Some wish for cyber safety, which they will not get. Others wish for cyber order, complete BitCoin Miner Virus Removal Guide (Full Instructions) they will not get. A Debate and Discussion on the NSA’s Activities “We failed to connect the dots.
There’s been lot of hyperbole and misinformation about the NSA’s collection of Americans’ phone calls, emails, address books, buddy lists, calling records, online video game chats, financial documents, browsing history, video chats, text messages, and calendar data. Currently, a debate rages involving privacy advocates, the Congressional House and Senate Committees on Judiciary and Intelligence, and the Intelligence Community about the NSA’s activities. In this talk, we’ll run through all 48 of the crypto challenges, giving Black Hat attendees early access to all of the crypto challenges. We’ll explain the importance of each of the attacks, putting them into the context of actual software flaws. Our challenges cover crypto concepts from block cipher mode selection to public key agreement algorithms. For some of the more interesting attacks, we’ll step-by-step the audience through exploit code, in several languages simultaneously.
Josh Smith, CTO, VEZT
1x has been leveraged for a long time for authentication purposes. Up until this point, little has been done to help researchers expose vulnerabilities within the systems that implement the protocol. In this talk, we’ll dissect IEEE 802. A Journey to Protect Points-of-Sale Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. In this engaging session, we demonstrate a proof-of-concept attack where a malicious app leverages screen scraping to exfiltrate data through common VDI platforms.
Report Signature Platform Peep-Toe Ankle Booties
By simulating the user’s interaction, we show how such an attack is not only feasible – but also efficient. Various approaches have been proposed to see through malware packing and obfuscation to identify code sharing. A significant limitation of these existing approaches, however, is that they are either scalable but easily defeated or that they are complex but do not scale to millions of malware samples. How, then, do we assess malware similarity and “newness” in a way that both scales to millions of samples and is resilient to the zoo of obfuscation techniques that malware authors employ?
Our algorithm was developed over the course of three years and has been evaluated both internally and by an independent test team at MIT Lincoln Laboratories: we scored the highest on these tests against four competing malware cluster recognition techniques and we believe this was because of our unique “ensemble” approach. A Survey of Remote Automotive Attack Surfaces Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. The poor management of CPE has created an Internet-scale problem and potential for abuse. For example, the plurality of open DNS resolvers accessible on the Internet are on medium-speed DSL connections, the sorts of connections leased to home and small-business users. These devices are available for abuse in reflected and amplified DDoS attacks. The vulnerable devices themselves can also be leveraged against the consumer in middleperson attacks. Abusing Microsoft Kerberos: Sorry You Guys Don’t Get It Microsoft Active Directory uses Kerberos to handle authentication requests by default.
However, if the domain is compromised, how bad can it really be? Mimikatz, will demonstrate just how thoroughly compromised Kerberos can be under real world conditions. Prepare to have all your assumptions about Kerberos challenged! Abusing Performance Optimization Weaknesses to Bypass ASLR The primary goal of ASLR is to effectively randomize a program’s memory layout so that adversaries cannot easily infer such information. In this presentation, we leverage vulnerabilities introduced by performance-oriented software design to reveal new ways in which ASLR can be bypassed. In addition to describing how vulnerabilities originate from such designs, we will present real attacks that exploit them. To optimize object tracking for such languages, their interpreters may leak address information.
Some hash table implementations directly store the address information in the table, whileothers permit inference of address information through repeated table scanning. Second, we present an analysis of the Zygote process creation model, which is an Android operating system design for speeding up application launches. The results of our examination show that Zygote weakens ASLR because all applications are created with largely identical memory layouts. To highlight the severity of this issue, we demonstrate two different ASLR bypass attacks using real applications – Google Chrome and VLC Media Player. The presentation will also coincide with the release of a free security scanning tool to help end-users scan for risk of this vulnerability on their end devices. APT attacks exhibit discernible attributes or patterns. APT attacks are generally embedded with multiple DNS names.
Andreas M. Antonopoulos
The speaker will demonstrate how to profit, steal sensitive information, and establish a persistent hold on the devices, and also how a seemingly modest attack could be used as part of a more advanced attack chain. Oh, and there will be demos. Babar-ians at the Gate: Data Protection at Massive Scale We are meant to measure and manage data with more precision than ever before using Big Data. But companies are getting Hadoopy often with little or no consideration of security. BadUSB – On Accessories that Turn Evil USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe – until now.
2013 to be held at Broad Ripple Park as part of inaugural WARMfest – WARMfest 2014WARMfest 2014
This talk introduces a new form of malware that operates from controller chips inside USB devices. USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user. We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses. We then dive into the USB stack and assess where protection from USB malware can and should be anchored.
Bitcoin Transaction Malleability Theory in Practice A mysterious vulnerability from 2011 almost made the Bitcoin network collapse. Silk Road, MTGox, and potentially many more trading websites claim to be prone to “Transaction Malleability. Breaking the Security of Physical Devices In this talk, I look at a number of household or common devices and things, including a popular model car and physical security measures such as home alarm systems. I then proceed to break the security of those devices. The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed. However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.
Software Defined Radio using GNU Radio and the well-known scapy framework. In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications. Building Safe Systems at Scale – Lessons from Six Months at Yahoo Our profession is at a crossroads. The role of security has also evolved significantly for Internet companies. Companies that began with a mission to provide engaging or entertaining experiences now serve as a conduit for populist uprisings and free expression.
That evolution comes with a cost, as the very same companies are now targets for top-tier intelligence agencies. This talk will recap the speaker’s first six months as the CISO of Yahoo. We will review the impact of the government surveillance revelations on how Yahoo designs and builds hundreds of products for across dozens of markets. The talk includes discussion of the challenges Yahoo faced in deploying several major security initiatives and useful lessons for both Internet companies and the security industry from our experience.
Unfortunately, as we had to notice, the currently provided protection is severely limited, leaving end-users vulnerable to exploits in the majority of cases. In this talk, we present an analysis of Chrome’s XSS Auditor, in which we discovered 17 flaws that enable us to bypass the Auditor’s filtering capabilities. We will demonstrate the bypasses and present a tool to automatically generated XSS attacks utilizing the bypasses. Furthermore, we will report on a practical, empirical study of the Auditor’s protection capabilities in which we ran our generated attacks against a set of several thousand DOM-based zero-day XSS vulnerabilities in the Alexa Top 10. We will conclude the talk with an outlook on potential future improvements to client-side XSS filtering, based our analysis and experiences in bypass generation. Capstone: Next Generation Disassembly Framework Disassembly framework is the fundamental component in all binary analysis, reversing, and exploit development.
We decided to step up and took the problem in our own hands to solve it once and for all. As a result, Capstone engine was born, and fixed all the outstanding issues. Special support for embedding into firmware or OS kernel. Distributed under the open source BSD license.
Can they to be trusted.
Next, we will present the architecture of Capstone and the challenges of designing and implementing it. The audience will understand the advantages of our engine and see why the future is assured, so that Capstone will keep getting better, stronger and become the ultimate disassembly engine of choice for the security community. Last but not least, we will introduce some cutting-edge binary analysis frameworks built on top of Capstone, which open the whole new potentials for a range of areas like reversing, exploitation development, and malware detection. Full source code of Capstone with new advanced features will be released at Black Hat USA 2014. Catching Malware En Masse: DNS and IP Style The Internet is constantly growing, providing a myriad of new services both legitimate and malicious.
In this talk, we will present a novel and effective multi-pronged strategy to catch malware at the DNS and IP level, as well as our unique 3D visualization engine. We will describe the detection systems we built, and share several successful war stories about hunting down malware domains and associated rogue IP space. At the DNS level, we will describe original methods for tracking botnets, both fast flux and DGA-based. We use a combination of fast, light-weight graph clustering and DNS traffic analysis techniques and threat intelligence feeds to rapidly detect botnet domain families, identify new live CnC domains and IPs, and mitigate them. At the IP level, classical reputation methods assign “maliciousness” scores to IPs, BGP prefixes, or ASNs by merely counting domains and IPs.
Our system takes an unconventional approach that combines two opposite, yet complementary views and leads to more effective predictive detections. On one hand, we abstract away from the ASN view. We build the AS graph and investigate its topology to uncover hotspots of malicious or suspicious activities and then scan our DNS database for new domains hosted on these malicious IP ranges. To confirm certain common patterns in the AS graph and isolate suspicious address space, we will demonstrate novel forensics and investigative methods based on the monitoring of BGP prefix announcements. On the other hand, we drill down to a granularity finer than the BGP prefix. For this, we zero in on re-assigned IP ranges reserved by bad customers within large prefixes to host Exploit kit domains, browlock, and other attack types.
Research paperRipple marks in intertidal Lower Bhander Sandstone (late Proterozoic), Central India: A morphological analysis
We will present various techniques we devised to efficiently discover suspicious reserved ranges and sweep en masse for candidate suspicious IPs. Our system provides actionable intelligence and preemptively detects and blocks malicious IP infrastructures prior to, or immediately after some of them are used to wage malware campaigns, therefore decisively closing the detection gap. During this presentation, we will publicly share some of the tools we built to gather this predictive intelligence. The discussion of these detection engines and “war stories” wouldn’t be complete without a visualization engine that adequately displays the use cases and offers a graph navigation and investigation tool. Therefore, in this presentation, we will present and publicly release for the first time our own 3D visualization engine, demonstrating the full process which transforms raw data into stunning 3D visuals. We will also present different techniques used to build and render large graph datasets: Force Directed algorithms accelerated on the GPU using OpenCL, 3D rendering and navigation using OpenGL ES, and GLSL Shaders. Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol Since the introduction of the smart phone, the issue of control has entered a new paradigm.
We’ve reverse engineered embedded baseband and application space code. We’ve torn apart the Over-the-Air communications and implemented our own code to speak the relevant protocols. Layer by layer, we’ve deconstructed these hidden controls to learn how they work. While performing this work we’ve unearthed subtle flaws in how the communication is handled and implemented. Including but not limited to Android, iOS, Blackberry, and Embedded M2M devices. You will come away from this talk armed with detailed insight into these hidden control mechanisms. We will also release open source tools to help assess and protect from the new threats this hidden attack surface presents.
Exchange Zcash (ZEC) to Perfect Money USD
This botnet doesn’t get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else’s systems with someone else’s dime footing the electric bill. Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers.
Computrace Backdoor Revisited This presentation includes a live demonstration of security flaws in modern anti-theft technologies that reside in firmware and PC BIOS of most popular laptops and some desktop computers. While physical security and a lack of proper code validation have already been shown in prior research presented at Black Hat 2009 by Anibal Sacco and Alfredo Ortega from Core Labs, in our research we demonstrate network security flaws. Our demo will show how to own remote hosts running Absolute Computrace. And there is a cool extra surprise for those who have already heard about Computrace network issues. Contemporary Automatic Program Analysis The ability to automatically discover security vulnerabilities has been coveted since Martin Bishop’s team found the black box in the 1992 film “Sneakers. Creating a Spider Goat: Using Transactional Memory Support for Security Often a solution from one area helps solve problems in a completely different field.
We will show how TSX capabilities can be used for security. The abort context can be attributed to the address of the unauthorized memory write and to the instruction that caused it. Detecting memory changes with TSX but without the rollback capability. We will show a demo of TSX detecting malicious RAM modifications. We will also discuss potential problems – for example, a DoS attack on TSX to exhaust the Level 1 cache. Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8. Kernel pool allocator plays a significant role in security of whole kernel.
Since Windows 7, Microsoft started to enhance the security of the Windows kernel pool allocator. Then Microsoft eliminated “0xBAD0B0B0” technique in Windows 8. 1, and there is no easy technique to exploit Pool Overflows on Windows 8. This talk presents a new technique of exploiting pool overflows, with very interesting effect: elevating privileges without executing any kernel shellcode or using ROP. We will provide code that presents different behaviors when running on native hosts vs. The detection is based on specially crafted X86 instruction sequences that expose the fundamental limitation of binary instrument and translation.