Troopers 2013 – First Round of Talks Selected

We’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again 😉
Here we go:


Peter Kieseberg: Malicious pixels – QR-codes as attack vectors.

Synopsis: QR-Codes, a version of two-dimensional barcodes that are able to store quite large amounts of information, started gaining huge popularity throughout the last few years, including all sorts of new applications for them. Originating from the area of logistics, they found their ways into marketing and since the rise of modern smartphones with their ability to scan them in the street; they can be found virtually everywhere, often linking to sites on the internet. Currently even standards for paying using QR-codes were proposed and standardized. In this talk we will highlight possible attack vectors arising from the use of QR-Codes. Furthermore we will outline an algorithm for calculating near-collisions in order to launch phishing attacks and we will demonstrate the practical utilization of this technique.

Bio: Peter Kieseberg is a researcher at SBA Research, the Austrian non-profit research institute for IT-Security. He received a Dipl. Ing. (equivalent to MSc) degree in Technical Mathematics in Computer Science from the Vienna University of Technology. His research interests include digital forensics, fingerprinting of structured data and mobile security.

Juan Perez-Etchegoyen & Mariano Nunez: Detecting white-collar cybercrime – SAP Forensics.

Synopsis:  The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it.

Now, the big question arises: Has your SAP system ever been hacked? Is it compromised today? If your answer is “no”, are you sure? Do you know what to look for? Unfortunately, most organizations do not have this knowledge today, which only empowers the bad guys.

For several years at Onapsis we have been researching on how cyber-criminals might be able to break into ERP systems, in order to help organizations better protect themselves. This has enabled us to gain a unique expertise on which are the most critical attack vectors and what kind of traces they leave (and don’t) over the victim SAP platforms.

Join us in the first public presentation on how to do a forensic analysis of an SAP system, looking for traces of a security breach. Learn where fingerprints may have been left, understand which are the available system tools that may help you and which are their limitations. Watch several live demos of security breaches and find out how you may be able to detect that they took place, helping you assess the business impact and track down the attacker.

Rodrigo Rubira Branco: Challenges and more challenges in Malware Analysis (with maybe, some solutions).

Synopsis: It became common for companies to claim they receive hundreds of thousands of APTs daily (do I really need to refer to Raytheon here?). Everybody has been discussing 0days and exploit sales market with incredible high prices. Everywhere we see people mentioning Stuxnet. But in reality, how complex are the attacks nowadays? What are the challenges we facing, are the adversary really advanced, or are we really behind?

This talk mixes technical points with simple economic arguments and tries to criticize the whole industry without using direct punches (or maybe using them, come and see).

Knowing that vulnerabilities do exist and can be exploited and knowing that patching is not enough against advanced attackers, the main piece for the defense is detecting the compromise and reacting accordingly. It takes much more time to build a complex piece of malware that are hardly reusable if the defenses work well then it is to have a reliable exploit. This talk will cover the challenges behind malware analysis (automated malware analysis) and how to overcome them (or not).

Bio: Rodrigo Rubira Branco (@BSDaemon) is the responsible for the Dissect || PE project, an automated malware analysis system available for security researchers to test new ideas and findings. In the past, he worked as Director of Vulnerability & Malware Research at Qualys, as Chief Security Research for Check Point where he released dozens of security vulnerabilities and was awarded by Adobe as one of the top contributors for vulnerabilities in 2011. He also worked as Senior Vulnerability Researcher for Coseinc and Staff Software Engineer in IBM. He is the organizer of H2HC (Hackers 2 Hackers Conference), the oldest security research conference in Latin America.

Daniel Mende & Pascal Turbing: Paparazzi over IP.

Synopsis: Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON’s new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and the services running upon those. Not only did we discover weak plaintext protocols used in the communication, we’ve also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the “upload to the clouds” feature resulted in an image stealing Man-in-the-Imageflow. We will present the results of our research on cutting edge cameras, exploit the weaknesses in a live demo and release a tool after the presentation.

Bios: Daniel Mende is an ERNW security researcher specialized on network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including Troopers, Blackhat, CCC, IT Underground and ShmooCon. Usually he releases a new tool when giving a talk. Pascal is his co-genius (think of Master Blaster in “Mad Max Beyond Thunderdome” ;-).

Marcus Niemietz: UI Redressing Attacks on Android Devices.

Synopsis: In this presentation, we describe novel high-impact user interface attacks on Android-based mobile devices, additionally focusing on showcasing the possible mitigation techniques for such attacks. We discuss which UI redressing attacks can be transferred from desktop- to mobile- browser field. Our main contribution is a demonstration of a browserless tap-jacking attack, which greatly enriches the impact of previous work on this matter. With this technique, one can perform unauthorized home screen navigation and attempt actions like (premium number) phone calls without having been granted appropriate privileges.

To protect against this attack, we introduce a concept of a security layer that catches all tap-jacking attempts before they can reach home screen/arbitrary applications.

Bio: Marcus Niemietz is a professional security researcher at the Ruhr-University Bochum in Germany. He is focusing on Web security related stuff like HTML5 and especially UI redressing. Marcus has published a book about UI redressing and clickjacking for security experts and Web developers in 2012. Beside that he works as a security consultancy and gives security trainings for well known German companies. Marcus has spoken on a large variety of international conferences.

Chema Alonso: Your IPv6 default config meets FOCA (…and starts to cry).

Synopsis: Your laptop is probably working on IPv6 and probably you even don´t know it. Probably you need to stop configuring your IPv4 address when you cannot connect to your fileserver but you don´t know it. In this talk you are gonna see how an attacker can take advantage of your IPv6 default configuration in your laptop… with the Evil FOCA }:))

Bio: Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politecnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including BlackHat Briefings, Defcon, ShmooCon, HackCON, Ekoparty and RootedCon. He is a frequent contributor on several technical magazines in Spain, where he is +involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors.

Twitter: @chemaalonso


More talks to follow next week, so stay tuned 😉
Merry Christmas to everybody, have some peaceful days, and a Happy New Year!


Leave a Reply

Your email address will not be published.