lunes, 3 de junio de 2013

Españoles por la Blackhat Arsenal USA 2013

Los días 31 de Julio y 1 de Agosto de este año tendrá lugar la Blackhat Arsenal Usa 2013. Esta edición del evento se viene realizando desde el año 2010, y desde entonces son muchos los españoles que han pasado por allí.

Como bien indica David Barroso en un post de su blog, a lo largo de estos años son varios los españoles que han pasado por allí:

Acaban de publicar el listado de herramientas y autores aceptados para la edición USA 2013, y participaremos nada más y nada menos que 3 españoles, entre los que me encuentro incluído! :)

Así que con muchas ganas de que llegue el esperado día, os paso la descripción oficial de las herramientas que publicaremos:

OSfooler: Remote OS Fingerprinting is over by Jaime Sanchez
Using commercial tools to secure your network is recommended, but it is necessary to be one step further to keep the system secure. With this technique you can give that step in order defend your servers against the first phase of all attacks Fingerprinting. This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.

This tool is a practical approach for detecting and defeating:
     - Active remote OS fingerprinting: like Nmap or Xprobe
     - Passive remote OS fingeprinting: like p0f or pfsense
     - Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting

Some features are:
     - No need for kernel modification or patches
     - Highly portable
     - Will emulate any OS
     - Capable of handling nmap and p0f fingerprint database (beta phase)
     - Transparent for the user
     - Undetectable for the attacker
     - Available for your Linux laptop, server and mobile device

Sorry guys, remote OS fingerprinting is over.

Dude, WTF in my car? by Alberto Garcia Illera

The car ECU tuning market is weird. There is little help from people already in it, and most of the equipment is expensive. Well, not anymore! We will show a tool that was built under $25, and that is able to bypass all the security in the car ECU, based of a BOSCH EDC15 and EDC16, which has RSA 256 and seed/key algorithm protection. We will show live demonstrations of how the tool works, with logic analyzer and explanation of all the processes that take place.

Blackhat Arsenal gives a unique opportunity to have a close look at tools, so we will explain the most practical side of our tool instead of going deep into the low level explanation, to exploit the most of BH-Arsenal concept. All of this will help the end user to realize that even cars, have secrets that can be “unlocked”..

Triana by Juan Garrido
I am going to be presenting a new tool for analysing malware or possible threats in certain scenarios where the malware is not accessible or, because legal requirements, it’s not possible to provide access to the files to the researchers. This is also a good starting point for newcomers and well-established forensic and malware researchers who want to quickly analise possible threads.

In my talk we’ll start with current status of malware analysis. Companies that cannot afford having a security team dealing with incoming threads and still want to be responsive against targeted attacks. How they can do it? How we can provide them with a solution to prevent infections?

Altought this is a good start, people will find sometimes themselves without access to all the information… even without access to the file! How we can do the previously presented analysis if we cannot access the faulting file? We’ll present different solutions to obtain enough information about the malware using only public available information.
Finally we’ll present Triana, a tool for collecting and analysing all this information and integrate it into a report (DOCX and JSON) that will consolidate the results and provide a score about the malware thread.

An example of report can be found here.