Agenda

Workshops

(tentative times)

09:00 - 13:00 PowershellForensics (Sold-Out)

Assume Breach. The question is not "if" you will be breached, but when you will be breached. The capability to quickly triage suspicious indicators is more important than ever. Traditional digital forensics applications are great for individual investigations, but often abstract many of the underlying concepts and analyze more slowly. This workshop will teach you the basic functionality of PowerForensics, an open source forensics platform based in PowerShell. Additionally, we will discuss how to decipher forensic data to build a contextual story around the activity.

During the workshop you will:

• learn powershell and powerforensics basics
• understand the basics of the NTFS file system
• recover deleted files
• analyze system activity through forensic timelining

14:00 - 16:00 Fuzzing C/C++ Programs (Sold-Out)

Fuzz testing is an efficient way to find vulnerabilities and a very popular technique among security researchers. Some projects use fuzzing as part of their Continuous Integration systems. It helps to find not only vulnerabilities, but also catch stability issues and other regressions. Purpose of the workshop is to teach attendees to fuzz different C/C++ projects in an efficient way using modern tools.

During the workshop you will:

• understand the basics of fuzzing
• write several libFuzzer-based fuzzers for different projects
• find Heartbleed and other known bugs by yourself
• learn how to analyze and to improve your fuzzer
• perhaps find some 0-days :)

Fuzzing experience is not required.

16:00 - 18:00 TLS Analysis with O-Saft (Sold-Out)

End-to-end encryption is a major precondition in modern IT to ensure confidentiality and integrity. Many mature solutions exist for securing data, but TLS/SSL is mainly used for transport layer security. Even TLS does its job behind the scenes, it is a crucial factor that is works in the intended secure way.

It is not obvious, even not simply visible, if a connection using TLS fulfils all expected security requirements. This can be checked with various tools. Such tools most often check for known insecure ciphers, some insecure configurations, and some well known vulnerabilities.

This workshop will demonstrate how to use the tool O-Saft to perform these checks:

• independent of the operating system and installed libraries;

• in closed Intranet environments and with limited resources;

• various protocols: SMTP, POP3, IMAP, LDAP, RDP, XMPP, ...

• checking all, even unknown ciphers;

• checking for known vulnerabilities;

• testing multiple servers at once and scripting tests;

• formatting and post-processing the results.

Talks

Coming soon...