NBT3 is a technical security conference in SF that is attended by ~100 security engineers, hackers, and occasionally a CISO trying to blend in by wearing a black t-shirt.
It's *that* hacker con. We don't do very much planning, and we rely on the ultra awesomeness of the hackers in the Bay Area to make it fun. There will be some talks, some food & beer, a Toool Lock Picking Village, and a Watch Dogs 2 tournament. BYOHS: If you're expecting anything else, feel free to bring it!
RSVP is free. Use a real name and email address so you can check in at the reception desk.
Speaker schedule below.
FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. FakeNet-NG was inspired by the original FakeNet tool developed by Andrew Honig and Michael Sikorski. FakeNet-NG implements all the old features and many new ones; plus, it is open source and designed to run on modern versions of Windows. FakeNet-NG allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs.
For the purposes of a documentary, I was approached to attack and compromise a journalist. This journalist was San Francisco Bay Area based, so that meant he was using a mac, an iphone, and his office was using google apps and likely 2 factor authentication for everything. No windows, no powershell, no ms08_067, no netbios, no backdoored ms office documents – how was I supposed to get in? Well, I did get in, but then I was faced with another problem – metasploit doesn’t work so well when attacking osx. At the time (Before Defcon last year) there were next to no tools available to do this – I had to build a toolkit for myself ON THE VICTIMS MACHINE, LIVE during the attack. And I’m going to tell you all how I did that, what I did, what worked and what didn’t work. And since then, there have been additional tools developed specifically to attack OSX that I’ll also be covering, as well as some fun tradecraft that talks about how to approach getting shells on OSX.
Humanity has been building and programming general purpose computers for about six decades now, with spectacular results, mostly good. As we contemplate the Internet of Things in light of our collective experience, there are some disturbing conclusions to be drawn. Can we as a species safely place our economy and culture into a global distributed network of computers, if those computers are programmed by humans using commodity programming languages and tools?
Dr. Paul Vixie, CEO of Farsight Security, is personally responsible for more CERT vulnerability notifications than any other living programmer, and he'll share his thoughts on the likely results of Software as Usual as applied to 21st century society.
Joe Demesy (moloch)
Matthew Bryant (mandatory)
Shubham Shah (infosec-au) - "Out of the Browser Into the Fire"
The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone client-side containers, all the while security has remained an afterthought. In this talk we will demonstrate a new class of attacks, that can be leveraged to exploit critical vulnerabilities in popular desktop applications implemented using embedded web technologies. We'll demonstrate leveraging XSS in native desktop applications to exfiltrate sensitive files, create messaging worms that can infect an entire organizations, and gaining arbitrary native code execution, all without the need to bypass DEP, ASLR and other modern operating system protections.
What do the San Francisco Giants, Cryptolocker and nuclear war all have in common? They all involve conflicts in which incentives, payouts and winning strategies can be analyzed with game theory. Game theory is a branch of mathematics that models conflict and cooperation between parties and is used in many real-world decision making scenarios, inside and outside the Information Security field. Game theory is particularly useful in analyzing the extortionist / victim dynamic present in ransomware infection scenarios.
Ransomware comes in many varieties and works in different ways, but the basic setting is the same: cybercriminals infect a computer with malicious software that blocks access to the system or important files until the ransom is paid.
The conventional wisdom in information security regarding ransomware is to never pay. But, why? The answer is a little more nuanced than “never pay” or “always pay.” The decision is a complex scenario of incentives and payoffs. Who stands to gain when ransomware is paid? Who gains when it is not paid?
This talk will use the familiar topic of ransomware to introduce participants to game theory concepts like rational decision-making, zero-sum games, incentives, utility and Nash Equilibrium – all important tools that can help solve security problems. By analyzing ransomware decision-making with a game theory mindset, participants will learn a new set of skills and a new way of incentive-driven thinking.
Smart Locks perfectly embody the crossroads of convenience and
technology represented by the Internet of Things. Chances are you've
seen one, perhaps used one in a hotel, or maybe even have one on
your front door. However, unlike many other IoT devices, the stakes
are high with Smart Locks: they protect our homes, our valuables,
and even our personal safety.
We will demonstrate practical attacks that allow an attacker to
unlock multiple Smart Locks from several vendors. Our attacks are
performed using commodity hardware and require no interaction from
the target. We will release our general purpose Bluetooth proxy
framework to allow users to implement attacks similar to those
described in this talk.
The Human Interface Device Input/Output Toolkit (HIDIOT) is a
credit-card sized slow speed serial emulation device, not unlike the
teensy or USB armoury, but nowhere near as powerful. That might not
sound like a lot of fun, but unlike the teensy or USB armoury, the whole
purpose of the HIDIOT is to give people a unique opportunity to build an
open source general purpose computing platform and hardware hacking
device that actually does something, from scratch, even if they’ve never
soldered before.
CertGraph crawls internet accessible SSL certificates creating a directed graph of domains, their certificates, and their certificate alternate names. This graph shows a different view on the "chain of trust" we are already familiar with in the SSL certificate ecosystem. CertGraph has already been used to identify internal and public domains an organization may not want public knowledge of, host enumeration for an organization and its related partners, and misconfigured SSL certificates for incorrect domains.
New developers' tools are being built, among them, Golang from Google, Rust etc.
While it is great to change mindset and try new things, from a security point of
view new approaches are creating new risks.
Do you love the feature from Go which compiles a single binary you can share to
everyone and includes all the libraries you ever need? This talk is for you!
I will show a tool that introspects Go binary objects to grab all depencies and
check for vulnerabilities automatically.
Real-time contextual information to increase the value of threat data for the enterprise, government and security industries. For more information, visit https://www.farsightsecurity.com/.