Happy 2016 everyone! We are exactly 2 months away from the start of TROOPERS16!! Speakers and Trainers across the globe are polishing (or in some cases creating) their PowerPoints to use while delivering their highly technical and entertaining talks. While we here at TR HQ are busy tweaking orders, creating challenges to boggle the mind and test your skills, and of course working on some top secret fun. 😉
Your TROOPERS Team
Graeme Neilson & Vladimir Wolstencroft: Cloud Seeding or Finding weird machines in the cloud crowd sourced economy.
Our sharing economy is defining many aspects of our lives, how we travel, order food, book accommodation and date. Our lives are being transformed by cloud crowd sourced apps.
What if we the assumptions we are making about the real world, based on the data we are seeing is incorrect, or even worse controlled by malicious parties.
Can we seed the cloud with our own mischievous intentions and ideas? What happens when the attackers are the crowd? What happens when driver and rider collude? Can we affect the real world with our sky cleaning? Can we make it rain from our mobiles?
Bio: Graeme Neilson, Chief Research Officer, RedShield Security. https://www.redshield.co
- Netscreen of the Dead: Developing a Trojaned ScreenOS for Juniper Netscreen Appliances (2010)
- Tales from the Crypt0 (2011)
- DISCQO: “Discourse on Implications for Security and Crytpography from Quantum Oddness” (2012)
- Reverse Engineering (2013)
- BlueVoxing – Attacking Audio One Time Passwords at 1100Hz (2013)
Bio: Vladimir Wolstencroft, Senior Security Consultant, Aura Information Security. https://www.aurainfosec.com
“When world’s collide!” is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber savvy citizens. Cyber was once the exclusive domain of digital denizens but now digital digits can reach out and “touch” someone.
As more and more discretion is taken away from human operators and assigned to autonomous & semi-autonomous systems, our safety becomes dependent on ubiquitous sensor networks that are “Connected”. New threat catalogs are required to design systems that are safe and secure. The speaker will articulate the attack surface, move beyond the hype and propose reasonable response strategies for surviving in a world where cyber and physical intersect.
The session blends several timely themes; Cyber, IoT, Pervasive Surveillance, Privacy, M2M Communications, Discretion and Trust Enhanced Risk Management in a unique way designed to educate practitioners to the necessity of understanding multiple domains -when worlds collide.
Use cases which will articulate architectural attack surface characteristics and mitigation approaches. In addition, using the “Evil Robot” taxonomy, the speaker will introduce a novel Risk Assessment Process for quickly profiling ANY Cyber-Physical system and identifying relative risk rankings.
Two example use cases:
1. Air traffic control systems use a lot of sophisticated tracking, communication systems and autonomous warning systems to keep travelers safe. However, it is ultimately the “human” operators that make the key decisions. What does the introduction of autonomous and semi-autonomous drones mean to this ecosystem? How much discretion will the “human” operators be entrusted?
2. Every day human operators of vehicles must make decisions concerning signaling, accelerating and stopping. Would autonomous or semi-autonomous vehicle apply the same logic? How would an autonomous vehicle apply discretion in the face of a “no win decision” – Hit the elderly person crossing the street or swerve and hit a school bus?
The presentation will articulate how to use this the risk & trust assessment process as a practical decision support tool, which will allow the user to quickly determine the controls they have at their disposal to exercise with discretion and which systems limit or do not afford any user discretion, control or choice.
Example: In the city, my autonomous vehicle might have limited user/operator discretion because of vehicle densities and local ordinance. I may also have to deal with the added cost of special licenses or regulations. However, in the country I have more discretion over lane changes and speed. Given the lack of control in the city, I might choose a taxi or rental car, given I can’t enjoy the experience of driving my own vehicle and must endure the added costs. The decision points become much clearer with this level of visibility and understanding.
Who should attend? Anyone charged with securing and protecting critical infrastructure with cyber-physical components and intersections.
Bio: Bryan K. Fite: A committed security practitioner and entrepreneur, Bryan is currently a Senior Cyber Physical Security Consultant at BT. Having spent over 25 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn’t. Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor. “The challenges facing organizations today require a business reasonable approach to managing risk, trust and limited resources while protecting what matters.”
He is also the creator of PacketWars™ (packetwars.com) the World’s premier Cyber Sport.
- Data Loss Protection – Hope or Hype? (2008)
- The truth about outsourcing security (2010)
- Panel: “Targeted Attacks – Hype or Reality?” (2013)
Richo Healey: unrubby: reversing without reversing
FIRST TIME TROOPERS SPEAKER
Obfuscating code is typically the domain of native code, or at least statically dispatched bytecode VM’s. Despite this, the rise of SaaS companies, combined with the existing enterprise market is producing increased interest in attempts to obfuscate more dynamic, and higher level languages.
Presented will be a tool call unrubby, which uses a novel technique to generally defeat all obfuscation engines currently on the market. Instead of analyzing the obfuscated source, we abuse the dynamism of the containing vm to insert our instrumentation after the loader has run.
Furthermore, by instrumenting runtime behaviour of the VM itself, attempts to obfuscate the resulting bytecode can be largely overcome without paying much heed to the techniques used, providing significant durability against upstream development, and excellent coverage on black box targets.
While the implementation presented is targeted toward MRI, the gold standard ruby interpreter, the techniques are applicable to all languages with a dynamic bytecode VM.
Bio: I’ve spoken at Kiwicon, DEF CON, 44con amongst other various security conferences. I’ve previously held engineering roles across various facets of the indiustry, including (defensive) security, operations, reverse engineering, and software engineering.
Currently, I work on the security engineering team at Stripe, a payments company based out of San Francisco.
Travis Goodspeed KK4VCZ & Christiane Ruetten DD4CR: Reverse Engineering a Digital Two-Way Radio
The Tytera MD380 is handheld transceiver for the Digital Mobile Radio(DMR) protocol, also known as MotoTRBO. It has an ARM CPU, a funky baseband that’s only documented in Chinese, and a powerful transmitter that puts your wifi card to shame. In the past few months of weekends, we have (1) jailbroken the hardware to allow for free extraction and modification of firmware, (2) broken the hilarious crypto so that we can wrap and unwrap updates from the official tool, (3) reverse engineered enough of the firmware to patch in new features, (4) made room for large firmware modifications by creative abuse of Chinese fonts, and (5) wrapped all of this into a handy, freely available toolset. Soon enough, we hope this work will lead to new firmware, written from scratch to run on existing hardware.
This fun and fast-paced lecture describes the nifty tricks that we used in reverse engineering this radio, as well as what to look for in securing your own embedded systems against unwanted tampering.
Bio: Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. When he’s not reverse engineering radio firmware, you can find him preaching on top of a milk crate at your local conference.
Bio: DD4CR doesn’t like her name, so she prefers to go by CR. You can also call her KK4CR. Besides hacking on amateur radio things, she’s hacking the IoT at Mozilla for a living, with past journeys through Web security, malware analysis, mobile network security, journalism, mathematics and physics.
It is not too late to sign-up for TROOPERS16!
See you in a couple months!