Internet Voting is being implemented in several countries around the world. France for instance, is using electronic voting for French citizens living abroad, and for electing professional representatives of public workers. However, people is still scared about voting through the Internet, as several security flaws have been found on real Internet Voting systems. Electronic voting is a well-known case study in the cryptography research field, and this research has lead in to cryptographic protocols which can be - and are being - implemented in the real world, to ensure that security requirements are met. In this talk, we will present the main concerns that can arise about the implementation of an internet voting system, and how advanced cryptographic mechanisms and protocols from the state of the art can be applied in order to provide security guarantees against these threats.
Jesús Chóliz has more than 15 years of experience in IT Security, and he started to research on the security of Internet Voting at the beginning of 2010. He is currently the Director of Security on a software company specialized on Internet Voting. He is responsible of the security of elections worldwide. Previously to their work on Internet Voting, he has been a Security manager performing security audits and advisory projects to the top organizations in Spain, including public sector, financial entities, and largest infrastructure and logistic companies. Jesús has also worked for a Software Development Company focused in audit and monitoring systems.
His experience in the eDemocracy is related to Internet Voting, Results Consolidation, Public consultations, reporting of results, in several Europe countries, USA, Canada, Latam region, and Asia Pacific. He has some publications of papers and posters on NIST workshops and academic conferences.
Dr. Sandra Guasch, is a Researcher specialized in Cryptography applied to Electronic Voting since 2009. She has participated actively in electronic voting projects in Europe, United States and Asia Pacific. Her main focus areas include analysis at a mathematical and implementation level of public key cryptographic algorithms, design and evaluation of security protocols for electronic voting systems and participation in risk analysis of electronic voting solutions. She also collaborates with several Spanish universities in research projects and in the diffusion of electronic voting and security knowledge among the student community. She just obtained her PhD with a Thesis about verifiability methods applied to eVoting. She has presented her work in different electronic voting conferences (PhD Workshops in Estonia, Austria, Luxembourg and Switzerland, and in the Vote-ID 2015 Conference in Switzerland), also in general Cryptography events like the Real World Crypto conference on New York, and Financial Crypto 2016 in Barbados.
Voice command allows the hand-free use of a mobile device for texting, calling and application launching. This way of interacting with the mobile devices is spreading and will certainly be one of the main improvements in the upcoming UIs. Today, a lot of features can be accessed by voice, depending on the device and the operating system. Some of them can be critical from a security point of view. One can cite placing phone calls, sending text messages, publishing and browsing the internet or even changing the device’s settings. As voice is the medium for launching commands, it is assumed that the victim would hear the attacker’s voice, so that the attack vector is generally unrealistic.
During the Hack In Paris 2015 conference (You don’t hear me but your phone voice interface does, Hack In Paris 2015), we have shown a way to remotely trigger voice commands on a mobile device using electromagnetic waves. It was shown that the headphone acted as an efficient receiving antenna (a so called front-door coupling interface) that allowed for inducing electric signals containing audio voice commands that were processed and successfully executed by voice command interfaces. Along with the technical details of the attack scenarios, we have provided an analysis of the attack surface and some adapted countermeasures. Finally, several demonstrations were proposed as proof of concepts.
Recently, we have been working on a new injection technique involving the conducted propagation path for reaching the target at a longer distance and with much less power through the so-called back-door coupling phenomenon (e.g. Cables and circuits which are not designed to receive electromagnetic waves). The injection technique and the propagation path are completely different and the attack scenarios are new with regards to our first talk (You don’t hear me but your phone voice interface does, Hack In Paris 2015). During the presentation, the technical details of the new attack vector will be presented with the related attack scenarios and an update of the risks analysis will be proposed. Moreover, the updated list of counter-measures will be discussed.
NB: This research was reported to manufacturers of smartphones and editors of voice command interface solutions through responsible disclosure on January, 26th 2016.
Wireless communication security expert at ANSSI where he is working on electromagnetic security (EMSEC) threats related to spurious compromising emanations (TEMPEST) and intentional electromagnetic interferences (IEMI). Chaouki is giving lectures on EMSEC in French and foreign universities. Chaouki has also presented his researches in the framework of his PhD in Electronics at numerous national and international conferences including IEEE Conferences on EMC, AMEREM and URSI.
Information security research engineer at ANSSI. His main interests are embedded systems security and wireless security. José also gives lectures on those topics in French universities. Before that he worked as a security evaluator and a pentester in a French ITSEC. Along with information security, José likes electronics, tearing things apart and beatboxing.
Machine learning-based (ML) techniques for network intrusion detection have gained notable traction in the web security industry over the past decade. Some Intrusion Detection Systems (IDS) successfully used these techniques to detect and deflect network intrusions before they could cause significant harm to network services. Simply put, IDS systems construct a signature model of how normal traffic looks, using data retrieved from web access logs as input. Then, an online processing system is put in place to maintain a model of how expected network traffic looks like, and/or how malicious traffic looks like. When traffic that is deviant from the expected model exceeds the defined threshold, the IDS flags it as malicious. The theory behind it was that the more data the system sees, the more accurate the model would become. This provides a flexible system for traffic analysis, seemingly perfect for the constantly evolving and growing web traffic patterns.
However, this fairytale did not last for long. It was soon found that the attackers had been avoiding detection by ‘poisoning’ the classifier models used by these PCA systems.  The adversaries slowly train the detection model by sending large volumes of seemingly benign web traffic to make the classification model more tolerant to outliers and actual malicious attempts. They succeeded.
In this talk, we will do a demo of this 'model-poisoning' attack and analyze methods that have been proposed to decrease the susceptibility of ML-based network anomaly detection systems from being manipulated by attackers.  Instead of diving into the ML theory behind this, we will emphasize on examples of these systems working in the real world, the attacks that render them impotent, and how it affects developers looking to protect themselves from network intrusion. Most importantly, we will look towards the future of ML-based network intrusion detection.
Clarence graduated with a B.S. and M.S. in Computer Science from Stanford University, specializing in data mining and artificial intelligence. He currently works as a Research Data Engineer at Shape Security, a startup in Silicon Valley building a product that protects from malicious bots and automated attacks on Global 2000 customers. At Shape, he works on the big data analysis systems that are used to tackle this problem. Clarence spoke on Machine Learning and Security at PHDays 2015 in Moscow, BSides Las Vegas 2015, Code Blue Tokyo 2015, SecTor Toronto 2015, and BSides NYC 2016. He had been a community speaker with Intel, and is also the founder and organizer of the "Data Mining for Cyber Security" meetup group, the largest gathering of security data analysis professionals in the San Francisco Bay Area.
In an industry that does so much to uncover and expose the mistakes of others. Which don’t get me wrong is a valuable service in helping to increase security by the discovery of these vulnerabilities. It seems everyone though is very shy about pointing out their own failures! I’ve decided that I could help teach others valuable lessons I learned by showcasing three failures I’ve had in Blue Team. Three failures I’ve had in Red Team and three failures I’ve had in this community. I once read that a smart person learns from their mistakes. A wise person learns from the mistakes of others! So please take a moment to listen to me trying to help you become a little bit wiser! :)
Jayson E. Street is an author of the “Dissecting the hack: Series”. Also the DEF CON Groups Global Coordinator. He has also spoken at DEF CON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006.
On May 2015 there was a fatal derailment of the Northeast Regional No. 188, headed by the Amtrak ACS 64 locomotive. The derailment cause is still a mystery and was speculated to be a cyber-attack – through my research on those massive machines I went on exploring their attack surface and came out with some serious issues regarding design and implementation of technologies from collected material on this specific model and in general going through the technologies that hold current throughout common locomotives. In my talk I map out those vectors, explaining what exactly is between an attacker and its target and what the impact on each is. Lastly, I draw some conclusions and recommendations for a better design of security for locomotives.
I’ve been researching security since I was 14, positioned professionally since I was 18, when I was actually surprised to find a place for my enthusiasm and, hopefully, talent. Consulted many industry leaders, banks, software vendors, insurance companies, health organizations, governments and telecommunication service providers, both domestic and international.
Interested in all security aspects, keeping my aperture wide and viewing the whole picture while can talk the talk and walk the walk when it comes to bits & bytes.
Given the wonderful opportunity to speak at many conferences – including CCC (32C3) in Germany, Hack-in-Paris in France, 44CON in the UK, DefCon group summit at Tel Aviv, Israel and others.
Over the years RFID card cloning attacks have risen steadily in Red Team activity. While card cloning can be effective, entry isn’t always gained with this method alone. As Red Team members, we often focus too much on the card and not enough on the technology that supports it. Why settle for access to one door when you can have access to them all? This talk will move beyond the card and explore all of the PACS components. After an overview of the components and architecture, we’ll discuss their unique attack surfaces, and how to locate them. Finally, we’ll put all of the attacks together to achieve complete system takeover.
Valerie Thomas is a Principal Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor’s degree in Electronic Engineering, Valerie led information security assessments for the Defense Information Systems Agency (DISA) before joining private industry. Her unique Defense and civilian background provides her with a solid understanding of intrusion detection, data loss prevention, and endpoint (in)security. Her electronic and RFID training became a crucial element of her physical security specialization. While some focus on cyber or physical security, she has chosen to exploit the weaknesses of the combination of the two.
Whether you want to protect the operating system components or your personal files, a Full Disk Encryption (FDE) solution allows you to keep track of the confidentiality and integrity. One of the most commonly used FDE solutions is Microsoft Bitlocker®, which due to its integration with the Trusted Platform Module (TPM) as well as the Active Directory environment makes it both userfriendly and manageable in a corporate environment.
When the system is protected with a FDE solution, without a pre-boot password, the login or lock screen makes sure attackers with physical access are not able to gain access to the system.
In this talk we will explain how an attacker with physical access to an active directory integrated system (e.g. through stealing) is able to bypass the login or lock screen and elevate his privileges to that of a local administrator or SYSTEM. Finally using the administrative privileges to extract the clear-text version of the user’s original password.
All of this can be accomplished via two security vulnerabilities which affects all Windows versions (from Vista to 10) and abusing a standard “security” feature.
Oracles’s CSO recently said, "Researchers who find bugs in software are violating software licenses and are breaking the law. They should be prosecuted, not rewarded with bug bounties."
On the other hand, can enterprise and the public trust vendors to properly test, disclose and update vulnerabilities in a timely basis? For years, security researchers have found bugs in software and disclosed them in a wide range of ways because vendors failed.
This topical and exciting interactive audience-driven debate, will examine some of the most important issues the security industry faces today:
Winn Schwartau is an expert on security, privacy, infowar, cyber-terrorism and related topics. He is known not only for his trademark mustache and appearances at Defcon but also his provocative and original ideas that make audiences think, wonder and understand highly technical security subjects. He has written more than a dozen works on security topics. In other words, Schwartau attempts to make the importance of information security accessible to the average person. In 2002, he was honored as a “Power Thinker” and one of the 50 most powerful people in networking by Network World. In 2008, he was voted one of the 25 Most Influential People in the Security Industry by Security Magazine.
Consultant, Public Speaker, and Security Expert in Washington
Katie Moussouris is a noted authority on vulnerability disclosure & bug bounties. Katie advises companies, lawmakers, & governments on the benefits of hacking & security research to help make the internet safer for everyone. Katie is a hacker - first hacking computers, now hacking policy & regulations.
Dave Chronister’s expertise has been featured on television’s CNN, Bloomberg TV, CNBC, Fox Business, ABC World News with Diane Sawyer, America Now with Leeza Gibbons, FOX 2 KTVI, KMOV Channel 4, KSDK News Channel 5 as well as several local radio stations. Also spotlighted in online and print publications such as FOX Business News, CNBC, CBS, Associated Press, CIO Magazine, Information Security Magazine, InfoWorld Magazine, Computerworld, Entrepreneur Magazine, Popular Science, American Banking Journal, BankNet 360, Bank News, Credit Union Tech Talk, The Kansas City Star, St. Louis Post-Dispatch, The Suburban Journal, St. Louis Business Journal, St. Louis Business Monthly and other publications. Plus, Chronister has written several articles for numerous industry publications. Chronister appears as a regular cybersecurity expert on Fox Business, CNBC, MSNBC, and CNN.
Anti-Reverse Engineering and Disclosure
Former U.S. Department of Justice, Cyber-Attorney & Chief Security Evangelist at Verizon
Mark Rasch is an attorney and author of computer security, Internet law, and electronic privacy-related articles. He created the Computer Crime Unit at the United States Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-technology, and white-collar crime.
He helped the FBI and Treasury Department develop their original procedures on handling electronic evidence. He created and taught classes at the FBI Academy and the Federal Law Enforcement Training Center on electronic crime and evidence. He has taught evidence law at the Catholic University School of Law, and white collar and computer crime at the American University School of Law. He has taught other computer and privacy law courses and incident response classes at the University of Fairfax, George Washington University, George Mason University, and James Madison University. He has also lectured at Stanford University, Harvard University and Harvard Law School.
Mark is frequently featured in news media on issues related to technology, security and privacy including. He has appeared on or been quoted by NBC News, MSNBC, Fox News, CNN, The New York Arial, Forbes, PBS, The Washington Post, NPR and other national and international media. He writes a monthly column in Symantec’s Security Focus online magazine on issues related to law and technology and is a regular contributor to Wired magazine.
Winn Schwartau , Katie Moussouris , Dave Chronister , Mark Rasch
OSINT is a fashion, everybody is talking about it. But how difficult is it to accomplish, really?
After asking ourselves that question, we planned our own
<irony>super deep-analysis OSINT scraping tool</irony>, to prove that it's all smoke and mirrors. And we did it, in only a week and with less than 1000 lines of code.
In this talk I will present you 3 simple engines:
The end result: A simple tool that shows live tweets about a string specified by us, points them on a live Google map at the city where the tweet was posted, and shows you whether the tweet has a negative, positive or neutral connotation. All that in less than 7 seconds after the tweet was posted by the original user.
I will do a live demo of the tool, with any word chosen by the audience.
Warning This is NOT a product talk. We do not sell this software. It's just a project we did for fun, no profit :D. And after my talk, anybody will be able to replicate it easily.
Penetration Tester who specializes in Web security analysis. He loves to build simple tools to perform discovery and exploitation on any software or network. He has spoken at BlackHat, H2HC, Ekoparty, TEDx, Campus party, OWASP and many important conferences. He is the founder and CEO of Mkit Argentina, a company that specializes in computer, physical and human security solutions. He is also the founder of Andsec conference ANDSec. And he is Super Mario World master!!
For twenty years, the video game industry has been investing a substantial amount of money in R&D to fight piracy and counterfeit. This investment is proportional to the potential shortfall, which counts in millions. Therefore, video game consoles are the spearheads of hardware and software security. The current talk explores the history of these platforms through the evolution of defence and offence strategies. As we will see, the security features implemented by the manufacturers have become more and more elaborated, forcing the attackers to develop subtle and innovative techniques. Moreover, it is interesting to observe that the threat model has evolved from large scale piracy prevention to a model where manufacturers want to prevent hackers to take control of their console. We also highlight the advance of the gaming console industry regarding hardware and software security concepts, specifically when considering that they are mass consumption products. Finally, it is to be noticed that these concepts only appeared a few years later on other mass market devices such as smartphones and Set Top Boxes.
In this talk we will present everything you have ever wanted to know about some major game consoles architecture and their security features. In order to achieve this, we will detail both hardware and software architectures of - somehow - old and modern gaming consoles: PS1, Xbox, Xbox360 and PS3. Based on this, we will explain the reasons why some attacks have failed and why some others have succeeded.
Mathieu RENARD employer and/or affiliations : Hardware and Software Security Lab. French Network and Information Security Agency (FNISA / ANSSI)
Ryad BENADJILA employer and/or affiliations : Hardware and Software Security Lab. French Network and Information Security Agency (FNISA / ANSSI)
Anto Joseph is a Security Engineer for Citrix. He is enthusiastic about MobileSecurity and IOT .He is very passionate about research and is currently researching on Mobile Malware . He has developed custom tools and fuzzers for helping in PT's and Vulnerability Research .He has been speaker / trainer in various security conferences including HITB Amsterdam , NullCon , GroundZero , c0c0n , XorConf etc and has good expertise in Practical Security.
Tired of watching hardware products getting hacked every day without having your part of fun ?
Don’t worry it will not be the case anymore! This conference will teach you hardware hacking in its most pragmatic aspects with a theory and practice approach. It follows a simple (but efficient) methodology based on a “Discover / Analyze / Attack & Protect” guideline that can be applied to any kind of hardware product (Internet of –Insecure– Things included). We will smartly mix methods and tools demonstration (thanks to the Hardsploit tool) in order to give you all the necessary knowledge to be able to perform hardware security audits by yourself.
I²C, JTAG, SPI, PARALLEL, UART – Today’s electronic devices, connected or not to the internet, integrate one or several chip that use these communication buses. Each of them have specific properties and technical differences, we need to know what data go through in order to perform efficient hardware audits. This paper will give an overview of today’s problematic for industrials and IT professionals to secure and audit products at the hardware level. For them,
Founder and current director of the OPALE SECURITY company. He graduated from a computer and electronic engineering school (Polytech-Universite Pierre et Marie Curie). After a time in the electronic industry as an engineer in embedded system conception, he made a career move towards IT. He started as a production manager for a company in the financial sector (Private Banking), and evolved towards IT security when he became part of the ACCOR group. He was in charge of applicative security for the group. He has a 20 years experience, 16 of which dedicated to IT system and embedded system security. OPALE SECURITY deals with research projects linked, amongst other things to the security of embedded systems. We are the project leader of Hardsploit : a Framework like metasploit but for Hardware Hacking.
Julien MOINARD, an electronics engineer with a solid background in this field (over 8 years) associated with many personal and professional experiments in the field of microcontrollers & FPGA. Furthermore, he contributes to several training in university. Julien is also the senior hardware pentester of OPALE SECURITY. Julien is the Team Leader of the Hardsploit Project Hardsploit.io: a framework dedicated to hardware hacking.
The talk will walk you through Internet Control Message Protocol basics, focusing on Type=5, Code=1 messages. It will briefly describe 'old' ICMP redirect attack and discuss the changes introduced to Linux kernel which made this attack impossible. But did they really? Dorota will show that ICMP rediect attack is still easy to perform with some additional steps even if secure_redirects are configured. Successful attack results in a new entry in the targeted host routing table. Dorota will introduce a testing tool and its capabilities. The talk will also describe prevention steps to secure the environment.
Dorota has 15+ years of professional experience in IT. She started as an unix admin in one of the main Polish web portals, then for many years was network admin / analyst. 5 years ago Dorota moved into a Red Teamer role conducting threat simulations all over the world. Her Red Team activities focus on networking attacks and social engineering.
Dorota earned a Master of Science in Computer Science (Networking).
Because of the advancements in prosthetics after the last decade of wars, technology has made advancements beyond those of security. We are using yesterdays security with tomorrow's technology, and it is not working. New technology allows for in vivo bionanorobotic technology to assist in reestablishing neurological functional continuity, minimizing peripheral neuropathy or establishing the neuro-human-machine interface after an avulsive trauma. The inherent vulnerability within the nano technology allows for exploitation and remote access or even real-time control of a prosthetic or even a persons neurological functioning. Neurostatic controls in these devices are also vulnerable causing malfunctions or unwanted actions out of the control of the user. Nanotechnology can also come equipped with processors, storage and the ability to communicate wirelessly. Some have embedded 3D printers producing segments of DNA or axons to be used as surrogates for malfunctioning or missing ones, can we allow these networks to go unregulated and open in a situation where security must never be compromised?
Gregory Carpenter, CISM, is the owner of Gregory Carpenter Enterprises LLC, co-author of “Reverse Deception: Organized Cyber Threat Counter-Exploitation” and hosts a weekly radio program of the same name. He is an Adjunct Professor of statistics and IT and is on the Board of Directors of ATNA Systems. He served several years at the NSA, with over three decades in the army and is currently pursuing his doctorate in Public Health focusing on in vivo bionanorobotic device security. He is the recipient of numerous awards including the coveted National Security Agency Military Performer of the Year.
Professional and successful Social Engineering work requires structured process and procedures in order to engage on management level with the corporate world. Social Engineering is often reduced to “phishing” emails, bypassing the reception desk covered as pest control or “visihing” attacks based on pretexted phone calls to help desk. This is significant and respected work in the Social Engineering field but to land you jobs at the executive level a more comprehensive and secure way of Social Engineering engagement is required. Social Engineering engagements should be comparable across the globe and have a uniform and structured approach. This is why myself and colleagues of me have developed the open source freely available Social Engineering Engagement Framework (SEEF). We have developed SEEF based on our experience (Social Engineers for decades and Big 4 Alumni on international level) in order to make SE engagements more secure plannable and the results comparable. SEEF contains methods and instructions for better SE planning and execution. The framework focusses not specifically on particular tools rather the focus lies in the process and management of SE engagements. In my presentation I will show you how to thoroughly plan SE engagements, having a risk based approach and professionally sell your services. I will show you also methods and procedures we have used and developed in order to skilfully document your SE engagements. Of course I will share plenty experience based stories and work I have done from Australia to Switzerland and ASIA. This will be a high powered session with lots of lessons learned and one the most comprehensive view on Social Engineering which will boost you to the front of Social Engineering today.
Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cyber security, human manipulation and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. His passion and personality will energize and inspire you and his ability to formulate complicated information clear and understandable will help you to apply what you have learned. Besides his work as a management consultant, advisor to the government and CEO of Reputelligence™, he has lectured at trade shows and conferences and is the author of various articles and white papers. His “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations. Mr. Brack is accessible, real, professional, and provides topical, timely and cutting edge information on breaking news. Whether he is speaking on camera, to a single group of executives, or sharing his personal stories and tips as a speaker or workshop leader, Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly – inspire and empower action.
I think that we can all agree that Software Defined Networks are awesome. But how do we know that they are safe? More importantly, how do we know that our Software Defined Network is safe? Traditional networks have plenty of tools available for testing and so do applications. But what about Software Defined Networks? What do we do? It's not like there are tools out there than we can use to test our Software Defined Network.
We'll, with the SDN-Toolkit v1.2 and it's new extensibility framework, now we can. Using templates that define the northbound API ports, paths, operations, and data elements, the SDNToolkit is able to talk to any SDN controller out there. Out of the box, the SDN-Toolkit v1.2 has templates for Big Switch, Opendaylight, Brocade, Cisco, HP, OpenContrail, and ONOS SDN controllers but you can make a template to talk to any controller that you want. The SDN-Toolkit can even be used with Burp to scan those controllers for vulnerabilities just like you would with SoapUI.
And in this session, I’ll demonstrate how to do that by using the SDN-Toolkit's built-in templates to identify and configure existing controllers, by showing you how to built your own template to talk to a new controller, and by using the toolkit to map the network, locate targets, and control access to the network like before. We'll even go one step further by using the SDN-Toolkit with Burp to scan the controller for vulnerabilities like SQLi, and XXE. It's about time that we have a tool for testing Software Defined Networks, and with the SDN-Toolkit, now we do.
Gregory Pickett CISSP, GCIA, GPEN has a background in intrusion analysis for Fortune 100 companies but now heads up Hellfire Security’s Managed Security Services efforts and participates in their assessment practice as a network security subject matter expert. As a security professional, his primary area of focus and occasional research is networks with an interest in using network traffic to better understand, to better defend, and sometimes to better exploit the hosts that live on them.