Presentations – IT-DEFENSE 2019
When I grow up – Karla Burnett
As security engineers, we like to think that the code we write is fairly secure. Even assuming that it is, what happens when that code is left on its own? What happens when it is changed by other engineers, and new features are added? How do we keep our code secure as it grows up?
This talk will discuss writing code at organizations compromised of a mix of security engineers and other programmers. We'll discuss mistakes made over several years at a large Bay Area startup, the lessons learned from them, and how you can design your code in ways that keep it safe into the future.
I know what you printed last summer: network printers as an element of uncertainty – Jens Müller
The paperless office has been predicted for decades. Still, a lot of companies and private households cannot do without a printer. Instead of having been abolished, however, printers have turned from simple machines into complex computer systems that are directly integrated into the corporate network and process sensitive information. This makes them an attractive target for attackers.
Different vulnerabilities in standard printer languages such as PostScript, which are supported by almost any laser printer, will be discussed during this presentation. They allow various attacks, from DoS and access to the file system or other users’ print jobs to the execution of random program code. An evaluation of 20 printers from different manufacturers has shown that all tested devices are prone to at least one attack.
Additionally, it is demonstrated how systems exceeding the classic printer can be attacked with similar techniques, for instance, cloud printing or document processing websites. The presentation is accompanied by live demonstrations.
Irrationalities of our Risk Perception – Fascination of Behavioral and Purpose Economy – Prof. Dr. Bernd Ankenbrand
When is risk a risk? And how do we perceive risks? In order to better understand risks and the way we perceive them, Prof. Dr. Bernd Ankenbrand is researching the value and risk yardsticks that consciously or unconsciously guide individuals and organizations in their decisions. Because whether something is considered “risky” rather depends on the applied yardstricks than on the matter itself. Irrationalities in our decisions sometimes make us take risky paths. Bernd Ankenbrand is renowned for his presentations providing fascinating insights into the often surprising phenomena of behavioral and purpose economy, also demonstrating applied solution paths.
Compromising Online Accounts by Cracking Voicemail Systems – Martin Vigo
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in some of the attack vectors. Can we leverage the last 30 years innovations to compromise voicemail systems? And what is the real impact today of pwning these?
In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the impact of gaining unauthorized access to voicemail systems and introduce a new tool that automates the process.
Tor: Internet privacy in the age of big surveillance – Roger Dingledine
Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 8000 volunteer relays carry traffic for millions of daily users, including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, people around the world whose Internet connections are censored, and even governments and law enforcement.
In this talk I'll take you on a tour of the Tor landscape, starting with a crash course on Tor, how it works, and what security it provides. I'll explain why Tor's open design and radical approach to transparency are critical to its success, and then compare the censorship circumvention arms race to the nation-state surveillance arms race. We'll end with a discussion of onion services, which are essentially an even stronger version of https, but which you might instead know from confusing phrases like "the dark web".
Cybersecurity for Renewable Energy Control Systems – Dr. Jason Staggs
Electric utilities across the world are investing heavily in renewable energy generation. Renewable energy promises to provide clean and sustainable energy for the foreseeable future. However, such renewable energy systems are being insecurely designed and integrated without fully understanding the cybersecurity ramifications to the OT environment. This talk will discuss the cybersecurity issues pertaining to the control systems of emerging renewable energy sources.
Structural Change of Work And Leadership: Future Needs Origin – Prof. Dr. Peter Nieschmidt
Peter Nieschmidt will talk about the tradition and future of work and leadership. While work has been a necessary evil, servitude or ruthless (self-)disciplining in the past, today it can also represent self-realization, creativity and the meaning of life. If leadership is unable to make this possible in the world of work, we should not be surprised about a lack of enthusiasm or even inner resignation.
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems - Marina Krotofil
Industrial Control Systems (ICS) threat landscape has changed dramatically over the past few years. New threats have emerged to challenge the shock created by Stuxnet. This talk will present the evolution of the ICS exploits and tactics to picture ongoing „race-to-the-bottom-situation” between ICS threat actors and defenders. The discussion will “descend” all the way to the physical process, showing that cyber-physical systems cannot be secured only by the means of canonical IT security approaches. Physical world can be exploited by unconventional methods and therefore needs to be taken into consideration when securing ICS. Additional attention will be given to the relationship between security and safety, and how current cyber threats may undermine traditional safety design decisions.
While the process of finding security weaknesses in the embedded devices is well understood, little is known how the discovered vulnerabilities can be weaponized. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience when designing advanced embedded systems exploits & implants as part of cyber-physical attacks. Attendees will learn cyber-physical attack life cycle and will be provided with the details on strategies for implants stability and exploits reliability.
The State of AI-assisted Fuzzing & Program Analysis – Clarence Chio
Fuzzing and program analysis are a security professional’s bread and butter. The faster we are able to find bugs in software, the more effectively we are able to secure systems. However, system and code complexity has been exponentially increasingly over time, and exhaustively analyzing programs is becoming an intractable task. In this talk, I analyze 10 of the most exciting research papers published in the last few years and try to identify trends of how this field is progressing. I will show that AI-assisted program analysis is the only way forward, and share some ideas of where the field is heading in the future.
Rooting Routers Using Symbolic Execution – Mathy Vanhoef
This talk explains how we discovered various vulnerabilities in implementations of WPA2’s 4-way handshake. This was accomplished by symbolically executing implementations using KLEE. First I will give a high level explanation of what symbolic execution does. This is followed by an overview of the vulnerabilities it discovered. Additionally, I will demonstrate how one of the discovered buffer overflows leads to remote code execution on a router (as the root user), and how another vulnerability can be abused as a decryption oracle to recover the group key used in a Wi-Fi network.
Hacking vein detectors: the fall of the last biometric system – Starbug
Vein detection systems have been used for decades, mainly in Asia. So far, no serious attempts to compromise these vein detectors have been known of. While this is certainly due to the legend of being highly secure, above all it can be attributed to the invisible features located inside our body.
This presentation will show how little effort is necessary to obtain these “hidden” vein images and how they can be used to build dummies in order to bypass the systems of the two major manufacturers.
News on Spectre, Meltdown and the like – systematization of x86 processor security – Philipp Koppe & Benjamin Kollenda
Commercially available x86 processors are an essential component of the trusted computing base in millions of devices. At the same time, the processors’ enormous (and still increasing) complexity leads to errors and sometimes also to exploitable vulnerabilities. This presentation introduces particularly security-critical processor components and how they can be attacked, points out the characteristics of these attacks and concludes what they imply. In doing so, we look at Intel ME (Intel Management Engine), SGX (Software Guard Extensions), cloud-cache attacks and the latest varieties of Spectre & Meltdown. Finally, we will present the defense mechanisms available in each case as well as their security guarantees and effects.