DC0471 meet-up - 0x02
29th of September, 2018B-Hub, Mar Ivanios Vidyanagar, Nalanchira, Trivandrum.
DC0471 Meet-up 0x02 - agenda and Talks
Event Date : 29th September, 2018 : 09:00 AM to 05:30 PM Venue : B-Hub, Mar Ivanios Vidyanagar, Nalanchira, Trivandrum. All of our sessions and meet-ups are OPEN and FREE to everyone! But, there is a limitation for the available seats. Please register using the event registration link to book your seat!
Opening notes:
Chief guest:
Manoj Abraham IPS, Inspector general of Police, Trivandrum
Bio: Manoj Abraham IPS is the Inspector General of Police, Thiruvananthapuram Range. He has additional responsibility for traffic and road safety and is the Nodal Officer of the Kerala Police CyberDome.
Manoj Abraham is the Chief architect of the Cocon conference held annually on the theme of public private partnership for enhancing cyber Security. He has won many awards in the area of cyber crimes and cyber security which includes the 'Special Achievement Award' under the INFOSEC MAESTROS in 2014, Nullcon Black Shield Awards” under the “Gov-r-nator” category for year 2014, Asia-Pacific ISLA Senior Information Security Professional Award 2013 and host of other awards and recognitions. He is also the creator of Cyber Dome - a centre for private public participation in cyber policing.
Keynote Speaker:
Satish Babu, President, InApp
Bio: Satish Babu is a Free Software activist, early Internet advocate and development professional based out of Kerala, India. He is the founding Director of the International Centre for Free and Open Source Software (ICFOSS), an autonomous academic/research institution of the Government of Kerala, India. He was earlier the CEO of SIFFS, a co-founder and President of InApp Information Technologies, and is associated with national and international professional societies such as IEEE, Internet Society (ISOC), ICANN, and the Computer Society of India (CSI).
Satish has been active in Internet Governance since the 2009 IGF. He was a Fellow of the 2012 European Summer School in Internet Governance (EuroSSIG). He is associated with ICANN since 2012 and with ISOC as a member since 2009. He was appointed the Interim Chair of the Asian, Australasian and Pacific Islands Regional At-Large Organization (APRALO) of ICANN in Sep 2016, elected as Chair in Nov 2016, and re-elected in May 2018
Keynote Speaker:
Kai Fritsch, IT Risk & Security Specialist, Allianz
Bio: Kai Fritsch is the deputy head of the “Allianz Cyber Defense Center – ACDC” and responsible global Security Investigations and Incident Response Management. As a joined team of Indian and German colleagues the ACDC detects and responds to internal and external cyber threats to Allianz.
Track 1:
Talk #1: Malicious use of Microsoft LAPS
Ankit D Joshi, Security Researcher
Bio: He is working as an Information Security Executive and has vast experience in Vulnerability Management, creating customized audit files wrt MBSS(Minimum Baseline Security Standrds), creating Hardening scripts, a bit of Blue Teaming and is currently responsible for Red Teaming Operations for the Enterprise. He has also given a talk on "Active Directory Attacks and Detection" at Hakonindia 2017.
Abstract: Microsoft’s LAPS is a tool for managing local administrator passwords of domain joined computers. LAPS stores the passwords/secrets in a cofidential attribute in the computer’s corresponding active directory object. LAPS eliminates the risk of Lateral Movement by generating Random passwords of local administrators. LAPS uses a Group Policy Client Side Extension (CSE) to perform all management tasks like generating password, validating it against the policy, etc.
This talk will be focused on the adversial tactics of abusing LAPS which are as follows:
- Identifying users who has ms-Mcs-AdmPwd Read Access**
- Dumping LAPS passwords in clear text++
- Poisoning AdmPwd.dll*
- Modifying searchFlags attribute of ms-Mcs-AdmPwd using DC Shadow+
- ** Assuming RSAT is enabled on the victim machine
- ++ Assuming user has “All Extended Rights” permission
- * Assuming the user has NT AuthoritySYSTEM Access
- + Assuming the user has NT AuthoritySYSTEM Access and also has rights of Domain Admins
Talk #2: Dark web demystified
Adarsh Nair, UST Global
Bio: Adarsh Nair is an Information Security Professional with expertise in Information Security Auditing, Risk Assessment, Ethical Hacking, Penetration Testing, Digital Forensic Investigation and a wide range of vulnerabilities & threats identification and mitigation. Currently he is associated with UST Global Inc., as Senior Security Analyst. He was featured in Hall of Fame of Google, SAP, Intel etc. He was part of discussions and also contributed articles on various Cyber Threats and Crimes. Adarsh holds honourary positions as Deputy Commander (Information Security) at Kerala Police Cyberdome, Board member of Open Web Application Security Project (OWASP) and advisory board member of EC-Council, USA. He has two international research publications in ACM and IEEE journals.
Abstract: Dark-Nets are hidden networks where you can operate without being tracked, maintaining total anonymity. These networks avoid their presence on the Surface web and their URLs are tailed with '.onion'. The Dark-Net forms a small part of Deep Web, which is the contents search engines have not indexed. For example, government database. Search engines cannot access Deep Web because of database issues, authorization problems, firewall setup etc. The Dark Web is much smaller than the Deep Web and is made up of all different kinds of websites that sell drugs, weapons or even hire assassins. The Onion Router (ToR), is a free software for enabling anonymous communication. ToR anonymizes the TCP-based applications (e.g. web browsing, secure shell, instant messaging applications). Dark-Net sites which are used for illegal businesses are hosted as ToR hidden services. The ToR users roam around the Internet without any fear of revealing their real identities in front of law enforcement agencies. The surface web which consists of pages that search engines like Google can find and index makes only 10% of the total web. ToR protects your privacy and defends against network surveillance and traffic analysis. It prevents others from learning your location and browsing habits. This is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. It has long been used by Journalists, Researchers or Thrill seekers in heavily censored countries in order to hide their web browsing habits and physical location, crawl the Deep Web and exchange information anonymously. Dark Web is always defined as something that is illegal and is least seen as a ‘Pool of Information.'[Slides]
Talk #3: Tales of the Redteamer: 360-degree PWNING
Joseph Nygil, EY RedX
Bio: Overall 11 years experience in Information Security with focus on redteaming, Internal Pentest, and Social engineering. Currently leading the EY RedX team.
Rakesh S, EY RedX
Bio: Overall 6 years of experience in Core Pentesting focusing on Redteam assessments, Social Engineering, Physical Security and Network Exploitation. Working as Redteamer with EY RedX team.
Chetan Singh, Malware researcher
Bio: Malware researcher with 3 years of pentesting experince. Also interested in exploit development and reverse engineering.
Abstract: Walkthrough detailing how we compromised the client from all the angles as part of the redteaming. Agenda - How we pwned the client from all angles, Fun with Domain Admins, Lessons learned, Finally, we have our own Aston MartinsDemo - Custom Malware demo.
Panel Discussion: Cyber Security:
The panel is given below
Anoop S Kumar - Senior Manager EY, Aneesh Krishnan - CEO ActivBytes, Abhilash - CEO BHub, Kai Fitch - IT Risk & Security Specialist Allianz
Talk #5: Web application firewalls: Analysis of OWASP ModSecurity Core Rule Set & detection logic
Josna Joseph, EY
Bio: Josna Joseph is working as a security analyst, specialized in web application and mobile application security review. She has 3 years of experience in Information security domain.
Abstract: The proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch. Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application. WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. The objectives of this study are to investigate the possibility of constructing a better security model for WAF by analysing the OWASP CRS & detection logic. The main contribution of this paper is the methodology to evaluate a WAF system based on its underlying working principle. [Slides]
Talk #6: Malware Analysis and Binary Exploitation: Tools and Methodologies
Nandu R, Ciber Digita Consultants LLP (CDCLLP)
Bio: Nandu R is working as a partner/lead of R&D wing of CDCLLP. A die-hard programmer and cyber security enthusiast responsible for developing defensive and forensic tool research and development.
Abstract: This paper covers the methodology binary/malware analysis from static to behaviour analysis along with some use-cases and advantages. This will cover a basic sandbox setup,online resources, point of interests,static analysis tools, dynamic behaviour analysis setups and trick and tips. Tools and technologies are free to use or open source, ie Yara, SysInternals Suite,Remnux,Resouce Hackers,OLE hackers, IDA Free, Radare and standard linux binaries etc. Also a quick look towards using these tools and technologies for binary/system exploitation.[Slides]
Talk #7: Portable Pirate Radio with RDS: Broadcast Signal Intrusion with SDR
Vipin George, Faculty, College of Engineering, Kallooppara
Bio: Vipin is a Cyber Forensicator and FOSS enthusiast with 7 years of experience in various Infrastructure Management applications including Network Monitoring Systems deployed and maintained for a Tier 1 ISP. He is into HF and FM radio DXing and has won prizes from international broadcasters. His FCC issued US amateur radio call sign is KC9VED and Indian Ham radio call sign is VU3YVG. Presently an AdHoc Faculty at Department of Computer Science, College of Engineering, Kallooppara. He is also a Mozillian and Wikipedian. Tweets @vipinonline
Abstract: Radio transmissions are insecure by default. This is due to the very nature of one-way wireless links. Radio transmissions can be generated by anyone with a simple antenna and a matching transmitter. FM radios are everywhere. They use a standard encoding method called Frequency Modulation. Unlike IP networks, it reaches a massive amount of people. Radio Data System (RDS) allows small amounts of digital information in FM radio broadcasts. We will setup a small pirate station on a stock Raspberry Pi powerful enough to reach all our participants. It can practically hijack all FM stations in our locality. We have two options:
- -> DoS and
- -> Sabotage
It can also be used as a perfect ploy for crossing "air gapped" systems and leak sensitive data. We will also run a Number station on RPi, where real one way transmissions to spies working in foreign countries happens even now. (http://www.cryptomuseum.com/spy/owvl/index.htm ) All these are run on a stock RPi with a wire and no other hardware mods whatsoever. [Slides]
Talk #8: HoneyTraps to identify Mobile device breaches
Nishit Majithia, Walmart Labs
Bio: He is working as Software Engineer in Walmart Labs India and has vast experience in Linux OS, HoneyPots & IDS. Master of Technology (MTech) graduate from IIT, Kanpur. Also a proud contributor of one payload in ISRO's IMS-1A satellite during training period of December 2013-june 2014.
Rohit Sehgal, Walmart Labs
Bio: He is working as Software Engineer in Walmart Labs India and has vast experience in Linux binary exploitation and web penetration testing. Master of Technology (MTech) graduate from IIT, Kanpur. Have experience in Cyber Security Lab IIT Kanpur and System Security team Samsung R&D centre Delhi.
Abstract: Mobile devices have been an important part of our everyday lives. The increase in the connectivity of these devices to the internet have also increased the trend of exposing vulnerabilities associated with mobile applications. Attackers try to find some point to exploit these vulnerabilities. This have invited many attackers to write malware for mobile devices exploiting some vulnerability to gain something. The lack of awareness of mobile device owner simplifies the task for attackers. To save such threats it is also not possible to run security models such as IDS, IPS, on these light weight devices. Leading to that fact that once compromised may lead to serious issues. Mobile device such as smart phones, tablets now a days offers good computational & networking resources comparable to computing machines, serving attacks a surface to target. In 2016, during the mid-November, Checkpoint researchers, revealed an alarming malware, called Gooligan. The malware APK was supposed to have 12 different root exploits, but it is mentioned in same report, that only 2 of them have known CVEs. In this research, an idea has been proposed about how this particular APK malware would have exploited Linux based generic OS vulnerability. Also, very simple yet effective post exploitation fake token-based technique has been presented that makes account breaching by Gooligan like malware detectable. This approach mentioned claims to capture device breaches with an accuracy of 50% at least.[Slides]
Track 2:
Talk #1: Entering the gates of valhalla and taking uncle Jim off our backs
Alosh K Jose, EY
Bio: Alosh is working at EY as a security analyst. He is OSCP certified, google hall of fame honorable mentions, nearly 5 years of experience in kali linux, loves linux and anything open source, loves to pentest on hackthebox.
Abstract: Creating a torrifier using Raspberry pi and a deep dive into the world of darknets and tor, i2p, freenode and every other possible way of covert communication (being anonymous , ending with an introduction to tails and flashing a custom opensource software to our routers for added security )[Slides]
Talk #2: Setting up an Infosec Lab 101 : Don't be a skid!
Nino Stephen Mathew
Bio: A passionate security noobie with a background in system administration (RHCSA) and networking (RHCE). Primarily was more of a dev than a security researcher. Got into security after being fascinated by how malware works. Currently researching on android application reverse engineering and android malware analysis.
Abstract: There are various domains in infosec. Almost every domain requires different setup but what all have in common is a lab in which they can securely experiment and explore new concepts or even really old ones! The presentation is based on my personal experience of setting up a pentesting lab to learn more about infosec. Instead of spoon feeding every single step, the presentation aims more on making the participants understand the importance of setting up a lab. This will also serve as a base class for people who want to get into infosec..[Slides]
Talk #3: Winning Business with Security
John Umman, InfoSec Professional
Bio: Overall 8 years’ experience in Vulnerability Assessment and Penetration testing. Working as as senior security analyst at EY.
Abstract: Evaluating a company’s security program is a key agenda while making any business decision now days. How can you, as a security professional make sure that, your company or your business partner is following best security practices? The goal of this talk is to understand how to use the public information of you IT footprint for your advantage to win business or how to use it to make a better security decision. [Slides]
Talk #4: HOW I PWNED GOOGLE'S NETWORK DEVICES.
Sreeram KL, Web Security Enthusiast
Bio: Sreeram is a high school student who is also a web security enthusiast. He loves breaking apart web security. He is ranked 2nd in India and 38th on global level in Google Hall of Fame. Sreeram is the youngest person ever to appear on 1st page of Google's Hall of Fame. He does bug bounty hunting and had been acknowledged & paid by several tech giants.
Abstract: The paper outlines the steps and recon performed while finding vulnerability in Google's Internal Network devices including router and satellite multiplex transcoder/receiver. This resulted in unrestricted streaming of videos on any YouTube channel as well as take control of any device that connects to YouTube. This bug was reported to Google's Vulnerability Program and was rewarded $13,337 which is usually paid for unrestricted file system access.[Slides]
Talk #5: BREAKING INTO GOOGLE’S ADMIN PANEL & TWITTER’S DM/NOTIFICATIONS
VISHNU PRASAD P G, Student Developer, Mashupstack
Bio: Vishnu Prasad is a Final Year engineering student at PRS College of Engineering. He has been listed as the Global Top VRP Researcher in 2017 by Google as well as ranked in the 1st Page of Hall of Fame of Google Bug Bounty Hunters and Google Hacking Database. His name also features in the Hall of Fame for multiple organisations including Google, Microsoft, Yahoo, Twitter, Amazon, Zoho, Nederland Bank. He is Python tools developer, Open source lover and contributor.
Abstract: The session provides an overview on two hacks performed by Vishnu. In December 2017,Vishnu hacked into Google's Internal admin panels, that allowed access to different varieties of administrative controls of various google products including YouTube TV, YouTube Broadcasting satellite, PCSC admin panel, Router management, etc. Google acknowledged the bug as P0 and was rewarded with $13337. Additionally, identified a critical security flaw in Twitter that allowed to read DM’s and notifications of any user even after the user logs out of the system via browser notifications. This bug was acknowledged and fixed by Twitter. [Slides]
Talk #6 : Bug bounty track: HOW TO BECOME A BUG BOUNTY HUNTER AND A QUICK WALKTHROUGH ON SQL INJECTION
Hariprasad K A, Hiline Creators
Bio: Hariprasad is a Cyber Security Enthusiast/Security researcher with 3 years of application Pentesting experience.
Abstract: Short talk on what is bug bounty, how to get started with and its methodology, tips, and tricks. Also, as a bonus SQL injection techniques and getting started with SQL injection, for those who aspire.[Slides]
Talk #7 : Bug bounty track: HOW I GOT MY FIRST BUG AND CAME TO KNOW, IT WAS ONE OF THE MOST CRITICAL ONE!
Mufeed VH, IntelloGeex
Bio: Mufeed is a high school student, very passionate in learning about everything related to Technology. Currently, He performs Software Development and Bug Hunting as a hobby. He has found vulnerabilities in highly renowned websites like Airtable, EFF etc. He is a developer & avid security researcher, focused on secure coding and cyber security impacts.
Abstract: An informative presentation on discovering vulnerability on a website named 'Airtable' which turned out to be one of the most critical bug: Unrestricted File Upload. This vulnerability if exploited allows to do anything to the website such as RCE, Cross-site scripting and so on.[Slides]
Talk #8 : Bug bounty track: CLICKJACKING ATTACK IN MICROSOFT & XSS IN KASPERSKY
Anand A S, Student Developer, Mashupstack
Bio: Anand is a Final Year engineering student at PRS College of Engineering. He is listed in Hall of Fame of Microsoft, Nederlands Bank and Kaspersky as well as featured in Google Hacking Database. He contributes to Security Tools and IoT Developer. He also works as Student Developer at Mashupstack.
Abstract: The talk explains how Anand was able to find security issues in various websites. The talk includes a clickjacking attack that identified in the subdomain of Microsoft website as well as an XSS attack in Kaspersky. Both of these were accepted as valid security bugs, acknowledged by the respective companies and thereby adding his name in their Hall of Fame.[Slides]
Talk #9 : Bug bounty track: XSS - STILL THE OLDEST METHOD, AND STILL RUNNING ONE
Dhurgaprasad P G, Cyber Security Enthusiast
Bio: Dhurgaprasad is a Cyber Security Enthusiast. He has vast Knowledge in Web Application Security. He is certified by NASSCOM.
Abstract: An informative presentation briefly describing the XSS - reflected and stored, consisting " WHAT, WHY, HOW " of XSS and the possibilities of XSS.[Slides]
Talk #10 : Bug bounty track: HOW I COULD ACCESS USER ACCOUNTS IN A PRIVATE BUG BOUNTY PROGRAM
Vijil N, Independent researcher
Bio: Vijil is a Software developer as well as independent security researcher. He is a white hat hacker. He performs bug bounty hunting actively and had been acknowledged by several tech giants including Google, Alibaba, Glassdoor, Zomato, Honeywell, Vice, Intel, Sony, etc.
Abstract: This session would illustrate tips and tricks to access any user account in a private bug bounty program.[Slides]
Talk #11 : Bug bounty track: 'Domain Takeover' on Google Acquisition.
Abhishek Sidharth, Amrita School of engineering
Bio: Abhishek has been a bug bounty hunter/security researcher for the past 1 year, he is only 18 years old, and listed on google hall of fame page one, facebook hall of fame, apple hall of fame, microsoft hall of fame, and acknowledged by more than 40+ companies. and is also one of the top vrp researchers of google from the world.
Abstract: The paper is about a domain takeover vulnerability which was present in a google acquisition. A demo deface page was added to the domain after defacing it, and reported the bug to google, which was rewarded $1337.[Slides]
Track 3: CTF - RED TEAM VILLAGE
Talk #1: Introduction to Red teaming
Red team village
Red Team Village is a community driven combat readiness platform for Red teaming and Cyber security attack simulation. This community is managed by a group of cyber security and red team tactics enthusiasts. We can consider this as a platform to share tactics, techniques, and tools related to various domains of adversarial attack simulation. Red team village will be conducting workshops, talks, demonstrations, open discussions and exercises.
There will be a quick session about adversarial simulation attacks and red teaming assessments on Track 3 followed by a CTF competition. Winners can go home with cool goodies.
CTF: Capture the flag competition
Report to Track#3 before 11 AM to participate in the CTF game.
Closing notes:
Abhijith B R, Lead Organizer, DEF CON Group Trivandrum
*All talks and workshops are subjected to change based on the decisions of Organizers.
Crew - DC0471 Meet-up 0x02:
Vishnu Prasad, Abhijith B R, Thoufeeque N S, Adithya P S, Anjith S M, Nimna Sreedharan, Rojar S, Vishnu Narayan, Mohamed Shine ,Praveen Subash ,Danesh E, Sreejith A N, Febin Thomas