Security BSides Athens 2021

BsidesAth Speaker


This is a secret for now, serioulsy, stay tuned!

by [TBA], @Twitter

Abstract: How will our cryptographic toolkit be impacted by quantum computers and machine learning? In this talk, we discuss the impact of quantum computers on cryptographic algorithms and the changes that are required to protect against both passive and active quantum attacks. We cover the new set of post quantum cryptographic (PQC) schemes that are being proposed to protect current and future systems, the implied security thereof, as well as their practicality when deployed in real world systems. We also discuss standardization efforts, industry challenges, and complexities of the roadmap to transition current cryptographic systems and secure communications solutions to quantum-resistant alternatives. We also briefly discuss the usage of machine learning technologies to advance cryptographic and cryptanalysis toolsets.

Bio: Dr Najwa Aaraj is the Chief Researcher at the Cryptography Research Centre at the Technology Innovation Institute (TII), a cutting-edge UAE-based scientific research centre. In her role, she leads the research and development of cryptographic technologies, including quantum safe (post quantum) and quantum cryptographic technologies, lightweight cryptographic libraries, cryptanalysis, and applied machine learning for cryptographic technologies. Dr Aaraj earned a PhD with Highest Distinction from Princeton University in the USA. She has an extensive expertise in applied cryptography, embedded and cyber physical systems security, trusted platforms, software exploit detection and prevention systems, and biometrics. She has over 15 years of experience with global firms, working in multiple geographies from Australia to the United States. Before joining TII, Dr. Aaraj was Senior Vice President of Cryptographic technologies development at DarkMatter, a cyber-security firm based in the UAE. She was formerly at Booz & Co., where she led engagements in the telecommunications and information technology industry for clients globally. She also held research positions with the Embedded Systems Security Group at IBM T.J. Watson, at Intel Portland, Oregon, where she worked on Trusted Platform Modules early firmware prototypes, and at NEC Laboratories in Princeton, New Jersey, working mainly on hardware engineering. Dr Aaraj has written multiple conference papers, IEEE and ACM journal papers and book chapters, and received technology patents. Areas cover applied cryptography, trusted platforms, embedded systems security, and machine learning-based protection of IoT systems. She is a Board Member and adviser to multiple security and Machine Learning startups.

BsidesAth Speaker

Guest Talk

Guest Talk TBA

by Speaker , @Twitter

Abstract: Abs

Bio: Bio

BsidesAth Speaker

Guest Talk

Guest Talk TBA

by Speaker , @Twitter

Abstract: Abs

Bio: Bio

BsidesAth Speaker

Talk #1

Talk 1 TBA

by Speaker 1, @Speaker1

Abstract: Speaker 1 Abs

Bio: Speaker 1 Bio

BsidesAth Speaker

Talk #2

Blockchain Basics and Security for Penetration Testers

by Erfan, @bugtest0101

Abstract: The blockchain industry is the latest addition to the list of fields penetration testers should understand and be able to audit. In this presentation, my aim is to help everyone get a basic understanding of what a blockchain is, how as penetration testers we can mentally map this field, What is Ethereum and why it's important to developers, How [D]apps are built on Ethereum, What common pitfalls to look for at a high level and a case study of a recent exploit.

Bio: Security Consultant at Nettitude and Bug hunter

BsidesAth Speaker

Talk #3

Analysis of the .GR TLD Cyber Espionage Operation

by Anastasios Pingios, @xorlgr

Abstract: In 2019 the Greek government suffered a publicly disclosed nation-state exploitation of its DNS infrastructure. After two years enough evidence are available to perform a thorough analysis of the cyber espionage operation, the threat actors behind it, and connections with more recent cyber espionage operations targeting Greece.

Bio: Since the early 2000s Anastasios has been involved with cyber-security starting from the offensive side of vulnerability research and exploit development and gradually moving to the defender’s side in the area of incident response, digital forensics, and security engineering. In the process he acquired some industry accreditations along with a M.Sc. in Secure Computing Systems. The last few years Anastasios is focusing on intelligence and he is currently working as Principal Security Engineer at Booking.com.

BsidesAth Speaker

Talk #4

Ransomware incidents demystified

by Thanassis, @Twitter

Abstract: Ransomware attacks today dominate the news and pose a big moneymaker for few, revenue leak for others and brand damaging factor for most. During this presentation insights from real-life ransomware incidents will be shared spanning several attacks from various industries and separate breach types. Moreover, it will cover threat actors target selection, exploitation tactics, victim response, negotiation attempts, etc.

Bio: Thanassis works as an Incident Response Consultant, X-Force IRIS EU for IBM Greece. Thanassis has over 15 years of experience in the IT Security focusing on OS & Network defensive security and has authored various papers around security incidents. He is researching cybercrime and malicious activities by utilizing a variety of low and high interaction honeypots while analyzing interesting malware samples to keep up with his reversing skills. Thanassis has graduated as Electrical Engineer and holds an MSc in Information Security. He holds multiple IT and Information Security certifications and he is an official CISSP trainer for EMEA.

BsidesAth Speaker

Talk #5

Human Security Engineering (Special Guest)

by Ira Winkler, @irawinkler

Abstract: When users take a potentially harmful action, the cybersecurity industry believes that it’s a lack of awareness and the solution is more awareness. This is akin to saying that if a canary dies in a coalmine, the solution is healthier canaries. While the relationship seems natural, it is specious. It is also dangerous as these attacks are responsible for more than 90% of major incidents. The implication is that when a user fails, it is the users fault. I contend a user is a part of the system, and that when the user fails, it is really a failure of the entire system. For example, for a user to interact with a phishing message, the system first fails to recognize the message as a potential attack, and provides it to the user. While the user may choose to interact with the malicious message, the user experience leads the user to taking the action. Then should a user activate the attack in the message, it does not mean that loss is the inevitable result. Instead, the system has to facilitate the loss by allowing malware to execute, allowing the user to interact with malicious sites, or whatever the malicious action requires to succeed. I call the study of how a system as a whole facilitates loss initiated by user actions Human Security Engineering. Likewise, given that user harmful user actions can be driven by a lack of awareness, carelessness, purposeful ignoring of specified processes, or malice, I define the harmful user action as User Initiated Loss (UIL). As important, while the user may initiate a loss, it does not mean that the system should allow the loss to be realized. Human Security Engineering (HSE) essentially attempts to prevent the user from being in the position where they may initiate the loss, attempting to stop the user from initiating the loss when presented with the opportunity, and then mitigating the loss after initiation. Along with the concept of HSE, we are developing a model, similar to MITRE ATT&CK, to define the phases of User Initiated Loss, and will be presenting this model possibly for the first time. I will define UIL and show the multiple phases within each phases of pre-user action, user action, and post-user action. This will include the countermeasures to apply during each phase. I will present parallels from other disciplines, such as safety science, counterterrorism, and accounting. We will walk through multiple examples, defining how countermeasures are determined at each phase.

Bio: Ira Winkler, CISSP is CISO for Skyline Technology Solutions and author of You Can Stop Stupid. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader. Most recently, Ira was named 2021 Top Cybersecurity Leader by Security Magazine.

BsidesAth Speaker

Talk #6

maraki1982: A Management Tool for OAuth2 Phishing

by Y.Koukouras D.Tsikopoulos, @twelvesec

Abstract: Phishing attacks cannot be prevented by Multi-Factor Authentication (MFA), and the reason is that threat actors can leverage the OAuth2 framework to access user data. To be more specific, typical phishing attacks would require credentials harvesting, but this would not bypass the MFA security control. A threat actor could trick users into granting permission to an adversary application by crafting a malicious URL for the OAuth2 tokenwhich is granted permission to the cloud based resources; how could we use it? The answer is maraki1982, an open source post-exploitation tool.

Bio: Yiannis has over 15 years of experience in the Cyber Security domain, specializing in the consulting services area. He has offered IS consulting services to various companies across the globe, gaining valuable, hands-on experience. Yiannis has been a penetration tester for the most of his career whilst trying keep up with his research and community contributions. Dimitris is a highly motivated cyber security enthusiast with more than 9 years of experience in application security and software engineering. As an application security consultant, Dimitris provides companies with the tools to secure their SDLC processes, as well as training the teams on security matters; At the same time, he focuses on discovering ways to automate security and effectively secure software applications.

BsidesAth Speaker

Talk #7

Offensive Azure Security

by Sergey Chubarov, @Twitter

Abstract: These days, working with a cloud platform is already commonplace. Companies choose Microsoft Azure for a number of benefits, including security. But there are some responsibility on the customer side and that's may become weakest link in the chain. A demo-based session shows attacks on the weakest link in 3 scenarios: Hybrid Active Directory, Legacy VM-based application and Modern Application. The session includes: - Pentesting Azure AD Connect - Bypassing authentication & MFA - Getting control over Compute - Extracting secrets from Key Vault - Getting Access to App Service and Azure SQL Database - Exploring Azure Web App Firewall

Bio: Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years’ experience on Microsoft technologies. His day-to-day job is to help companies securely embrace cloud technologies. He has certifications and recognitions such as Microsoft MVP: Microsoft Azure, Offensive Security Certified Professional (OSCP), Microsoft Certified Trainer, MCT Regional Lead, EC Council Instructor (CEI) and more. Frequent speaker on local and international conferences. Prefers live demos and cyberattacks simulations.

BsidesAth Speaker

Talk #8

Show me the traffic! - When intercepting traffic in mobile applications is simply not enough

by Andi Anastasi, @Twitter

Abstract: During mobile penetration tests, one of the first things to do is intercept the traffic and throw single quotes against parameters. But what happens when traffic is encrypted? And what if extra security measures make your life harder? This is a tale from our crypt on how we managed to make do by using Burp, frida, python and some magic (custom scripts).

Bio: Andi Anastasi has more than 7 years of experience in the Information Security industry and currently serves as a Threat Labs Engineer for Encode. His work focuses on Penetration Testing in the areas of Web Applications, Mobile Applications, Internal and External Infrastructures among others. Having worked in the Cyber Security field for various projects and companies in Europe and Middle East, Andi has gained an extensive knowledge of web development languages, WAF bypass techniques, operating systems and information security best practices. Andi Anastasi holds a Bachelor’s Degree in Digital Systems and a Master’s Degree in Digital Systems Security, both from University of Piraeus.

BsidesAth Speaker

Talk #9

Click here for free TV! - Chaining bugs to takeover Wind Vision accounts

by Leonidas Tsaousis, @laripping

Abstract: Wind Vision is a streaming service offered by one of the top telecommunication vendors in Greece. With over 40.000 active subscribers, the user can download the Android application and watch TV from anywhere. ...And so could a malicious third party, by exploiting a series of vulnerabilities to go from one wrong click by the user, to complete takeover of their account. This talk will present the findings of independent research conducted during lockdown which led to the discovery of several low-impact bugs that, when chained together, result in a much greater attack. We will dive deep into the analysis of the vulnerabilities, discussing the common mobile development pitfalls and the psychology behind confusing prompts. Wind Vision subscribers among the attendees will also have the chance to install the demo Proof of Concept malware application that was developed (it's safe - promise), to see for themselves how the full chain works. Mobile developers will gain insight into how to prevent such attacks, allowing them to create apps that are fun, but also keep their users' watchlists safe. Finally, we will close up with a review of the disclosure process, the aftermath of resolution, and other lessons learned that will hopefully set you on the right path for researching and finding vulnerabilities in everyday products. References: https://labs.f-secure.com/blog/wind-vision-writeup https://labs.f-secure.com/advisories/wind-vision

Bio: I had a genuine interest in offensive security ever since the first years of university. Amazed with the exciting and original assignments for the relevant course, it wasn't long before I landed my first job in the infosec industry, which brought me to sunny Cyprus, where I learned a lot, attended conferences and earned certifications. Nowadays, I live in the fascinating, though less sunny city of Manchester in the UK, working as a security consultant at F-Secure, which I followed and admired from the MWR years. Beyond helping clients globally keep their web, mobile and network infrastructure safe, this position has also allowed me to perform lots of research, which resulted in several CVEs for well known products by companies like Cisco and Xiaomi.

BsidesAth Speaker

Talk #10

Purple teaming with Elastic Security and Prelude Operator

by James Spiteri, @jamesspi

Abstract: It's no secret that security teams are having to adopt new offensive and defensive strategies to further protect against the increasingly sophisticated attacks in the enterprise. In this talk, we'll be covering the use of Prelude Operator and Elastic Security for purple teaming, closing the gap between red and blue teams with user friendly, free and open tools. Learn how to easily create simulated adversaries, schedule various TTP deployments and create a full feedback loop with the Elastic Security detection engine and Elastic agent.

Bio: James is a principal product marketing manager at Elastic, focusing on Elastic Security. Previous to that, he served as a security specialist on our Solutions Architecture team for two years, helping customers and users across the globe architect their Elastic deployments for Security analytics. Before joining Elastic, James had been building custom SIEM platforms for security operations centers (SOCs) across various different sectors and industries.

BsidesAth Speaker

Talk #11

Fuzzing: Finding Your Own Bugs and 0days!

by R. Concurde (ROd0X), @Twitter

Abstract: This presentation has as objective to explain how 0day are found through Fuzzing technique. I'll be explaining how you can create a fuzzer, what are types of fuzzing and types of targets. And how you can find a Buffer Overflow vulnerability, and how to write step-by-step your own exploit. 2 PoC demos included, of course!

Bio: Brazilian, certified C|EH, having begun his studies about Information Security 13 years ago, and passed 10 years has realized projects of Application/Infrastructure Penetration Test, Security Analysis, Code Review and Hardening for industries such as: Telecommunications, Aviation, Financial Institutions, Information Technology and Mining. In his free time like of research and practice news techniques of Attack and something of Reverse Engineering. Speaker at: HITB - Hack In The Box UAE - 2020 - Fuzzing: Finding Your Own Bugs and 0days! Author: Covert Channel Technique Explained - Pentest Magazine, Stack Overflow - Hakin9 Magazine and From Fuzzing to Get a Shell - Pentest Magazine. https://br.linkedin.com/in/rodolphoconcurde

BsidesAth Speaker

Talk #12

Down the Rabbit Hole – A Tour into the Dark Web

by Konstantina Koukou, @Twitter

Abstract: Down the Rabbit Hole – A Tour into the Dark Web “Life is like an onion…” this is a quote by the famous American poet and three times Pulitzer winner, Carl Sandburg. By the time Sandburg wrote these lyrics in the 19th century, he could have never imagined how close to reality those words would become in the 21st century and specifically in the context of the Dark Web. Frequently, Alice in Wonderland is used as the main analogy to the Dark Web, but just like in the book, no one tells us how this magical world was made and what the motive for its creation was. If one wants to become wise on a matter and have a solid opinion on a subject, one needs to learn its historical events and evolution. In our journey through this session, we take you through the evolution, goals and motivation of the Dark Web. I will share with you what and whom you can find on the platforms as well as the major conflicts individuals face while exploring this web. The session also exposes you to the syndicates and structures running on the platforms. Surprisingly we see how those groups were among the first to embrace and implement Blockchain technology and created a major global demand for crypto currencies. This is the time to listen, learn and be exposed to the deepest secrets of the Dark Web.

Bio: Having graduated from the Politechical School,University of Patras i, Greece (2011) I obtained the Diploma of Electrical and Computer Engineer (5 year-studies/300ECTS) with specialization in Telecommunication and Information Technology. Ever since i am working and evolving in the IT industry , as an enthusiastic network and cyber security engineer. In my free time, i am studying cloud technologies, scripting, and getting updated on the latest cyber attacks. Currently and for the last 3+ years i hold the exciting role of the cyber consultant and Evangelist in Check Point.

BsidesAth Speaker

Talk #13

Cyber resilience: Awareness is not enough

by Michalis Michalos, @Cyb3rMik3

Abstract: Whether you call it human factor, insider threat, or human error, organization members comprise the #1 issue to tackle, when it comes to cyber resilience. It’s no secret, that either unintentionally or not, the human factor remains a substantial threat. While a lot of organizations have recognized this threat and established awareness trainings or relevant attack simulations (e.g. phishing campaigns), this has been proved to provide a push forward but not enough. Attacks become more sophisticated,complicated, and if they manage to evade technical controls, it’s up to the human factor to recognize and stop an attack.Within this context, the concept of Cyber Security Culture constantly ascends and while awareness might constitute a positive force to provide knowledge, Culture is a strategically set of actions that will institute a mindset of “this is how we do things around here”. Also, while awareness relies on individual’s skills, culture fosters dimensions including attitudes, behavior, norms and more.This presentation is an introduction and exploration of the Cyber Security Culture, what it is, what comprises it, why it is important and how it can be established and upcycled, in practice.

Bio: Michalis works as a SOC Security Analyst at PCCW Global. An MSc in Networks & Data Communications graduate, he looks for IOCs and how to make the most out of them to defend and preserve cyber resiliency. Following an 7-year career in IT including a 3-year complement course as freelancer, he is focused solely in cyber security over the last two years. Father, husband, owns a wine cooler and enjoys the outdoors as a volunteer of the Soma Hellinon Proskopon.

BsidesAth Speaker

Talk #14

Parting ways with Purdue? - The Effect of Industry 4.0 on Industrial Control Systems Security Architectures

by Michael McGinley, @Twitter

Abstract: Industrial Control Systems (ICS) security has historically relied on network segmentation and segregation, in order to separate process control from vulnerable internet-facing networks using hierarchical zones separated by firewalls. Industry 4.0 and Industrial Internet of Things (IIoT) rely on 'smart' control devices connecting directly to cloud networks, bypassing the logical hierarchy of reference architectures such as the Purdue Enterprise Reference Architecture. This talk will firstly deliver an overview of the necessity for security in ICS, looking at historic vulnerabilities and risks, which secure reference architectures aim to mitigate. I will also provide an introduction to the Purdue Model, explaining its history and significance to ICS implementations across various sectors. I will then examine the limitations in current ICS security standards in the context of Industry 4.0, and explore new solutions which address these issues, while also discussing their shortcomings. I will finally discuss the relevance of the Purdue Model going forward and attempt to identify areas in which it could be modified to better suit IIoT networks. It is hoped that this talk will provide ICS novices with a solid understanding of the security issues which face these systems, and that more experienced attendees will expand their knowledge of secure control system architectures, particularly those that involve newer technologies.

Bio: Michael McGinley is an Associate at PwC UK, having joined the firm as a graduate in September 2020. His work involves detection engineering and analysis, working as part of PwC’s Managed Cyber Defence team to protect clients from new and existing threats to their infrastructure. Michael gained his Masters degree in Computing Science from University of Glasgow in 2020, his research project focusing on Industrial Control Systems security training, working within the Glasgow Cyber Safety Lab.

BsidesAth Speaker

Talk #15

Smart Phone to Medical Device in five (not so) easy steps

by J. Windsor-Lewis, @m157y573p

Abstract: As smartphones become more advanced, more and more opportunities to use them to solve big global issues emerge. One of these issues is neonatal jaundice, or liver failure in newborn infants. This relatively common condition affects up to 80% of premature births. Treatment relies on early diagnosis, and lack of treatment can be disabling and potentially fatal. Traditionally diagnosis has been based on the skin colour of infants, a technique which is less effective for infants with darker skin tones, and the alternatives have been prohibitively expensive. In this talk I will present a novel technique to diagnose liver dysfunction using an app based on the android camera2 API, a little creativity and a lot of Java. This smartphone application uses RAW image data to perform subtracting colorimetric analysis on the white of the eye. This talk is perfect for anyone interested in app development, image analysis or the power of creative coding and will be beginner friendly!

Bio: Josephine would describe herself as an experienced amateur having taught herself to code to pursue a master’s in biomedical engineering. She was awarded the prestigious Engineers Trust Cadzow Smith Engineering Award for her work with the Saving Lives at Birth research team in 2020. Now, she’s looking to pivot into the cyber space and hopes to never stop learning.

BsidesAth Speaker

Talk #16

Automating red team infrastructure using Overlord

by Evangelos & Vasilis, @Twitter

Abstract: Tool link - https://github.com/qsecure-labs/overlord Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean.

Bio: Evangelos is a cybersecurity professional with 4 years of experience in information security, risk management, and penetration testing and he is currently working as a penetration tester at QSecure and an associate lecturer at UCLan Cyprus. He is a mentor of the Cyprus National ECSC team that competes in the European Cyber Security Challenge every year, and has been training and preparing team members since 2018. Evangelos holds a BSc in Computer Science from the University of Cyprus, an MSc in Information Security from University College London (UCL) and the eMAPT and eWPTXv2 professional qualifications.

Vasilis is an information security professional with 4 years of experience in information security, risk management, and penetration testing. He was the team captain of the Cyprus National ECSC team that competed in the European Cyber Security Challenge in 2017 and has been an active mentor ever since. In his spare time, he performs vulnerability research and takes part in CTF hacking competitions. Vasilis received a Bachelor's degree in Computer Science from the University of Cyprus and a Master's degree in Cyber Security from the University of Birmingham. In addition, he is a holder of the Offensive Security Certified Professional (OSCP) and eCPTX professional qualifications.

BsidesAth Speaker

Talk #17

Running an AppSec Program in an Agile Environment

by Mert Coskuner, @Twitter

Abstract: Application security in an enterprise is a challenge. We can see this when we look at the statistics; There have been 16648 security vulnerabilities (CVEs) published so far in 2020 and the average severity is 7.1 out of 10. In this talk, you will find various solutions such as; - Development team risk scoring based on maturity and business aspect, - SAST/DAST at CI/CD pipeline without blocking the pipeline itself, - Leveraging bug bounty program, - When to employ penetration testing, - When to employ code review, - Platform developments to remove dependency for developers’ to implement features i.e. internal authorization. The most important of all, you will see the solutions has minimal fraction to the teams which creates a fine-tuned security program.

Bio: Mert Coskuner is a Security Tech Lead at Trendyol. He is maintaining a cyber security blog at mcoskuner.medium.com and speaker at various security conferences.

BsidesAth Speaker

Talk #18

Shift Left with DevSecOps: Scanning every single code change

by A. Jain (logicbomb), @logicbomb_1

Abstract: In the agile world, where continuous iteration of development and testing happens throughout the software development lifecycle, which involves constant collaboration with stakeholders and continuous improvement and iteration at every stage, where development of features takes place so rapidly, where engineers release their changes very frequently and so the chances of potential security loopholes become more and more real. Here we will talk about building such a solution to push a shift left culture for security by the automated process for continuous scanning of different kinds of potential security issues on every code change.

Bio: I am a cybersecurity researcher working as a Lead DevSecops Engineer managing complete end to end infrastructure security. I love to break application logic and find vulnerabilities in them, have been - acknowledged by various MNCs like Google,Yahoo, NASA, LinkedIn and some top companies of India. I am also an active blogger on Medium where I write about interesting vulnerabilities that I find on my bug bounty journeys. Various articles and interviews have been published in various Security magazines, newspapers and newsletters like Forbes, Economic times, Huffingtonpost, Hakin9, Hackerone etc. I am also a cybersecurity speaker, share my views on various infosec threads.

BsidesAth Speaker

WorkShop 1

Attacking/Defending Android Apps Training

by Romansh Yadav, @Twitter

Abstract: This Workshop mainly focuses on the security aspects of world’s most leading mobile operating systems - android. In this training attendees will learn about their architecture, file system , security model , application components, OWASP mobile attacks Defense, reverse engineering techniques to uncover the security flaws within the application, method swizzling and runtime manipulation for the apps and hooking of the applications to exploit the security flaws.  The Workshop will also provide a thorough guide on how the mobile applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.

Bio: I am working as Senior Security Consultant in Aptiva Corp LLC Dubai . My areas of interest in mobile application security and research, Web application, red Team and fuzzing. I was the speaker and provided training various conference and meet up like Null Mumbai, Null Bangalore, Null Chandigarh chapter.

BsidesAth Speaker

WorkShop 2

Analysing Firmware

by Chrissy Morgan, @Twitter

Abstract: This workshop will explore IoT firmware acquisition and analysis. It will feature practical hands on exercises such as firmware extraction from devices and exercises to help get you started and pointers to what you will need. This workshop is aimed at new starters in IoT hacking. The attendees will leave with the understanding as to how and why we research firmware based vulnerabilities.

Bio: Chrissy works as a Researcher at PwC focusing on IoT/OT R&D for Managed Cyber Defence. She has an MSc in Advanced Security and Digital forensics and has marked achievements for her contribution and research within the Information Security community. Including winning the (ISC)² Up and Coming Security Professional award, competing and winning multiple Capture the Flag tournaments and earned bug bounties for well-known services.

BsidesAth Speaker

WorkShop 3

Discovering C&C in Malicious PDF with obfuscation, encoding and other techniques

by Filipi Pires, @FilipiPires

Abstract: Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code. By the end of this “talk” it will be clear to everyone, differences in binaries structures, how can the researcher should conduct each of these kind of analyzes, besides of course, it should seek more basic knowledge, with file structures, software architecture and programming language.
Similar presentations:
https://www.youtube.com/watch?v=mJZCNqcO10A&t=51s (NahamCon's on RTV 2021 - Discovering C&C in Malicious PDFs) https://www.youtube.com/watch?v=nxlqxLWO16k (GrayHat - Red Team Village - 2020- US) - Dissecting https://www.youtube.com/watch?v=0pp6xcFsXgE&feature=youtu.be (HITB -2020 - Hack In The Box Security Conference - Europe) - Threat Hunting https://www.youtube.com/watch?v=yAjvfTYEhOw (D.C. Cybersecurity Professionals - 2020 - US) - Dissecting PDF Files to Malware Analysis https://www.youtube.com/watch?v=oWkgyPgAMsg (BSIDES DFW - 2020 - US) - Dissecting https://www.youtube.com/watch?v=NVXpBy3RNTE (CIA Conference 2020 - India) - Dissecting PDF Files to Malware Analysis
Articles's published: Publications: https://pentestmag.com/product/pentest-fuzzing-techniques/ https://www.linkedin.com/feed/update/urn:li:activity:6658688388310401024/ https://github.com/filipi86/MalwareAnalysis-in-PDF https://medium.com/@filipi86/malware-analysis-dissecting-pdf-file-a95a0ffa0dce

Bio: I've been working Principal Security Engineer and Security Researcher at Zup Innovation and Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, I have talked in Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and others countries, served as University Professor in graduation and MBA courses at Brazilian Colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I'm Founder and Instructor of the Course - Malware Analysis - Fundamentals (HackerSec Company - Online Course).