Presentations for Cryptography
This talk will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing anti-ransomware technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes.
The technique leverages an issue with error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function.
The talk will include a live demo of RIPlace bypassing a number of anti-ransomware technologies as well as the release of a RIPlace testing tool for the community to leverage in your own organizations.
Dustin Heywood (evil_mog)
Have you ever wanted to know how the MS-RPRN Print Spooler service can lead to local admin? This talk will go through the NTLMv1 hash format, reverse it to an NTLM hash, and show how to use that information to generate Silver Tickets. It will also cover defenses for this devastating attack.
When a device is set to automatically connect to wifi it may actually be exposing themselves AND the networks to attacks, but what you can do about it? The PickleNIC is a combination of custom hardware and software that was built to automate the collection and cracking of WPA2 Password Hashes. Hear the story about my daily commute with a raspberry pi that collects thousands of hashes using hcxtools and then automatically submits them to hashtopolis for distributed cracking. We’ll cover how the PickleNIC works and how it was built in order to help expose the risks in a fun way that (hopefully) encourages better security practices in my friends and strangers. You too can have a pickle in your pocket, in your bag, or in your car, and you’ll get all the information you need to make your very own PickleNIC today. This is going to be fun!
Tymkrs & AND!XOR
Come listen to how new world’s are created for your curiosity and enjoyment!
By definition, hackers make things work in unexpected and unintended ways. To many outside this community, hacking seems like a destructive process. However, anyone that has ever created or utilized an exploit in an imaginative way knows that, at its heart, hacking is all about making something new. This talk, full of technical examples taken from opposing disciplines in information security, shows how healthy competition between makers and breakers drives progress.
What happens when you overshare HTTP headers and how to check if your’s are “up to code”
Sysadmins, CISO’s and compliance officers run pentests on their internal and external infrastructure, and commonly ignore their wireless footprint. However, access to a corporate wireless network is seldom monitored and provides covert access to an attacker. Think a long random passphrase or individual user authentication will protect your perimeter? Think again. Current wireless attacks take advantage configuration oversights, deceiving end users, and circumventing what had been thought to be reasonable network segmentation. Such compromise can have disastrous implications resulting in the “attacker from the parking lot” scenario. Curious to see how a compromise from a “secure” wireless network happens? Eric & Matt will discuss their evolving wireless pentest methodology and answer audience questions.