Presentations – IT-DEFENSE 2012

Information to the presentations will follow after release by the speakers.

Ghost in the Wires: The Unbelievable True Story of Kevin Mitnick’s Life as a the World’s Most Wanted Computer HackerKevin Mitnick

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies—and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats—it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.
Driven by a powerful urge to accomplish the impossible, Mitnick blazed through computer systems and networks at several globally known corporations. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat-and-mouse game that led authorities through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.
Kevin will discuss his adventures as the World’s Most Wanted Computer Hacker and demo some of the tricks that hackers use today to break into computer systems and networks.

Project Ubertooth: Building a Better Bluetooth Adapter - Michael Ossmann

The off-the-shelf Bluetooth adapters didn't do what I wanted, so I built my own. This is the story of how someone with very little knowledge of electronics embarked on a project to build a 2.4 GHz wireless development platform and ultimately succeeded in creating a low cost device that can be used for Bluetooth sniffing and more. Find out how to build your own Ubertooth One, how to use it for Bluetooth experimentation and other things, and catch a glimpse of an exciting future of wireless security research enabled by open source hardware.

Professionalism - more than education! - Prof. Dr. Gunter Dueck

In addition to expert knowledge, the security management in companies is definitely a challenge to the professional cooperation of everyone involved. One needs the "buy-in" of the managers, the risks must be put on the table in a transparent manner and unpleasant themes must also be sold in a convincing way. Somehow, the work is getting much more difficult and complex. This is a general tendency. Because in the face of the shortage of skilled workers, everyone is desperately looking for professional staff well versed in communication, negotiation, management and leadership – in short: making everything a success. Professionalism requires training of the entire person! In addition to our IQ (ability to learn) we also have an EQ, a creative, vital, mental and persuasive intelligence! Which of these skills do we develop? Expert competence. It is as indispensable as ever but is not sufficient because the number of jobs requiring only expert skills is significantly decreasing. This is due to the emergence of the knowledge society. (The book for the presentation: "Professional Intelligence").

Data Mining Methods for Knowledge Discovery from Digital Trace Data - Jana Diesner (Round Table)

This round table is about cutting-edge computational methods at the nexus of machine learning, natural language processing and network data analysis that can be used to analyze digital accounts of individual and collective activities. We will discuss techniques and algorithms for examining patterns in the behavior of people and groups, the structure and functioning of dynamic socio-technical systems, and the content of information that entities exchange. To put the technical aspects into an application context, I provide some examples from my work on mapping large-scale geopolitical networks via text data mining, and email analysis. The overall goal with this round table is a stimulating discussion with practitioners and engineers about advances, risks, opportunities and applications of these methods. 

Chip & PIN is definitely broken: protocol and physical analysis of EMV POS devices - Andrea Barisani, Daniele Bianco, Adam Laurie and Zac Franken

The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs.
Following the trail of the serious vulnerabilities published by Murdoch and Drimer's team at Cambridge University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the context of POS usage.
We will analyze in detail EMV flaws in PIN protection and illustrate skimming prototypes that can be covertly used to harvest credit card information as well as PIN numbers regardless the type/configuration of the card.
Our updated research also explores in depth the design, implementation and effectiveness of tamper proof sensors in modern and widely used POS terminals, illustrating different techniques for bypass and physical compromise.

Tools and Techniques for Blackbox Android Pen-testing  - Justine Osborne

The Android platform is growing in popularity and is quickly being adopted in the enterprise environment. In order to facilitate this adoption, security solutions have been developed, such as "secure containers" which claim to provide enterprise grade security for Android devices. There is an increasing need to be able to assess the security claims of such "Enterprise Class" Android software vendors, as well as Android applications in general. Yet, there are very few publicly released auditing tools and little documentation on penetration testing techniques, especially in the areas of reverse engineering and fuzzing. This talk will cover our research into existing blackbox Android application testing methodologies as well as the new tools and techniques we developed. Co-author of this research is Marc Blanchou.

The EnemyMikko Hypponen

The online threat landscape does not stand still. One of the best ways to understand the threats is to understand the attackers and their motives. Mikko Hypponen divides the attackers into three main groups: Criminals, Hactivists and Nation-states. What makes them tic? And where are they going?

Maltego Machines - Chris Boehme and Roelof Temmingh (Round Table)

Visualizing events as they happen Information is like salad - it is much better when served fresh and crisp.
From social media to firewall hits, data is just so much more interesting when it's happening right now. Join us in an exploration of a how to capture, visualize and analyze real time information - be that from the Internet or from your own stash. We will introduce a new concept called “Maltego Machines” which aims to track, highlight and visualize events as they unfold. “Machines” enables the user to automate transforms in order create a live view to monitor information as it changes in real-time.

Current threats and risks and why cyber strategies do not work! - Anonymous  - Duqu - Botnet & Co - what's new?  - Volker Kozok and Christoph Wegener (Round Table)

After a short presentation and analysis of Germany’s cyber-security strategy, various national initiatives are discussed.
Together with the participants, current security events, attack scenarios and threats are addressed based on case studies. One topic deals with the legal and technical issues of the fight against botnets.
In a joint discussion, the described threats and risks are evaluated and solution approaches developed. In addition to the known technical and organizational measures, the challenges of cross-cutting, national and international cooperation between authorities, companies and universities also play a role.

Wikileaks und Whistleblowing - Prof. Dr. Thomas Hoeren

Pursuant to the Sarbanes-Oxley Act, such companies are required to establish procedures for the receipt of anonymous complaints about internal misconduct. In addition, a growing number of complainers and critics of the system use the capabilities of the Internet to leak internal documents. However, is this legally permissible? Are Wikileaks & Co liable to punishment if they publish such documents? Can leakers be dismissed by the company? Do not copyright laws prohibit publication? And how are informants protected from retaliation?

Life Threatening Vulnerabilities - Barnaby Jack

Diabetes currently affects 285 million people worldwide which is 6.4% of the population. This number is expected to reach 438 million by the year 2030.
Many diabetics are looking to technology to treat their disease and insulin pumps provide a convenient alternative to manual insulin injections.
All modern insulin pumps support some form of wireless communication.
Thanks to this wireless capability, a remote attack surface exists.
Although there has been some limited prior research performed on these devices, the researcher was unable to bypass authentication and any attacks could only be carried out on his own individual pump and he required knowledge of the pumps unique serial number.
I will walk through the process I took to find a critical remote vulnerability in the Medtronic line of insulin pumps, the most widely used insulin pumps in the US. In a live but controlled environment, I will demonstrate software which leverages this vulnerability to locate any insulin pump within a 300 foot radius, and issue commands to the pump - including the ability to dispense a full reservoir of insulin. No prior knowledge of the pumps serial is required.
These devices are not designed to be updated in the field, and a recall is typically required to fix these vulnerabilities. I will talk about recent developments that could potentially allow these devices to be patched over their integrated wireless link.

Best Practices: Lessons Learned from Attacking Commercial Wireless TokensTimo Kasper

Radio technology is present everywhere: RFID and contactless cards are widely used as tickets (e.g. public transportation), serve for identification purposes (e.g. electronic identity cards or employee identification cards), open doors or act as an electronic purse. In contrast to contact solutions, paper tickets or mechanical keys, sensitive data is transmitted across a contactless interface, which can often be intercepted or collected over a distance of several hundred meters by eavesdropping. It is also possible to modify data stored on radio chips from a distance without being noticed. Small computers in wireless devices are to reduce security risks by cryptographic methods and to prevent counterfeiting, manipulation, identity theft or unauthorized intrusion. In many commercial products, however, cryptographic protection is not state of the art and can be jeopardized by modern cryptanalytic techniques such as side-channel attacks – often with dramatic consequences for overall system security. The presentation provides a retrospective overview of successful attacks on contactless embedded systems over the last five years.

Security Best Practices in Metering Infrastructure – Adam Laurie

The explosive growth of Smart Metering technologies brings with it both benefits and risks. Although you may be able to monitor how efficiently you are using your energy, are you the only one able to do so? Are you vulnerable to eavesdropping or even attack through these same technologies? Are the companies rolling out the devices that will be installed in your homes and businesses really providing the testing and assurance that is required to keep you safe? Adam Laurie of Aperture Labs draws on his company's real world experience to present a vision of how things really are, and how they should be... Names have been changed to protect the guilty!

Advances in IDS and Malware Detection: Suricata and Emerging Threats – Matt Jonkman

Advances in IDS and Malware Detection: Suricata and Emerging Threats:
Matt will give an update on Suricata, the next-generation open-source IDS engine built by the OISF ( which is funded by government and industry. Many of the cutting edge features Suricata now contains and has on the development roadmap are direct answers to the challenges we all face in network defense, detecting malware and data exfiltration. Matt will also cover some of the latest Malware threats seen as part of the Emerging Threats project (, showing several new CnC channels of interest detected in the days prior to the conference, overall information about malware collection and analysis for IDS, and how Suricata detects these in unique new ways.
Join us for the latest in IDS detection, future plans, an update on the Emerging Threats Open Ruleset, and demo's of several new malware command and control methods.

Advances in IDS and Malware Detection: Suricata and Emerging Threats – Matt Jonkman (Round Table)

Join the Suricata Development Team for a brainstorming session and development roadmap discussion! Learn what your peers want in their IDS engine, what's on the development roadmap, and add your ideas and needs to the discussion.
The core development team will be there to answer questions, explain where development is, and where it's going, and listen to where you'd like to go and which features are most important. This process is very important to the process used to assign resources and choose the direction of Suricata. Please attend and add your insights to the mix!