Anita Nikolich

AI

Anita Nikolich


Alexander Rasin

Alexander Rasin

Is your Database Leaking Encrypted Data?

Forensic tools often operate in adversarial conditions, without cooperation from the device owner. Storage encryption (either device-drive or software) prevents forensic tools from accessing and reconstructing data in persistent storage. Meanwhile, RAM and its cache can provide an alternate source of decrypted data to forensic tools. Prior data encryption research considered disk partition encryption, encryption in file systems, and client-side encryption. However, such work does not account for encryption in database management systems (DBMS). DBMSes manage their own storage instead of relying on the operating system with native DBMS support for disk and RAM cache management, access control configuration, and built-in encryption features.
The first part of this talk teaches the basic principles of disk-to-RAM data flow within a DBMS. We describe different allocated RAM areas and their purpose in major relational DBMSes (including  Oracle, SQL Server, PostgreSQL, and MySQL). We also survey the built-in encryption features available in these DBMSes, including deployment trade-offs. The second part of this talk describes DBMS encryption vulnerabilities through examples. We discuss SQL operations that potentially expose decrypted data in RAM. We also demonstrate the quantity of data cached by SQL queries and the lifecycle of that data in memory.

Shannon Fritz

Shannon Fritz

Is that a PickleNIC in your Pocket or are you just Cap’n Password Hashes?

When a device is set to automatically connect to wifi it may actually be exposing themselves AND the networks to attacks, but what you can do about it? The PickleNIC is a combination of custom hardware and software that was built to automate the collection and cracking of WPA2 Password Hashes. Hear the story about my daily commute with a raspberry pi that collects thousands of hashes using hcxtools and then automatically submits them to hashtopolis for distributed cracking. We’ll cover how the PickleNIC works and how it was built in order to help expose the risks in a fun way that (hopefully) encourages better security practices in my friends and strangers. You too can have a pickle in your pocket, in your bag, or in your car, and you’ll get all the information you need to make your very own PickleNIC today. This is going to be fun!


Trenton Ivey

Trenton Ivey

KEYNOTE: Make(){Break()};Break(){Make()};

By definition, hackers make things work in unexpected and unintended ways. To many outside this community, hacking seems like a destructive process. However, anyone that has ever created or utilized an exploit in an imaginative way knows that, at its heart, hacking is all about making something new. This talk, full of technical examples taken from opposing disciplines in information security, shows how healthy competition between makers and breakers drives progress.


Robert Lerner

Robert Lerner

418 I’m a Teapot – And other headers

What happens when you overshare HTTP headers and how to check if your’s are “up to code”