Just realized that I forgot to include the full abstracts in yesterday’s post. For your reading pleasure and to learn more about some of the mysterious titles read below. I would also like to formally announce the logo of our Gold sponsors … from the tag-team duo of @digininja and @webbreacher.
“Red Team Upgrades: Using SCCM for Malware Deployment”
by Matt Nelson (@enigma0x3)
With red teaming, it pays to hide in plain sight. Lateral movement that blends in with the noise can be a challenge in some environments, making living ‘off the land’ with built-in functionality all the more important. Why not use the very administration tools against the sysadmins who rely on them? Microsoft’s System Center Configuration Manager (SCCM) is one such tool.
This presentation will focus on abusing SCCM for escalation and lateral movement within a Windows enterprise. Topics covered will include what SCCM is, typical deployment scenarios (including relevant security measures), why it serves as an excellent attack platform, and how to use it offensively in a targeted manner. Welcome to SCCM: Microsoft’s automated malware deployment solution.
“Jailbreaking a Digital Two-Way Radio”
by Travis Goodspeed (@travisgoodspeed)
The Tytera MD380 is a handheld UHF radio, used by businesses, radio amateurs, and perhaps a cash-strapped military or two. When I bought my first MD380, the firmware was locked and protected, so I used a few nifty tricks to dump the bootloader, patch away its protections, and dump the main application. This quick lecture describes a few of those tricks, leading up to a promiscuous mode patch for the application firmware, turning the radio into a scanner.
“CheapBugs.Net : Low-End Bug Bounties for the Masses”
by Dean Pierce (@deanpierce)
In recent years a number of noble efforts have emerged to scour dangerous bugs from commonly used software. The culture of relying on infosec charity to fix all our bugs came up a bit short. Newer approaches revolving around bug bounties seem to be helping, but gaps remain. In this talk I will announce cheapbugs.net, a new project designed to help compensate researchers who find those low end bugs that no one else seems to care for.
“Failure to Warn You Might Get Pwned”
by Wendy Knox Everette (@wendyck)
This talk will attempt to address the second question in that tweet, by exploring how product liability suits might help consumers who suffer harm from vulnerabilities in software that vendors are aware of but do not patch. It will discuss legal concepts but in a non-legalese manner, and explain how products liability suits might someday help protect consumers.
“GreatFET, a Preview”
by Michael Ossmann (@michaelossmann)
The GreatFET project is developing an extensible open source hardware platform for diverse hardware hacking needs. Intended as a successor to the GoodFET project, GreatFET will provide greater capabilities without increasing cost. In this preview I will show functional prototype hardware and describe the project accomplishments to date.
“Fuck You, Pixalate!”
Come listen to me tell you a true infosec tail about Pixalate, an ad reputation service that fancied themselves information security professionals. Pixalate laid claim to the discovery of the “Xindi botnet”, claiming millions in lost revenue due to “ad impression fraud”.
Whether or not the botnet actually exists (which, believe it or not, still has yet to be proven), Pixalate managed to royally screw up everywhere they could. Learn how not to interact with security researchers, how not to perform customer notification, and how not write security research reports (aka threat intelligence reports)
If there’s time left over, I might be tempted to tell other Infosec tales.
by Ron Bowes (@iagox86)
DNS is a fun protocol to use for command and control, not to mention data exfiltration! Ron has been developing dnscat2 for years for just that purpose, and will demonstrate the latest and greatest features in his demo-based talk!
See you all Friday night!