When the terms darknet or dark web are invoked it is almost always in reference to the Tor network, but what about the other extant darknet frameworks? A true understanding of the dark web would be impossible and misleading if it only included the Tor network. In this talk I will expand the field of view to include frameworks such as Freenet, I2P, and OpenBazaar. We’ll take a quick look at the origins and technical underpinnings of these darknets as well as their actors and offerings. I will also discuss the differentiators that set these networks apart from Tor and highlight why they too should be included in modeling our knowledge of the dark web. Audience members will walk away with a fuller understanding of the internet’s hidden corners, the goals of its users, and the technologies that help keep them in the dark.
Dustin Heywood (EvilMog)
Often times it only takes a small oversight to cause a vulnerability, even when it comes to severe vulnerabilities. The Buffalo TeraStation NAS demonstrates this idea beautifully in that it has a variety of features that do just a tad more than they should. Using these oversights as examples, I’ll provide an overview of the thought processes, mindset, and skills used to turn happy little oversights into happy little shells. There will be an abundance of facepalms and IoT war stories, and if that wasn’t enough, there’s a good chance these vulns will still be unpatched.
The mechanical pin and tumbler locks we use on our homes, schools, and businesses have not changed much in over 100 years. Sure, there have been some exotic new designs but most are just not fiscally feasible compared to their relatively minor improvements (if any) in security. A feature desired on large scale deployments is called Master Keying, which allows for many unique key/lock combinations while supporting multiple permission levels commonly referred to as “janitor keys” or “security keys” that can open multiple locks. While these systems are still in use around the globe in medium-to-large scale businesses, schools, and government buildings, they are also susceptible to what some consider to be the original privilege escalation attack. We will talk about an optimization attack against the most common master keyed lock systems in use today, reducing the potential attack surface from 1,000,000 permutations for an SC4 keyway system down to 42 steps to find the highest privilege key.
We all know someone who has a Nintendo Entertainment System (NES) sitting around collecting dust. The 1980s gaming console was limited in its capabilities, but just how much wiggle room does that leave for mischief? In this talk, Vi Grey will demonstrate how it is possible to innovate under the limitations the NES restricts us with to create new ways a person can interact with a game. You will see NES games that are also fully functioning web pages and ZIP files, console memory dumps that can be opened as JPEG images, game cartridges that secretly contain other entire NES games, and much more.
Stephanie "Snow" Carruthers
What does a pig in a poke, pigeon drops, and salting have in common? They are just a few of old school confidence tricks (cons) used from the late middle ages to more recently which swindled marks out of money. In this presentation Stephanie will cover how some famous historic cons were used in their day, and how they are now being transitioned into today’s digital world.
Ever cyber professional wants to stop an APT from hurting their company. But when they can’t stop an attack, they seek to expose the criminal, so they can learn from the incident and identify preventative measures. To beat the bad guys and keep pace with today’s evolving cyberattacks, we need an equally dynamic, adaptive, and engaging cybersecurity skills strategy to save our enterprises. Digital forensics—the process of identifying, preserving, analyzing, and presenting digital evidence—is one of many cyber skills necessary in today’s hacking culture.
To support this discipline, Keenan will share how gamified cyber range environments are emerging to assist investigators in the capture, analysis, and preservation of evidence. She will explain how these virtual environments can deliver realistic cybersecurity scenarios for professionals to train both individual and overall team competencies. Keenan will share how users can engage in life-like cyber scenarios inspired by modern-day hacking events to not only refine digital forensic investigation processes but also help professionals learn from beginning to end how and why a hacker attacks in the first place.
Keenan will explain the benefits of gamified cyber range learning and how it can benefit cyber teams. As a result of this new game-inspired learning method, digital forensic professionals gain the ability to “beat the hacker” at their own game—through a game-like cyber range that most authentically represents future scenarios they will encounter. Cyber professionals can learn new, more efficient approaches to deploying computer/network/mobile digital forensics leveraging real-world examples of incidents. Further, gamifying cybersecurity exercises allows teams to better protect enterprises from future attacks and bring cybercriminals to justice.
There are few topics that capture the imagination and headlines like Bitcoin. Many of us understand what Bitcoin is and how it works on a technical level. Bitcoin’s blockchain is a bit like art; sometime you just have to see it with your own eyes.
What if we use modern big data tools to store the blockchain data in a format that can be searched, viewed, and explored? Once you can see the data you can start to discover what Bitcoin is and how it works. It stops being ones and zeros and becomes a story we can watch unfold.
We tend to think about Bitcoin in the context of moving coins around. The coins that get mined and traded are certainly interesting but they’re not the whole story. There are plenty of other interesting aspects in the Bitcoin data. Watching the difficulty of the work, seeing how time of day and seasons affect the transactions flowing through the system. Even understanding what some of the upper bounds on what Bitcoin will be able to accomplish are. We can explore this data in a visual way that can be understood.
The most interesting part of Bitcoin isn’t the coin however. It’s something called nonstandard transactions. Most transactions in the blockchain are strings of data that move coins around. But a transaction isn’t limited to only moving around coins, it can be any random string of data. There are a substantial number of transactions that contain unique and interesting strings. Strings that don’t move the coins around, strings that contain messages. Strange things that only the anonymous person who placed it there may ever understand. There are hundreds of thousands of nonstandard transactions in Bitcoin’s blockchain. We have the ability to see them now, it feels like finding a secret note someone left behind.
Let’s spend some time looking at all this data. What can we learn about how Bitcoin works. What are some trends we’re seeing. And most importantly what are some of the secrets the blockchain holds for us to find. The best part is everything we look at is open data and all the tools we use are open source. You can continue the investigation on your own using what you learn in this session as your inspiration and guide.