Saturday, June 11th
- 0900 – 0915 – Jack Daniel: BSidesCT Intro
- 0915 – 1000 – Christopher Karr: SCADA security
- 1005 – 1035 – Tim Armstrong: Malware in the Android Market
- 1040 – 1120 – David Sugar: Open Source encrypted / intercept-free communication systems
- 1120 – 1215 – Kizz MyAnthia: Weaponizing the Smartphone: Deploying the perfect WMD
- 1220 – 1230 – Charlie Vedaa: pwn0 – game on!
- 1230 – 1300 – Dan Weinstein: Cloud Backup and Disaster Recovery
- 1300 – 1400 – Georgia Weidman: Transparent Command and Control For Smartphones over SMS Redux
- 1405 – 1435 – Grecs: Hacking Your Way Into an Infosec Career
- 1440 – 1540 – Boris Sverdlik: Hacking The Interview
- 1545 – 1615 – Ryan O’Horo: Pen Testing People: Social Engineering Integration
- 1615 – 1630 – Setup for eXcon
- 1630 – 1700 – Paul Asadoorian: Bringing Sexy Back: Defensive Measures That Actually Work
- 1700 – 1800 – Larry “haxorthematix” Pesce: Rise of the Geotag
- 1800 – 1900 – Josh “jabra” Abraham: Hacking SAP BusinessObjects
- 1900 – 2000 – Dan “unicornfurnace” Crowley: Jack Of All Formats
- 2000 – 2100 – Martin “pure_hate” Bos: Your Password Policy Sucks
- 2100 – 2200 – Ben “TheX1le” Smith: Printers Gone Wild
- 2200 – 2300 – Dave “Rel1k” Kennedy: Hacking A Mature Security Program
- 2300 – 0800 – Hacker Challenge & LAN party!
- 0900 – 1000 – illwill: Droppin’ D0x on your digital life
- 1000 – 1100 – Donnie “morning_wood” Werner: TBD
- 1100 – 1200 – Closing Remarks
Along with the speaker tracks, these other events will coincide with the event or afterward.
Saturday 9am – #B-SidesCT will be a free event prior eXcon. Food and drinks will be available
Saturday 8pm- Sunday 8am – LAN Party and Capture the flag – featuring nerdcore music & techno
Both Days - Hackerspace Village: Check out info about joining or starting a hackerspace in your area, learn how to solder and purchase some awesome embedded project kits
- Name: Nicholas Donarski (Kizz MyAnthia),
- Title: Weaponizing The Smartphone: Deploying The Perfect WMD
- Abstract: Nicholas has developed and created an OS platform package that allows penetration testers and security professionals the ability to test both physical security and technical security without being constrained by computers, cords, or the image of suspicious behavior. The WMD platform package is based on Windows Mobile 6.5 Smartphones and is executed similar to a virtual machine. The WMD package is preloaded with many of the same applications and testing tools that are included with Backtrack 4.
“Weaponizing The Smarphone: Deploying The Perfect WMD” will show the audience how to create a deployable package on a MicroSD card for use on the HTC Rhodium (AT&T Tilt2) or similar Windows Mobile 6.5 smartphone. Then using a test wireless AP, a windows server 2003 VM, and The loaded WMD Smartphone the audience will be presented with a live demonstration of some of the tools including NMap, Metasploit, and The Social Engineering Toolkit to exploit the Windows Server 2003 VM and gain administrative access.
- Name: David Sugar
- Title: Open Source encrypted / intercept-free communication systems
- Abstract: presentation on what Gnu.org is doing in respect to developing intercept-free peer-to-peer communication services within GNU Free Call as part of GNU Telephony.
- Name: Grecs
- Title: Hacking Your Way Into an Infosec Career
The information security field is rapidly growing due in part to the combination of government laws and regulations, industry compliance requirements, and ongoing increases in online crime. If you have an interest in infosec, there has never been a better time to take the leap from something you do for fun into a full time career. This presentation helps guide those with a passion for infosec into turning their hobby into a career. It begins with a study of the lack of infosec focus at the foundation of our educational system and continues on to discuss an overarching principle and several simple frameworks you can follow to help get your foot into the door of that first infosec job. On top of this framework, the presentation suggests several immediate and ongoing activities you can do to help catalyze the transition. The talk closes with several case studies and the release of a Career Exploit Kit to ensure you can hack your way into that infosec career.
- Name: Tim Armstrong
- Title: Malware in the Android Market
- Abstract: This presentation will take a look at the Android Market, the basics of the security model and its flaws, some of the malware currently found inside and outside the market as well as future threats to expect. Finally, various steps for mitigation will be suggested and discussed.
- Name: Georgia Weidman
- Title: Transparent Command and Control for Smartphones over SMS Redux
- Abstract: As smartphones become increasingly ubiquitous and powerful, they become appealing targets for botnet infections. Many of the top selling smartphone platforms are built on common PC operating systems. This makes the transition from developing PC based malware to smartphone based malware nearly trivial. Smartphone malware and specifically botnets have been seen both in security research and in the wild. The GSM modem can be viewed as a public IP address without filtering or firewall capabilities. The presentation shows an example of a smartphone botnet that is controlled over the GSM function SMS. The presented system works at the base operating system below the application layer, resulting in transparency to the user. Details of the system are discussed with particular interest on cryptography and security concerns. This attack vector will be put to the test, to defeat new defense techniques that have been released since this attack was first shown.
- Name: Ryan O’Horo
- Title: Pen Testing People: Social Engineering Integration
- Abstract: The security regimen most companies follow rarely includes the most critical element of any infrastructure – its people. The numbers don’t lie, targeted social engineering attacks are extremely effective and simple steps can be taken to immediately and consistently reduce the threat. In this presentation, Ryan O’Horo will take you into the psychology of a social engineering attack and the unfortunate truth of how unprepared companies can be against them. Critically, strategies for running social engineering test cases as part of regular security audits and educating end-users in resisting social engineering attacks will help you integrate social engineering with your organization and shrink your attack surface.
- Name: Boris Sverdlik
- Title: Hacking The Interview
- Abstract: We have all had that interview where you walk out with that knot in your stomach knowing that it did not go well. This can happen to the best of us regardless of who you are and how good you are at your craft. The problem with an interview is that you have a very short time to self yourselves to the potential employer. What if you could walk into an interview and know as much information about your potential new boss as his spouse? That would definitely change the odds in your favor. Now imagine if you could pick up on his or her social weaknesses within the first few minutes of the conversation?
- Name: Charlie Vedaa
- Title: pwn0- game on!
- Abstract: “Have you ever wanted to go all ‘Grand Theft Auto’ on a network? To brazenly scan and sploit everything in your path? But you’re too nice to unleash your hacker fury on the neighbor’s wifi?
Then check out pwn0.com and help build an online playground where people can meet to pwn and be pwned.” Internet access (wired or wireless) and a projector.
- Name: Christopher Karr
- Title: SCADA security
- Abstract: Smart Grid operators must be diligent against international security threats from cyber terrorists, organized hackers, rogue states, etc. SCADA systems are intelligent IP-based hardware controls that are deployed to control and monitor the physical processes that make up the operation of energy utilities. The security challenges faced by power system operations are very different from those facing most other industries. Connecting a SCADA system to a public-facing network provides a host of security challenges. Since Chinese hackers have infiltrated the U.S. Smart Grid in 2009, where they left logic bombs and also gained control of many SCADA systems, SCADA security has moved into the limelight with the FBI, the Secret Service, the CIA, the NSA as well as the private-sector InfoSec community.
Christopher Karr is President at ÜberGuard Information Security Consulting, a data security consulting practice. Mr. Karr specializes in information systems security services such as vulnerability assessments, penetration testing, HIPAA and GLBA compliance, web site security assessments, employee security awareness training, security policy development, social engineering and general data security consulting. Mr. Karr has over 15 years of experience in computer security. Prior to founding ÜberGuard in 2002, he served as a Senior Systems Engineer at the Symantec Corporation and also served as a Data Security Consultant to Eastman Kodak and the Xerox Corporation. Mr. Karr is experienced in information security as well as best practices and he holds the CISSP (Certified Information Systems Security Professional) certification. Mr. Karr is also a co-founder of a data security software development company.
- Name: Paul Asadoorian (pauldotcom)
- Title: Bringing Sexy Back: Defensive Measures That Actually Work
- Abstract: There is a plethora of information available on how to break into systems, steal information, and compromise users. As a penetration tester, I have performed testing on a regular basis that reveals severe security weaknesses in several organizations, and many of my peers have reported on the same. However, once you “own” the network and report on how you accomplished your goals, now what? Sure, we make defensive recommendations, but consistently it has been proven that security can be bypassed. Not enough focus is given to what works defensively. We have a lot of technology at our disposal: firewalls, intrusion detection, log correlation, but it provides little protection from today’s threats and is often not implemented effectively. This talk will focus on taking an offensive look at defense. Applying techniques that are simple, yet break the mold of traditional defensive measures. We will explore setting up “traps” for attackers, slowing them down with simple scripts, using honeypots, planting bugs, and most importantly tying these methods to “enterprise security”. This talk will also include real-world examples of the techniques in action from a live, heavily attacked site. Topics will include:
- Using wireless “attacks” on the attackers
- Implementing the Metasploit Decloak engine to find the attackers
- Setting traps to detect web application attacks
- Integrating results into your enterprise log management tool
The goal of this talk is to make defense “sexy”…
Paul Asadoorian is currently the Product Evangelist for Tenable Network Security, where he regularly uses vulnerability scanning and enterprise management products, showcasing them in blogs, podcasts, and videos. Paul is also the founder of PaulDotCom, an organization centered around the award winning PaulDotCom Security Weekly show that brings listeners/viewers the latest in security news, vulnerabilities, research, and interviews with the security industry’s finest. Paul has a background in penetration testing, intrusion detection, and is the author of WRT54G Ultimate Hacking, a book dedicated to hacking Linksys routers.
- Name: Josh Abraham (jabra)
- Title: Hacking SAP BusinessObjects
- Abstract: Business intelligence is a multi-billion industry. At the top of the product food chain is BusinessObjects. BusinessObjects is a very widely deployed business intelligence tool that’s focus is in managing, querying, analyzing, and reporting on business data. It is used by government entities (e.g. U.S Air Force), telecom companies (e.g. Verizon), car manufacturers (e.g. Nissan), and beverage companies (e.g. Coors) to retain and control vast amounts of data. If you are a penetration tester chances are you have run into at least one BusinessObjects server during an engagement. Yet, very few vulnerabilities have been publically released and, to the best of the authors knowledge, no white papers have been released on attack methodologies for BusinessObjects itself. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server from external and internal enumeration (e.g. Google dorks), fingerprinting techniques, account enumeration vulnerabilities, specific attack vectors for gaining access to accounts, privilege escalation vulnerabilities, and eventually full system compromise vulnerabilities that we have found during our research. Anyone interesting in attacking an organization that has BusinessObjects or SOA deployed in their environment should attend this talk.
Joshua “Jabra” Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE Barcelona, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine. Josh earned his Bachelor of Science degree in Computer Science from Northeastern University.
- Name: Ben Smith (TheX1le)
- Title: Printers Gone Wild
- Abstract: PrintFS is a proof of concept software, which allows one to interact with different type of printers. It implements the idea of having a covert, distributed filesystem within printers. In addition the source code contains some more printer fun.
pfsScanner, as multi threaded scanner for printers that suits printfs.
printJack, allows other printer fun like PJL password cracking, mass control of panels, RamDisks and LCDs etc.
pypjlpass, a support class for printJack taht implements PJL password bruteforcing
- Name: Dave Kennedy (Rel1k)
- Title: Hacking A Mature Security Program
- Abstract: A security maturity model for companies includes a significant
investment and understanding around how to secure an organization to
protect itself from attack. In this presentation we’ll talk about the
security maturity model for organizations and how we’re doing in
securing the things we want to protect. This talk will be covering
advanced penetration testing techniques and some awesome bypass
techniques of Windows protection mechanisms as well as go into depth
on how to leverage social-engineering as a viable attack vector to
circumvent the millions we’ve spent on product. We’ll also be focusing
on how to fix the systemic issues all of us are seeing in the industry
and the road-map to fix what we call penetration testing.
- Name: Martin Bos (pure_hate)
- Title: Your Password Policy Sucks
- Abstract: Current password policies in enterprise environments are just not cutting it
any more. Every day password cracking tools are becoming faster and network
breaches are becoming much more prevalent. In the last few years password-
cracking tools have even harnessed the power of graphics processing units
and field-programmable gate arrays (FPGA) making password recovery much
easier and faster. This has re-established password cracking as a viable attack
vector again and as a result millions of passwords have flooded the Internet
recently from various password breaches. Through this presentation attendees
will learn about the latest attacks, tools, and techniques employed by today’s
password crackers, as well as potential countermeasures that can help protect
against these attacks. Anyone who has anything to do with password policy at a
company should be interested in this talk. People always are, and always will be
the weakest link in any network environment and password creation left up to
the user can be detrimental to an organizations infrastructure.
Covered topics include:
· Evolutions of password algorithms and tools
· Profiling password policies
· Analyzing password lists from some of the most recent high profile breaches
· Establishing a better password policy
· Password cracking tools, rule sets and other tricks to attack
· How to conduct regular password audits
· Creating targeted wordlists for specific attack scenarios
- Name: Will Genovese (illwill)
- Title: Droppin’ D0x on Your Digital Life
With the advent of social networking sites there are more ways to find people. I will show you the tricks of the trade for tracking and finding people online by just an email or screen name.
- Name: Dan Crowley (unicornfurnace)
- Title: Jack of All File Formats
It’s about putting files together so that they can be parsed as either file,basically creating multiple format files and using them for awesome
- Name: Larry Pesce (haxorthematrix)
Rise of the Geotag: Privacy failure via smartphone photographs, Fun with
TOS, Stalking celebrities and how this can get you Pwned.
How hard is it to gather information about people via the GPS metadata
in their images available via social media? It turns out the answer is
“not very.” Come see just how far the rabbit hole goes with EXIF data
how easy it is to amass a sizable database of people using these
services — and what geographic information has been encoded on their
public photos. This presentation will cover the basics of how and why
this research was done, why sharing such information is bad, and our
attempts at public outreach via ICanStalkU.com. Plus, we’ll highlight
various instances of privacy fail and some fun along our journey: we’ll
show how this data can lead to stalking, finding of cheating spouses and
celebrities, robbery via craigslist, and how to hide in the bushes
outside of the house of that girl you found on that dating site once.
We’ll also talk about TOS violations, loads of fun images and how all
this can lead to potential compromise.