Program #RomHack2019

28 Settembre 2019

Attacco e Difesa

Playlist dei talk di #RomHack2019
10:30 - 10:45
Apertura evento
[ Video ]

10:45 - 11:30
Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it
Since the beginning of distributed personal computer networks, one of the toughest problem has been to provide a secure SSO and authorization experience between unrelated servers/services. The OAuth 2.0 authorization framework enables 3rd party apps to obtain discretionary access to a web service. Built on top of OAuth, OpenID Connect is a helpful “identity layer” that provides developers with a framework to build an authentication system.
In this race of providing OAuth/Open ID Connect based access to assets, authorization service providers have been forced to release half-baked solutions in the wild because of which relying parties and users face myriad of issues ranging from authorization code compromise (unauthorized resource access) to account takeovers.
In this talk we will discuss common malpractices that "relying party" and "authorization service provider" developers perform when implementing OAuth/OpenID based solutions. We will learn the attacks that can happen thereof and mitigation.

Argomento: Attacco
Lingua:

11:30 - 12:15
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
We found pre-auth RCEs on multiple leading SSL VPNs, used by nearly half of the Fortune 500 companies and many government organizations. To make things worse, a "magic" backdoor was found to allow changing any user's password with no credentials required! To show how bad things can go, we will demonstrate gaining root shell from the only exposed HTTPS port, covertly weaponizing the server against their owner, and abusing a hidden feature to take over all VPN clients!
[ Descrizione completa ]

Argomento: Attacco
Lingua:

12:15 - 13:00
Reverse engineering di dispositivi IoT: hacking di un router domestico
Il reverse engineering del firmware di dispositivi IoT è descritto con un esempio su un router di casa. Il processo è basato sulla raccolta di informazioni di hardware e software; sulla costruzione di un ambiente di emulazione, che faciliti il debugging, utilizzando QEMU e sulla costruzione, con Buildroot, di un kernel e di un root file system; su tecniche per analizzare, compromettere e modificare il firmware.
[ Descrizione completa ]

Argomento: Attacco
Lingua:

13:00 - 14:30
Pranzo

14:30 - 15:15
Red teaming: dal badge al dominio
Benchè parlare di "Red Teaming" sia visto come molto "cool" e diverse aziende ne parlino, sul proprio sito web, spesso e volentieri quello che viene poi fornito al cliente è nulla più che un penetration test (avanzato, ma sempre penetration test rimane).
Dal canto nostro, abbiamo speso circa sei mesi per preparare un'attività di Red Teaming, sia dal punto di vista tecnico che dal punto di vista legale arrivando poi ad effettuare tale attività, dalla durata di circa due mesi.
Durante il talk, avremmo il piacere di condividere la nostra esperienza, i dettagli che devono necessariamente essere curati e alcuni aneddoti divertenti.
[ Descrizione completa ]

Argomento: Attacco
Lingua:

15:15 - 16:00
How to impress your management when you are an Active Directory noob?
Being appointed by the top management to secure the Active Directory of a multinational, I faced difficulties with IT admins. Especially when you deal with merger, acquisition and companies located in other countries!
So I had to develop my own tool to collect information without involving the admin. It started with collecting trust information of my domain (that admins were reluctant to give) and I added over time more and more information.
This talk will focus on the experience I gathered on the field to protect a very complex & multi domain environment and I'll present the result of my research: the tool PingCastle.

Argomento: Difesa
Lingua:

16:00 - 16:45
SAFE: Self Attentive Function Embedding for Binary Similarity
Deep Learning has been shown to be very effective when applied to binary analysis. In this talk we will present SAFE, an open source tool using a recurrent neural network to create similarity preserving vectorial representations of binary functions (the so called embeddings).
Using them it is possible to detect if two functions are similar or not, thus embeddings can be a useful support for reverse engineering.
As example, they permit to identify library functions inside a binary even if we don't have access to the exact compiled version of the linked library. Moreover, embeddings can be used also as a signature for vulnerability discovery and malware hunting.
Finally, embeddings permit to identify the behaviour of a function, such as encryption.

Argomento: Difesa
Lingua:

16:45 - 17:00
Saluti
[ Video ]

19:00 - 24:00
Capture The Flag

Cyber Saiyan

Cyber Saiyan è l'associazione che cura l'organizzazione di RomHack
Seguici e supportaci facendo una donazione o diventando socio

Privacy policy