Loading…
BruCON 0x09 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Workshop [clear filter]
Thursday, October 5
 

10:30

Getting the Most Out of Windows Event Logs
Limited Capacity filling up

A typical mistake repeatedly made by many security teams is that they collect such large amount of events that at the end their Security Information and Event Management (SIEM) solution chokes on the data fed into it, rendering it slow and ineffective. "Collect all the events!!!" sounds nice in theory, but in practice, less is often more and we must select and focus on events that provide real value from a security perspective and have an actual use-case behind them. But what if we do not even have a SIEM and cannot afford one or do not have the staff or the skill to deploy and maintain one? Luckily, in a Microsoft Windows environment we have built-in and free tools at our disposal to get quickly started with security monitoring and hunting using Windows Event Logs.

In this workshop, we will go through some of the most important and valuable Windows Events to be collected such as AppLocker or EMET events, user and service creation events, PowerShell commands, etc. We will discuss how to properly configure Advanced Audit Policy Settings, see how to collect events with Windows Event Forwarding (WEF) and how to set up Sysmon for advanced application and process monitoring.

Once we have the list of events we need, we will see a few simple PowerShell commands and modules that can help us slice and dice Event Logs like Get-WinEvent. We will also test scripts and tools that are made for monitoring and detection, such as DeepBlueCLI. Finally, we will use the free Power BI Desktop to build nice dashboards to give us a better overview of the data we are collecting.

Speakers

Thursday October 5, 2017 10:30 - 12:30
Novotel Novotel Ghent

10:30

Playing with RFID workshop
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This is a workshop about Radio-frequency Identification (RFID), including a basic introduction and a set of practical hands-on challenges. We will start with explaining the theory behind RFID, including the different types and protocols (insecure vs. secure types) and how to perform an RFID assessment. Afterwards, the participants can take on several challenges (of increasing difficulty) with RFID readers that we will provide. Our objective is to make this workshop fun and accessible to a wide audience.


Thursday October 5, 2017 10:30 - 12:30
05. La Trappe Novotel

10:30

Practical iOS App Exploitation and Defense using iGoat
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

/!\ Important Notice /!\

If you want to perform hands-on during session, please have below setup:

1. Macbook with root permission and Xcode (8.2 or above but less than version 9) Installed.
2. Training Files [Download]: https://goo.gl/n16AiT
--------------------------------------------------------------------------------------------------------------------------

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This training will show you how to conduct a wide range of penetration tests on iOS applications to uncover vulnerabilities and strengthen the system from attacks.
This 2 hrs session will help you conduct end to end pentesting of iOS Applications and will also help you to understand the security measures which needs to be taken. This training will also have CTF challenge where attendees will use their skills learnt in session. To attend this hands-on session, all you have to do is bring your macbook with xcode installed on it.


Thursday October 5, 2017 10:30 - 12:30
03. Chimay Novotel

10:30

Programming Wireshark With Lua
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

In this 2 hour workshop, you will learn how to program Wireshark with the Lua programming language.

Wireshark can be extended using the C and Lua programming languages. In this workshop, we will look into Lua taps and dissectors to help you analyze traffic that "pure" Wireshark does not understand. Wireshark dissectors are often designed to analyze a network protocol.
You will learn how to install Lua dissectors and program your own.
Say you are reversing a botnet, then you can develop your own dissector that analyses the custom network protocol that the botnet uses to communicate between the C&C and the clients. But custom dissectors can help you even with known network protocols. For example, Didier will teach you the inner workings of a simple custom dissector he developed in Lua to display TCP flags like Snort.

Speakers

Thursday October 5, 2017 10:30 - 12:30
04. Orval Novotel

13:30

Hacking Bluetooth Smart locks
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

/!\ Important Notice /!\
You are welcome to take part in the workshop without having any additional hardware. You will receive all necessary code, files and instructions – to buy it later if needed, and then practice BLE hacking at home.
However, if you wish to take active part in the workshop, for best hands-on experience we suggest the hardware options below. If you are interested, we can prepare the chosen hardware for you – please fill the form linked below:
https://docs.google.com/forms/d/e/1FAIpQLSeicybP1_nqqExc6elx5AaG2NN1aSW1K3zS-VqekCDD5DykOw/viewform

More information: https://smartlockpicking.com/events/brucon/

Thank you.
---------------------------------------------------------------

Recently it seems our home/car/bicycle locks have started to follow a new trend: to include a BLE chip inside to make them "smart".
Unlike smart toothbrushes, socks or kettles, locks guard our safety, and their security should be much more of a concern. Vendors promise "military-grade level of security", "128-bit encryption" and "cryptographic key exchange protocol" using "latest PKI technology". However, recent disclosures of multiple vulnerabilities in smart locks clearly contradict the assurances on the actual security provided, and raise the question of whether these devices have passed any independent security assessments at all!
Bring your Kali Linux installs with your own BLE dongle and/or Bluetooth sniffing hardware of choice, and we’ll go about hacking at least 7 various smart locks. You will learn how to intercept, analyze, find vulnerabilities in such devices. You will get familiar with available tools, including GATTacker Bluetooth Smart Man-in-the-Middle proxy presented at BH16 from its own creator.
Our live hacking session will cover among others:
Lack of link-layer encryption and possible MITM scenarios
Passive sniffing
Static authentication password
Spoofing
Replay attacks
Command injection
Denial of Service
Cracking "own PKI"
Other flaws of custom challenge-response authentication
Abusing excessive services (e.g. module’s default AT-command interface).
Sharing keys weaknesses
You will also get familiar with an open-source, deliberately vulnerable BLE Hackmelock developed by author. The device can be simulated on your Raspberry Pi, Linux or Mac and along with an enclosed Android application, provides for various levels of challenges to help you to further practice BLE hacking at home.

Speakers

Thursday October 5, 2017 13:30 - 17:30
02. Westmalle University

13:30

Malware Triage: Malscripts Are The New Exploit Kit
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Malware triage is an important function in any mature incident response program; the process of quickly analyzing potentially malicious files or URLs to determine if your organization has exposure. Traditionally malware triage has focused on exploit kits which were the initial infection vector of choice, but this is changing. In recent years malscripts and file based exploits have become an equally common initial infection vector. Often delivered via email, malscripts can take many different forms, WScript, Javascript, or embedded macros. However, the goal is always the same; obtain code execution and deliver a malicious payload.

In this workshop you will work through the triage of a live malscript sample. During this process you will identify and extract malscripts from Office documents, manually deobfuscate the malscripts, circumvent anti-analysis techniques, and finally determine the purpose of the scripts and payload in order to develop countermeasures. The focus of this process will be the intersection between the techniques used to analyze malscripts and the larger incident response process.

This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop. Please make sure to bring a laptop that you are able to analyze malware on (we recommend using a VM). We also recommend that you have Google Chrome installed, no other tools are required to be installed prior to the workshop.


Thursday October 5, 2017 13:30 - 17:30
04. Orval Novotel

13:30

Practical Machine Learning in InfoSecurity
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This lab session is designed to give attendees a quick introduction to ML concepts and gets up and running with the popular machine learning library, sci-kit learn.

We first start by building a basic understanding of how to integrate ML into an email spam identification system. We look at the inner workings and discuss the components involved in the system. Using the training data, we train our system to identify genuine messages and the system automatically learns from these examples. Different classifiers are tuned to get the maximum efficiency we can crunch out from this setup.

Once we have an efficient system, we do a deep dive and look at how one can trick the system to fail, again by using ML techniques.

Machine Learning (ML) is the future. Systems we use today use ML extensively, whether it is powering an e-commerce website or fraud detection in banking. However, it takes the average developer and security professional some level of skill and experience to apply machine learning and get useful results. It is a skill that anyone can learn, but we feel that material in this space is greatly lacking.

We give students a gentle introduction to the topic with the classic boolean classification problem and introduce classifiers, which are at the core of many of the most common ML systems. We deal with some easy to implement classifiers in sci-kit learn (linear classifiers, decision trees etc.), and show visualizations on how it works.

We then dive into training our classifiers with a labelled dataset. Trying different classifiers to approach the problem and verify the accuracy by cross verifying with the test data helps us choose an ideal algorithm for the problem in hand. This lab servers as a quick and practical introduction to the world of machine learning.

In addition, we guide the student through a simple example of deploying security machine learning systems in production pipelines in a distributed and scalable fashion using Apache Spark. Lastly, we will touch on ways that such systems can be poisoned, misguided, and utterly broken if the architects and implementers are not careful.


Thursday October 5, 2017 13:30 - 17:30
05. La Trappe Novotel

13:30

Windows malware development: A JMP in the dark
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Malware development has always been a subject that has been frowned upon, however it is a valuable skill to possess for Security Specialists as it will help them acquire a better understanding on how Windows operates under the hood. This knowledge can be applied in many fields such as general penetration testing and bug bounties.

Whilst the development of malware is not illegal, as at that point it is still just a piece of software, the distribution and usage of the software on third party systems is still illegal. Therefore, it can be a cumbersome task to piece together all the information, this workshop thus aims to centralize and explain this information in a coherent fashion.

Most modern-day malware uses injection, both for persistence and stealth purposes. During the workshop we will focus on the different injection techniques used, rather than on the malware itself. Stealth will be the common thread, it will become obvious how helpless antivirus software stands in the protection against these type of attacks, even with using defensive techniques such as function hooking.

After this workshop, security researchers will have a solid basis to start from to continue further research.

Speakers

Thursday October 5, 2017 13:30 - 17:30
03. Chimay Novotel
 
Friday, October 6
 

10:30

Defeating Proprietary Protocols the Smart Way
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Started six years ago, the project Netzob [www.netzob.org] aims at providing state-of-the-art algorithms for protocol reverse engineering in an open source framework. In this project, we have implemented and extended previous academic works for message format and state machine reversing. We have also designed novel algorithms that properly exploits contextual information to infer the semantic attributes contained in protocols.

The project Netzob does not only focus on protocol reversing, and now addresses many needs related to security (traffic generation of proprietary protocols for the evaluation of security products, ”smart” fuzzing of protocol implementation, automatic generation of protocol parsers, etc.). Netzob is usable through a Python API that allows a semi-automatic approach for reverse engineering. It also deals with several communication vectors (USB, Network, PCAP files, IPC, ...) and can easily be extended thanks to its code architecture.

During this workshop, the following topics will be addressed through practical and realistic exercises:
- Common and advanced protocol reverse engineering techniques. This part will cover techniques such as automatic field identifications, contextual clustering, semantic sequence alignment, field’s dependency identification through correlation means, …
- “Smart” fuzzing of undocumented or proprietary protocols. This part will focus on traffic generation and mutation strategies along with various techniques to produce a fine grained definition domain configuration of each fields and state machine transition to fuzz.
- Vulnerability assessment by means of state machine comparison. This part will focus on the automatic extraction of the state machine of a protocol. Once achieved, attendees will learn how to leverage this technique on multiple implementations of the same protocol to find vulnerabilities.


Friday October 6, 2017 10:30 - 12:30
04. Orval Novotel

10:30

Getting the Most Out of Windows Event Logs
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

A typical mistake repeatedly made by many security teams is that they collect such large amount of events that at the end their Security Information and Event Management (SIEM) solution chokes on the data fed into it, rendering it slow and ineffective. "Collect all the events!!!" sounds nice in theory, but in practice, less is often more and we must select and focus on events that provide real value from a security perspective and have an actual use-case behind them. But what if we do not even have a SIEM and cannot afford one or do not have the staff or the skill to deploy and maintain one? Luckily, in a Microsoft Windows environment we have built-in and free tools at our disposal to get quickly started with security monitoring and hunting using Windows Event Logs.

In this workshop, we will go through some of the most important and valuable Windows Events to be collected such as AppLocker or EMET events, user and service creation events, PowerShell commands, etc. We will discuss how to properly configure Advanced Audit Policy Settings, see how to collect events with Windows Event Forwarding (WEF) and how to set up Sysmon for advanced application and process monitoring.

Once we have the list of events we need, we will see a few simple PowerShell commands and modules that can help us slice and dice Event Logs like Get-WinEvent. We will also test scripts and tools that are made for monitoring and detection, such as DeepBlueCLI. Finally, we will use the free Power BI Desktop to build nice dashboards to give us a better overview of the data we are collecting.

Speakers

Friday October 6, 2017 10:30 - 12:30
05. La Trappe Novotel

10:30

May the data stay with you - Network Data Exfiltration Techniques.
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Data exfiltration is the process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection.
During this workshop (2 hours) we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how to run them and what differences between are. It is a highly interactive workshop (I have dozen short labs already prepared) where you will be guided through the use of a set of open source tools powered by a short-fast theory. This hands-on workshop content and labs is a part of my three day "Open Source Defensive Security" training.

Speakers

Friday October 6, 2017 10:30 - 12:30
03. Chimay Novotel

13:30

Building a cheap, robust, scaling, penetration testing/bug bounty super computer
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Are you confronted with huge amounts of IP addresses you need to scan or penetration test against?
Are you ready to go into bug bounty hunting on a large scale?
Do you need to do open source intelligence for hundreds of domains and users?

Then you need a scalable and robust system that is easy to build and maintain, easy to control and that can scale in seconds.

During this workshop we will build a system that can use physical computers, virtual machines, cloud based systems, mobile phones, mini computers (system on a chip such as the Raspberry PI) and even microcontrollers such as an Arduino. Basically, if it has a CPU or chip in it we can attach it as a worker.
This system will be robust; a defect part will not affect the system as a whole. It will be cheap by using some cloud solutions and cheap hardware. It will be versatile; we could program it to do whatever we want. All this in the space of under 4 hours.

Some of the tasks we will achieve in this workshop:
- generate rainbow tables on the fly and crack a password
- create an open source intelligence report really fast
- perform a penetration test on a big network comprised of different types of servers (SSH, DNS, web applications, web services ...)
- furthermore we will show how this system can be used to help you get started in bug bounties by doing things like DNS brute forcing


Friday October 6, 2017 13:30 - 17:30
03. Chimay Novotel

13:30

ICS Pentest 101
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

There is a lot of talking about ICS, SCADA and such nowadays, but only few people have the opportunity to get their hands dirty and understand how it works. The goal of this workshop is to give the knowledge required to start attacking Scada networks and PLCs, and give hands-on experience on real devices and have fun hacking a model train !

In this workshop, you will learn the specifics of performing a penetration test on industrial control systems, and especially on Programmable Logic Controllers (PLCs). We will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will discover how they work, how they communicate with the SCADA systems, to learn the methods and tools you can use to p*wn them.

Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring a robot arm and a model train !

Speakers
AS

Arnaud Soullié

Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences... Read More →
AT

Alexandrine Torrents

Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool... Read More →


Friday October 6, 2017 13:30 - 17:30
02. Westmalle University

13:30

Jedi's trick to convince your boss and colleagues
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

/!\ Important Notice /!\

For The workshop, if you have an example of something you want(ed) to communicate within your organization and that you have prepared, please bring it with you or even send it to brucon @ apalala . be. It can be just an idea, a description of something you want to change or promote or even some slides. We'll work on it all together.
-------------------------------------------------------------------------------------------------------------------------------------

Social engineering techniques can be used to hack into companies and help the dark side reach their targets. They can also be used by the light side to help you achieve your objectives: make the company more secure.

How often did you present a good and original solution but your bosses were reluctant to change the current shitty solution? How often did you tried to change processes so they are more straightforward, more efficient, and your colleagues just reject the idea to avoid an additional burden? How often do you try to convince end-users to do the things rights, using videos, presentation, cartoons even, and there's still people doing it wrong?

There is Jedi's tricks for that, its all around you, it is called social psychology and we'll give you the foundations to improve your impact and your success rate. Based on latest researches in Social psychology and neuro-sciences, in persuasive communication and in psychotherapies, this workshop will present you with the few building blocks necessary to build efficient communication or winning negotiations. We'll ask participants to submit, if they will, example of communications or projects they would like to promote or defend. The workshop will be held under Chattam house rules to foster open communication and disclosure.

Of course, the force is the same for the Siths and the Jedis, so you'll be able to use these techniques for both the dark and the light side.

Speakers

Friday October 6, 2017 13:30 - 17:30
04. Orval Novotel

13:30

Mimikatz
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Speakers

Friday October 6, 2017 13:30 - 17:30
05. La Trappe Novotel