WOPR Summit

Archive of Past Events

2019 - Talks from WOPR 0x00

SirepRAT: RCE as SYSTEM on Windows IoT Core

"Windows IoT Core is Microsoft's go on embedded and IoT devices, and already runs in enterprise environments and commercial handheld products, as well as in cool DIY projects. Windows IoT Core shares much of Windows 10 kernel, but it cannot be identical, right? Right! It needs to be efficient resources-wise, it should forget irrelevant features, and it must surely add new IoT-oriented features. Moreover, it is set to be deployed on various boards and sets of hardware, so a low-level access for developers is better be provided, to make it dev-friendly. The following RCE method presented here shows how dev-friendly == hacker-friendly: Along with known remote interfaces (SSH, WEB...), Windows IoT Core exposes a less-known interface, used by HLK for driver/HW tests. We examined this service & protocol, and will release a tool called SirepRAT that exploits them for RCE as SYSTEM, requiring no auth. Full internals of this proprietary protocol will be presented, that show how it undeliberately exposes a remote command interface for attackers, including RAT abilities such as get/put files on arbitrary locations and obtaining system information. While other dev interfaces are password protected, this method shows a new way to control the device bypassing any authentication."

SLIDES

Presented by Dor Azouri || Dor Azouri is a security professional, having 7+ years of unique experience in the sec field. Currently doing research @SafeBreach, previously serving in various sec positions @IDF. His experience involved security from many angles: starting with data analysis, to network research, and now mostly software research. Dor likes to investigate all types of creatures - the bad ones such as malware and ransomware, and the good ones like windows components. Dor presented at DEFCON, Hackfest, DeepSec and OWASP AppSec IL.

Ham Hacks: Breaking into Software Defined Radio

"RF Signals are all around us: unlocking doors, carrying our phone calls, and sending our data. What if you could intercept and listen to these signals? Would you search for spy planes flying over your home? See if your baby monitor is leaking your private conversations to your neighbors? Or maybe just listen to the emergency services radio? In this talk we'll cover how to get started with Software Defined Radio (SDR) in an InfoSec context. First, we will cover some of the basics of radio communications. Next, we'll go over the hardware and software aspects you need to understand to get started intercepting signals. Finally, we'll share some amazing stories of how people have used SDR to hack into doors, phones, and planes."

SLIDES

Presented by Kelly Albrink || Kelly Albrink (CCNA CyberOps, GCIH, GSEC, OSCP, GWAPT, Sec+) is a Security Analyst at Bishop Fox. In this role, she focuses on red teaming, network penetration testing, and hardware security. Kelly has presented at a number of Bay Area events including Okta's inaugural security conference, Okta Rex, Day of Shecurity, and the DeadDrop San Francisco Meetup. She is a recipient of the SANS CyberTalent Immersion Academy scholarship, and is an active CTF participant. Kelly has competed in the NetWars Tournament of Champions, a national invite-only competition that admits only those who have placed highly in regional CTFs. In addition, she volunteers with her local hackerspace, Noisebridge, where she organizes Infosec Lab Nights and mentors aspiring penetration testers. Kelly holds a Bachelor of Arts from New York University with a major in Literature.

Being Q. Designing Hacking Gadgets

"[No summary provided]"

Presented by Kentaro / @elkentaro || [No presenter bio provided]

Extracting Information from Academia

"Getting information in and out of the academic sphere can be a daunting task, especially if you aren't familiar with how academia works at higher levels. The knowledge you seek may be hidden behind paywalls, may be delayed by severe lag in the academic process, or it may just be difficult to find. Whether you are looking for specific papers, graduate level course materials, or are nurturing your curiosity, this presentation promises to provide you with a myriad of ways to access that information so you can learn, be inspired, and do some research! "

Presented by Brittany / @Straithe || Brittany (@Straithe) is a recovering academic that has recently started working for GRIMM as a Computer Systems Analyst. Her research is often a combination of human-computer interaction, social robotics, embedded systems, privacy, security, or some subset of these topics. She is always excited to see pictures of robots that you've seen, if you've got any available!

An Introduction to IoT Penetration Testing

"IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The security of these devices is critical as more of these insecure devices come to market. As professional we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT security, wireless communications, reverse engineering, and an introduction Software Defined Radio."

SLIDES

Presented by Charles Sgrillo / @libertyunix || With 10+ years' experience in Information Technology, Charles has held positions in the field such as Principal Consultant, IP Security Systems Specialist, Systems Engineer, and Penetration Tester. Charles is a Certified Ethical Hacker, a Certified Information Systems Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Charles is currently a doctoral student at Capella University researching cyber and information security. His research has explored topics such as digital forensics, red team penetration testing, deep learning, IoT, and software defined radio. His graduate research thesis demonstrated the effects physical security systems can play in penetration testing and security assessments.

The 'Art' of The BEC - What Three Years of Fighting Has Taught Us

"Senior Threat Researcher with Agari, has been fighting and trolling BEC scammers for over three years with the help lots of friends. Like, more than 600 of them, and many are feds, too! The industry has started to gain a deep understanding with all of the intricate parts of BEC, such as romance scams, lottery scams, real estate scams, account takeover, wire fraud, W2 fraud, IRS scams, gift card scams, and direct deposit scams, just to name a few. How are all of these related and what can you do to start protecting yourself? And as always, #NotAVendorPitch"

Presented by Ronnie Tokazowski / @iheartmalware || [No presenter bio provided]

1-877-shodan4kidz

"This session will introduce and demo the capabilities of shodan.io the search engine of internet of things. This will show different techniques on how to find devices that are vulnerable throughout the internet. We will go over the basic functionality, demo a real live device that is in the system that is insecure, how to navigate and execute data in the exploit database, find databases and so on. This is a beginner course on how to do the basics of penetration testing through a very simple yet powerful tool."

Presented by Maria Enokian / mr.potato head || Mr. Potatohead is a 'Security Professional', that has had an avid interest in security since she was a little girl. The greatest accomplishment is jumping into a fire of uncertainty and not becoming a baked potato. Now has achieved becoming the Director of an organization, Mr.PotatoHead strives for greater achievements to come.

Hiding In Plain Sight

"As long as people have been sending messages, they have been finding ways to hide them. With the era of the computer, older methods such as invisible ink and knitting may have been phased out but modern equivalents have sprung up in their place. Join 5C4R48 in a journey through the methods employed by spies in the old days and techniques employed by hackers in the modern world."

Presented by Carson Owlett / @5C4R48 || [No presenter bio provided]

Hacking The Human Body With Off The Shelf Parts

"Seeking my own DIY Evolution grinding as it were through ‘off the shelf parts' and creating my own shadow run as it were, what started as a wearable for a red-teamer now is becoming an implant for a professional magician as a commissioned project. C00p3r talks about the trials of this build and what he has learned to go into the 2nd gen build already being planned now."

Presented by c00p3r / @c00p3r_7 || c00p3r has a background in varied tech support and security roles which have provided him experience in Linux, Mac and Windows environments. His own entry to the ‘cyborg' Biohacker culture has been by augmenting his body with both NFC and RFID chips through ‘Dangerous Things' products which were available at the BdyHaxCon in Austin, TX. His curiosity about the technology has led him to found the Dangerous Minds Podcast which has become a vehicle to dig deeper into the subjects of biohacking, grinding, implantable technology, locksport, and network security by interviewing leaders in these fields and learning from their experience, for more information about this go to www.dangerousminds.io . Since DMP's founding c00p3r has gone on to partner with dangerous things and vivokey to help promote the technology and assist people in acquiring new upgrades for their own grind.

One Man Army – How to be the first Security Engineer at a company

"How often have you heard that ‘Early stage startups don't care much about Security because if there is no product, there is nothing to secure?' Although there is merit in the argument that startups need to build product so as to sustain and grow, it often puts the person in charge of securing them in a tricky position. For most startups, this person is the first Security Engineer who can be somewhere between the 10th to 300th employee. By the time the first Security Engineer is on-boarded the attack surface has usually become quite large and he or she faces an uphill battle to go about securing the organization. In such cases, the Security Engineer needs to perform as a ‘one-man army' keeping the attackers at bay."

Presented by Kashish Mittal || Kashish Mittal is a Security Researcher and Engineer. He currently leads the Security initiative at MileIQ, a Microsoft startup. He has worked for companies such as Elevate Security, Duo Security, Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF player. He is a member of PPP (CMU's elite CTF group). Prior to joining Duo, he did Security Research at Cylab, Pittsburgh. He has a BS and a MS from Carnegie Mellon University with a focus on Security.He is passionate about delivering Security awareness and training for employees, college students and high schoolers etc. He has presented his research and work at various Security conferences.

InfoSuck: The Nasty Bits Of The Industry We Want To Tell Noobs But Aren't Allowed To In Polite Company

"There are hundreds of blogs, papers, tweets, etc that give the lowdown on *How to break into Infosec*. There aren't any that help to guide these poor sheep past the offer letter. We're not allowed to talk about getting laid off or fired. We're told to not discuss our salaries with each other because its 'impolite'. We're discouraged from discussing these things for fear of being blacklisted or being thought of as 'unprofessional', damaged goods. Well, fuck all that. Why do you want to hear about this stuff from me? I've been through all of it. I've been RIF'd (Reduced in Force) 3 times, fired once, managed out, re-org'd, etc and still figured out how to feed my family. You want to hear me talk about it because someone needs to let these poor noobs know how to navigate an industry that preaches loyalty & attachment with one hand, then slaps you with the other when the balance sheets don't shake out. These are war stories about all the stuff we're not allowed to talk about in polite company."

Presented by Danny Akacki / @rand0h || [No presenter bio provided]

Function Hooking 101 - A Crash Course On Hooking

"*'The term hooking covers a range of techniques used to alter or augment the behavior of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components.' - Wikipedia* This give us the ungodly ability to read/modify a function's argument(s)/return's value, detour execution flow, and 'replace' a function's logic. A crash course on how to achieve this power, how to detect it, and how to fix it - all the while breaking an EDR product."

Presented by Hoang || [No presenter bio provided]

A Hacker's Guide to Military Grade Anonymity

"Don't you just hate that feeling when you look out your window and see a party van on the other side of the road? Let's rewind the tape a bit and take a look at some of the things you could have done to avoid special attention from the fuzz. This talk will cover some of the tricks of the trade employed by hackers that are facing real world adversaries including anonymizing payments, setting up an anonymized connection to the clear net, and anonymizing your communications."

Presented by Alejandro Caceres/  hyp3ri0n || Alex is an exploit developer and security-focused software developer. He owns Hyperion Gray working on DARPA-funded research projects. When not doing that he's doing security research, climbing, lifting, watching movies, or reading comic books with co-owner/wifey Amanda and their dogs Kali and Danger and cat Aurora.

2019 - Workshops from WOPR 0x00

Red and Blue Tactics for Real Cyber Conflict

"Adversary emulation offers defenders the ability to view their networks from the perspective of a specific threat actor. Acting on objectives is the end goal for criminals, red teamers, espionage groups, and *APT* teams alike. Maintaining constant access to an environment over long periods of time, is a means to this end. Sometimes attackers can outlive an incident response consultancy or budget, in a commonly observed but scarcely talked about, post incident response setting. There are many well documented talks for gaining domain admin and escalating through an environment but few that discuss what to do once you have active defenders trying to stop you. This talk will discuss methods, tools, and techniques for maintaining long term, persistent access to an environment, in what we like to call the Aggressive and Prepared Threat (AAPT) approach, observed by both criminal and government hacking groups. Essentially, the Aggressive and Prepared Threat is focused on combating defenders for full control of various machines or entire networks. The Aggressive and Prepared Threat usually works on a shorter timeline with more noisy, impactful, and destructive techniques, when compared to more traditional adversaries focusing on stealth. Think of it like a street fight for control of your network. One of the AAPTs core goals is to overwhelm the defense and gain more control of the environment than the defenders. We will explore maintaining access in an environment with strong detection, active incident responders, all while persisting on various systems and maintaining access to the goals over prolonged periods of time. We will demonstrate this methodology through using a combination of open source and custom tools, showing how attackers can beat detection and out live an incident response team. We will also show how defenders can combat this type of adversary and take back their network from such a dominating threat. Join us for a fun time exploring both red and blue tactics for real cyber conflict."

SLIDES

Presented by Dan Borges / @1jection || Taylor Sano / @jackson5_sec || Philip Pineda || [No presenter(s) bio(s) provided]

Strategies for your projects: Concept to Prototype

"You may have thought about *'Hey, wouldn't it be cool to build something that does XYZ'*, or have a protoboard of shields, wires and things that would raise the eyebrow of an airport screener, but are dubious as to your next steps? Join this session where we will cover common design techniques, software and hardware that will get you over the finish line and having parts come in the mail!"

SLIDES

Presented by Russell Handorf / @dntlookbehindu || Dragorn / @KismetWireless || [No presenter(s) bio(s) provided]

Trust in Waves: An introduction to packet radio with AX.25 and elliptic curve cryptography

"This hands-on workshop will demonstrate how to use cheap chinese radios in combination with audio modem software to create long distance communication networks. We'll start off by introducing the equipment and protocols common to packet radio as well as a brief history of the medium. Participants will encode digital data using audio to transmit messages over UHF and VHF radio frequencies using their own equipment and equipment provided by the instructor. Once the group has a foundational understanding of the technology and how to use it, we'll introduce a new open source protocol and software package called Chattervox[1]. Chattervox is a packet radio chat protocol with support for digital signatures and binary compression; think IRC over radio waves. In the United States, it's illegal to broadcast encrypted messages on amateur radio frequencies. Chattervox respects this law, while using elliptic curve cryptography and digital signatures to protect against message spoofing. Participants will be introduced to the protocol by its author and have the opportunity to influence its development. The protocol has received a warm and exciting welcome by amateur radio enthusiasts, but this workshop will mark the first large-scale use of the protocol by a group. [1] [1] https://github.com/brannondorsey/chattervox "

Presented by Brannon Dorsey || Brannon Dorsey is an artist, programmer, and security researcher who uses technology and reproducible electronic media to navigate difficult terrain. He employs open software tools to create experiences that excite and empower individuals and collaborative communities rather than create passive users/consumers. Brannon's work encourages a digital literacy that celebrates the truly profound technological era that we now live while remaining skeptical of the ways that this technology is being used on and against us. Brannon has been featured in various publications and articles, including WIRED, Motherboard, The Creator's Project, Hackaday, Bloomberg, The New York Observer, Boing Boing, The Register, and rtl-sdr. His work has shown in Japan, Mexico, New York City, Chicago, Los Angeles, Miami, Atlanta, Washington D.C., Philadelphia, and his hometown of Richmond, VA, among other places. He has shown in group exhibitions at the Virginia Museum of Fine Arts, the Miami Art Museum, the John F. Kennedy Center for the Performing Arts, and the Smithsonian's American Art Museum.

Detection and Incident Response with osquery

"This workshop is an introduction to osquery, an open source SQL-powered operating system for instrumentation and analytics. Osquery was created by the Facebook Security team and is actively being developed by Facebook and the open source community. It is currently used by many companies for collecting host forensics and proactively hunting for abnormalities."

SLIDES

Presented by Javier Marcos / @javutin || Javier Marcos is a citizen of the shell and a CYBER practitioner. Current member of the Department of ServerLand Security at BitMEX. Contributor of osquery and creator of the Facebook CTF platform. His happy place is /bin/bash

DNS Security

"This talk/workshop will be focusing on DNS, how to run DNS services securely, and other aspects of DNS security. Topics will include DNSSEC, DNS Cookies, TSIG keys, service architectures, and the basics of running your own private resolver."

Presented by @tallwireless || Charles Rumford works as an IT Architect for the University of Pennsylvania as part of the Network Engineering group. His primary responsibilities are around network architecture with a focus in security, routing, wireless, identity and access management, network usability, network segmentation, and network virtualization. He takes a cross disciplinary approach to solving problems, leveraging his background in Linux systems administration and degree in computer science. His recent completed projects include deployment of an IoT wireless network, a new wireless guest network, campus border firewalls, and network designs for cloud connectivity. When not moving a mile a minute in the IT world, Charles enjoys knitting, tower bell ringing, spending time with his cat, and riding bikes. He also volunteers for a number of organizations in and beyond the IT community.

Embedded engineering: A simple NFC reader

"Explore the world of embedded computing and make your own NFC reader! We'll be building software and putting some off-the-shelf boards together to make a simple NFC reader to demonstrate what's possible with even very small microcontrollers."

Presented by Dave Riley || Dave Riley is a former-ish embedded hardware/software/FPGA engineer with a weak spot for vintage and other resource-constrained computers. He currently works at FireEye designing APIs and backends for their products. Like most nerds, he collects hobbies.

Reverse Engineering Web Applications

"This session will run down advanced JavaScript debugging techniques that can be used to reverse engineer a production web application. We'll go over how to intercept and modify requests, rewrite JavaScript on the fly, and use the Chrome Devtools Protocol to give you control over the browser runtime. These techniques can also be used to reverse engineer and hook into Electron-based applications like Visual Studio Code and Slack. While the strategies shown are frequently used to reverse engineer web applications they are advanced debugging skills that will help you in everyday development as well."

SLIDES

Presented by Jarrod Overson || Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense, the service that protects the world's largest companies against automated attacks like credential stuffing. Jarrod is a frequent speaker on modern web threats and cybercrime and has been quoted by Forbes, the Wall Street Journal, CNET. He's the author of O'Reilly's Developing Web Components, creator of Plato, a static analysis tool for web applications, and frequently writes and records topics about reverse engineering and automation.

2019 - Sponsors