Jericho will do no such thing. Presented by Brian Martin Steve christey what. Eliot, puxatony Phil, eugenics, dlp, crowdsourcing, black swans, and narcissism have in common? They are all key concepts for an effective insider threat program. Come hear how the fbi uses a surprising variety of methods to combat insiders. In this session the fbi will provide five key lessons learned about effective detection and deterrence techniques used in the fbi's insider threat program developed over the last decade. The talk will provide insight on how our nation's premier law enforcement agency is detecting and deterring insider threat using a variety of techniques and technologies.
Kingsoft, presentation 2012 - create slideshow files
This includes double free, use-after-free, and over 50 getenv strcpy) bugs statically found from scanning the entire debian repository. Presented by silvio cesare Academic researchers, journalists, security vendors, software vendors, and other enterprising. Enterprises often analyze vulnerability statistics using large repositories of vulnerability data, such as cve, osvdb, and others. These stats are claimed to demonstrate trends in disclosure, such as the number or type of vulnerabilities, or their relative severity. Worse, they are often (mis)used to compare competing products to assess which one offers the best security. Most of these statistical analyses are faulty or just pure hogwash. They use the easily-available, but drastically misunderstood data to craft irrelevant questions based on wild assumptions, while never figuring out (or even asking us about) the limitations of the data. This leads to a wide variety of bias that typically goes unchallenged, that ultimately forms statistics that make headlines and, far worse, are used for budget and spending. As maintainers of two well-known vulnerability information repositories, we're sick of hearing about sloppy research after it's been released, and we're not going to take it any more. We will give concrete examples of the misuses and abuses of vulnerability statistics over the years, revealing which studies do it right (rather, the least wrong and how to judge future claims so that you can make better decisions based on these "studies." we will. Steve will provide vendor-neutral, friendly, supportive suggestions to the industry.
The presentation will introduce the concept of identifying vulnerabilities in operating systems kernels by employing dynamic cpu-level instrumentation over a live system session, on the example of using memory access patterns to extract information about potential race conditions in interacting with user-mode memory. We will discuss several different ways to implement the idea, with special emphasis on the bochspwn project we developed last year and successfully used to discover around 50 local elevation of privilege vulnerabilities in the windows kernel so far, with many of them already addressed. The tool roles itself will be open-sourced during the conference, thus allowing a wider audience to test and further develop the approach. Presented by mateusz jurczyk gynvael Coldwind Bugwise is a free online web service at m to perform static analysis of binary executables to detect software bugs and vulnerabilities. It detects bugs using a combination of decompilation to recover high level information, and data flow analysis to discover issues such as use-after-frees and double frees. Bugwise has been developed over the past several years and is implemented as a series of modules in a greater system that performs other binary analysis tasks such as malware detection. This entire system consists of more than 100,000 lines of C code and a scalable load balanced multi-node Amazon EC2 cluster. In this talk, i will explain how Bugwise works. The system is still in the development stage but has successfully found a number of real bugs and vulnerabilities in Debian Linux.
We explain its workings from the phy layer (raw RF) all the way to the application layer. The bad: Bluetooth Smart's key exchange is weak. We will perform a live demonstration of sniffing and recovering encryption keys using open source tools we developed. The Ugly: A passive eavesdropper can decrypt all communications with a sniffed encryption key using our tools. The fix: we implement Elliptic Curve diffie-hellman to exchange a key in-band. This backward-compatible fix renders the protocol secure against passive eavesdroppers. Presented by mike ryan Throughout the last two decades, the field of automated vulnerability discovery has evolved into the advanced state we have today: effective dynamic analysis is achieved with a plethora of complex, privately developed fuzzers dedicated to specific products, file formats or protocols. Due to market demand and general ease of access, the efforts have been primarily focused around client software, effectively limiting kernel code coverage to a few generic syscall and ioctl fuzzers. Considering the current impact of ring-0 security on the overall system security posture and number of kernel-specific bug classes, we would like to propose a novel, dynamic approach to locating subtle kernel security flaws that would likely otherwise remain unnoticed for years.
A thousand Splendid Suns Essay free essays
We'll present algorithms that run many orders of magnitude faster than a writers brute-force search, including reversing and seeking the prng stream in constant time. Finally, of course, we'll demonstrate everything and give away our tool so that you can perform the attacks during your own assessments. Presented by, derek soeder, christopher Abad, gabriel Acevedo. BlackBerry prides itself with being a strong contender in the field of secure mobile platforms. While traditionally BlackBerryos was based on a proprietary rtos with a jvm propped on top, the architecture was completely overhauled with BlackBerryos. Now the base operating system is the formerly off-the-shelf rtos qnx, which doesn't exactly have an excellent security track record. Moreover, for the first time in bbos history, native code applications are allowed on the platform.
This talk will present an analysis of the attack surface of bbos 10, considering both ways to escalate privileges locally and routes for remote entry. Moreover, since exploitation is only half the work of offense, we'll show ways for rootkits to persist on the device. Last but not least we will settle whether BlackBerry balance really holds what it promises: are mobile devices really ready to securely separate crucial business data from Angry birds? Presented by, ralf-Philipp weinmann Bluetooth Smart, aka bluetooth Low Energy (btle is a new modulation mode and link-layer packet format defined in Bluetooth.0. A new class of low-power devices and high-end smartphones are already on the market using this protocol. Applications include everything from fitness ghostwriter devices to wireless door locks. The good: Bluetooth Smart is well-designed and good at what it does.
To justify the importance of 800-155, in this talk we look at the implementation of the srtm from a vendor's pre-800-155 laptop. We discuss how the bios and thus srtm can be manipulated either due to a configuration that does not enable signed bios updates, or via an exploit we discovered that allows for bios reflash even in the presence of a signed update requirement. We also show how a 51 byte patch to the srtm can cause it to provide a forged measurement to the tpm indicating that the bios is pristine. If a tpm" is used to query the boot state of the system, this tpm-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the bios may not necessarily remove this trust-subverting malware.
To fix the un-trustworthy srtm we apply an academic technique whereby the bios software indicates its integrity through a timing side-channel. John Butterworth, corey kallenberg, xeno kovah. Last year at Black hat, Argyros and kiayias devastated all things pseudorandom in open-source php applications. This year, we're bringing prng attacks to the masses. We'll point out flaws in many of the most common non-cryptographic pseudorandom number generators (prngs) and examine how to identify a prng based on a black-box analysis of application output. In many cases, most or all of the prng's internal state can be recovered, enabling determination of past output and prediction of future output.
lecture march 26, 2014
It addresses many issues of parts scalable malware processing, including dealing with increasingly large data sizes, paper improving workflow development speed, and enabling parallel processing of binary files with most pre-existing tools. It is also modular and extensible, in the hope that it will aid security researchers and academics in handling ever-larger amounts of malware. In addition, we will demonstrate the results of our exploration and the techniques used to derive these results. The framework, analysis modules, and some example applications will be released as open source (Apache.0 License) at Blackhat. ches/240006702/ml m/en/statistics/ as of 4/9/2013. Presented by, zachary hanif, telvis Calhoun, jason Trost. In 2011 the national Institute of Standard and Technology (nist) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) pc client specification for content that should be measured in the bios to provide an adequate Static root of Trust for measurement (srtm).
This huge volume of malware offers both challenges and opportunities for security research especially applied machine learning. Endgame performs static analysis on malware in order to extract feature sets used for performing large-scale machine learning. Since malware research has traditionally been the domain of reverse engineers, most existing malware analysis tools were designed to process single binaries or multiple binaries on a single computer and are unprepared to confront terabytes of malware simultaneously. There is no easy way for security researchers to apply static analysis techniques at scale; companies and individuals that want to pursue this path are forced to create their own solutions. Our early attempts to process this data did not scale well with the increasing flood of samples. As the size of our malware collection increased, the system became unwieldy and hard to manage, especially in the face of hardware failures. Over the past two years we refined this system into a dedicated framework based on Hadoop so that our large-scale studies are easier to perform and are more repeatable over an expanding dataset. To address this problem, all we will present our open framework, binaryPig, as well as some example uses of this technology to perform a multiyear, multi-terabyte, multimillion-sample malware census. This framework is built over Apache hadoop, Apache pig, and Python.
of Android devices, across generations architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works, giving you insight into the vulnerability problem and the exploitation process. Working pocs for major Android device vendors will be made available to coincide with the presentation. Jeff Forristal, over the past.5 years Endgame received 20M samples of malware equating to roughly.5 tb of binary data. In this, were not alone. McAfee reports that it currently receives roughly 100,000 malware samples per day and received roughly 10M samples in the last quarter of 2012. Its total corpus is estimated to be about 100M samples. VirusTotal receives between 300k and 600k unique files per day, and of those roughly one-third to half are positively identified as malware.
We will demonstrate an example of full software bypass of Windows 8 Secure boot due to such mistakes on some of the latest platforms and presentation explain how those mistakes can be avoided. Yuriy bulygin, andrew Furtak, oleksandr bazhaniuk, incident response is usually a deeply technical forensic investigation and mitigation for an individual organization. But for incidents that are not merely cyber crime but truly national security events, such as large-scale disruptive attacks that could be acts of war by another nation, the process is completely dissimilar, needing a different kind of thinking. This talk will discuss exactly how, detailing the flow of national security incident response in the United States using the scenario of a major attack on the finance sector. The response starts at individual banks and exchanges, through the public-private sector information sharing processes (like fs-isac). Treasury handles the financial side of the crisis while dhs tackles the technical. If needed, the incident can be escalated to the military and president especially if the incident becomes especially disruptive or destructive. The talk examines this flow and the actions and decisions within the national security apparatus, concluding with the pros and cons of this approach and comparing it to the process in other key countries. Jason healey, this presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to google in February 2013.
WebAssign - official Site
Keynotes, presented by, gen. Alexander, presented by, brian muirhead. Briefings, spyphones are presentation surveillance tools surreptitiously planted on a users handheld device. While malicious mobile applications mainly phone fraud applications distributed through common application channels - target the typical consumer, spyphones are nation states tool of attacks. Once installed, the software stealthy gathers information such as text messages (sms geo-location information, emails and even surround-recordings. How are these mobile cyber-espionage attacks carried out? In this engaging session, we present a novel proof-of-concept attack technique which bypass traditional mobile malware detection measures- and even circumvent common Mobile device management (MDM) features, such as encryption. Presented by, daniel Brodie, michael Shaulov, windows 8 Secure boot based on uefi.3.1 Secure boot is an important step towards securing platforms from malware compromising boot sequence before the. However, there are certain mistakes platform vendors shouldn't make which can completely undermine protections offered by secure boot.