Panel - Licensed to Pwn - Weaponization and Regulation of Security Research

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-Safer.pdf

Canary: Keeping Your Dick Pics Safe(r)
Rob Bathurst (evilrob) Security Engineer and Penetration Tester
Jeff Thomas (xaphan) Senior Cyber Security Penetration Testing Specialist

The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their HTTPS traffic is actually secure.

We will present our research into the technical and political problems underlying SSL/TLS. We will also demonstrate a tool, currently called “Canary”, that will allow all types users to validate the digital certificates presented by services on the Internet.

Evilrob is a Security Engineer and Penetration Tester with over 14 years of experience with large network architecture and engineering. His current focus is on network security architecture, tool development, and high-assurance encryption devices. He currently spends his days contemplating new and exciting ways to do terrible things to all manner of healthcare related systems in the name of safety.

Twitter: @knomes

xaphan is a "Senior Cyber Security Penetration Testing Specialist" for a happy, non-threatening US government agency. He has been a penetration tester for 17 years, but maintains his sanity with a variety of distractions. He is the author of several ancient and obsolete security tools and the creator of DEFCOIN.

Twitter: @slugbait

And That's How I Lost My Other Eye: Further Explorations In Data Destruction
Zoz Robotics Engineer and Security Researcher
How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you think you might need to discard a lot of data in hurry you're probably right. In their legendary DEF CON 19 presentation Shane Lawson, Bruce Potter and Deviant Ollam kicked off the discussion, and now it's time for another installment. While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two.

Zoz is a robotics engineer, rapid prototyping specialist and lifelong enthusiast of the pyrotechnic arts. Once he learned you could use a flamethrower and a coffee creamer bomb to fake a crop circle for TV he realized there are really no limits to creative destruction.

Seeing through the Fog
Zack Fasel Urbane Security

Yes. "The Cloud" (drink). Even though many of us would much like to see use of public clouds decline, they're not going away any time soon. And with such, a plethora of companies now have revolutionary new solutions to solve your "cloud problems". From crypto to single sign on with two step auth, proxies to monitoring and DLP, every vendor has a solution, even cloud based for the cloud!

What we haven't seen is much of an open source or community lead solution to these problems. So let's change that.

Zack will review the laundry list of security problems with various cloud providers (and their pluthera of APIs), provide some easy fixes to the common issues seen, and introduce a few new open source tools to help monitor and defend the data and access in the wild.

Zack Fasel is a Founding Partner at Urbane Security, a solutions-focused vendor-agnostic information security services firm focusing on providing innovative defense, sophisticated offense and refined compliance services. Heading up Urbane's Research and Security Services divisions, Zack brings his years of diverse internal and external experience to drive Urbane's technical solutions to organizations top pain points. His previous research and presentations at conferences have spread across numerous domains including Windows authentication flaws, femtocells, open source defensive security solutions and unique network and application attack vectors. When not selling out, he can be found lost in the untz unce wubs, dabbling in instagram food photography, or eating scotch and drinking gummy bears (that's right, right?). More information on him can be found at zfasel.com and on Urbane Security at UrbaneSecurity.com.

Twitter: @zfasel

How to Hack Government: Technologists as Policy Makers
Terrell McSweeny Commissioner, Federal Trade Commission
Ashkan Soltani Chief Technologist, Federal Trade Commission

As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commission's recent tech-related actions, research and reports, plus how its work impacts both consumers and businesses. You'll also learn how you can directly or indirectly help the agency protect consumers, guide businesses to develop better/strong data security, and much more.

Terrell McSweeny serves as a Commissioner of the Federal Trade Commission - sometimes referred to as the Federal Technology Commission. This year marks her second DEF CON adventure. When it comes to tech issues, Commissioner McSweeny wants companies to implement security by design, to be transparent about their data collection practices, and to give consumers as much control as possible.

Twitter: @TMcSweenyFTC

Ashkan Soltani serves as the FTC's fourth Chief Technologist. He is a privacy and security researcher whose work draws attention to privacy problems online, demystifies technology for the non-technically inclined, and provides data-driven insights to help inform policy. Ashkan was recognized as part of the 2014 Pulitzer winning team at the Washington Post and was the primary technical consultant on the Wall Street Journal's "What They Know" investigative series on online privacy.

Twitter: @TechFTC

Abusing native Shims for Post Exploitation
Sean Pierce Technical Intelligence Analyst for iSIGHT Partners
Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as in-memory patching, malware obfuscation, evasion, and system integrity subversion. For defenders, I am releasing 6 open source tools to prevent, detect, and block malicious shims.

Sean Pierce is a Technical Intelligence Analyst for iSIGHT Partners. Sean currently specializes in reverse engineering malware & threat emulation and in the past has worked on incident response, botnet tracking, security research, automation, and quality control. Prior working at iSIGHT Partners, he was an academic researcher and part time lecturer at the University of Texas at Arlington where he earned a Bachelors of Computer Engineering with a minor in Math. Sean also does freelance consulting, penetration testing, forensics, and computer security education. He is an Eagle Scout and enjoys learning how things work.

Twitter: @secure_sean

Medical Devices: Pwnage and Honeypots
Scott Erven Associate Director, Protiviti
Mark Collao Security Consultant, Protiviti
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented.

So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? We will release and present six months of medical device honeypot research showing the implications of these patient care devices increasing their connectivity.

Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside todayís healthcare landscape.

Mark Collao is a Security Consultant at Protiviti. He has over 5 years of experience in information security consulting, primarily in network and application penetration tests, red team assessments, and social engineering exercises. Mark also researches botnet activity and maintains several custom protocol and application honeypots on the net. He holds an Offensive Security Certified Professional (OSCP) certification, is a member of the MWCCDC red team, and graduated from DePaul University.

When IoT attacks: hacking a Linux-powered rifle
Runa A. Sandvik
Michael Auger
TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record Audio and audio, as well as stream Audio to other devices using its own wireless network and mobile applications.

In this talk, we will demonstrate how the TrackingPoint long range tactical rifle works. We will discuss how we reverse engineered the scope, the firmware, and three of TrackingPoint's mobile applications. We will discuss different use cases and attack surfaces. We will also discuss the security and privacy implications of network-connected firearms.

Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit Project, and a member of the review board for Black Hat Europe.

Twitter: @runasand

Michael Auger is an experienced IT Security specialist with extensive experience in integrating and leveraging IT security tools. He has leveraged a wide range of IT security solutions, integrating them, to deliver leading edge incident response and security operations capabilities. His 15+ year career includes:

· Supporting security incidents during the event and the subsequent remediation phases
· Implementing and managing IT security infrastructures for public and private organizations.
· Design and implement global SIEM infrastructure for F100 organizations
· Delivering training on advanced SIEM solutions and network discovery tools
· Presenting and publishing security articles on security vulnerabilities and best practices

HamSammich – long distance proxying over radio
Robert Graham Erratasec.com
David Maynor Erratasec.com
The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the cancelation of the original talk, as well as signals-intelligence, and the practicalities of being detected and caught. Finally, we’ll talk about hiding signals with SDR, a more complicated and expensive technique, but one that hides better in the electromagnetic spectrum.

We’ll demonstrate not only a working system, but what the 900MHz spectrum looks like, and how to track down a working system.

Robert Graham is the CEO of Errata Security, a pentest/consulting firm. He's known for creating the first IPS, the BlackICE series of products, sidejacking, and masscan. In his spare time, he scans the Internet. He has been speaking at several conferences a year for the past decade.

Twitter: @ErrataRob

David Maynor is the CTO of Errata Security, and chief pentester. He’s a frequent speaker at conferences, most infamously in the Apple WiFi scandal. In his spare time, he builds weapons for Skynet’s domination of the planet.

Twitter: @Dave_Maynor

Hacking the Human Body/brain: Identity Shift, the Shape of a New Self, and Humanity 2.0
Richard Thieme Author and Professional Speaker, ThiemeWorks

This presentation is beyond fiction.

Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms.

The human body/brain is being hacked to explore radical applications for helping, healing, and harming this and future generations. Some can be done in garage-hacking style. The presenter, in fact, recently had lenses in both eyes removed and replaced with artificial ones engineered for the vision he wanted, a now-trivial surgery. The reach of new technologies promises an even more radical transformation in what it means to be human.

One area of research is the recovery of memories, the deletion of emotional charges from memories, the removal of specific memories, the alteration of the content of memories, and the implantation of new memories. Another seeks to read the mind at a distance and extract information. Another explores the use of genomes to understand and replicate thinking, feeling, and behavior patterns. Another implements mind-to-mind communication, using neuroscience to understand brains best suited for remote viewing as well as implants and non-invasive technologies that control the electromagnetic energies of the brain to enable psychokinesis, clairvoyance and telepathy.

Augmentation of human abilities is being achieved by splicing information from sensors integrated with existing neurological channels. To feel the magnetic field of the earth, see the infrared and ultraviolet parts of the electromagnetic spectrum, discern the yaw and pitch of airplanes, see and hear by going around our eyes and ears -- all this means we will experience the “self” in new ways.

Thieme concludes with quotes from remote viewer Joe McMoneagle, astronaut Edgar Mitchell, and his new novel FOAM to suggest the shape of the mind of the future. If you're 20 years old, you have at least a century of productive life ahead of you, so you had better be on board with the shape of your future selves. :-)

Richard Thieme is an author and professional speaker focused on the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change and identify shift. He has explored issues raised in this DEF CON 23 presentation for 20 years but raises his game to outline the shape of the future self, defining it as a system open to modification and hacking, giving the term “biohacking” new and compelling meaning.

His column, "Islands in the Clickstream," was distributed to subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA said after they worked together on intelligence issues, "The only way you can tell the truth is through fiction," he returned to writing short stories, 19 of which are collected in “Mind Games.” He is co-author of the critically extolled “UFOs and Government: A Historical Inquiry,” a 5-year research project using material exclusively from government documents and other primary sources, now in 50 university libraries. A recently completed novel FOAM explores the existential challenges of what it means to be human in the 21st century. “The UFO History Group” is exploring a second volume and Thieme is selecting “the best of” his diverse writings for “A Richard Thieme Reader” and writing more fiction.

Thieme's work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities, including Purdue University (CERIAS), the Technology, Literacy and Culture Distinguished Speakers Series of the University of Texas, and the “Design Matters” lecture series at the University of Calgary. He keynoted a conference on metadata this spring for the U of Texas-San Antonio. He addressed the reinvention of “Europe” as a “cognitive artifact” for curators and artists at Museum Sztuki in Lodz, Poland and keynoted “The Real Truth: A World’s Fair” at Raven Row Gallery, London. He has spoken for the National Security Agency, the FBI, the Secret Service, the US Department of the Treasury, Los Alamos National Labs and has keynoted “hacker” and security conferences around the world.

Twitter and skype: neuralcowboy:
Facebook and LinkedIn: Richard Thieme

Insteon' False Security And Deceptive Documentation
Peter Shipley Security Researcher
Ryan Gooler

Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon.

For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last year has revealed, this sad state of affairs is the direct result of Insteon papering over the fact that it is trivial to wirelessly take control, reprogram, and monitoring any Insteon installation.

Worse still, the embedded nature of the Insteon protocol coupled with devices that do not support flash updates means that there are no current fixes or workarounds short of ripping out the Insteon products.

I will be presenting my research, and releasing tools demonstrating the vulnerabilities throughout the Insteon home automation system.

Peter Shipley has been working with security for over 30 years. In the late 80's he wrote one of the first network security scanners and maintained one of the first bug databases ( later used to seed similar lists at CERT and llnl.gov ). Around the same time Peter co-founded UC Berkeley's OCF (Open Computing Facility).

In the mid 90's Peter Shipley became a founding member of cypherpunks & setup up one of the first official PGP distribution sites.

In '98 (DEF CON 6) Peter Shipley did a independent security research on war-dialing, exposing a significant security problem that was being ignored in most corporate environments making phone security.

At DEF CON 9 Peter Shipley introduced wardriving to the world. Recently Peter has written and released several APIs using python to link various networked automation appliances via REST and other interfaces.

Peter Shipley currently manages for a dot-com by day, and helps raise two kids by night.

Ryan Gooler (@jippen) is a cloud security guy, known for luck, sarcasm, and getting into things. Avid lockpicker, lover of cats, and disrespector of authority.