Finding Triggered Malice in Android Apps

Traditional techniques to detect malice in Android apps struggle to identify trigger-based changes to application logic. Unfortunately, such triggers are a key component of targeted malware, where the trigger is the mechanism that ensures that the code is only executed at the target. This talk will review how static analysis can be used to detect and leverage triggers for more robust detection.

Speakers

Christopher Kruegel ( @lastlinelabs ) 

Currently on leave from his position as Professor of Computer Science at UC Santa Barbara, Christopher Kruegel’s research interests focus on computer and communications security, with an emphasis on malware analysis and detection, web security and intrusion detection. Kruegel previously served on the faculty of the Technical University Vienna, Austria. He has published more than 100 peer-reviewed papers in top computer security conferences and has been the recipient of the NSF CAREER Award, MIT Technology Review TR35 Award for young innovators, IBM Faculty Award and several best paper awards. He regularly serves on program committees of leading computer security conferences and speaks at industry events such as Black Hat and RSAC.

Detailed Presentation:

The State of End-User Security—Global Data from 30,000+ Websites

We live in a rapidly changing environment. Mobile commerce is skyrocketing, browsers/OS are changing, web applications enable increasing functionality—yet the only thing that seems constant is the amount of flaws and vulnerabilities we find in these software components. Using data from more than 30,000 websites, this session will explore the state of security ecosystem and myths and assumptions.

Speakers

Andreas Baumhof ( @abaumhof )

Andreas Baumhof, Chief Technology Officer, ThreatMetrix, is an internationally renowned cybersecurity thought leader and expert with deep experience in the encryption, PKI, malware and phishing markets. Prior to ThreatMetrix, Baumhof was an Executive Director, CEO and Co-founder of Australian-based TrustDefender, a leading provider of security and fraud detection technologies. Baumhof previously served as Co-founder and Chief Technology Officer of Microdasys Inc., a leading provider of deep content security solutions. While there, he developed the first SSL proxy and has patents pending in Europe and the U.S. Baumhof holds a degree in mathematics and computer science from the University of Munich, Germany.

Detailed Presentation:

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

Speakers

Roee Hay ( @roeehay )

X-Force Application Security Research Team Lead, IBM

Roee Hay leads the X-Force Application Security Research Team in IBM Security. His team focuses on discovering new vulnerabilities and has published dozens of papers or advisories in the past, including several ones in Android.

Detailed Presentation:

Hacking Exposed: The Mac Attack

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.

Speakers

Dmitri Alperovitch ( @DAlperovitch ); George Kurtz ( @George_Kurtz ) 

Dmitri Alperovitch is the Co-founder and CTO of CrowdStrike Inc., leading its Intelligence, Technology and CrowdStrike Labs teams. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft. Prior to founding CrowdStrike, Alperovitch was a Vice President of Threat Research at McAfee, where he led the company’s global Internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions and gave those incidents their names.

George Kurtz, President/CEO and Co-founder of CrowdStrike, former CEO/Founder, Foundstone, and former Executive Vice President and worldwide CTO of McAfee, is an internationally recognized security expert, author and entrepreneur. Kurtz holds a B.S. degree from Seton Hall University. He also holds several industry designations, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Public Accountant (CPA). Kurtz also authored the best-selling security book of all time, Hacking Exposed: Network Security Secrets & Solutions.

Detailed Presentation:

What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016

Next generation wireless standards define MU-MIMO, which promises 4x capacity gains. This session compares different multi-antenna technologies (SM, STBC, BF, MU-MIMO). It describes the subtle mistakes wireless security experts make sniffing wireless traffic. It explains how MU-MIMO introduces new challenges in capturing wireless traffic, which could make wireless sniffing near impossible.

Speaker

Avril Salter (@avrilsalterUSA)

Wireless Implementation Architect, Salter & Associates

Dr. Avril Salter is an author and a world-renowned specialist in wireless deployments. She has over 20 years of experience in both the wireless and computer industries. She has held executive and technical positions at small startups and major corporations, including IBM, Intel, Microsoft, Motorola and Sprint. Salter played key roles in making first GSM phone call in Frankfurt in 1991, the first CDMA deployment in Hong Kong, and the roll-out of WiMAX in China and the United States. She has worked extensively on the highly successful 802.11 Wi-Fi technology, and is a Cisco CCNP Wireless and CCNA Security certified. Salter received her Ph.D. in engineering from the University of Reading, UK. She currently resides in California.

Detailed Presentation

Hacking Exposed: The Mac Attack

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.

Speaker

Dmitri Alpxrovitch ( @DAlperovitch ); George Kurtz ( @George_Kurtz )

Co-Founder & CTO, CrowdStrike

Dmitri Alperovitch is the Co-founder and CTO of CrowdStrike Inc., leading its Intelligence, Technology and CrowdStrike Labs teams. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft. Prior to founding CrowdStrike, Alperovitch was a Vice President of Threat Research at McAfee, where he led the company’s global Internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions and gave those incidents their names.

George Kurtz, President/CEO and Co-founder of CrowdStrike, former CEO/Founder, Foundstone, and former Executive Vice President and worldwide CTO of McAfee, is an internationally recognized security expert, author and entrepreneur. Kurtz holds a B.S. degree from Seton Hall University. He also holds several industry designations, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Public Accountant (CPA). Kurtz also authored the best-selling security book of all time, Hacking Exposed: Network Security Secrets & Solutions.

Detailed Presentation

Hacking Exposed LIVE: Attacking in the Shadows

Attackers have found compromise trivial for decades. But as additional security layers get deployed and next generation solutions come to market, attackers are turning to old and new techniques for bypassing security controls to launch their attacks and stay hidden. This session will explore the latest techniques and how simple defense techniques can foil even the most sophisticated attacks.

Speaker

Stuart McClure (@stuartmcclure)

Stuart McClure leads Cylance as its CEO and visionary for the first math based approach to threat detection, protection and response. Prior to Cylance, McClure was EVP, Global CTO and General Manager at McAfee/Intel. He is the creator and lead author of the most successful security book of all time, “Hacking Exposed.” He is widely recognized for his extensive and in-depth knowledge of security, and is one of the industry's leading authorities in information security today.

Detailed Presentation

Sophisticated Attacks vs. Advanced Persistent Security

It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.

Speaker

Araceli Gomes (@sleepdeficit); Ira Winkler (@irawinkler)

Subject Matter Expert-Intelligence and Investigations, Dell SecureWorks

Araceli Treu Gomes is Co-host of The Irari Report and serves as a Cybersecurity Strategist and Subject Matter Expert for Dell SecureWorks, counseling global organizations on preventing advanced attacks. Previously, she held technical and leadership positions, including Strategic Security Advisor for a Fortune 100 company, Engineering Director at a large defense contractor, Deputy CSO for a multinational financial services organization, and Chief Security and Privacy Officer at a major content delivery network. She designed early DDoS, extrusion prevention and network forensics tools for Internet backbone providers. She holds certifications in privacy and computer forensics, and serves on IEEE Cybersecurity SIGs and ISSA boards locally and nationally.

President, Secure Mentem

Ira Winkler, CISSP, is President of Secure Mentem and Co-host of The Irari Report. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the world, investigating crimes against them and telling them how to cost effectively protect their information and computer infrastructure. He assists organizations in developing cost effective security programs. He also won the Hall of Fame award from the ISSA, as well as several other prestigious industry awards. Most recently, CSO Magazine named him a CSO Compass Award winner as “The Awareness Crusader.” 

Detailed Presentation

The Pivot

In today’s threat landscape, the attacker is an insider. Whether a state-sponsored actor or cybercriminal, attackers typically first compromise the endpoint with a client-side exploit and then pivot. In this session, we take a deep dive into how attackers pivot through organizations, identify the telltale signs of a pivot, and most importantly, identify steps for defending against it.

Speaker

Jonathan Trull (@jonathantrull)

Jonathan Trull is currently the VP – Information Security for Optiv and previously held the CISO role for Qualys. Before joining Qualys, he was the CISO for the State of Colorado, where he oversaw the information security operations for 17 executive branch departments. He formed the state’s first Cyber Crime Task Force, charged with conducting criminal investigations into computer crimes, developing and sharing cyber-intelligence, and working with local government and private sector partners to increase cyber-resiliency. He is a Certified Information Systems Auditor, Offensive Security Certified Professional, and was recently named by the SANS Institute as one of the 2013 People Who Made a Difference in Cybersecurity. He also teaches at Regis University in the Information Assurance Program.

Detailed Presentation

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.

Speaker

Alan Paller

Alan Paller founded SANS, a college and training school that has trained more than 145,000 cybersecurity technologists in 72 countries. Paller oversees a global program that celebrates people responsible for remarkable improvement in cyber-risk reduction. He has testified before the Senate and House and was a charter member of the President’s National Infrastructure Assurance Council. In 2010, the Washington Post named Paller as one of seven people “worth knowing in cyber security.” He serves on the NASA Advisory Council, chaired the DHS 2012 Task Force on Cyber Skills and headed the FCC Task Force on Best Practices in Cybersecurity. Earlier, Paller helped build one of the first large software companies, took it public and merged it into a larger company listed on the NY Stock Exchange.

Detailed Presentation

Hacking Critical Infrastructure Like You’re Not a N00b

This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.

Speaker

Jason Larsen

Jason Larsen is a Principal Security Consultant for IOActive. Larsen is a professional hacker specializing in critical infrastructure and process control systems. Over the last several years he has been doing focused research into remote physical damage. Larsen graduated from Idaho State University where he worked doing Monte Carlo and pharmacokinetic modeling for Boron-Neutron Capture Therapy. He was one of the founding members of the Cyber-Security Department at the Idaho National Labs, which hosts the ICS-CERT and the National SCADA Tested. Larsen has audited most of the major process control and SCADA systems as well as having extensive experience doing penetration tests against live systems.

Detailed Presentation

Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil

One of the industries most plagued by cyberattacks is the oil and gas industry. Several attacks against such companies as Aramco have been executed. SAP and Oracle systems are widely used there and are responsible for business critical processes such as Digital Oilfield Operations, Hydrocarbon Supply Chain and others. How you can prevent those attacks? The presenters will give answers.

Speaker

Alexander Polyakov (@sh2kerr)

Founder of ERPScan, President of EAS-SEC.org project, and recognized as an R&D professional and Entrepreneur of the year, Alexander Polyakov’s expertise covers the security of enterprise business-critical software like ERP, CRM, SRM and industry-specific solutions from SAP and Oracle. He has received several accolades and published over 100 vulnerabilities. He has authored multiple whitepapers such as annual award winning “SAP Security in Figures” and surveys devoted to information security research in SAP. Polyakov has authored a book about Oracle Database security and has presented his research on SAP and ERP security at more than 60 conferences and trainings in 20+ countries in all continents. He has also held trainings for the CISOs of Fortune 2000 companies, and for SAP SE itself.

Detailed Presentation

Breaking Closed Systems with Code-Signing and Mitigation Techniques

Code signing is abundant in the enterprises and consumer space. This session will review the current landscape showing attacks against several open (Windows, Android, Mac) and closed (IOS, automotive operating) systems and show anomalies found by Venafi Labs focused on the theft and misuse of code signing certificates to breach organizations and propose a solution on how to address the issues.

Speaker

Gavin Hill

Director of Threat Intelligence, Venafi

With over a 15 years of experience in product development and product marketing in the cybersecurity space, Gavin Hill is particularly adept at identifying where enterprises are at risk and developing products that mitigate the risks related to evolving cyberthreats. At Venafi he is responsible for the threat intelligence, focusing on Next-Generation Trust Protection.

Detailed Presentation

…But Now I See—A Vulnerability Disclosure Maturity Model

Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.

Speaker

Katie Moussouris (@k8em0)

Katie Moussouris is the Chief Policy Officer for HackerOne, a vulnerability response and structured bounty platform. She is a noted authority on vulnerability disclosure and advises lawmakers, customers and researchers to legitimize and promote security research and help make the Internet safer for everyone. Moussouris’s earlier Microsoft work encompassed industry-leading initiatives such as Microsoft’s bounty programs and Microsoft Vulnerability Research. She is also a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vuln disclosure, vuln handling processes and secure development. Moussouris is a visiting scholar with MIT Sloan School, doing research on the vuln economy and exploit market. She is a New America Foundation Fellow.

Detailed Presentation

Linguistic Passphrase Cracking

With the constant increase of availability of processing power comes the need for longer passwords and hence the need for usage of passphrases in order to remember them. But are passphrases really safe? This session will explain how to crack passphrases up to 20 characters long, where normal password attacks most often fail, in a reasonable timespan using a normal gaming PC and a Markov process.

Speaker

Mikael Simovits (@mikaelsimovits); Peder Sparell

Mikael Simovits, Founder and CEO of Simovits Consulting, is working as a Senior IT and Information Security Consultant. Simovits originally has an M.Sc. degree in electrical engineering and is a cryptologist. He has also published a book on the subject. Simovits has been lecturing cryptology at both Chalmers University of Technology and Royal Institute of Technology / Stockholm University in Sweden. He is also a CISSP.

Peder Sparell has a master of science in computer science and engineering, and is now working as a security consultant at Simovits Consulting in Sweden. He also holds the CHFI certification and has eight years of experience in the security business with a relatively recent change of focus from facility security to cybersecurity.

Detailed Presentation

Hacking a Professional Drone

Professional drones are now actively used across various industries to perform daily critical operations. In this awareness session, Nils Rodday will perform a live hack which exploits vulnerabilities of the professional drone and effectively compromises the security of the system to take over control. His session will also discuss practical fixes and approaches for remediating these issues.

Speaker

Nils Rodday

Nils Rodday is currently employed as an IT Security Consultant. He holds MSc degrees in computer science from the University of Twente (Netherlands) and the University of Trento (Italy). The specialization track he chose within the EIT Digital double-degree master program was Security & Privacy, leading to a final degree project with the title “Exploring Security Vulnerabilities of Unmanned Aerial Vehicles.” 

Detailed Presentation

Autonomous Hacking: The New Frontiers of Attack and Defense

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC.

Speaker

Giovanni Vigna (@lastlinelabs)

CTO, Lastline

Dr. Giovanni Vigna has been researching and developing security technology for more than 20 years, working on malware analysis, web security, vulnerability assessment and intrusion detection. He is a Professor in the Department of Computer Science at UCSB and the director of the Center for CyberSecurity at UCSB. He is also the CTO at Lastline, Inc., a company that focuses of protecting enterprises from advanced malware. He is known for organizing and running an annual inter-university Capture The Flag hacking contest that involves dozens of institutions and hundreds of students around the world. He also leads the Shellphish hacking team, who participated in a number of DefCon CTFs, winning in 2005, and recently qualifying for the DARPA Cyber Grand Challenge.

Detailed Presentation

Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities

Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.

Speaker

Stephen Sims (@steph3nsims)

Security Researcher, SANS Institute

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Sims currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling and penetration testing. Sims has an M.S. in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute, having written courses on exploit development and penetration testing. He is a Co-Author of Gray Hat Hacking 4th Edition. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.

Detailed Presentation

Braking the Connected Car: The Future of Vehicle Vulnerabilities

In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.

Speaker

Akshay Anand (@iamakshayanand); Karl Brauer  (@karlbrauer)

Akshay Anand is the Senior Insights Analyst for Kelley Blue Book’s KBB.com. In this role, he develops and provides insights reflecting Kelley Blue Book’s position as the market leader for new- and used-car research. Anand regularly produces data and reports, developing and sharing powerful storylines and actionable information with executives in the automotive industry. This information also is shared for media release with coverage from top-tier publications, and Anand regularly lends his insight on automotive news and information via commentary to media.

Karl Brauer serves as the Senior Director of Automotive Industry Insights for Kelley Blue Book. In this role, he develops and provides insights to position Kelley Blue Book as the market leader for new- and used-car research. Working with many departments within Kelley Blue Book and AutoTrader Group, Kelley Blue Book’s parent company, Brauer cohesively synthesizes available data and reports, developing and sharing powerful insights with the automotive industry. In addition to this role, Brauer is a Senior Editor and regularly contributes to Forbes.com, CNBC.com and other publications. As a veteran industry analyst, Brauer has been interviewed by, or appeared on, the New York Times, CNN, CNBC, the Wall Street Journal and more.

Detailed Presentation

Securing Today’s Online Kids

Technology is an amazing enabler for kids today, but it also brings unique risks. This interactive talk will cover the top three risks facing kids online today, and what parents can do to help protect them. This talk is based on the experiences and lessons learned from numerous security professionals who are parents just like you.

Speakers

Lance Spitzner  ( @securethehuman )

"Director, SANS Securing the Human

Lance Spitzner has over 20 years of security experience in cyberthreat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Spitzner has worked and presented in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, he is a serial tweeter (@lspitzner), avid blogger and works on numerous community security projects. Before working in information security, Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois-Chicago."

Detailed Presentation: