Horaire à venir
The Art Of Hacking A Human (English talk)
This talk is going to focus on being successful interacting with others in your work space. People have their own firewalls and we setup the interaction rules. Do we want to allow or block this person in our comfort zone? I will go over security techniques on how navigate different personalities using traditional hacking techniques.
– Determine what « operating system » they are running
– What patches are in place
– What vulnerabilities you can exploit
– What configuration issues does this person have?
Which then result in being able to work with different personalities based on what the hacking results tell you?
I will cover the same things, I just felt like presentation overview should be different
Kernel W^X Improvements In OpenBSD (English talk)
Until recently, systems would allocate writable memory as executable by default. W^X is a memory protection policy that states that a page of memory should not be writable and executable at the same time. For many years OpenBSD has had user-mode support for W^X, but until recently the kernel support for W^X on amd64 and i386 platforms had received less attention. This talk will contain a brief history of W^X protection mechanisms present in OpenBSD and detail the recent effort to make the kernel W^X support as robust as possible. The talk will describe the challenges faced in both identifying the regions to be protected, and ensuring the W^X policy was enforced across all of them. The talk will also detail the special challenges faced while upgrading the i386 hardware platform’s legacy page table format to a version that supports W^X more easily.
On Defending Against Doxxing (English talk)
Doxxing is the Internet-based practice of researching and broadcasting personally identifiable information about an individual. It is also a scourge on our internet lives that can quickly boil over into the physical realm. Often wielded as a weapon of hate or manipulation and a tactic for intimidation doxxing easily leads to real-world threats of violence, financial harm, sexual assault, career damage, or even murder. Examples of these impacts can be seen surrounding the recent events of ‘GamerGate’ through the targeting of Anita Sarkeesian, Felicia Day, Tara Long, and Brianna Wu. Doxxing also often leads to another tragic outcome; that of targets for hate being misidentified leading to unaffiliated individuals becoming the subjects of attack. Occurrences of this can be found in such online sagas as Anonymous vs. Scientology, the Amanda Todd case, and the incorrect fingering of Sunil Tripathi as the Boston Bomber. Given the real world impacts of being doxxed what can we do to protect ourselves, our friends, and our loved ones? In this talk I will highlight common methods employed by doxxers as well as methods to safeguard the information they seek. I will move from the easy wins and low-hanging fruit, with an eye for practicality, to the more complex and long-term defenses employed by professionals. While this is a pertinent topic for everyone I believe it is especially important for those who’s livelihoods involve spending copious amounts of time interacting with the internet. Our Doxxing attack surfaces are larger than those for others.
La France sous attaque! (Conférence en français)
Comment la France a été attaqué en janvier 2015 par des jeunes musulmans après les attentats contre Charlie Hebdo.
– Qui était les pirates
– Ce qu’ils voulaient
– Ce qu’ils ont fait
– Ce qu’ils ont caché
CHaotic Encryption Key System (CHEKS) – La suite (Conférence en français)
Détail à venir
Backdooring Git (English talk)
Join John Menerick for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and services out there – Git and GitHub. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project.
Inside Terracotta VPN (English talk)
Virtual Private Networks (VPN) are very popular. They are part and parcel for almost every enterprise network, especially those with remote employees. Aside from VPNs for enterprises, there are many reputable commercial VPN services that offer low cost, reliable service to individual users. These users employ VPNs for reasons that might include connection security, protection of privacy data, online gaming acceleration, and bypassing service provider restrictions. VPN’s are also popular with cyber criminals, as it is one way the latter can obscure their true source location. When a commercial VPN service provider uses resources such as servers and copious bandwidth stolen or repurposed from unsuspecting victims for purposes of profit, the offering clearly crosses into the criminal domain. In this report, FirstWatch exposes one such operator doing business with multiple VPN brand names out of the People’s Republic of China (PRC). Operating with more than 1500 end nodes around the world, FirstWatch has confirmed that many of these end nodes are compromised Windows servers and have evidence that many of them were illegally “harvested.” The operators behind Terracotta VPN continue their broad campaign to compromise multiple victim organizations around the world. Meanwhile, advanced threat actors such as Shell_Crew use Terracotta VPN to anonymize their activity while they hack the crap out of governments and commercial entities around the world.