Advanced Web Security Testing with Burp Pro

This training is designed for Web penetration testers familiar with the Burp Suite Pro auditing tool. Based on the Mastering Burp Suite Pro – 100% hands-on class, this session is expected to go much faster, while covering most problems faced in everyday engagements and significantly enhancing your automation skills. The numerous elaborately designed challenges will guide trainees during these 2 days of intense-but-fun Burp Suite Pro practice. Continue reading…


Modern Object-Oriented Malware Reverse Engineering

Please note that this class has been cancelled.

This training course is designed for anyone who wants to learn how to reverse engineer object-oriented code and perform analysis of complex threats. The introductory material of the class provides students with essential information on C++ code generation process: how object-oriented types are laid out in an executable, what kind of additional information compilers put into binaries and how object-oriented architecture may be reconstructed from the machine code. After this students will focus on using reverse engineering tools to put in practice what they’ve learned earlier. A lot of attention is devoted to automation of reverse engineering. As a bonus, the authors will demonstrate how to identify certain vulnerability classes such as use-after-free with Hex-Rays Decompiler SDK. Another major part of the training is related to reverse engineer malware from real-world targeted attacks where students will apply learned skills in practice. Continue reading…


Hide Yo’ Kids: Hacking Your Family’s Connected Things

This presentation will cover security research on Internet-connected devices targeting usage by, or for, children. Mark will discuss the vulnerabilities he found during this research, including account takeovers, device hijacking, backdoor credentials, unauthorized file downloading, and dangerously out-of-date protocols & software. Devices discussed will include Internet-connected baby monitors, a GPS-enabled platform to track children, and even a Wi-Fi & Bluetooth-connected stuffed animal. Continue reading…


Android – Practical Introduction into the (In)Security

This presentation covers the user’s deadly sins of Android (In)Security, together with implied system security problems. Each topic could potentially introduce unrecoverable damage from security perspective. Both local and remote attacks are covered, along with accompanying practical demo of most interesting ones. Continue reading…


Real Solutions From Real Incidents: Save Money and Your Job!

This talk will cover scenarios from real incidents and how simple solutions that are very cost effective can be used to prevent them from occurring.

  • A scenario based on real incidents will be presented.
  • The typical state of security in enterprise will be presented.
  • Specific gaps that allowed the incident to occur and for data to be exfiltrated will be scrutinized.

Continue reading…


Analysis of High-level Intermediate Representation in a Distributed Environment for Large Scale Malware Processing

Malware is acknowledged as an important threat and the number of new samples grows at an absurd pace. Additionally, targeted and so called advanced malware became the rule, not the exception.

At Black Hat 2015 in Las Vegas the researchers co-authored a work on distributed reverse engineering techniques, using intermediate representation in a clustered environment. The results presented demonstrate different uses for this kind of approach, for example to find algorithmic commonalities between malware families. As a result, a rich dataset of metadata of 2 million malware samples was generated.
Continue reading…


Inter-VM Data Exfiltration: The Art of Cache Timing Covert Channel on x86 Multi-Core

On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated.

This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing covert channel that is totally hidden from the standard access control mechanisms while being able to offer surprisingly high bps at a low error rate.
Continue reading…


Bypassing Application Whitelisting in Critical Infrastructures

Application whitelisting is a concept which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. It works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. In this talk we discuss the general security of such a concept and what holes are still open for attackers. Continue reading…


CANtact: An Open Tool for Automotive Exploitation

Controller Area Network (CAN) remains the leading protocol for networking automotive controllers. Access to CAN gives an attacker the ability to modify system operation, perform diagnostic actions, and disable the system. CAN is also used in SCADA networks and industrial control systems.
Historically, software and hardware for CAN has been expensive and targeted at automotive OEMs. Last year, we launched CANtact, an open source hardware CAN tool for PCs. This provides a low cost solution for converting CAN to USB and getting on the bus.
Continue reading…