CONFERENCIAS

SHMOOCON

Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, and Line) and will put our focus on WhatsApp.

WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 350 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We've discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message), or how to spoof messages manipulating sender address information.

We'll also release a new version of our tool with different protection layers: encryption, anonymity, and using a custom XMPP server. It's necessary to implement additional measures until WhatsApp decides to take security seriously.


DEEPSEC

Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. 

The threat to mobile devices, however, is not limited to rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions. Android continues to be a primary target for malware attacks due to its market share and open source architecture.

Nowadays, several behaviour-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices but only about 30 percent of all Android smart phones and tablets have security apps installed.


NOCONNAME

Con el escándalo de PRISM se ha empezado a plantear si no sólo Microsoft, Google, Apple o Facebook están colaborando con gobiernos para espiar los comportamientos de sus ciudadanos. ¿Será WhatsApp una de estas empresas?. ¿Almacena WhatsApp las conversaciones de sus usuarios?.

El principal objetivo de la investigación es añadir una nueva capa de seguridad y privacidad que garantice que en el intercambio de información entre los integrantes de una conversación tanto la integridad como la confidencialidad no puedan verse afectados por un atacante externo.

Para ello se desarrolla un sistema que permite anonimizar y cifrar las conversaciones y datos enviados mediante WhatsApp, de tal forma que cuando lleguen a los servidores no estén en “texto claro” y sólo sean legibles para los legítimos propietarios.

DERBYCON

Sun Tzu once said ”Know your enemy and know yourself, and in a hundred battles you will never be defeated”. Cyberwar is upon us, and APT is too common nowadays and we need to think about new tricks to avoid it, being one step ahead to keep your systems secure. You can give that step in order defend your servers against the first phase in all APT operations: Fingerprinting.

This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them:
  • Active remote OS fingerprinting: like Nmap or Xprobe (with Live Demo: Laptop and Mobile)
  • Passive remote OS fingeprinting: like p0f or pfsense (with Live Demo: Mobile)
  • Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting (with Live Demo: Laptop)

There will be a many live demos, and will release OSfoller, that have some interesting features:
  • No need for kernel modification or patches
  • Highly portable and configurable
  • Will emulate any OS
  • Capable of handling nmap and p0f fingerprint database (beta phase)
  • Transparent for the user
  • Undetectable for the attacker
  • Available for your Linux laptop, server and mobile device

Sorry guys, remote OS fingerprinting is over…
 

DEFCON 21

Being popular is not always a good thing and hereís why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection framework that will be the first open source Android IDS on network level.

This open source network-based intrusion detection system and network-based intrusion protection system has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks, featuring: Protocol analysis, Content searching and Content matching.

In IDS/IPS mode, the program will monitor network traffic and analyze it against a rule set defined by the user, and then perform a specific action based on what has been identified. With the help of custom build signatures, the framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts (like nmap or p0f), server message block probes, etc.
 

BLACKHAT ARSENAL USA

This tool is a practical approach for detecting and defeating:
     - Active remote OS fingerprinting: like Nmap or Xprobe
     - Passive remote OS fingeprinting: like p0f or pfsense
     - Commercial engines like Sourcefire's FireSiGHT OS fingerprinting

Some features are:
     - No need for kernel modification or patches
     - Highly portable
     - Will emulate any OS
     - Capable of handling nmap and p0f fingerprint database (beta phase)
     - Transparent for the user
     - Undetectable for the attacker
     - Available for your Linux laptop, server and mobile device

Sorry guys, remote OS fingerprinting is over... TBA  

NUIT DU HACK

What if you could enqueue from kernel space to user space all your incoming and outgoing network connections? Maybe you could develop some offensive/defensive applications to modify headers and payloads in real time, to detect unauthorized traffic like dns tunneling connections or to fool some well known network tools. This will be showed in Linux-powered devices.

It will be explained too some remote OS fingerprinting techniques, both active and passive, implemented in tools like nmap, p0f, or vendor appliances, and a how to defeat them. This technique doesn't need virtual machines or kernel patches, and is highly portable to other platforms.
 

ROOTEDCON

El objetivo de la charla es explorar las ventajas que nos va brindar la posibilidad de encolar el tráfico TCP/IP desde el espacio de kernel hacia el espacio de usuario. Esta técnica permite gran cantidad de aplicaciones prácticas, ofensivas y defensivas, como modificar tráfico entrante/saliente en tiempo real, crear un sniffer de red, detectar tráfico no autorizado como conexiones por dns tunneling, falsear respuestas a herramientas de red como traceroute etc.

Finalmente se explicará más en profundidad las diversas técnicas de detección de sistema operativo, tanto activas (nmap) como pasivas (p0f). Generaremos las respuestas específicas para engañarlas y se verán pruebas de concepto contra herramientas y dispositivos de seguridad conocidos, como Sourcefire, pudiendo evadir de forma sencilla los motores de detección de sistema operativo que implementan.