Workshops

Workshops

From Hack.lu 2010

Jump to: navigation, search
Wednesday 27.10.2009 Workshops Room __Europe__ Wednesday 27.10.2009 Workshops Room __Fischbach__ Wednesday 27.10.2009 Workshops Room __Diekirch__ Thursday 28.10.2009 Workshops Room __Fischbach__ Friday 29.10.2009 Workshops Room __Fischbach__
8:45

Smart Card

8:45

8:45

Cryptanalysis Workshop - Breaking weak or misimplmented systems

8:45

Red Team Testing

8:45

10:45 Refreshment Break 10:45 Refreshment Break 10:45 Refreshment Break 10:45 Refreshment Break 10:45 Refreshment Break
11:00 Malicious PDF Analysis 11:00 [1] 11:00 Soldering: Are your fingers on fire yet? 11:00 tba 11:00 BGP Ranking
12:20 Lunch Break 12:20 Lunch Break 12:20 Lunch Break 12:20 Lunch Break 12:20 Lunch Break
14:00

Start of talk sessions, please see Agenda

13:45

Malicious PDF Analysis Moved to Europe

13:45

SS7 Workshop: SS7 and Telecom Core Network Weaknesses, Attacks and Defenses

13:45

Beer Tasting Workshop'

13:45

AbuseHelper Workshop

15:45 Refreshment Break 15:45 Refreshment Break 15:45 Refreshment Break 15:45 15:45 Refreshment Break
16:00

16:00

Dive in to ROP - Workshop

16:00

Mifare classic analysis

16:00 16:00
18:00

18:00

18:00

18:00 18:00


Contents

List of the Workshops that will be held at hack.lu 2010

Red Team Testing

Red Team Testing The term Red Team or Tiger Team, originated within the military to describe a team whose purpose is to penetrate security of "friendly" installations, and thus test their security measures. This is exercise is a real world test of the effectiveness of your security controls, policy, technology and infrastructure. In this style of testing, the engineering team tested many types of attacks through a combination of the following Physical, Social and Electronic techniques.

This workshop will focus on techniques to be used when conducting Red Team testing. All phases of a proper Red Team methodology will be reviewed so that attendees will be able to include standard methods in their own testing styles.

Various softwares and methods will be covered that can be used to aid in the performing of the phases of this testing and will include:

  • information gathering
  • Vulnerability scanning
  • Exploitation
  • social engineering
  • lockpicking
  • common alarm and security device issues
  • door shimming
  • physical tools every red team tester should have
  • Rapid exploitation techniques
  • Leave behinds
  • Post Exploitation
  • Automated and manual SDDC “Sensitive Data Detection and Collection”

Attendees should bring a laptop or paper to take notes. No formal training or previous experience/knowledge is required; only a mind that is open to a different style of thinking and is able to interact with the trainers while having a good time!

Bio of Christopher Nickerson

Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast. Chris is also the author of the upcoming “RED TEAM TESTING” book published by Elsevier/Syngress and a founding member of BSIDES.

Smart Card

Whatever the smart card technology is not new (70s), it remains very difficult during a long time to develop "card" applications because the lack of open standards. Nowadays, such standards exist but it is still difficult to program a complete smart card application involving several unknown frameworks. During this workshop, the different parts of a smart card application will be enlighten and concrete examples will be given.

Vincent Guyot

Vincent Guyot is Associate Professor at ESIEA engineer school and Associate Research at LIP6 research lab. He holds a PhD in Networking and Security as well as an engineer diploma in Computer Science. He gives lectures at different universities, co-authored books and guest-edited journals, about smart card topic. His research interests include the areas of networking mobility and security, smart card and RFID.

Malicious PDF Analysis

This workshop will teach you the fundamentals you need to know to analyze (malicious) PDF documents. Didier Stevens will familiarize you with PDFiD and pdf-parser, two essential tools for PDF analysis he authored. The workshop is hands-on: bring your laptop, start the VM we provide you (VMware or VirtualBox) and you're ready to go! Contained in the Linux VM are the tools and PoC samples to do the exercises of the workshop. We start with a very simple, PoC malicious PDF file (you could even analyze this PoC file with Notepad or vi) to lay out the fundamentals, and then work through more complex examples. Each attendee will receive a copy of a 20+ page PDF analysis document Didier Stevens authored. And yes, this document will be provided in the Portable Document Format, but hey, when you succesfully complete this workshop, you will know how to identify malicious PDF files ;-) Please note that the image to work on, will be distributed on DVD

Didier Stevens

Didier Stevens (CISSP, GSSP-C, MCSD .NET, MCSE/Security, RHCT, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation. He is employed by Contraste Europe NV, an IT Consulting Services company (www.contraste.com). You can find his open source security tools on his IT security related blog at blog.DidierStevens.com. Didier is a well-known expert on malicious PDF documents and authored the tools PDFiD and pdf-parser to assist with the analysis of PDF documents. PDFiD is one of the engines running on VirusTotal.

Cryptanalysis Workshop - Breaking weak or misimplemented systems

In this workshop, we propose to make people practice cryptanalysis of supposedly strong cryptosystems when weakly implemented or used. Amongst other things, we will address the case of modern stream ciphers, block ciphers and the Office encryption (up to 2003; when using the strongest encryption mode [128-bit RC4]). This workshop mixes limited theory but everything is practically tested in this 2-hour session. Beginners are welcome. The aim is to present how real cryptanalysts are working.

The timetable is the following one: - presentation of the issue and of the techniques - presentation of the cryptanalysis programs - practice Attendees to this workshop must ideally come with their own laptop (Windows or Linux) and a C compiler. If you have not, demos will be made as well. All other programs and test samples will be given on a cd during the workshop. Programming in C language is required.

Max 20 people!

Soldering: Are your fingers on fire yet?

Only 7 places per Workshop. Only the 14 first persons to register at info (AT) hack (dot) lu will be able to attend. Use Soldering as subject and specify what date.


Budget

Often People are surprised that we do not give our kits away for free. This is simply because the HackerSpace is a commuity project and we already give our time for free and can only provide you the Hardware heavily subsidised. (Which means our mark up is marginal and we are still starving Hackers, so do not hesitate to TIP us a few Bucks)

We will have some 8-12€ Kits on-site but Plan on Selling the following:

Cheap Arduino Clone for 16€

This is all you need really but to make real good use of it a USB Connector comes in Handy:

USB-to-Serial for Programming the Arduino 14€

And a Mini-USB Cable is a must:

Mini USB but most people have thos anyway

So with around 32€ you can go ahead and play, we will also have enough (Free) LEDs and other (non-Free) Sensors/Components so people can play around with.

Instructor(s): Steve Clement

Content

In this workshop the HackerSpace syn2cat will get you up to speed on the Basics of Soldering. We will get you boot strapped on how to solder your own little kit without the frustration of a defunct piece of funk. But in case it really doesn't work, you will get the inside knowledge on how the Multimeter works and why it is the ultimate debugger for nearly any situation.

Prerequisites

  • A steady hand
  • Patience
  • Ideally buy a Kit from us see above OR Prices et al.

We will provide EVERYTHING you need to solder (Irons/Solder/Wick/Suckers/Magic_wands etc...)

We will also have Kits you can actually buy for a very social price and you even support the local HackerSpace with your purchase BUT the first dry steps are on us and you can participate and test your new skills on a Few LED's

Bio:Steve Clement

Active in the Local Hacking scene both are avid Fans of Electronics and anything that makes noise or blinks. They are the living proof that anyone can Solder and Transfer the knowledge to you, the audience, as they too once sat in a similar workshop to get started.


Image:Led_fun.jpg

SS7 Workshop: SS7 and Telecom Core Network Weaknesses, Attacks and Defenses

In this workshop, we propose to make people practice SS7 message creation, injection and network topology understanding. We will see what kind of vulnerabilities affect SS7 and Telecom signaling networks, how networks are structured and what can be an attack plan on the network. Amongst other things, we will address the case of current attacks performed by a) malicious people with fraud and extortion goals, b) crackers who want to take control of some equipments, c) nation states who want to take control of telecom critical infrastructure for strategic advantages or d) intelligence services who may be interested in silently taking advantage of not well known SS7 structure in order to gain valuable intelligence or perform tactical operations.

This workshop mixes limited theory and practice, using open source tools as well as closed source systems.

Attendees to this workshop must ideally come with their own laptop (Windows or Linux), a good understanding of Networking and TCP/IP. All telecom-specific terms will be explained during the workshop. Max 15 people.

Bio: Philippe Langlois

Founder of P1 Security and Senior Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Hack.lu). Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his website at: http://www.p1security.com

Dive in to ROP

A two hour session on the basics of Return Oriented Programming, for those curious to learn. We will talk about the underlying concepts of ROP and understand why it is a cool concept, and not just fluff like the new Twitter XSS nonsense. We will see some exploits that use ROP, to break IE8 on Windows 7, and of course, our favourite goose-that-lays-golden-vulns - Acrobat Reader.

Bring your own laptop if you want to play! Seats are limited for this session, so register first.

Bio: Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.


Beer Tasting Workshop

Hacking for a beer, hacking for pleasure, beer hacking ! Hackers from all around the world, here is the occasion for you to be introduced to the discipline of beer tasting. This workshop will be about food-pairing different beers and chocolate flavours. Yes, chocolate ! During this workshop we will taste five distinct beer/chocolate combinations. There will be explanations about why and how it works. This workshop will give you some hints for your future beer tasting experiments.

Limited seats: only 30 participants, registration by email at info (AT) hack (dot) lu (please use "Beer tasting" as subject)

Budget: Offered (only 30 registered participants) for registered people

The presentation will be given by Rémi Laurent and William Robinet from Conostix. The content is prepared by Christophe Gillard from the Mi-Orge Mi-Houblon beer shop http://www.miorgemihoublon.be/ .

BGP Ranking

In this workshop, you will have at the beginning an overview of the opensource system called BGP AS / ISP Security Ranking (http://gitorious.org/bgp-ranking), how it works and the usages of the results. The second part of the workshop will be a round table discussion on the evolutions of the system and the new usages we can consider.

The system is completely written in Python but beginners are welcome: the goal of this workshop is more to collect ideas than to write code.

I am open to all your ideas, recommendations, critics and would be pleased to see you in this workshop.

Bio: Raphael Vinot

Raphaël Vinot is a young graduate of a French German academic cooperation institute (DFHI/ISFATES). He holds a Master in IT security and works now for Conostix S.A, a small company specialized in centralized security management. For this company, he continues the project of his Master thesis: the BGP Ranking system that he will present you.

Mifare Classic analysis

Mifare Classic has been an insecure and broken technology for more than 2 years now. Despite this fact Mifare Classic cards are still massively used (according to NXP more than 1 billion of smartcard chips is world-wide used). We have revealed that almost all smartcards used in Slovak Republic are based on this technology and can be easily cracked. We have made our own implementation of the nested attack (firstly described by the Radboud University of Nijmegen) that can be used for the offline extraction of all Mifare Classic keys. In order to demonstrate the seriousness of the Mifare Classic vulnerabilities, we have decided to do the first public disclosure of this cracking tool.

The presentation covers Mifare Classic basics & security, theoretical and practical attacks and vulnerabilities revealed in Slovak cards.

Bio: Pavol Luptak

MSc degree in Computer Science. CISSP, CEH and OWASP Slovakia Chapter Leader. Owner, CTO and Lead Security Consultant of the security-based company Nethemba s.r.o. focused on comprehensive penetration tests and security audits, proposing ultra secure solutions, VOIP solutions, clusters, consulting & training in security areas.

AbuseHelper Workshop

AbuseHelper is an open-source project initiated by CERT.FI (Finland) and CERT.EE (Estonia) with ClarifiedNetworks to automatically process incidents notifications. This tool is being developped for CERTs and ISP's to help them in their daily job of following and treating a wide range of high-volume information sources. CERT.be is part of the project for testing it for their proper use, contributing code to the community and promoting collaboration amongst other CERT's. It is interesting to note that the framework can also be used for automatically processing (standardised) information from a wide range of sources. The aim of this workshop is to explain how to deploy a basic installation and show how to extend the framework with new agents. The workshop will be divided in 3 parts:

  1. a small introduction on AbuseHelper and why/to whom it could be useful;
  2. a hands-on session on the AbuseHelper installation;
  3. a hands-on on coding session for AbuseHelper.

AbuseHelper Requirements

The participants to this workshop should have the following knowledges: Basic Linux/UNIX system administration for the installation of AbuseHelper; Basic Python programming knowledge for the hands-on coding session. All participants are expected to come with a laptop and VMWare Player/Fusion/Workstation installed, being able to run a virtual machine that will be provided for the workshop.

Bio:Christian Van Heurck

Christian Van Heurck studied physics in Antwerpen (RUCA) and Brussels (VUB), where he graduated. After his studies he continued as an electron microscopy researcher at the EMAT lab (RUCA). He then switched to IT as project manager for the Port of Antwerp's IT department ICH and as manager for the services & helpdesk department of Telepolis Antwerpen. He then moved to Cultuurnet Vlaanderen as system & application manager for the Cultuurdatabank. Christian joined BELNET in 2007 where he became a member of the BELNET CERT and recently CERT.be.

Bio:David Durvaux

David Durvaux own a master in applied sciences in computer sciences from UCL ("Ingénieur Civil informaticien") with an orientation in computer networks, distributed applications and security. After his studies he started has Analyst Programmer and Technical Consultant for I.R.I.S Solutions & Experts before becoming System Engineer for I.R.I.S ICT. David is now working for BELNET, which is also a home of BELNET CERT and CERT.be. He is responsible of Belgian GRID central operations, and is deploying AbuseHelper. Being passionate about security, he took a look and soon found himself to be a fan of the AbuseHelper architecture. Not long from that, he was already contributing and supporting the newcomers. David is thus first real OpenSource-style developer and supporter of AbuseHelper.