move on with other design problems and will discuss a number of real life vulnerabilities.

The Truth about Web Application Firewalls: What the vendors do not want you to know.

Sandro Gauci & Henrique Wendel Guglielmetti

April 23, 2009 (at 11 a.m.) in

Web Application Firewalls (WAFs) are quickly taking their place within the network in order to protect web applications against common security holes such as Cross Site Scripting and SQL injection. They are known by other names such as ‘Deep Packet Inspection Firewalls’ because they look at every request and response within the TLS, HTTP, SOAP, XML-RPC, Web Service layers. Web Application Firewalls can be either software, or hardware appliance based and are typically installed in front of a webserver in an effort to try and shield it from incoming attacks. Today WAF systems are considered the next generation product to protect websites against web hacking attacks.

During this presentation we will show in practice how the big names of Web Application Firewalls can be identified, detected and we will introduce new attacks to evade specific products. Additionally, we will show how Web Application Firewalls can be vulnerable to the same vulnerabilities that they try to protect Web Applications from.

Bonus: we will be releasing a new tool and a new exploit.

Reversing Malware for business purposes

Michael Thumann

April 23, 2009 (at 2 p.m.) in

This talks covers different ways to analyze malware for business purposes and discusses advantages and disadvantages of the approaches. The most common online sandboxes are introduced and compared to sandbox systems that are built indiviudally. Also the basic requirements and the mandatory tool set are defined for building your own sandbox system. The tool set consists of analyzers, unpackers, debuggers and disassemblers and the talk will also mention the steps that are needed for proper analysis of the malware. Finally the countermeasures of the attackers to defeat the analysis process are presented and also some ways to mitigate them.

GPU-Assisted Password Cracking

Andrey Belenko

April 23, 2009 (at 4 p.m.) in

The power of today’s conventional computers is not enough for many challenging tasks. Password audit and computer forensics require much computations to be carried out. Strong encryption software such as Truecrypt, PGP and alike only amplify the problem. So does WPA standard for wireless communication, which can become a headache to audit at 100 passwords/sec. Now we’ve got great alternative: innovative solutions based on GPU computations that allow for higher performance and lower power consumption. With their help you can cut time required for an audit 10 to 50 times, even for complicated algorithms used by WPA and PGP.