Troopers 2013 – Second Round of Talks Selected

We’re very happy to announce the second round of Troopers 2013 talks today (first round here).
Some (well, actually most ;-)) of these talks haven’t been presented before, at any other occasion, so this is exciting fresh material which was/is prepared especially for Troopers.

Here we go:


Andreas Wiegenstein & Xu Jia: Ghost in the Shell. FIRST TIME MATERIAL

Synopsis: Security conferences in the past years have made it clear, that common security vulnerabilities such as SQL Injection, XSS, CSRF, HTTP verb tampering and many others also exist in SAP software. This talk covers several vulnerabilities that are unique to SAP systems and shows how these can be used in order to bypass crucial security mechanisms and at the same time operate completely below the (forensic) Radar. We uncovered undocumented mechanisms in the SAP kernel, that allow launching attacks that cannot be traced back to the attacker by forensic means. These mechanisms allow to *actively* inject commands at any time into the running backend-session of an arbitrary logged on user, chosen by the attacker. We named this attack mechanism “Ghost in the Shell”. We will also demo how to use this attack vector to distribute malware to the attacked user’s client machine despite mechanisms in the SAP standard that are designed to prevent this.

Bios: Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed countless SAP code audits and has been researching security defects specific to SAP / ABAP applications. As CTO, he leads the CodeProfiler Research Labs at Virtual Forge, a team focusing on SAP/ABAP specific vulnerabilities and countermeasures. At the CodeProfiler Labs, he works on ABAP security guidelines, ABAP security trainings, an ABAP security scanner as well as white papers and publications. Andreas has trained large companies and defense organizations on ABAP security and has spoken at SAP TechEd on several occasions as well as at security conferences such as Troopers, BlackHat, HITB, RSA as well as many smaller SAP specific conferences. He is co-author of the first book on ABAP security (SAP Press 2009). He is also member of [LINK], the Business Security Community.

Xu Jia is researching SAP security topics since 2006. His focus is on static code nalysis for ABAP and he is the lead architect for a commercial SCA tool. Working in the CodeProfiler Research Labs at Virtual Forge, he also analyzes (ABAP) security defects in SAP standard software. Xu has submitted a significant number of 0-days to SAP, including multiple new forms of attack that are specific to SAP software. He already presented some of his research at the 16th IBS security conference, 2012 in Hamburg.

Ivan Pepelnjak: Virtual Firewalls – the Good, the Bad and the Ugly. FIRST TIME MATERIAL

Synopsis: Anything is marketed as a virtual firewall these days, from contexts on physical boxes to hypervisor kernel modules and VMs with a kitschy GUI in > front of iptables. This presentation will walk you through the virtual firewalls taxonomy, describe the major architectural options, and illustrate typical use cases with products from few established virtual firewall vendors (Cisco, VMware, Juniper, Vyatta/Brocade) and startups (LineRate Systems, Midokura).

Bio: Ivan Pepelnjak, CCIE#1354 Emeritus, is the chief technology advisor at NIL Data Communications. He has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s author of several Cisco Press books , prolific blogger and writer, occasional consultant, and author of a series of highly successful webinars.

[Ed.: let me summarize: he’s just a guru in his space!]

Steffen Wendzel – The future of data exfiltration and malicious communication. FIRST TIME MATERIAL

Synopsis: This talk discusses practical aspects of recent developments of the scientific community in the area of network covert and side channels. The talk will highlight new covert channel techniques which cannot be entirely prevented with state of the art techniques as well as it will discuss side channels in networks (including building automation networks) as a subset of covert channels.

Covert and side channels not only allow policy-breaking communication (e.g., for journalists or botnets) but additionally allow the remote monitoring of persons in buildings — a problem that is linked to the sensitive field of Ambient Assisted Living (AAL) and eHealth.

Using these techniques, future attackers can monitor inhabitants in buildings, can adapt their covert channels automatically to new circumstances (e.g., change firewall rules or statistical changes within the network traffic), and can dynamically route in covert channel overlay networks.

Bio: Steffen Wendzel is a 3rd year PhD student at the University of Hagen and a researcher at the Augsburg University of Applied Sciences. He is author of various scientific/professional papers and four IT-related books. His latest book “Tunnel und verdeckte Kanäle im Netz” (Springer-Vieweg) deals with network covert channels. His research interests comprise network covert channels, network protocol engineering and TCP/IP protocols, network security, administration and programming of Linux/Unix/BSD systems, and building automation security.

Matthias Luft & Michael Thumann – Pitfalls of Vulnerability Rating & A New Approach Called ERRS (ERNW Rapid Rating System). FIRST TIME MATERIAL

Synopsis: Just as most IT operations, security management has to deal with a permanent lack of resources. In order to address this lack and carry out effective security management and operations, the prioritization of tasks is crucial. This also holds true for the handling of data resulting from security assessments and vulnerability management. Even though there are several approaches for the rating of findings and vulnerabilities out in the wild, those hide several pitfalls (such as a lack of support for “chains and composites” or blurry impact perspectives) which will be outlined during this presentation. We will also present a new approach in vulnerability metrics that will allow a rapid rating both for auditors and internal governance departments and allows agile security practitioners to deal with “decision entropy”.

Bios: Matthias Luft is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he developed his own approach in evaluating and reviewing all kinds of applications, technologies, and securtiy concepts. He’s one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention. During the last years, he focused on the area of cloud security and presented on scalability issues and trust assessments of cloud service providers. He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

Michael Thumann is the Chief Security Officer and the head of the ERNW’s application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and buffer overflows in web servers or VPN software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first German book on pentesting that has become a recommended reading at German universities.
In addition to his daily pentesting tasks he is a regular conference-speaker (incl. several Black Hat events, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and to reverse almost everything to understand the inner workings.

Alex Rothacker – Hacking and Defending the big 4 Databases. UPDATED MATERIAL

Synopsis: According to the Identity Theft Resource Center, in the past year and a half, there have been nearly 900 breaches and over 28 million records compromised. With the likes of Anonymous, LulzSec and government sponsored attackers continuously hacking into major corporations and government agencies, do you wonder if you’re next? No organization, industry, or government agency is immune to the proliferation of complex attacks and malicious behavior. Ensuring database security is a priority for organizations interested in protecting sensitive data and passing audits. Over the course of this presentation, a description of sophisticated methods used in invading enterprise databases will be discussed, and the evolution of the security issues and features in each will be provided. A demonstration of new and popular attacks will also be presented. The presentation will conclude by proposing essential steps IT managers can take to securely configure, maintain databases, and defend against malicious breaches entirely.

Bio: Alex Rothacker is the Director of Security Research for Application Security, Inc.’s (AppSec) TeamSHATTER.
In his role, Alex manages a team comprised of some of the world’s most renowned databases security researchers. TeamSHATTER is regularly credited for identifying critical database vulnerabilities and misconfigurations in leading database management systems. As an evangelist for database security, he is a regular speaker at security conferences and contributor to various security blogs. Before joining AppSec, Alex was a Director of Solutions at Visionics, a facial recognition software start-up. In addition, Alex has held various senior-level positions in the software industry. Alex holds an M.S. in Computer Science from New Jersey Institute of Technology and Diplom Informatiker(FH) from Fachhochschule Darmstadt (Germany).


More talks to follow soon… so stay tuned 😉

See you @Troopers, have a great evening everybody

Leave a Reply

Your email address will not be published. Required fields are marked *