Talks
BioHacker: The Invisible Threat
Len Noe
Biohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies.
I have multiple sub-dermal implants that range from NFC, HID/Prox and RFiD devices. This allows me to become the attack vector. In this talk, I provide a brief overview of the types of bio-implants on the market and share various case studies on the potential damage malicious biohackers can inflict.
I also demonstrate how I am able to quickly compromise loosely connected devices and open a reverse TCP Shell to a CnC server through my attack L3pr@cy in under three minutes.
Finally, I show how I steal HID Proximity Card Data and write that back to the implant. This avoids any physical evidence of a breach. This also allows me to gain access to data as well as physical access to secured locations.
As security professionals, we must anticipate the unknown. These include any individuals that enter our facilities or are simply around us in public. These types of attacks are becoming more common. A majority of security community are not aware they exist. Discussions on what was once thought to be science-fiction are now science fact.
Through continuing education on phishing and social engineering attacks, tightening MDM restrictions, endpoint management, behavioral analytics, least privilege and privileged access, we can take preventive measures around the threats we can’t see.
Since the discovery of Spectre and Meltdown, the security community has put a lot of effort into discovering new speculative execution attacks but still built on top of variants of the same speculation techniques, for example, by mistraining yet another predictor, and much less attention was devoted to the analysis of the root causes of speculation itself.
This paper tackles the problem from a new perspective, closely examining the different root causes of speculative execution, and specifically focusing on the unexplored class of speculations based on machine clears (MC). By reverse engineering the root causes machine clear, such as Floating Point, Self-Modifying Code, Memory Ordering, and Memory Disambiguation, these events not only originate new speculative execution windows that widen the horizon for known attacks, but also yield two entirely new attack primitives which affect all major CPU vendors: Intel, AMD and ARM. The primitives are called Floating Point Value Injection (FPVI), used to inject speculative floating-point values in subsequent instructions and Speculative Code Store Bypass (SCSB) used to microarchitecturally desynchronize code and data, triggering speculative execution of stale code. The paper also presents an end-to-end FPVI exploit on the latest Mozilla Firefox browser, leaking arbitrary memory through attacker-controlled and speculatively-injected floating-point results in JavaScript, affecting millions of users. Finally, the paper presents a new root cause-based classification of all known speculative execution paths, to clarify the whole speculative execution attacks scene.
Security products are often the ideal target for those who want to attack a system by weakening it from within. From encryption equpment to VPNs, from encryption software to chips, in recent years alarms have been raised about the possible presence of backdoors or serious vulnerabilities in products meant to be safe. How can we draw the line between paranoia and reality?
In the last two decades, we have witnessed to the sophistication of malware
attacks which, now, require advanced techniques and new approaches to be detected. AI-powered
solutions can help in amplifying the subtle signals of sophisticated attacks and allow
security analysts to take immediate actions. After a brief introduction on defensive
artificial intelligence, we will dive into the aspects of defensive machine learning and
show how advanced techniques can be used to detect real-world cyber attacks performed by
famous threat actors. The last part of the presentation will explore how AI can be also
used to enhance attackers' capabilities.
Since their introduction, fault attacks has been used as a meaningful
way to subvert a computation running on embedded devices. Historically,
one of the first means of injecting faults were by using the lights
emitted by a (homemade modified) flash camera. Such technology evolved,
such that today there exists very expensive laser technologies, able to
inject very precise faults on top notch devices. At the same time,
projects like the chipshouter, from NewAE, propose for a few thousand
dollars, electromagnetic means to inject faults. In this work we show
that one can start working on fault attacks with 0$ by using a
disposable camera flash and a bit of soldering to obtain a meaningful
way to inject EM shots into a chip.
Nowadays most of the (published) attacks are related to computers and servers. However, we are moving toward a future of micro electronic devices that will pervade not only industry and urban infrastructure, but our entire lives.
In this new world, 5G technology will be the main glue in terms of connectivity and the Internet of Things will be subject to the same issues we're currently facing in information technology, but with a much higher risk as the security of both public and private critical infrastructure is at stake.
In this session we will give an overview on how to address the security of interconnected electronic devices from both an attack and defense perspective.
Starting from simple microcontrollers, which do not even have a MMU, we will analyze some of the most effective attack/defense techniques related to the intrinsic architecture of embedded systems.
We will also review the main hardware features that make a micro controller potentially secure, provided that secure embedded programming strategies are adopted.
At the end of the session, a smattering of modern cyber resilience strategies applied to connectivity will be given.
The talk is about the escalation path we used to acquire the server(s) administrator credential during the cyber activities conducted for a large bank customer.
The architecture we tested was designed by a customer's supplier as PoC to achieve a hybrid-working model while providing the same, if not higher, security standards the bank was providing to the usual in-house activities. Starting from a VDI system (Citrix), we have been able to overtake the virtual system bypassing the env restrictions and using the VDI as a jumping point to the (testing) internal network.
Chaining different critical misconfigurations, we have been able to achieve different kinds of malicious actions, from sensitive data exfiltration till acquisition of admin server(s) rights.