Troopers15 – First Round of Talks Selected

We’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again ;-).
Here we go:

Jacob Torrey – The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization        FIRST TIME MATERIAL

Synopsis: In this session, a new hardware-level attack on PCIe is presented as an example for the implicit trust your organization places in 3rd parties. These implicit trust relationships that are typically overlooked will be closely examined under the lens of “InfoSec debt” and providing guidance to InfoSec decision makers on the ROI or risks of adding additional IT services/appliances to an organization’s network.
The “InfoSec debt” metric can then be tracked over time and provides an intuitive way to explain the cost/benefits of IT security to other organizational stakeholders.

Bio: Jacob Torrey is a Senior Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively
with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. He has spoken at many top-tier security conferences including Black Hat USA, THREADS and ORNL’s CISRC.


Florian Grunow & Felix Wilhelm: General Pr0ken File System – Hacking IBM’s GPFS         FIRST TIME MATERIAL

Synopsis: The IBM General Parallel File System (IBM GPFS) is a high performance cluster file system powering some of the world’s biggest super computers. Customers range from “Infiniti Red Bull Racing” to the “Bayrische Börse AG”, as well as many universities around the globe. This makes it a prime target for attackers as not only the data stored in the file system is valuable, but also the machines running the GPFS are quite powerful, too.
Besides presenting a detailed overview of the GPFS architecture and the flaws that come with it, we walk through the discovery and exploitation of a bug that looked simple at first but developed to a very special journey into the guts of GPFS.

Flo gave the “Hacking Medical Devices” talk at Troopers14.
Felix gave the “Compromise-as-a-Service. Our PleAZURE” talk on Hyper-V exploitation at Troopers14.


Ivan Pepelnjak: IPv6 Microsegmentation Done Right          IPv6 Security Summit

Layer-2 security (aka first-hop security) is as problematic in IPv6 as it was in IPv4 almost a decade ago. We need to fight the same problems that we had to solve in IPv4 world (DHCP spoofing, ND spoofing instead of ARP spoofing) and a few new ones unique to the IPv6 world (rogue RAs, fragmented headers).
What if we’d stop relying on large failure domains built with 40-year-old technology that still emulates thick coaxial cable (Ethernet), admit that many network edge devices support IPv6 routing as well as L2 forwarding, and limit Ethernet to where it was designed to be used: data link layer between adjacent devices.
Is it possible to build a layer-3-only IPv6 network without assigning a /64 prefix to every host and exploding the IPv6 forwarding tables? This presentation will explore alternative solutions that work well in large-scale production environments.

Bio: Ivan Pepelnjak, CCIE#1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars.

At Troopers15 he will also give a talk about “Automating Network Security” at the main conference and a 1-day workshop “Software Defined Data Center” on Mar 17th (Tuesday).
At Troopers14 he gave the “Software Defined Networking and Security” talk and contributed to the IPv6 Security Summit with a talk on “IPv6 High Availability Strategies“.


Benedikt Stockebrand: Hardware YOU can (Audit and then) Trust

Synopsis: While it is long known to the security community that attacks against hardware are among the hardest threats to deal with, some work is under way to create cryptographic hardware that is designed to be difficult to subvert in real world scenarios.
While it remains true that an attacker with unlimited resources can’t be stopped, the IT industry has for decades made large scale “sweeping” attacks ridiculously easy for “intelligence” agencies and other entities alike. But stopping to ask “how can we prevent this technically” -which we can’t anyway – and starting to ask “how can we make this so expensive that it isn’t affordable even to THEM” is a change in strategy which is both promising and long overdue.
Both the speaker’s personal pet project, a cryptographically secure hardware random number generator, and the much larger Cryptech project aiming to build a full-blown hardware security module (HSM), have already provided exciting insight into the possiblities and limitations of these approaches.



Martin Gallo – HoneySAP: Who really wants your money?         SAP Security Track

Targeted attacks against ERP systems and enterprise software are not something new, however they only started appearing in the media in recent years. On the other hand, we also have new kinds of attacks by means of malware and malicious programs. Understanding the motivations and techniques adversaries use to target systems where company’s most valuable assets reside is crucial to understand the nature of the attacks and the defense strategies.

This talk will introduce HoneySAP, a low-interaction research honeypot aimed at learning the techniques, tactics and motivations behind the attacks against SAP systems. When deployed, HoneySAP will be able to mimic services shown by regular SAP systems suitable for both internal and external network profiles, as well as integrate with other honeypots and attack feed systems. Creating HoneySAP involved hours of learning and understanding the inner-workings of the implemented services, how to mimic their behaviour and the best strategies to with clients. We would like to share some of the lessons learned and hope to encourage discussions about potential applications and uses of HoneySAP, as well as welcome contributions to the project.

Bio:  Martin Gallo is Security Consultant at CORE Security, where he performs application and network penetration testing, conducts code reviews and identifies vulnerabilities in enterprise and third party software. His research interests include enterprise software security, vulnerability research and reverse engineering. Martin has given talks at Troopers, BruCON and DEF CON conferences.

In addition to the above talk Martin plans to give a 2-hour DIY workshop “Practical attacks against SAP services” on Thursday (Mar 20th).
At Troopers14 Martin gave the “SAP’s Network Protocols Revisited” talk.


More talks to follow in a few days, so stay tuned ;-).

See you @Troopers & have a great weekend everybody


Leave a Reply

Your email address will not be published. Required fields are marked *