BSides Charlotte 2016 Schedule
Friday, May 6th 2016
Physical Penetration Testing
8am - 5pm
Keith A. Pachulski (@sec0ps)
Class Description: This training presentation will be a complete walk through on how to perform physical security tests. This is NOT a lockpicking class. We will be covering common tools and tactics used to gain access to target facilities as well as provide videos from real world testing and hands on demonstrations of physical and electronic tools. Additionally, common issues that penetration testers encounter will also be discussed. Such as personal psychological issues (insertion mentality), manipulating people efficiently, and understanding the most common physical security controls encountered during testing. Additional topics to include: - Onsite and remote advance work (recon/surveillance) - Penetration of the external barriers - Penetrating the facility/internal barriers - Penetrating the people (security personnel and attacking human targets) - Deploying low power boxes on the network for remote network access and audio/video surveillance.
Introduction to Exploit Development by Pandatrax
8am - 5pm
Doug Rodgers (@pandatrax)
Class Description: This is an introductory class into the world of exploit development. The class will teach you how to write stack based exploits on the Win32 platform. We will break out a debugger to see what buffer overflows look like and discuss methods that take advantage of them. You will learn how certain protection mechanisms behave and discover ways to circumvent them. In the process, you will come to love how Assembly looks in the dim glow of your monitor and that moving bytes around a stack is not as scary as it sounds. If you are willing to take the red pill, I'll help you discover how deep the rabbit hole can go.
About the Instructor: Pandatrax has been working in the information security field for 18 years. He is currently a lead security engineer on a malware analysis and forensics team for a multinational company. Prior to this role, he has worked in multiple security fields including network intrusion analysis, firewall management, malware protection, as well as UNIX and wireless security. Exploit development is a hobby that he does in his free time. He loves to figure out how things work and sharing information with anyone that will listen to him.
Prerequisites: It is recommended that students have the following:
- The ability to administer Linux/Windows systems in virtual environments.
- The ability to read/write simple scripts.
- Experience using Metasploit
- The desire to take things apart and understand how things really work.
Class Requirements: Students are required to bring their own laptops with the following requirements:
- Laptops need enough processing power and RAM (4GB of RAM recommended) to run up to 2 virtual machines at the same time.
- VMWare Workstation or VirtualBox (No VMWare Player, need the ability to take snapshots)
- Windows 7 SP1 Virtual Machine
- Kali Linux
- ou must have admin rights on all of your systems in order to install/remove software, disable/remove antivirus/firewall, etc.
Please be aware that VM installation instructions will be sent after registration. Save yourself time and wait for them before building the VMs!!!
Saturday, May 7th 2016
Opening Remarks
8:45am - 9am
Jon Molesa (@th3mojo)
Unstick your PAM Program: Lessons from the Field
9am - 9:30am
Lance Peterman (@lpeterman)
Its agreed that privilege elevation is a key component in the kill chain for any successful breach. So why aren't we better at protecting privileged access in the enterprise? A follow-on to Lance's 2014 talk on PAM, he'll share his experiences with managing privileged access and offer some tips on how to get your PAM program unstuck.
Red Team Panel Discussion
9:30am - 11:15am
Matthew Becker, Kelly O'Donnell and Keith Royster
Charlotte Red Team managers will discuss and share their experiences around building Red Teams with the audience. There will be time at the end for the audience to ask questions as well. Come hear directly from the folks involved in building the teams on the cutting edge..
The Rise of Ransomware: A Look at CryptoWall, TeslaCrypt and Locky
11:15am - Noon
Paul Burbage (@hexlax)
Ransomware quickly became big business for miscreants conducting cybercrime. This talk will examine how the latest ransomware families TeslaCrypt, CryptoWall, and Locky are distributed and ways to combat their infections. We will also discuss the ways in which these malware actors are preserving their OpSec, bugs in their malware code, and vulnerabilities of their command-and-control (C2) and distribution infrastructure.
Lunch
Noon - 1pm
At the Mountains of Malware
1pm - 2pm
Wes Widner (@kai5263499)
At the Mountains of Malware is a "how to" setup a malware pipeline of your own. This talk includes pointers on obtaining a steady stream of malware, extracting features from malware, and finally how to go about generating actionable threat intelligence from that malware. This talk will include hands-on demonstrations of each component of the malware pipeline.
CryptoLocker Ransomware Variants Are Lurking “In the Shadows,” Learn How to Protect Against Them
2pm - 3pm
Ryan Nolette
Recently, attackers employing a CryptoLocker variant have been removing volume shadow copies on systems, disallowing the users from restoring those files and then encrypting the files for ransom. If a user cannot recover from backups, he/she is at the attacker’s mercy.
Hacking With REST For Love
3pm - 4pm
Drew Green (@agreenbhm)
In this talk we will discuss how to use REST APIs for application and exploit development. We will then go step-by-step through how I used these techniques to exploit a mobile dating app, turning it into the ultimate stalker tool.
Smashing the Stack to Building ROP Chains with Gadgets in 60 minutes
4pm - 5pm
Doug Rodgers (@pandatrax)
There is a perception that it is hard to write exploits. Some think that a deep understanding of Assembly language is required or the ability to speak in binary is necessary. This talk will cover easy methods to help you break into the field. We will discuss what buffer overflows are, how certain protection mechanisms are implemented, and methods to get around those protections. By the end of the talk, you'll know how to setup your development environment, utilize Python to generate your exploit code and be familiar with other tools that can help you. Not all vulnerabilities are easy to exploit, but this information will get you up and going.
50 Shades of Red: Lessons Learned from Red Team Engagements
5pm - 6pm
Keith Royster and Jared Haight (@jaredhaight)
Red Team assessments and exercises are creating a great deal of buzz these days, as they provide one of the truest forms of measuring detection and response controls through various simulated real-world attacks. Both security engineers and companies are intrigued by the idea of a “gloves off”, no-holds-barred assessment designed to simulate what a determined attacker would REALLY do given the opportunity. In this talk, members of the Gotham Digital Science Charlotte team will discuss what they have learned from leading and performing Red Team-style engagements for their clients. Throughout this talk, the team will cover both sides of the assessment: what it’s like to be an engineer performing the assessment and what a company can expect when they hire a Red Team. Finally, using recent case studies including phishing, vishing, physical security, and other social engineering tactics, we’ll cover common pitfalls, specialized techniques, and how to determine if you have what it takes for an intense Red Team experience.
Closing Remarks
6pm
Jon Molesa (@th3mojo)