PALESTRANTES

 

Alex Kirk - Senior Researcher, Sourcefire Vulnerability Research Team (VRT)

Antonio Monclaro - Coordenador, RENASIC (Rede Nacional de Excelencia em Seguranca Informacao e Criptografia)

Carlos Sarraute - Security Researcher, CoreLabs

Cesar Cerrudo - CTO, IOActive Labs

Chris Valasek - Senior Research Scientist, Accuvant LABS

Dan Rosenberg - Security consultant and Vulnerability researcher at Virtual Security Research

Edgar Barbosa - (Security Researcher, COSEINC)

Eric Filiol - Directeur du laboratoire de virologie et de cryptologie opérationnelles - ESIEA Ouest

Fabio Assolini - Malware Analyst, Kaspersky Labs

Fernando Gont - United Kingdom's Centre for the Protection of National Infrastructure

Fernando Merces - Consultant, 4Linux

Graeme Neilson - Security Consultant & Researcher, Aura Information Security

Jose Milagre - Especialista em Crimes Digitais e Privacidade

Matthieu Suiche - Founder, MoonSols

Nelson Brito - Independent Researcher

Sergey Bratus - Research Assistant Professor, Computer Science at Dartmouth College

Tarjei Mandt - Security Researcher, Norman

Thiago Bordini - Security Analyst, Skylan Technology

Travis Goodspeed - Hardware Researcher, Radiant Machines

 

 

  Mobile Malware
  Alex Kirk
 Mobile malware is a growing threat as more and more feature-rich smartphones come online worldwide. This is particularly true for Android phones, whose open architecture provides a welcome environment both for innovative app creators and malware authors. The problem for those of us charged with keeping networks secure is that most of us don't know the first thing about the internals of Android, let alone how to analyze potentially suspicious binaries. This presentation will describe how to set up an Android-focused malware analysis environment, and step through the analysis of some in-the-wild malicious Android apps, with a focus on network-level detection (which is possible whenever a phone uses your wireless connection instead of 3G). There will also be an overview of the actual scope of the threat in the wild today, to help answer the question of just what sorts of resources system administrators should be dedicating to the problem.
 Alex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT), where he has been involved in vulnerability analysis and detection the entire time. He currently runs the VRT's customer outreach programs, working with both Sourcefire customers and members of the Snort community to improve in-the-wild detection of threats of all types. Additionally, Alex runs the VRT's automated malware analysis zoo, which to date has created over 1TB of malicious network traffic for analysis; he has presented results of research from this zoo at conferences worldwide. Finally, Alex is the author of a pair of Snort-related chapters in the 2009 book "Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century," and is a regular contributor to the VRT blog ( http://vrt-sourcefire.blogspot.com).

 

 

  CDCiber, Renasic e a importancia da defesa cibernetica brasileira
  Antonio Monclaro
 A Seguranca das Informacões é crítica para a Defesa Nacional e o Centro de Defesa Cibernética (CDCiber) é a resposta brasileira para unir em um ponto de coordenação central os comandos e iniciativas existentes em relacão ao tema. Dentre os diversos projetos a serem implantados pelo CDCiber, destaca-se a Renasic (Rede Nacional de Seguranca da Informação e Criptografia), cuja estruturação teve início em 2008 no Gabinete de Segurança Institucional da Presidência da República (GSIPR). A Renasic, recentemente transferida para o âmbito do CDCiber, tem como principal objetivo elevar a competência brasileira em Segurança da Informação, Criptografia e Defesa Cibernética ao nível dos países mais desenvolvidos, por meio de significativa integração das pesquisas brasileiras que acontecem nas universidades, institutos de pesquisa, órgãos governamentais e empresas.
 Engenheiro pelo Instituto Militar de Engenharia (IME) em 1969. Ao longo de sua vida profissional trabalhou em várias organizações governamentais e privadas. De 2004 a julho de 2011 assessorou o Ministro de Estado Chefe do Gabinete de Segurança Institucional da Presidência da República (GSIPR) nos assuntos relacionada C&T. Implantou o Departamento de Segurança da Informação e Comunicações (DSIC) em 2005 e 2006. A partir de 2008 deu para criação da Rede Nacional de Segurança da Informação e Criptografia (RENASIC), com o objetivo de congregar o governo, Centros de Pesquisa, Academia e empresas em torno dos temas relacionados com a Segurança da Informação, Criptografia e Defesa Cibernética. Com a transferência da RENASIC para o Centro de Defesa Cibernética do Exército (CDCiber), passou a exercer as funções de consultor do Exército com vistas a dar continuida a coordenadoria desse projeto.

 

 

  Some research directions in Automated Pentesting
  Carlos Sarraute
 As penetration testing tools have evolved and have become more complex, the problem of controlling these tools successfully has become an important question. A computer-generated plan for an attack would isolate the user from the complexity of selecting suitable exploits for the hosts in the target network, and contribute to make the assessment of network security more accessible to non-expert users. This issue can be addressed as an attack planning problem.

In this talk, I will present some ideas to deal with the uncertainty about the target machines . about the details of their operating system and running applications, which have direct influence on the results of the exploits. Planning under uncertainty is more complex, since decisions must be taken based on beliefs about the target machines (and the beliefs space is infinite!) So there is naturally a tension between two directions: (i) to improve the realism and expressivity of the model and (ii) to improve the performance of the planner and make something actually useful in practice ;-) I will present results obtained in both directions, some of them in collaboration with a French research institute, and also discuss open problems that stem from this research.
 Carlos Sarraute has studied Mathematics in the University of Buenos Aires and is currently a PhD candidate at ITBA (Instituto Tecnologico de Buenos Aires). He works since 2000 in CoreLabs. His areas of research are security vulnerabilities, attack planning and modeling, security events visualization, cryptoanalysis, protocol design flaws and the use of neural networks to analyze OS fingerprints.

He has given talks and courses about information security and cryptography in several universities in Argentina, and has spoken in the security conferences: PacSec, EUSecWest, SSTIC, HITB, FRHACK, H2HC, Hackito Ergo Sum, and SecArt. He is member of the program committee of Hackito Ergo Sum.

More info: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Carlos_Sarraute

 

 

  Squeezing the Web: Combining Drops of Information to Own Any Brazilian
  Cesar Cerrudo
 Cerrudo will discuss the dangers that modern internet users subject themselves to every day when they sign up on websites and for services. The personal information the user leaves behind (a little bit on one site, a little more on another) can be mined far more easily than most people think. The presentation will cover how easy it is.by gathering public and personal information.to abuse common user authentication mechanisms, and the terrifying results. Cerrudo will provide practical examples of this threat that hopefully make people more aware and encourage caution, inspiring users to take charge of their online identities and what they allow the public to see.
 Cesar Cerrudo is CTO at IOActive Labs, where he leads the team in producing ongoing cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting.which was acquired by IOActive.Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, and Yahoo! Messenger. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques, and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals.

 

 

  Modern Heap Exploitation using the Low Fragmentation Heap
  Chris Valasek
 Exploit mitigation technologies have made reliable heap exploitation increasingly difficult since the inception of the 4-byte over write, over ten years ago. At the same time, applications needed to become more stable without using absurd amounts of memory (Who doesn.t keep their web browser with multiple tabs open for days?). Heap memory management has matured over time, but with complex new code comes new opportunity for exploitation. This presentation will focus on understanding the Low Fragmentation heap on Windows 7 (32-bit). After a foundation of integral concepts is laid, new exploitation techniques will be thoroughly discussed. Finally, we will use this new found knowledge to leverage supposed non-exploitable vulnerabilities. Specifically we will cover a case study showing how to craft an exploit for the IIS FTP 7.5 denial of service (http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx), resulting in full control of EIP. http://illmatics.com/FTPOwned.PNG
 Chris Valasek is the Senior Research Scientist for Accuvant LABS. His focus on original research in areas such as vulnerability discovery, exploitation techniques and reverse engineering has allowed him to contribute massive results to the community in these niche areas. While Chris is best known for his publications regarding the Microsoft Windows Heap, his research has broken new ground in areas such as vulnerability discovery, exploitation techniques, reverse engineering, source code and binary auditing, and protocol analysis. Chris. most recent major speaking engagements include .Understanding the Low Fragmentation Heap. (Black Hat USA 2010 / EkoParty 2010), .Exploitation in the Modern Era. (Blackhat Europe 2011), and .Modern Heap Exploitation using the Low Fragmentation Heap. (Infiltrate 2011).

 

 

  Anatomy of a Remote Kernel Exploit
  Dan Rosenberg
 Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass all operating system protection mechanisms and gain instant root access to remote systems. While reviewing prior work in remote kernel exploitation, this talk will go over some of the challenges and limitations associated with developing remote kernel exploits.

We will discuss in detail the development of an exploit for a remotely triggerable vulnerability in the Linux kernel's implementation of the ROSE amateur radio protocol. In doing so, a number of new kernel exploitation techniques will be demonstrated. In addition, this talk will present a working example of the installation of a remote kernel backdoor. We will conclude with a demonstration of this exploit against a live system and a discussion of future work in kernel exploitation and mitigation.
 Dan is a security consultant and vulnerability researcher at Virtual Security Research, where he performs application and network penetration testing, conducts code reviews, and identifies vulnerabilities in third-party software. He has reported and corrected dozens of vulnerabilities in popular open source and commercial applications, including more than 50 vulnerabilities in the Linux kernel. He also contributes on the defensive side by submitting kernel patches that implement proactive security features. His current research interests include exploit development, kernel hardening, and mobile security.

 

 

  Control Flow Analysis for Reverse Engineering
  Edgar Barbosa
 TBA
 Edgar Barbosa is a security researcher in the Advanced Malware Lab (AML) of COSEINC. He was a member of the team within AML to develop "Blue Pill", a virtual machine rootkit, and has published several papers. Edgar is an expert in kernel and rootkit research.

 

 

  How to take over the TOR network operationally
  Eric Filiol
 Researched with Oluwaseun Remi-Omosowon and Leonard Mutembei

The TOR network which has been designed by and for the US Navy has become one of the most famous way to use Internet in a anonymous and secure way. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis. Aside protocol-oriented aspects, TOR security relies heavily on cryptography.

The aim of this talk is to explain how it is possible to take over a significant part of the TOR network by combining the concept of dynamic cryptographic backdoors (presented at CanSecWest 2011) with some protocol weaknesses found in the TOR network. We present different possible attack scenarii which are malware-based or not (depending on the scenario considered) that have been experimented and validated on a TOR simulation network of 50 nodes and partially in the wild on the actual TOR network. Those attacks rely mainly on the fact that the cryptography used in TOR is weakly implemented.

We show that it is indeed possible to gain a lot of sensitive information thus bypassing and managing existing cryptographic mechanisms in a very efficient way. We propose some modification in the TOR source in order to prevent those attacks.
 Eric Filiol is the head of the Operational Cryptology and Virology at ESIEA a French Engineer School in Computer Science, Electronics and Control Science. He has spent 21 years in the French Army mainly as a ICT security expert (cryptanalysis, computer virology,cyberwarfare). He is also senior officer reservist in the French DoD. He holds a Engineer diploma in Cryptology, a PhD in applied mathematics and computer science and a Habilitation Thesis in Computer Science. His main research interest are Symmetric Cryptosystems analysis (especially from a combinatorial point of view), Computer virology (theoretical and experimental study of new form of malware and anti-malware technologies), Computer warfare techniques. He is also the Scientific Director of the European Institute in Computer Antivirus Research (EICAR) in Germany and the Editor-in-chief of the Journal in Computer Virology. He likes playing Bass Guitar (Jazz), running (marathon and half marathon) and good wine/food.

More than 50 papers and international conferences including hacking conferences (Black Hat Europe [3 times], Black Hat Las Vegas, Brucon, Hack.lu, PacSec, SSTIC)

 

 

  Heads of the Hydra: Malware for Network Devices
  Fabio Assolini
 
 Fabio Assolini joined Kaspersky Lab as a malware analyst in 2009 to focus exclusively on one of the most dynamic and challenging markets in Latin America, Brazil. Fabio's work entails researching viruses, web attacks, banker Trojans and other malware threats originating in Brazil. Since 2006, Fabio has been a volunteer member of the Linha Defensiva (Defensive Line) security community. In addition, Fabio is a member of the Alliance of Security Analysis Professionals (ASAP). He has a half a decade of experience in the virus analysis field.

 

 

  Results of a Security Assessment of the Internet Protocol version 6 (IPv6)
  Fernando Gont
 The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years.

There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when they are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness can be compared to that of the existing IPv4 implementations. Thirdly, there is much less implementation experience with the IPv6 protocols than with their IPv4 counterpart, and .best current practices. for their implementation are not available. Fourthly, security products such as firewalls and NIDS.s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts.

While a number of papers have been published on the security aspects of the IPv6 protocol suite, they usually provide general discussion on the security implications of IPv6, but do not delve into much detail regarding the security implications of each of the mechanisms, header fields, and options of all the involved protocols.

During the last few years, the UK CPNI (Centre for the Protection of National Infrastructure) carried out a comprehensive security assessment of the Internet Protocol version 6 (IPv6) and related technologies (such as transition/co-existence mechanisms). The result of the aforementioned project is a series of documents that provide advice both to programmers implementing the IPv6 protocol suite and to network engineers and security administrators deploying or operating the protocols.

Fernando Gont will discuss the results of the aforementioned project, highlighting the most important aspects of IPv6 security, providing advice on how to deploy the IPv6 protocols securely, and explaining a number of vulnerabilities that were found in IPv6 implementations (together with possible strategies to mitigate them). Additionally, he will demonstrate the use of some attack/assessment tools developed as part of this project (yet unreleased), to exploit a number of vulnerabilities found in popular IPv6 implementations.
 Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations.

Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite.

Gont is currently working on a security assessment of the IPv6 protocol suite on behalf of the United Kingdom's Centre for the Protection of National Infrastructure. Additionally, he is a member of the Centro de Estudios de Informatica at Universidad Tecnológica Nacional/Facultad Regional Haedo of Argentina, where he works in the field of Internet engineering. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published a number of IETF RFCs (Request For Comments) and Internet-Drafts. Gont has also recently joined the Transport Directorate of the IETF.

Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, BSDCan 2005, BSDCan 2009, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, IETF 73, IETF 76, LACNIC XV, LACNOG 2011, and Hack In Paris 2011.

More information about Fernando Gont is available at his web site: http://www.gont.com.ar

 

 

  (Un)protecting USB storage media
  Fernando Merces
 A palestra descreve como usar engenharia reversa para descobrir a técnica de proteção do Vaccine, software que promete imunizar uma mídia USB e acaba provando que a imunização não é tão forte assim. O estudo da proteção do Vaccine deu origem a uma nova ferramenta, que batizei de OpenVaccine, com o mesmo objetivo, só que livre e para GNU/Linux.

O objetivo é chamar de volta a atenção à segurança das mídias USB em geral, principalmente os pen drives e estimular a engenharia reversa e reimplementação livre de recursos.
 Bacharelando em Ciência da Computação, é consultor na 4Linux, envolvido com TI e segurança há 6 anos. É fundador e mantenedor dos sites Mente Binária e Linux Reversing. Já atuou como consultor na proteção de software proprietário, professor e sysadmin por vários anos.

 

 

  Welcome To Rootkit Country
  Graeme Neilson
 This presentation will outline how to develop rootkits for appliances from the top ten manufacturers of firewall / router / edge security devices. Details of how to reverse engineer the various operating systems / firmwares and develop rootkits for the different chipset architectures will be discussed. The different protection mechanisms and how to circumvent them will be discussed. Following will be live demonstrations of installing and running rootkits on a selection of devices. Recommendations on how to defend against rootkits on these types of appliances will be supplied.

This paper is important as is demonstrates the feasibility of attackers deploying rootkits on edge security appliances which are typically used to secure networks such as Metro Ethernet, Telco WANs and corporate VPN networks. These appliances are used to secure sensitive networks but can be shown to have design flaws which allow an attacker to install a rootkit to completely control the device.
 Graeme Neilson is a security consultant and researcher from Scotland now based in Wellington, New Zealand. He has worked in security for over ten years with a focus on network infrastructure, cryptography and reverse engineering. Graeme has spoken at international conferences including BlackHat & CanSecWest and has been published in Phrack. Employer: Aura Information Security

 

 

  Privacy Hacker Officer: The new model of handling sensitive data
  Jose Milagre
 In a world where more and more state and giga companies.com seek to use technology to bring resources for themselves or hide information of public interest, hacker actions that exposes flaws in systems are falsely classified as criminal actions. The lecture discusses the current scenario involving the total threat to privacy by acts of government and large Internet companies, the risk of laws being debated in Brazil and the World, as well as showing the indispensability of the Hacker in a democratic state of law as an essential institution to securing rights of users of information technology and citizens in the face of the inevitable informational inquiry that everyone to submit daily to be on the network.
 Expert Witness especialista em Crimes Digitais e Privacidade, Advogado, Consultor sênior para a Legaltech Brasil (www.legaltech.com.br), DSO (Data Security Officer), CHFic, ITIL Foundation in IT Service Management v2 e v3, MBA em Gestão de Tecnologia da Informação, Professor da Pós em Segurança da Informação do SENAC, Professor da Pós em Computação Forense da Universidade Presbiteriana Mackenzie, Professor de Direito Eletrônico e Inteligência Cibernética na FADISP, Membro Consultor do Comitê de Crimes eletrônicos da OAB/SP, Presidente da Comissão de Propriedade Intelectual e Segurança da Informação da OAB/SP 21a. Subsecção, Diretor do GU de Direito Digital e Cybercrimes da SUCESU-SP. Co-Autor do Livro 'Internet: O Encontro de dois mundos', pela Editora Brasport, ISBN 9788574523705, 2008, Colaborador no Livro 'Legislação Criminal Especi', organizado pelo Professor Luiz Flávio Gomes, Editora RT, 2009, Colaborador no Livro'Manual do Detetive Virtual', escrito por Wanderson Castilho, Editora Matrix, 2009. Colunista nos veículos IMasters, OlharDigital e Itweb. Twitter: @periciadigital E-mail: jose.milagre@legaltech.com.br

 

 

  Analyzing the attack surface of kernel registry filters
  Matthieu Suiche
 Since Windows Vista, Microsoft improved the design of Kernel Object Manager is proceeding callbacks include the Configuration Manager. This talk is going to provide an overview of the callback mechanism used by Windows, how Q&A engineers can evaluate the attack surface during the development process.
 Matthieu Suiche is a security researcher who focuses on reverse code engineering and volatile memory analysis. His previous researches/utilities include Windows hibernation file, Windows physical memory acquisition (Win32dd/Win64dd) and Mac OS X Physical Memory Analysis. Matthieu has been a speaker during various security conferences such as PacSec, BlackHat USA, EUROPOL High Tech Crime Meeting, Shakacon etc. Prior to starting in 2010 MoonSols, a computer security and kernel code consulting and software company based in France, Matthieu worked for companies such as E.A.D.S. (European Aeronautic Defence and Space Company) and the Netherlands Forensics Institute of the Dutch Ministry of Justice.

Matthieu is also Microsoft MVP Enterprise Security.

 

 

  Inception: The extended edition
  Nelson Brito
 "Sometimes, the best way to advance is in reverse". (Eldad Eilam / Reversing: Secrest of Reverse Engineering)

Every time any new vulnerability comes out we should be ready to understand it, in order to perform its exploitation or even to build defenses. Reverse engineering is one of the most powerful approaches.

Many talks have been done in the last years, as well as too many useless information has been given by security community: some talks have addressed particular frameworks, specific tools and a few libraries. No practical demonstration and/or tips and tricks regarding vulnerabilities, leaving the "black magic" hidden to the audience.

This talk will share some tips and trick learned during real vulnerability reversing process, such as: gathering information about the vulnerability; understand the weakness type; preparing the vulnerable ecosystem; building a toolbox to be used; reversing the vulnerability; etc... It will show, using very detailed demonstration, how to achieve the state-of-art building exploitation and defenses, using your own exploitation skills.

The "black magic" will be finally unveiled, showing how to use tools (public available) to understand and apply reverse engineering to a vulnerability.

 Nelson Brito is just another Computer/Network Security Researcher Enthusiast, who has an addiction of playing with computer systems' (in)security on his spare time, and lives in a wonderful city: Rio de Janeiro.

As a sought-after speaker, he has presented to professionals, enthusiasts, and researchers on some security conferences, such as: IME Cryptology Week (2000/2001), CNASI (2000/2004/2005), CONIP (2004), SERPRO TIC (2006), ITA SSI (2006), H2HC (2006/2009/2010), FEBRABAN CIAB Workshop (2009), Web Security Forum (2011), PH-Neutral (2011), among others.

By the way, Nelson Brito is the author of:
1. T50: and Experimental Mixed Packet Injector
2. ENG++ SQL Fingerprint.
3. Permutation Oriented Programming

 

 

  The Science of Insecurity
  Sergey Bratus
 In memory of Len Sassaman

By Meredith L. Patterson, Sergey Bratus

Why the overwhelming majority of common networked software is still not secure, despite all effort to the contrary? Why is it almost certain to get exploited so long as attackers can craft its inputs? Why no amount of effort seems to be enough to fix software that must speak certain protocols?

The answer to these questions is that for many protocols and services currently in use on the Internet the problem of recognizing and validating their "good", expected inputs from bad ones is either not well-posed or is undecidable (i.e., no algorithm can exists to solve it in the general case), which means that their implementations cannot even be comprehensively tested, let alone automatically checked for weaknesses or correctness. The designers' desire for more functionality has made these protocols effectively unsecurable.

In this talk we'll draw a direct connection between this ubiquitous insecurity and basic computer science concepts of Turing completeness and theory of languages. We will show how well-meant protocol designs are doomed to their implementations becoming clusters of 0-days, and will show where to look for these 0-days. We will also discuss simple principles of how to avoid designing such protocols.
 Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research. He enjoys wireless and wired network hacking, kernel rootkits and hardening patches, and spoke on various topics at Shmoocon, Toorcon, Defcon, and BlackHat. He has a Ph.D. in Mathematics from Northeastern University, and worked at BBN Technologies on natural language processing research before coming to Dartmouth.

 

 

  Windows Kernel Pool Exploitation
  Tarjei Mandt
 In Windows 7, Microsoft introduced safe unlinking to the kernel pool to address the growing number of vulnerabilities affecting the Windows kernel. Prior to removing an entry from a doubly-linked list, safe unlinking aims to detect memory corruption by validating the pointers to adjacent list entries. Hence, an attacker cannot easily leverage generic "write 4" techniques in exploiting pool overflows or other pool corruption vulnerabilities. In this talk, we show that in spite of the efforts made to remove generic exploit vectors, Windows 7 is still susceptible to generic kernel pool attacks. In particular, we show that the pool allocator may under certain conditions fail to safely unlink free list entries, thus allowing an attacker to corrupt arbitrary memory. We demonstrate practical use of the presented attacks in numerous case studies, and discuss useful techniques in the context of reliable kernel pool exploitation.
 Tarjei Mandt is a security researcher at Norman. He holds a Masters degree in Information Security and has previously spoken at security conferences such as Black Hat, Infiltrate, and Hackito Ergo Sum. In his free time, he enjoys spending countless hours challenging security mechanisms and researching intricate issues in low-level system components. Recently, he has done extensive research on modern kernel pool exploitation and discovered several vulnerabilities in the Windows kernel.

 

 

  Caixa de Pandora. Ate onde pode chegar o descuido com o descarte de informaes?
  Thiago Bordini
 Palestrando com Gisele Truzzi

Atualmente, estão em voga discussões que envolvem o descarte e a classificação da informação, e a sanitização de discos. Porém, a sociedade ainda não tomou plena ciência do quão perigoso pode se tornar o descarte de equipamentos eletrônicos realizado de forma indevida.

Muito se fala sobre tais procedimentos de limpeza, mas pouco tem sido alertado sobre os tipos de informações que podemos obter em equipamentos que simplesmente receberam a alcunha de .lixo eletrônico..

Por conta da importância da informação em nossa sociedade e do volume imenso de dados armazenados em meio eletrônico, resolvemos focar nossa pesquisa na informação encontrada em equipamentos descartados sem a devida sanitização. Este artigo é fruto de uma pesquisa sobre o volume de informações sensíveis que podem ser encontradas facilmente em meio ao .lixo eletrônico..

Durante a pesquisa foram adquiridos equipamentos em lojas de sucatas de eletrônicos em São Paulo, com o intuito de descobrir que tipo de informações aqueles equipamentos continham e o nível de sensibilidade de tais dados. Nosso objetivo, caso alguma informação confidencial fosse encontrada, era correlacioná-la a buscas na internet, por meio de sites de relacionamentos e mídias sociais, a fim de tecer uma grande rede de informações sensíveis de um indivíduo, e, por fim, apresentar de forma amparada na legislação quais os impactos jurídicos atrelados ao caso.
 Thiago Bordini

Formado em Sistemas da Informação pela UNIBERO, pós graduado em Segurança da Informação pelo IBTA e MBA em Gestão de TI pela FIAP, atua na área de TI a 14 anos.
Atualmente trabalha na Skylan Technology como Analista de Segurança.
Profissional Certificado pela Microsoft em Servidores Windows.
Palestrante em diversas instituições de temas como Virtualização, Segurança e Redes.
Professor universitário da Universidade Bandeirantes . UNIBAN.
Membro diretor do Hackers Construindo Futuros . HCF Brasil.
Fundador do Stay Safe PodCast e Revista. Membro organizador do CSA Brasil (Cloud Computing Security Aliance).
Membro da Comissão de Crimes de Alta Tecnologia da OAB . SP.


Gisele Truzzi

Advogada especialista em Direito Digital e Direito Criminal;
Formada em Direito pela Universidade Presbiteriana Mackenzie (2004);
Pós-graduada em "Gestão e Tecnologias em Segurança da Informação" (Faculdade Impacta Tecnologia - 2010);
Extensão em "Direito da Tecnologia da Informação" (Fundação Getúlio Vargas . FGV . 2007);
Professora convidada da Pós-Graduação da Escola Superior de Advocacia da OAB/SP (ESA) e do MBA em "Gestão de Riscos e Prevenção às Fraudes" da FIA-USP;
Experiência de 6 anos de atuação no ramo do Direito Digital, tanto na área consultiva, quanto contenciosa;
Expertise em "Crimes Eletrônicos" e Respostas a Incidentes;
Autodidata em assuntos relacionados ao Direito Digital, tendo iniciado seus estudos neste ramo quando ainda estava na faculdade, em meados de 2000;
Experiência de 2 anos no escritório "Patricia Peck Pinheiro Advogados", tendo passado pelos cargos de associada e sócia (atuação nas áreas de Segurança da Informação, Capacitação e Treinamento, Consultivo e Contencioso);
Membro das Comissões da OAB/SP: "Direito de Informática" e "Direito na Sociedade da Informação";
Membro do IBDE . Instituto Brasileiro de Direito Eletrônico;
Conferencista do ICCYBER 2007 . IV Conferência Internacional de Perícias em Crimes Cibernéticos;
Autora de diversos artigos sobre Direito Digital, sendo alguns deles publicados na Revista de Direito das Novas Tecnologias (IBDI/IOB);
Apresentou diversas palestras junto ao Estado Maior do Exército (EME), bem como em congressos, simpósios, conferências, eventos e em grandes empresas;
Desenvolveu programas de conscientização em Segurança da Informação para diversas empresas;
Ministra palestras e treinamentos sobre diversos temas relacionados ao Direito Digital, além de atuar na área consultiva e contenciosa do Direito Digital.

 

 

  Layers of misunderstanding, or how digital radio is not what you think
  Travis Goodspeed
 Together with Sergey Bratus

The digital radio PHY layer implementations (802.11, 802.15.4, Bluetooth, satellite, and others) are commonly thought of as being either too complex or too impenetrable to manipulate without dedicated (and expensive) equipment such as software-defined radio. However, the PHY layer is not monolythic, and in fact contains many sub-layers that can be manipulated even in commodity radio chips, making possible a number of injection and fingerprinting tricks familiar from Layer 2 hacking of 802.11 -- but in Layer 1. But it gets much scarier: with proper understanding of how the PHY layer works, remote attackers can cause crafted frames to be injected into an unencrypted digital radio network without owning any radio at all, as long as he can cause perfectly legal traffic over the local radio link (this would work even if that link were fully enclosed in a Faraday cage).

Also featured: WEP rises from its grave; reformed Wi-Fi Link Layer sinner renounces SDRs; protocol engineering flaws explained with Russian nesting dolls.
 Travis Goodspeed is a neighborly engineer of Tennessee-shaped, electronic belt buckles from Southern Appalachia. He hacks 8-bit and 16-bit embedded systems, particularly those used in ZigBee and the Smart Grid. He started the GoodFET, an open source programmer and debugger for MSP430, AVR, PIC, Chipcon, ARM7, SPI Flash, and other chips. It also packet sniffs ZigBee and ANT radio packets when so inclined.

 

 

 

 

 

 

  ORGANIZAÇÃO

 

 

 

 

 PATROCINADORES PLATINUM

 

 

 

 

 

 PATROCINADORES GOLD

 

 

 

 PATROCINADORES SILVER

 

 

 

 

 

 APOIO

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 MIDIA