Workshops


				

				
Monday 19 Tuesday 20 Wednesday 21
AM (9:00)>(12:00)   DBI workshop for hackers and security experts by Gal Diskin Lockpicking workshop by Walter Belgers
PM (13:00)>(17:00)  RFID Workshop by Philippe Teuwen Metasploit Workshop by Paul Rascagnères (room 1) Neighbor Discovery (ND) for IP version 6 (IPv6): Attacks and Countermeasures by Fernando Gont
"Barcamp" from BGP Ranking to PicViz and ... by Raphaël Vinot and you! (room2)


Contents

List of Workshops

DBI workshop for hackers and security experts

Binary instrumentation, in particular DBI (Dynamic Binary Instrumentation) is a valuable tool for anyone that deals in information security. Whether you are searching for vulnerabilities, developing exploits, reverse engineering, visualizing programs or defending yourself from attacks - DBI is the tool you need. DBI allows you to manipulate programs at the binary level making it the modern "Swiss army knife" for security experts. This workshop will teach you the basics of DBI, using the Pin DBI engine. Example code will be provided under the Intel open source license. Examples include code that develops exploits automatically (with no human intervention), code that detects vulnerabilities as they occur, accelerated fuzzing techniques, visualization of program code, taint analysis tools and more...

An example of program visualization using DBI


Bio: Gal Diskin

Gal has been hacking since he got his hands on a computer at age 5. He started doing it professionally at age 16. Gal did work for the IDF for a short while. He later worked as an independent consultant on information security while doing a start-up. Following this he went to study and joined Intel, initially as a member of the Pin binary instrumentation engine development team and now he is leading a team doing security evaluation and research @ Intel focusing on FW and touching on SW and HW. Gal studied math and comp-sci at Israel Institute of Technology (Technion).

Blog: http://www.diskin.org/ Twitter: http://www.twitter.com/gal_diskin

Lockpicking Workshop

During the workshop lockpicking, you will learn how to open regular cylinder locks. Locks and tools will be provided. You can bring some of your own locks if you like, as well.

BIO: Walter Belgers

Walter Belgers is partner at Madison Gurkha, a Dutch security company. Apart from leading a team of penetration testers, he still conducts security audits. He likes to give trainings and lectures, including at conferences. Apart from his work, Walter has hobbies such as drifting, sailing and lockpicking. In 2006, he founded a chapter of TOOOL, the Open Organisation of Lockpickers in Eindhoven, the Netherlands. For the last five years he has won the Dutch club competition.

Metasploit Workshop

Metasploit is a framework for developing and executing exploit against a target machine. The framework include an opcode database, shellcode archive, evasion tool and a lot of other feature. Currently a lot of new exploits are published as metasploit module. This workshop aims to introduce this framework (architecture), to see the use (simple, advanced, Meterpreter, database use, file generation ...) and develop a module. Virtual machines will be available for participants to perform test.

Participants need their laptop with linux and ruby. They can use (or adapt to their distribution) this procedure to install metasploit and dependencies: https://community.rapid7.com/docs/DOC-1296

BIO: Paul Rascagneres

Paul Rascagnères is IT Security Consultant at itrust consulting s.à.r.l. He is very active in the open source community as well as for vulnerabilities research. He spoke at several security conferences such as NDH2k11, Hackerfest 2010, HES 2010... He has developed many "proof of concept" to highlight vulnerabilities for provider such as IBM. He also highlighted vulnerabilities during Web applications audit and firmware analysis. He has published articles on the internet and security magazines. He has published several CVE (Common Vulnerabilities and Exposures). He has executed work for banks and European Institution.

RFID Workshop

RFID Workshop is typically 3 hours long and contains topics such as:

  • RFID readers for PC supported by open-source software (Omnikey CardMan 5321, ACG-LF, Frosch, ASK LoGO, SCL3711 & others)
  • PC/SC: limits of manipulating RFID with contact-oriented standards (ATR/ATS & APDUs).
  • NFC, anticollision, card emulation, relay attacks, RFID authentication protocol example
  • libnfc tools, RFIDIOt tools, ePassports, privacy
  • Open hardwares, Proxmark

The workshop is a mix of intro to readers, standards, tools, security aspects, hands-on & demos. For the hands-on, I distribute bootable CDs (based on Debian Live) with all drivers & open-source tools I could find and participants can borrow a SCL3711 reader.

They are 18 readers available, so you need to be in the first 18 if you want one

Requirements:

Laptop with USB port and CD-ROM reader, able:

  • either to boot directly from a CD;
  • or to boot a CD in VirtualBox(1);
  • or, if no CD-ROM reader is available, from an iso file

(1) cf http://www.virtualbox.org/wiki/Downloads Choose the binary install suiting your OS but also the "VirtualBox 4.0.8 Oracle VM VirtualBox Extension Pack" which provides the USB support. People using linux on their laptop should test that USB support is working fine with their setup, as it's not always the case that permissions are properly set between USB & VirtualBox.

BIO: Philippe Teuwen

Philippe Teuwen is currently Security Researcher at NXP Semiconductors, dealing with various subjects such as Wi-Fi security, secure code execution, fault-injection, crypto, smartcards, RFID, NFC, etc

Neighbor Discovery (ND) for IP version 6 (IPv6): Attacks and Countermeasures

During the last few years, the UK CPNI (Centre for the Protection of National Infrastructure) carried out a comprehensive security assessment of the Internet Protocol version 6 (IPv6) and related technologies (such as transition/co-existence mechanisms). The result of the aforementioned project is a series of documents (yet unpublished) that provide advice both to programmers implementing the IPv6 protocol suite and to network engineers and security administrators deploying or operating the protocols. One of the protocols/mechanisms that was assessed as part of this project is Neighbor Discovery for IPv6, which provides in IPv6 similar functions to those provided in the IPv4 protocol suite by the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). This resulted in the first thorough security assessment of Neighbor Discovery for IPv6, covering not only protocol-design flaws, but also vulnerabilities arising from common implementation flaws. While some basic tools were already publicly available for exploiting some ND vulnerabilities (e.g., THC’s “IPv6 attack suite”), these tools provided only very limited functionality and thus allowed experimentation with only a small subset of the potential Neighbor Discovery (ND) vulnerabilities that were identified as a result of this project. Therefore, in order to allow a thorough assessment of real-world systems, a comprehensive set of tools was produced as part of this project. The resulting tools were not only used internally for the evaluation of some popular IPv6 implementations, but were also shared with a number of vendors and open source projects such that they could perform an assessment of their own implementations. This cooperation process led to the discovery of a number of vulnerabilities in real-world systems, some of which were patched before the complete results of this project were publicly released. Fernando Gont will discuss some of the identified Neighbor Discovery vulnerabilities, and will provide guidance to network operators and security administrators, such that these vulnerabilities can be mitigated (where possible) with standard security devices. Fernando will also provide a live demonstration of how these vulnerabilities can be exploited with the Neighbor Discovery attack suite produced by CPNI as part of the aforementioned project. The live demonstration will include at least three Denial of Service (DoS) vulnerabilities that affect popular operating systems (such as FreeBSD and Linux), and a demonstration of evasion of network security controls such as RA-Guard and NDPMon. Focus of the presentation will be on the operational aspects of Neighbor Discovery (i.e., how to mitigate these vulnerabilities), and on the practical aspect of assessing IPv6 implementations with respect to the aforementioned vulnerabilities (i.e., live demonstration of the attacks).

BIO: Fernando Gont

Fernando Gont specializes in the field of communications protocols security, working for private and gubernamental organizations both in Argentina and overseas. Gont has worked on a number of projects for the UK National Infrastructure Security Co- ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite. Gont is currently working on the security assessment of communications protocols on behalf of the United Kingdom's Centre for the Protection of National Infrastructure. Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published a number of IETF Internet- Drafts and RFCs (Request For Comments). Gont has also recently joined the Transport Directorate of the IETF. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, BSDCan 2005, BSDCan 2009, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, IETF 64, IETF 67, IETF 73, IETF 76, LACNIC X, LACNIC XI, LACNIC XII, LACNOG 2010, and Hack In Paris 2011.

BGP Ranking User-Dev Workshop

Bio: Raphaël Vinot

Raphaël Vinot is a junior malware researcher at anti-virus company ESET. Most of his works consists in playing with (big) datasets and (trying to) do something easily useful with it, mostly in an IT Security environment. Raphaël Vinot finished his Master Degree in computer science at the ISFATES/DFHI of Metz and Saarbrücken in 2010. He is the main developer of BGP Ranking, a ranking system which generate lists of malicious ASNs by gathering lists of malicious IPs. The project is opensource and available with some other on his github profile: https://github.com/Rafiot