-
08:35 - 10:35
Guillaume Lopes & Davy Douhine - Mobile Hacking Workshop
Guillaume Lopes (https://twitter.com/@Guillaume_Lopes) and Davy Douhine (https://twitter.com/ddouhine), senior pentesters, will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers or just curious a 100% “hands-on” training.
Goal is to introduce tools (Adb, Apktool, Jadx, Androguard, Cycript, Drozer, Frida, Hopper, Needle, MobSF, etc...) and techniques to help you to work faster and in a more efficient way in the mobile ecosystem.
This is the exact workshop that you would have liked to have before wasting your precious time trying and failing while trying to assess the security of mobile applications.
You’ll need:
_ a laptop (running any OS: Windows / MacOS / Linux)
_ with 8Gb RAM at least (ideally 16Gb)
_ 40Gb of free space (to install an attacking VM based on Kali - we’ll provide it)
_ Administrative rights on your laptop + a way to deactivate anti-virus, HIPS and firewall
_ VMWare Player (ideally VMWare Workstation)
_ A PDF reader
_ A jailbroken iDevice (iPhone/iPad/iPod) running at least iOS9 if you want to follow the iOS part
-
10:35 - 10:45
Break (10 mins)
-
10:45 - 12:45
Éva Szilagyi & Dávid Szili - Elastic Stack for Security Monitoring in a Nutshell
Elastic Stack is one of the most commonly used open source data analysis and management platform today. It quickly became popular among security professionals too and it is also the building block of many open source and commercial SIEM. Elastic Stack is designed for speed and ease of use; it indexes data as it is ingested (write once read many or "WORM" storage) and it is extremely scalable and powerful, making ad-hoc queries and real-time visualization very easy.
The components in the Elastic Stack are designed to be used together and releases are synchronized to simplify the installation and upgrade process. The stack consists of:
- Beats, which is the platform for single-purpose data shippers;
- Logstash, which is a server-side data processing pipeline that ingests data from multiple sources, transforms it, and then sends it to one or more outputs ("stash");
- Elasticsearch, which is a distributed, RESTful search and analytics engine;
- Kibana, which lets users visualize data with charts, graphs, and dashboards.
During this two-hour workshop, we will see how to use Elastic Stack for security monitoring and cover the following topics:
- Beats (filebeat, winlogbeat, auditbeat, etc.)
- Logstash (input, filter, and output plugins)
- Elasticsearch (cluster, node, index, shard, mapping, search, aggregation, etc.)
- Kibana (index patterns, searches, visualizations, dashboards, etc.)
- Elastic Stack Alerting and Security (X-Pack, ElastAlert, Search Guard, ReadonlyREST, etc.)
Technical requirements for the workshop:
- A laptop with at least 8 GB of RAM and 30-50 GB of free disk space;
- VMware Workstation, VMware Fusion or VMware Player installed.
-
12:45 - 12:55
Break (10 mins)
-
12:55 - 14:55
Péter Balogh & Nándor Krácser - Detecting and Blocking Vulnerable Containers in Kubernetes
We'd like to go into detail about how container image vulnerability scans work - with a focus on catching vulnerabilities at the point in time at which deployments are submitted into the cluster.
Detecting and Blocking Vulnerable Containers in K8s
Techincal requirements:
Notebook with minimum 8GB memory
Installed app:
GNU/Linux and Windows: installed Virtualbox
Mac: macOS newer than Sierra or installed Virtualbox
-
14:55 - 15:05
Break (10 mins)
-
15:05 - 17:05
Dávid Szili - Introduction to Osquery
Maintaining real-time insight into the current state of your endpoint infrastructure is crucial. It is very important from operational, continuous security monitoring, and incident response perspective. Created by Facebook in 2014, osquery is an open-source instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD operating systems.
Osquery exposes the operating system as a relational database and allows you to write SQL queries to explore system data. The generic SQL tables represent running processes, loaded kernel modules, open network connections, browser plugins, hardware events, file hashes, etc. These SQL tables are implemented via an easy to extend API and several tables already exist and more are being written. The main advantage of osquery is that it allows you to use one platform for monitoring complex operating system state across an entire infrastructure. It has a high-performance and low-footprint distributed host monitoring daemon, osquery and also an interactive query console, called osqueryi.
During this two-hour workshop, we will learn about osquery's capabilities and cover the following topics:
- Osquery basics (installation, osqueryi, osqueryd, osquery schema);
- SQL refresher (SELECT, FROM, WHERE, LIKE, JOIN, etc.);
- Osquery configuration (flagfile, packs, schedule, logging, file integrity monitoring, etc.);
- Fleet management (Kolide Fleet, Doorman, SGT, etc.);
- Osquery extensions.
Technical requirements for the workshop:
- A laptop with at least 8 GB of RAM and 40-50 GB of free disk space;
- VMware Workstation, VMware Fusion or VMware Player installed.
-
17:05 - 17:15
Break (10 mins)
-
17:15 - 19:15
Mohammed B. M. Kamel - Introduction To Buffer Overflow Exploit
This workshop introduces how buffer overflow vulnerabilities arise in programs and how they get exploited. Exploiting the behavior of a buffer overflow is a well-known security exploit. On many systems, the memory layout of a program, or the system as a whole, is well defined. By sending in data designed to cause a buffer overflow, it is possible to selectively overwrite data pertaining to the program's state, therefore causing behavior that was not intended by the original programmer. Although all programmers know the potential threat of buffer overflow in their programs, there are still a lot of buffer overflow-related threats in both new and old software, regardless of the number of fixes that have already been performed. The workshop will contain a basic principal of understanding the buffer overflows, the program loading and execution within memory, how to spot buffer overflow conditions and how exploits get constructed for these overflow conditions.
