Fitting it all in
With all the events, speakers, training sessions, and more going on at ISSW, find out when and where it is all happening to maximize your experience.
2019 InfoSec Southwest
Friday, March 29 – Sunday March 31,2019
1900 Rio Grande, Austin TX 78705
Friday, March 29, 2019
1:00 – 10:00 PM
2:00 – 5:00 PM
Bootstrap Go – a Hands-On Workshop (Sign-up Required)
Are you sad because Go is hot and you’re not? Let’s change that. IMPORTANT: If you want to participate, DO THIS STUFF FIRST! (~20 minutes).
In this 3-hour workshop, infosec interloper Trevor Rosen will teach you the basics of Go, the Google-originated programming language behind Docker, Kubernetes, Keybase, Lantern, CoreOS, and more. Start from “hello world” and end with a concurrent, 2-endpoint web server. Along the way you’ll learn practical basics like data serialization, dependency injection, testing, and (of course!) get your feet wet with Go’s powerful concurrency support. Armed with this knowledge, you’ll go forth and perform wondrous deeds like finding sweet vulns in container runtimes or the Kubernetes control plane. Or use the excellent stdlib and static compilation to write the next awesomely portable security tool that everyone hateloves!
Interested? Sign-up to reserve a spot.
6:00 – 10:00 PM
Welcome Cocktail Reception & Registration
Saturday, March 30, 2019
Your Wish is My Command: A Deep Dive into DirectTV’s Genie System
DirectTV is one of the largest satellite content providers in the nation, and their Genie system is their flagship line of products. In this talk, we will take a look at what that system is composed of, including device hardware, proprietary network protocols, and content protection mechanisms. We will demonstrate vulnerabilities in the system and ways to manipulate content as well as other fun things you can do. Magic lamp not included.
Reflecting on Network Discovery
Although network discovery is a critical component of security, current tools struggle to obtain comprehensive results on modern networks. Security hardening of endpoints, adoption of the BeyondCorp model, the explosion of networked devices, and complications arising from software defined networks, virtual machine environments, use of containers, and hybrid clouds have all challenged our ability to accurately identify assets. This talk covers the current state of network discovery techniques, digs into older, relatively unknown methods, and introduces a handful of new tricks that can immediately improve the discovery phase of security and IT efforts.
Alamo Drafthouse: Turbo Talks!
Bugs so Nice they Patched them Twice! A (Continuing)? Story About Failed Patches
With all these bugs being patched, one begins to wonder if these are all new discoveries or something a little bit more unnerving. Is it possible that the vendor patches were ineffective and that researchers are discovering ways to re-trigger previously patched vulnerabilities? The answer is yes! This talk drills into this topic by exposing modern vulnerabilities targeting Adobe Acrobat and, more importantly, how these vulnerabilities were ultimately resolved after multiple disclosures. We start by taking a detailed look at the attack surface exposed by Adobe Acrobat. We then dive into multiple vulnerabilities that were purchased by the Zero Day Initiative program and describe how Adobe found the bugs so nice they patched them twice. These failed patches highlight the complexities of Acrobat and demonstrate the need for vigilance amongst researchers reporting bugs to Adobe. A patch is good; a solution is better.
How to Respond to a C&D: Keep Calm But Don’t Necessarily Carry On
In this talk, I will discuss: (1) how to interpret the language of a C&D, including a brief discussion of the various underlying legal authority that may be cited by the attorney; (2) how to formulate a response on your own and when to seek outside help; and (3) potential consequences for failing to respond. I’ll be providing real world examples of C&Ds that have legal merit and ones that should never have been sent out.
Worm Charming: Harvesting Malware Lures for Examination
Worm charming (grunting or fiddling) is an increasingly rare real-world skill for attracting earthworms from the ground. A competitive sport in east Texas, most worm charming methods involve some vibration of the soil, which encourages the worms to surface. In our context, we’ll apply a series of YARA rules to charm interesting samples to the surface from the nearly 1M files uploaded to Virus Total daily. Once aggregated, we’ll explore mechanisms for clustering and identifying “interesting” samples. Specifically, we’re on the hunt for malware lures that can provide a heads up to defenders on upcoming campaigns as adversaries frequently test their lures against AV consensus.
Sunday March 31, 2019
Beyond Internet Scanning; Open Source Attack Surface Discovery with Intrigue Core
SHODAN, Rapid7, Censys and others have made vast swaths of raw data scan data available to researchers over the last 10 years, but enumerating the exposed attack surface of a given organization remains an open challenge. Database leaks, application layer misconfigurations and default creds still pose significant risk to security teams. We are left living the unpleasant reality: “You can’t fix what you can’t find”. In this session, the speaker will dig into the open source Intrigue Core engine, a framework to iteratively enumerate attack surface, walking through lessons learned and exposures found while scaling the engine to discover the attack surface of tens of thousands of organizations.
Todd Manning, Michael DePlante Jr, and Tony Fuller
Project Redlion – Industrial Control HMI security
Industrial control HMIs are a window into industrial processes. They allow people to monitor and control the industrial environments of which they are a part. This talk investigates the Windows-based software which configures an HMI, and will cover topics such as Windows binary analysis, the fuzzing of Windows programs, and triaging crashes. In addition, hardware reverse engineering and firmware analysis of an embedded HMI will be discussed. This talk will also discuss the reverse engineering and analysis of both the custom HMI protocol, as well as the custom HMI file format. Finally, the talk will cover the analysis of the network attack surface presented by the HMI. Todd will be joined by Michael DePlante Jr and Tony Fuller of Trend Micro ZDI.
Operational Security Across the Spectrum
Opsec is so hot right now. How do people outside of infosec keep themselves secure? What about outside “first world countries”? What are your risks /really/? Not your typical opsec talk about threat models.
Defense Against the Social Engineering Arts
This talk will start by covering techniques recently used to break into multiple banks and an airlines’ system operations center. Highlights include convincing a helpdesk technician to bypass their multi-factor authentication solution and a detailed review of what would have prevented these attacks from being successful.
This One Time On A Pentest: Last 20 Years Edition
Rick loves telling “this one time on a pentest” stories. Usually they are a highlight of the worst things he’s seen. With a few of the most amazingly secure systems he has run across. In this full-length version of his talk, Rick will talk about the things he seen in the last 20 years of being a pentester. Worst of the worst and the best of the best will be discussed.
Baron Daniel Crowley
Building Crypto Flaw Recon and Attack Tools for Web Hackers
Cryptographic attacks are often in the realm of theory. Many long known attack techniques in the cryptographic world have no corresponding practical tooling or weaponized exploit. Because of the nature of cryptography, encrypted data is often (and should be) indistinguishable from random data. This presents certain unique challenges when attempting to build crypto flaw scan or attack tools. This talk will discuss several cryptographic flaws, how they manifest in web applications, how to find them, and will discuss newly developed crypto attack tools to be released alongside the talk.