Speakers

Wifi is cool and so is cellular, but the real fun stuff happens below the GHz line.  Medical systems, mfg plant/industrial systems, cell phones, power systems, it's all in there!  atlas and some friends set out to turn pink girltech toys into power-systems-attack tools.  Through several turns and changes, the cc1111usb project was born, specifically to make attacking these systems easier for all of you.  With a $50 usb dongle, the world of ISM sub-GHz is literally at your fingertips.

atlas is a doer of stuff.  Inspired by the illustrious sk0d0, egged on by invisigoth of kenshoto, atlas has done a lot of said 'stuff' and lived to talk about it.  Whether he's breaking out of virtual machines, breaking into banks,or breaking into power systems, atlas is always entertaining, educational and fun.

0wn the Con - The Shmoo Group

37mm Aerial Surveillance: Romance between a Camera and a Flare Launcher - Joshua Marpet and Vlad Gostom

Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, and a force multiplier for actual combat units. A combat-deployable camera system is being developed or used by nearly every military-industrial manufacturer and government agency, ranging from Throwable Camera Balls to Grenade-style launched cameras. But they’re expensive and inaccessible to civilians. Would it be possible to build a combat-deployable camera system that would fulfill the mandates of a tactical combat team, feed information to a strategic command center, and force-multiply “on the cheap”?

Security is a complex system, with many disciplines and specialized knowledge. Luckily, there’s Josh, who’s done everything. Ex-cop, blacksmith, pen testing, video surveillance, sales engineering, and well, everything. And now, technological ordnance developer!

Vlad has over 7 years of experience conducting security consulting and penetration testing in the corporate world. He has worked on such diverse projects as the future warrior combat system, wireless triangulation systems, adaptive IDS/IPS systems, network security/penetration testing for Fortune 50 companies, and physical security assessments for banks.
 

A Blackhat’s Tool Chest: How We Tear Into That Little Green Man – Mathew Rowley

Mobile applications are a part of every person’s, and every organization’s life. The potential for internal compromise is extremely high in relation to mobile applications due the common architecture that relies on a backend server. It is difficult to understand how easy it is to reverse engineer and modify mobile application unless you do it on a daily basis. In turn, it is difficult to realize what vulnerabilities exist within mobile applications, the backend servers accompanying those applications, and what compromises can take place. This talk focuses on helping security experts and mobile developers understand how attackers reverse engineer mobile applications, what an attacker has access to, and how easy it is to circumvent local security implementations. Attendees will be shown real world applications, how the applications security was circumvented, and what consequences occurred. This talk will give insight to security professionals and developers how a malicious user will reverse engineer their applications and how to prevent those attacks. Finally, a new tool to simplify reverse engineering of Android applications will be made available to those who attend the talk and open sourced.

Mathew is currently a senior consultant at Matasano. He has been in the security world for the past 6 years and enjoys breaking things simply by looking at them. In his spare time he likes to troll his friends - they do not know what the term 'troll' means.

A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams – Steve Werby

Your organization has invested in a variety of tools to manage its information technology and the security of its systems. But it’s a nightmare to synthesize this information so non-technical decision makers can make informed decisions and so information security and IT management can manage security effectively. We developed and implemented a web-based tool which has been integrated with numerous data sources to address this business need across our large, decentralized organization with a heterogeneous IT environment. Now non-technical staff who previously knew little about their technology can easily view information about their assets and how they’re being managed and information security staff have access to the information they need in a centralized tool. The tool will be demonstrated and the technology, implementation, management and usage of the system will be covered in order to share successes and lessons learned.

Steve is Chief Information Security Officer at the University of Texas at San Antonio (UTSA), where he leads the university's 10-person Office of Information Security. Prior to his first CISO role in 2006, he operated an information security consultancy with an international client base largely consisting of ISPs, web hosting firms and ecommerce businesses. He has an engineering degree, an MBA and numerous certs, but is prouder of the fact he hasn't signed his name the same way twice since 2009.
 

A New Model for Enterprise Defense – Toby Kohlenberg

We have a problem; attackers are getting better and better, users are getting more demanding and stupid and the computing models are getting more complex and obfuscated. With that in mind a small group of us got together and started imagining what it would look like if we redesigned our IT security architecture from scratch. Then we figured out how we could get from where we were to that idyllic future state. We have persuaded Intel's management that this is a good idea and have begun implementing the steps necessary to get to the new architecture. We've also started talking to vendors and encouraging them to create the solutions we are going to need. This talk will be about the general approach, but specifically about the challenges we are running into and the areas we are seeing significant activity around.

Toby is a senior information security technologist for Intel Corporation. He has worked on a large number of different technologies in the information security space. His primary job is new technology evaluation, penetration, and defense. He has the distinction of having had more shmooballs thrown at him than any other non-speaker.

All Your Codes Belong To Me! - Keith Howell 

Alarm panels were designed before the prevalence of wireless technology and communicate with a proprietary protocol over a two-wire bus. The bus was designed for use between alarm panels, keypads and zone expanders. However this has now been extended to communicate with wireless sensors. This presentation will reveal a method to capture the data on the bus and then later use the captured information to disarm an armed panel and open a secured area. 

Trained as an Electronics Engineer by the British Army, Keith became interested in computers and began his learning path with a TRS-80 and has owned most Intel based processors since then. After joining UUNET Technologies in 1995, he started to get interested in the security of networks and computers and in 1998 joined the UUNET InfoSec team. Following the 'dot-bomb' period in 2001, Keith returned to his electronics background and began doing physical security including Access Control, Alarm Systems and Locksmithing. Keith is a CISSP as well as an ALOA CRL (Certified Registered Locksmith).

And That's How I Didn't Lose an Eye: Emergency Data Destruction – “Skunkworks”

My presentation will showcase my success with The Shmoo Group's data destruction challenge from their DEFCON 19 talk "And That's How I Lost an Eye". I'll discuss my prototypical 3U-sized box of hard drive obliteration, capable of rendering multiple hard drives as forensically useful as a wet noodle within seconds minus the collateral damage. My presentation will delve into the intricacies of generating and containing high temperature plasma, and how I put it together into one crazy prototype.

I will discuss the unfortunate practical limitations of my initial plasma generating device, such as power consumption and required electrode laying in an ISO-5 cleanroom; and why several microwave ovens were sacrificed in the name of science to subject several hard drive platters to temperatures hotter than the surface of the sun. I'll then take a look at why, when properly used, thermite isn't actually such an awful idea; and the real-world challenges with making 4,500F slag play nicely with your datacenter through special insulation techniques and exotic endothermic tricks. I will explain my (as of late November unfinished, but highly promising) work with making a compact, fully insulated, cheap, and safe multi-stage thermite-based hard drive incinerator.

"Skunkworks" is an Undergraduate in Electrical Engineering and DC-Area Native who enjoys referring to himself in the third person for biographical purposes. He enjoys long walks on the beach, hardware hacking, parallel programming, exothermic chemical reactions, phreaking, locksport, writing 61 word autobiographies, and reverse engineering. He is a DEFCON 19 Speaker and enjoys melting hard drives just a bit too much.

Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility - Joe Sylve

This talk will present the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices. We will discuss some of the challenges in performing Android memory acquisition, discuss our new kernel module for dumping memory, and specifically addresses the difficulties in developing device-independent acquisition tools. We will also present analyses of kernel structures using newly developed Volatility functionality.

Our acquisition tool, currently named DMD, supports dumping memory to either the SD card on the phone or to the local network. Not only will we release our tool at ShmooCon, but we will also allow attendees to rename it. 

This presentation will illustrate the potential that deep memory analysis offers to digital forensics investigators, hackers, and anyone else who's just wondering what their phone has been thinking about all day.

Joe Sylve is a Senior Security Researcher at Digital Forensics Solutions, where he conducts forensic investigations and penetration tests, engineers new applications to support security and forensics functions, performs training on incident response handling and digital forensics, and conducts research on cutting edge techniques in computer security.

Attacking Proximity Card Access Systems - Brad Antoniewicz 

From the card to the backend database, proximity card access systems contain a variety of components, all which are vulnerable to attack but have been rarely targeted. This demo-driven presentation explores and attacks each of the various components (RFID tags, controllers, and backend systems) of a popular deployment configuration.  

Brad Antoniewicz works in Foundstone's security research division to uncover flaws in popular technologies. He is a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless series of books and has authored various internal/external Foundstone tools, whitepapers, and methodologies.

AVM Inception: How We Can Use AVM Instrumenting in a Beneficial Way - Jeong Wook Oh

Binary instrumentation was traditionally an area for native code examination. But it is also possible to apply the same technique to bytecode that uses a virtual machine. We are surrounded by many types of virtual machines these days. One of them is AVM - and the truth is that AVM has been one of the largest targets for exploitation over the last few years. It has been prone to multiple vulnerabilities including CVE-2011-0611 and CVE-2011-0609. Because the issue covers both the bytecode and native world, the actual analysis of the vulnerability can take a long time compared to more traditional vulnerabilities. 

We developed bytecode instrumentation (in this case AVM bytecode instrumentation) to solve this challenging problem. What the analysts see from the crash dumps or debug traces are the dynamically generated code. Even though it’s not impossible to debug the problem tracing this dynamically generated JIT code, it would be much quicker if we knew what was really happening at the bytecode level.

Building Measurement and Signature Intelligence (MASINT) Capabilities on a Hacker’s Budget: Tracking and Fingerprinting RF Devices for Fun and Profit – Brad Bowers

Measurement and Signature Intelligence (MASINT) has long been a tool used by three letter agencies and the military to uniquely identify and track the electromagnetic energy given off by electronics. This same technique that is used to track war ships by their unique RF signatures, radios and other electronic equipment can be distilled down to a low cost hacker friendly MASINT setup capable of tracking people, electronics and other electrical equipment.

In this presentation we’ll discuss how to use low cost spectrum analysis equipment and homemade radio direction finding (RDF) antennas to create a hackers MASINT set and uniquely identify various types of RF signatures.

Brad Bowers is Security Operations Manager for a large financial institution with over 10 years of experience in security engineering, system forensics and incident response. Brad is a frequent writer and presenter on topics of emerging threats and threat intelligence. For the last two years Brad has been working on projects focusing on hardware and RF security.

Credit Card Fraud: The Contactless Generation – Chris Paget

Over the last few years, the payment card industry has been (somewhat stealthily) rolling out contactless payment cards - RFID-chipped credit cards that don't need a swipe through a magstripe reader to be processed.  You may well have one of these cards and not know it; I'll start by telling you how to spot them.  The industry would like you to believe that these cards (and related technologies like NFC) are secure, with protections like rolling CVVs and strong crypto keeping you safe.  The reality of the system is rather different; in this talk I will argue that credit card security has actually _decreased_ from these technologies, and I'll demonstrate contactless credit card fraud live on-stage using unmodified, off-the-shelf equipment.  I'll also describe some recent testing we performed which demonstrates the lack of effectiveness of common RFID shielding technologies (again explaining both their capabilities and limitations), as well as presenting a number of possible solutions to the problem including our own active shielding technology which we believe offers far more effective protection.

Chris Paget is the Chief Hacker for Recursion Ventures, a security consulting and product development company with a particular focus on hardware.  She is a regular presenter at ShmooCon, Defcon, and the Black Hat Briefings, covering topics such as interception of cellphone calls and the world record for reading passive RFID tags at a distance.  At Recursion, she leads a team of hardware- and software-hacking experts to break everyday systems and then design solutions to fix them, encompassing everything from set-top-boxes and alarm panels through to industrial control systems and oil and gas pipelines.



Corrupting the Youth - Jordan Wiens

For the last six months, psifertex has been teaching a "creative-problem solving" class to fifth and sixth-graders at an after-school program. If you're thinking that's a stealthy pseudonym for a hacking indoctrination course, you'd be right. Based on that experience, this talk serves to encourage, enable, and warn those who might follow.

First, the encouragement -- as so much of the security community members now have families and children, the desire to focus on the literal next generation of hackers has been increasing (see, Defcon Social E for kids, kidscon). While these are excellent efforts, we've so far been mostly focusing on our own. The next step is to look outside our own walls to the "mundanes" around us. 

Second, with this talk I'm releasing a set of lesson plans and materials developed for my version of the course under a creative commons license to smooth the way for others wanting to build their own versions.

Finally, the warning -- while the experience has been incredibly rewarding, it's not been without problems. Covering the many lessons learned will hopefully prevent those that follow from making some of the same mistakes.

Jordan Wiens (psifertex) is a hacker, a teacher, a capture-the-flag champion (though more frequently a loser), a presenter, a husband, a father, a nerf-afficionado, and he occasionally pretends to do real work.



Cyber Fast Track - Mudge Zatko

Cyber Fast Track is a DARPA program that was originally announced at last year's ShmooCon. It took over 9 months of effort to work through government contracting, legal requirements, and DoD management to allow the program to go live in August of 2011. Just two months into the program it has already received 22 proposals, funded 8 projects, and shown an unprecedented turn around time from receipt of proposals to having performers on contract and working their research projects in an average of 7 days! This talk will look at the challenges, motivation, and ingenuity of the people behind the Cyber Fast Track effort and of those making use of it to fund their research efforts.

Peiter "Mudge" Zatko - At last year's ShmooCon keynote, Mudge announced the DARPA Cyber Fast Track effort that was being designed to fund innovative research performed at hackerspaces and boutique security companies. This talk chronicles the creation of the program, some of the current projects that have received funding, and what the future holds. Mudge is the person many remember as the leader of the L0pht, an early pioneer of buffer overflows, author of l0phtcrack, and an advocate of full disclosure and security advisories. He still believes hackers are a key force in cutting edge research and ingenuity.

Defending the King of Denmark with a BLADE - JP Dunning

In the world of wireless security, Bluetooth is a technology not to be ignored. Since its introduction to the world over a decade ago, it has become a popular means of connecting many of our gadgets together. Its popularity has not been overlooked by hackers. Plenty of attacks exist today against elements of Bluetooth technology. And more threats are being discovered all the time with devices like the Ubertooth. How can you tell if your device is being targeted?

Well, while Danish King, Harald "Bluetooth" Gormsson, has been dead for over 1,000 years, this talk will attempt to do battle for his namesake technology with the release of the BLuetooth Attack Detection Engine (BLADE). Come find out about existing threats to your Bluetooth enabled devices. Learn how to detect if you’re being targeted by malicious Bluetooth activity and how to fight back.

JP Dunning is a security consultant. His research interests include wireless and portable security. He is the primary developer on Katana: Portable Multi-Boot Security Suite. He maintains www.hackfromacave.com for publishing projects and research.

Destroying Evidence Before Its "Evidence" - Hanni Fakhoury

Covering your tracks out of fear of getting caught with your hands in the digital cookie jar can sometimes get you in more trouble than whatever crime the feds think you may have committed in the first place. This presentation identifies three specific scenarios where the act of trying to cover your digital footprints -­‐ oftentimes in innocuous and legal ways -­‐ can get you into trouble: the nebulous crime of “anticipatory obstruction of justice,” which can cover something as mundane as deleting an email before you’re even suspected of committing (let alone charged with) a crime; the ever-­‐expanding Computer Fraud and Abuse Act, which has been stretched to cover things that are neither fraudulent or abusive; and the potential problems with encryption. We’ll conclude with some ways you can protect yourself that can help minimize claims that you obstructed justice.

Hanni M. Fakhoury is a Staff Attorney with the Electronic Frontier Foundation, focusing on the intersection of technology and criminal law within the Coders Rights Project. Hanni previously worked as a federal public defender in San Diego for years, where he served as a copy editor for the 2010 edition of Defending a Federal Criminal Case. Hanni graduated from the University of California, Berkeley, and Pacific McGeorge School of Law, where he was elected to the Order of Barristers for his excellence in written and oral advocacy. Hanni is a member of the National Association of Criminal Defense Lawyers.



Encryption, Passwords and Data Security: the Latest on the Law and Best Practices - Marcia Hofmann and Jerome Radcliffe

Encryption is a critical tool for ensuring the security of personal and proprietary data alike. The courts have recognized some legal protections for encrypted data and encryption passphrases, the state of which are fast-breaking and continue to evolve. This talk will explain the current state of the law on encryption, with an emphasis on government attempts to compel disclosure of encryption passwords and decrypted versions of data. We’ll also discuss ways that individuals and companies alike can improve data security through measures such as improved password strength and two- factor authentication.

Marcia Hofmann is a senior staff attorney at the Electronic Frontier Foundation, where she works on a broad range of digital civil liberties issues including computer security, electronic privacy, and free expression. She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes innovation and protects the rights of curious tinkerers and researchers in their cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff counsel and director of the Open Government Project at the Electronic Privacy Information Center (EPIC). She is a graduate of the University of Dayton School of Law and Mount Holyoke College.

Jerome has been working in the computer security field for over twelve years and is currently a Senior Threat Intelligence Analyst for a major computer security organization. He holds a Masters degree in Information Security Engineering form SANS Technology Institute as well as a bachelor's degree in Criminal Justice/Pre-Law from Wayne State University.

Inside Apple's MDM Black Box – David Schuetz

Mobile Device Management (MDM) has become a hot topic as organizations are pressured to bring iStuff into their organization, especially as BYOD (Bring Your Own Device) gains steam. Mobile devices are invading every level of corporate society, making the need to remotely manage and control them increasingly urgent. Apple has provided some enterprise management features, first via over-the-air configuration profiles, and beginning in 2010, full MDM support. Unfortunately, the exact features availble through MDM are tightly controlled by Apple, as is the protocol itself.

This talk dissects how Apple MDM works. Starting with basic iOS configuration principles, the talk explores mobile config profiles generated by the iPhone Configuration Utility, over-the-air profile delivery, and eventually describes the key features and mechanisms behind MDM. Finally, we explore how to implement your own MDM server, which allows you to manage iOS devices using official device management APIs. You can wipe your device, and perform many other actions, using these custom MDM services. Finally, some bugs and vulnerabilities, as well as one interesting attack, are discussed.

Originally presented at Black Hat, this talk has been updated to include changes from iOS 5.x and other more recent discoveries. 

David is a Senior Consultant with Intrepidus Group, where he's spouted off about RSA, supported large-scale iPad deployments, and found obscure bugs in Apple's MDM system. He's been fortunate enough to present at ShmooCon and at Black Hat, and recently co-authored an iOS programming security class for SANS.

When not doing real work, David stays busy with crypto puzzles, ticket sales systems, and keeping Netflix working on the family-room TV. Prior to Intrepidus, he spent some years performing compliance-based testing. Despite this, people actually interact with him on Twitter (@schuetzdj) and sometimes leave nice comments on his blog (www.darthnull.org).

Inside the OODA Loop - Towards an Aggressive Defense - Sandy Clark, Matt Blaze, David Nelson-Fisher and Matthew Elmore

The defenders are losing the cyber security arms race. Why, because *We're doing it Wrong!* All of our defensive strategies are outdated and based on wrong assumptions about attackers' capabilities and the software environment.  - So, let's figure out how to do it right.  Come participate in a unique session.  Part panel discussion, part open-floor brainstorming round-table, this session is intended to crowd-source ShmooCon attendees creativity, intelligence, skill set, experience and gift for non-linear thinking. 

To get things started, the panel will present ideas from Military strategy, Military history, Ecology and Evolutionary Biology that we think might be applied to cyber security, and then we'll open the floor to all present to brainstorm ways to break the "Patch it and Pray" cycle.  

Don't be a spectator, don't be a passive. We have our ideas, so bring yours and bounce them off of everybody else's. Who knows what will evolve.

Sandy Clark (Mouse) has been taking things apart since the age of two, and still hasn't learned to put them back together.  An active member of the Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for NASA and singing at Carnegie Hall. She is slowly fulfilling a childhood dream, pursuing a Ph.D. in Computer Systems and Security at the University of Pennsylvania. Her research explores the vulnerability lifecycle, human scale security and the unexpected ways that systems interact. A founding member of Toool-USA, she 's a puzzle fanatic, clockwork toys, Mao (the card game), and anything that involves night vision goggles.

Matt Blaze is an associate professor of computer and information sciences and director of the Trusted Network Eavesdropping and Countermeasures project at the University of Pennsylvania. His research interests include secure systems, cryptology and cryptographic protocols, Radios, locks and large-scale systems.

David Nelson-Fischer loves exploring information and communications systems, inspired by his grandfather who made him crack cyphers to get presents. He spent an unusual childhood not in school but instead spending time exploring NirvanaNet and TOTSE whilst enthralled with the beauty of the baud. Several times, he found himself in a different environment, filled with sand, sun, and human networks to disrupt. He loves fencing and the chaos of conflict.

 

Intro to Near Field Communication (NFC) Mobile Security – Corey Benninger and Max Sobell

Updated with Google Wallet and Android 4.0!

As Near Field Communications (NFC) is integrated into our daily lives more and more (credit/debit cards and mobile payments, transit systems, ticketing systems), application developers should understand the risks of implementing NFC in mobile applications. This talk covers several current and proposed NFC implementations with case studies including attacks and mitigations, as well as the hardware basics behind NFC to better help developers and security testers understand the inherent strengths and limitations of NFC. The presentation will cover the ISO 14443 A and B standards, waveform modulation, and propagation across the RF channel. Demo attacks against NFC applications, including misdirecting FourSquare check-ins and malware which can intercept NFC intents to launch rogue applications, will be shown. We will show the data popular NFC enabled applications store including how it could be used to track when and where a device had been used. The presentation includes an in depth look at the NFC Data Exchange Format (NDEF) which is found across devices. Understanding and fuzzing this format can lead to parsers failing and crashing on malformed input as will be demonstrated against Android's Tags application.

Max and Corey began looking at NFC when it was just a speck on the horizon. That is to say, after NFC deployments were widespread in Europe, and when we still thought of “National Football Conference” in the US of A. Now they examine transit systems, NFC functionality on mobile devices, and the RF protocol behind the magic that is NFC. They find NFC payment systems particularly interesting and plan to commit some sort of wireless credit card-based fraud in the near future if they can agree on something really good to buy.

Java backdoors and Cross Framework Abuse - Nicholas (aricon) Berthaume

This presentation consists of two parts; first of which will be explaining backdooring of Java archive formats and secondly on how Java to .NET enumeration and injection takes place.  With these methods archives can be backdoored while retaining their original functionality and in-memory code injection can be used to migrate out of these processes without dropping of payloads to the operating system's disk.  Using these methods java applications hosted on servers can be used to elevate privilege once a client allows them to run.

aricon is a part-time security researcher living in the Washington DC area.  He currently works for a government agency preforming operational security.  Past research includes HTML5 vulnerability abuse, trusted command abuse and post exploitation automation.

Lessons of the Kobayashi Maru: Cheating is Fundamental - James Caroland and Greg Conti

Every day security professionals face off against adversaries who do not play by the rules. However, at every turn in life we are taught to never... ever... cheat. Traditional information security education and training programs further compound the problem by forcing students to behave in a flawlessly ethical manner else face expulsion and castigation. In our work we have been teaching people to cheat. As the Kobayashi Maru taught us, it is only by stepping outside the rules of the game that we can truly succeed against no-win scenarios, and today much of information security is a no-win scenario. This talk will cover how to foster creativity and cultivate an adversary mindset through carefully structured classroom cheating exercises. We’ll cover dozens of techniques and show you the best of our students’ work from writing answers on ceiling tiles to engraving answers on a watch to creating a false book cover for Little Brother X. We’ll also cover the underlying security principles, lessons, and countermeasures that we learned in the process. You’ll leave the talk with a better appreciation for the importance of “cheating.”

James Caroland is a Navy Information Warfare Officer, member of the US Cyber Command, and an adjunct Associate Professor in University of Maryland University College’s Cybersecurity Program.


Greg Conti is Director of West Point's Cyber Security Research Center. He is the author of Security Data Visualization (No Starch Press) and Googling Security (Addison- Wesley) as well as over 40 articles and papers covering online privacy, usable security, security data visualization, and cyber warfare. His work can be found at www.gregconti.com.

Looking into the Eye of the Meter – Don C. Weber

When you look at a Smart Meter, it practically winks at you.  Their IR port calls to you.  It calls to criminals as well.  But how do criminals interact with it?  We will show you how they look into the eye of the meter.  More specifically, this presentation will show how criminals gather information from meters to do their dirty work.  From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired.  Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye.

Jack of All Trades and hardware attack dog for the InGuardians founders. I specialize in physical and information technology penetration testing, web assessments, wireless assessments, architecture review, incident response/digital forensics, product research, hardware research, code review, security tool development, and the list goes on. I am currently focusing on hardware research specifically in the technologies surrounding products comprising the SMART GRID with a focus on implementing Zigbee protocol API's and microprocessor disassembers/emulators for research, testing, risk assessment, and anything else you can think of with these technologies.

Malware as Art: Building and Animating Malware Network Graphs - Chris Larsen, Tim van der Horst and Jon Dinerstein

Blue Coat's daily traffic logs show the results of 75 million end users inadvertently surfing for malware on the Web. Much of that malware comes from large, well organized Malware Delivery Networks ("malnets"). These malnets can be mapped and then tracked, greatly improving the detection rates for new malware. The process of mapping and tracking has involved the creation of several custom tools. One of these tools takes a list of malicious sites and referrers as input, and produces both static and animated network graphs of the sites and their relationships. We will discuss how the data is collected, but mostly focus on the challenges of building software that can smoothly animate the life of a malnet.

Tim, Jon, and Chris are engineer/researchers on Blue Coat's malware research team, where they look for malware on the Web and then build tools to do the looking for them. They spent a good part of the last year playing around with ways to represent malware delivery networks ("malnets") visually, first in static network graphs and then in animated time-lapse videos. They thought the results were cool enough to share.

Malware Visualization in 3D – Danny Quist

Malware reverse engineering is greatly helped by visualization techniques. In this talk I will show you my 3D visualization enhancements to VERA for creating compelling, and useful displays of malware. This new tool provides a new method to visualize running code, show concurrent running threads of execution, visualize the temporal relationships of the code, and illustrate complicated packer original entry point detection. Real! Live! Reverse Engineering! of the past year of malware will show the utility of the program on in-the-wild samples. 

Danny Quist is a research scientist at Los Alamos National Laboratory and the founder of Offensive Computing, LLC. His research is in automated analysis methods for malware with software and hardware assisted techniques. He consults with both private and public sectors on system and network security. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems. Danny holds a Ph.D. from the New Mexico Institute of Mining and Technology. He is the master of the Five Point Exploding Packer Technique. Danny has presented at several industry conferences including Blackhat, RSA, ShmooCon, Vizsec, and Defcon.

New Cool Crypto – Ben Agre

Benjamin Agre is a full time college student who plays around with cryptography to do randomness.  He enjoys shiggilling around and trying to simultaneously save and destroy the world.

Ask your incident response team how often they see stand-alone meterpreter binaries. Now ask your tiger team how often they complete a project without using an exploit framework. See the disconnect? Remember when penetration tests were supposed to model what the black hats were actually doing? We're going to combat this trend head-on, put the forensic lens on a typical internal pentest, re-engineer penetration testing for stealth mode, and show where CVSS misses the mark as a measure of what to fix. 

Tim Maletic is a consultant within the Penetration Testing team at Trustwave's SpiderLabs. Tim has been working in Information Technology since the birth of the web, and has focused full-time on information security since 2001.

Having served as a US Army Signal Corps Warrant Officer, Chris Pogue worked on digital forensic investigations and as Cyber Security Instructor. In his role with SpiderLabs, Pogue performs investigations all over the United States, Central and South America, and the Caribbean Islands.

Raising The White Flag – Curt Shaffer and Chris Cuevas

Application White Listing is being sold as the needed silver bullet to stop malware and "APT" style infections. While the presenters understand that something better than Anti-Virus is needed, we do not believe that there is or ever will be a silver bullet. The talk includes all of the details of our findings. 

The results are in and we have found that Application White listing is nothing more than a small road block much like current Anti-Virus. We found that there are some very easy ways to get around this type of software due to lack of features, lack of understanding the current threat landscape and in some cases vulnerabilities in the software that allow complete bypass. We will take the audience through our testing methodology and findings. We tested Bit9 Parity, Microsoft AppLocker and McAfee Application control on both Windows XP and Windows 7. We will end the talk by releasing a Metasploit module that will give you the techniques we found successful so you can utilize these in your penetration testing. We will also leave everyone with some band aid fixes that you can implement until the vendors catch up and plug these holes.

Chris Cuevas is a senior security analyst with Secure Ideas, LLC. He has been involved in information security since 2004. Chris his experience at the University of FL included programming, system administration, and Security Manager for Florida Center for Library Automation. Chris holds many certifications including GCIH, GWAPT, and more.

Curt Shaffer is a Security Architect for Foreground Security. He has been in IT for over 13 years. He has helped startup two wireless ISPs and served as systems engineer from SMBs to international Federal Agencies. He holds many certifications such as CISSP, GPEN, and more.

The Rise and Fall and Rise and Fall of the Hacker News Network - Space Rogue

This talk will detail the formation, rise to prominence and eventual closure of the Hacker News Network, not once but twice. Starting with its formation at L0pht Heavy Industries, its purchase by @Stake and subsequent resurrection as a video webcast.

Space Rogue is widely sought after for his unique views and perceptions of the security industry. He has testified before the Senate Committee on Governmental Affairs and has been quoted in numerous media outlets. He has also appeared on several major network news programs including CNN, ABC, PBS and others.

An early member of the security research think tank known as L0pht Heavy Industries he helped co-­‐found the Internet security consultancy @Stake. While at L0pht Heavy Industries Space Rogue created the widely popular Hacker News Network, which quickly became a major resource on the Internet for daily information security news.

Sacrificial Computing for Land and Sky - Brendan O'Connor

Projects such as the incredible Wireless Aerial Surveillance Platform give you the ability to monitor or attack networks far from accessible areas, but are limited by their deployment characteristics: $6000+ buys you just 10-30 minutes on target, and you have simultaneously to do your work and defend the physical plane from Bad Men With Projectile Weapons, lest they take exception to your plans. Disposable computing designed for just one use can provide massive reductions in cost and time to deployment without sacrificing flexibility; we show how $50-$75 can give you upwards of 24 hours to work on a task, while using only off-the-shelf hardware, and leaving no data onsite for an adversary to analyze after the operation. These computers can then be planted manually, or even dropped from unspecialized UAVs (such as the Parrot Drone) to allow your expensive plane to return to safety while you do your work.

Brendan is a geek of many trades: violin, ham radio, civil rights, and privacy. After growing up in Montana and finishing two degrees at Johns Hopkins in Baltimore, MD, he did DARPA research for a time in Arlington, VA, before leaving to found his own consultancy, Malice Afterthought. More recently, after spending six months teaching information warfare for the DoD in 2011, he decided to attend law school at the University of Wisconsin in Madison; he is currently a first-year student. He lives and works with his two cats, Lysistrata and Deus Ex Machina. 

Soft Markers in Attack Attribution – Char Sample

The inability to accurately attribute attacks hinders network defenders in their attempts to respond to them. This discussion examines the role of soft markers, also known as cultural markers, in the context of problem solving and attempts to determine the relationship between these markers and network attacks. 

Char Sample is presently a doctoral candidate at Capitol College. Her dissertation topic deals with the use of soft markers in attack attribution. Ms. Sample has close to 20 years experience in Internet Security, she has been involved with integrating various security technologies and is currently employed by CMU/CERT where she is a member of the Network Situational Awareness team.

SNSCat: What You Don't Know About Sometimes Hurts the Most – Dan G, Solomon S, and Scott G

A vulnerability exists through Social Networking Sites that allows the exfiltration and infiltration of data and C2 messages on secured networks. SNSCat provides a simple to use post-penetration data exfiltration/infiltration and C2 platform using images and documents on social media sites (Facebook, Google Apps, twitter, imgur, etc). The first part of our presentation will focus on case studies the risk assumed through allowing social media sites on business networks both by malicious insiders and outsiders. After coverage of preliminary terms and concepts, we will introduce our tool and show how one can easily move files in and out of a network using social media sites. Finally, we will introduce how one can plug in their own home-brewed steganography and cryptology modules as well as how one can build connectors for additional sites into our framework. In short, this presentation will show you how to bypass network security devices via social networking sites and mask data infiltration/exfiltration and mask data infiltration/exfiltration and C2 from any network with access to social networking sites.

Dan, Solomon & Scott are digital security enthusiasts skilled in the art of steganography, cryptography and covert channels. All three have spent time preventing, detecting and responding to threats on large enterprise networks and are firm believers that sometimes code speaks much louder than words when dealing with management.

The Science of Insecurity – Meredith Patterson and Sergey Bratus

In memory of Len Sassaman.

Why is the overwhelming majority of networked software still not secure, despite all effort to the contrary? Why is it almost certain to get exploited so long as attackers can craft its inputs?  Why is it the case that no amount of effort seems enough to fix software that must speak certain protocols?

The answer to these questions is that for many protocols and services currently in use on the Internet, the problem of recognizing and validating their "good", expected inputs from bad ones is either not well-posed or is undecidable (i.e., no algorithm can exist to solve it in the general case), which means that their implementations cannot even be comprehensively tested, let alone automatically checked for weaknesses or correctness. The designers' desire for more functionality has made these protocols effectively unsecurable.

In this talk we'll draw a direct connection between this ubiquitous insecurity and basic computer science concepts of Turing completeness and theory of languages. We will show how well-meant protocol designs are doomed to their implementations becoming clusters of 0day, and will show where to look for these 0day. We will also discuss simple principles of how to avoid designing such protocols.

Meredith L. Patterson is a software engineer at Red Lambda. She developed the first language-theoretic defense against SQL injection in 2005 as a PhD student at the University of Iowa, and has continued expanding the technique ever since. She lives in Brussels, Belgium.

Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing.

Training Security Nerds, Faster, Better, Stronger - Xeno Kovah

We need more, and better educated, security people. While many people consider being self-taught to be a badge of pride, too often it is instead a failure of education. Self-instruction should only begin when a student has already been given the necessary baseline knowledge, and is ready to venture into uncharted territory. Therefore, we need better ways to get more people bootstrapped for exploration faster. This talk will describe a new-but-familiar approach to solving this problem, through the application of both altruism and self-interest to provide greater availability of structured multi-day training.

Xeno Kovah is older than he's ever been, and now he's even older.

TTL of a Penetration – Branson Matheson

In the world of information security, it's not a matter of how anymore.. it's a matter of when. With the advent of penetration tools such as Metaspolit, AutoPwn, etc.; and day-to-day use of in-secure operating systems, applications and websites; reactive systems have become more important than proactive systems. Discovery of penetration by out-of-band processes and being able to determine the when and how to then mitigate the particular attack has become a stronger requirement than active defense. I will discuss the basic precepts of this idea and expand with various types of tools that help resolve the issue. Attendees should be able to walk away from this discussion and apply the knowledge immediately within their environment.

Branson is a 23 year veteran of unix and security. He started as a cryptologist for the US Navy and has since worked on NASA Shuttle Projects, TSA security and monitoring systems, internet search engines and continues to support many open-source projects. He founded sandSecurity to provide policy and technical audits, support and training for IT Security, System Administrators and internet and unix Developers. Branson has his CEH, GSEC, GCIH and several other credentials, but generally likes to spend time answering the question "I bet you can't…"
 

Whack-a-Mobile: Getting a Handle on Mobile Testing with MobiSec Live Environment - Tony DeLaGrange and Kevin Johnson

One of the challenges organizations face is the expense and complexity in designing, developing, and building test environments to adequately evaluate the security controls and risks around their mobile devices, applications, and infrastructure. Consequently, the complexity and expense increases by orders of magnitude when taking into account the variety of mobile devices, operating systems, application versions, supporting infrastructure, and the various potential configuration settings that an organization may include in their mobile environment. Given these challenges, very few organizations are actually testing mobile device security as it relates to their environment.

In this talk, Tony and Kevin will introduce the MobiSec Live Environment, which is a live testing environment preconfigured and installed with all the tools and configurations needed to perform security assessments and testing of mobile platforms. They will explore the various features and functions as well explain how the environment was built with the support of the DARPA Cyber Fast Track Program. A short demo of the MobiSec Live Environment will be included.

Tony and Kevin are Sr. Security Consultants at Secure Ideas, providing security consulting and penetration testing, including network, web application, and mobile environments. Tony has over 25 years of IT experience in healthcare and financial services industries, with the past 10 years focused on security architecture and assessments for a fortune 50 financial institution. Kevin came to security from a development and system administration background. He is the founder of many open source projects, is a senior instructor for SANS, the author or three SANS courses, and an IANS faculty member. He has presented at DefCon, Blackhat, and ShmooCon.