Lectures

The content brought forth...

Listed below are the lectures selected for presentation with full information.

If you are interested in speaking at InfoSec Southwest, please see our Call for Papers.

Keynote

This talk will show the new strategy in cyber that Mudge has helped to create for DARPA, how it was influenced by our community, and some of the challenges and rationale behind the Cyber Fast Track research vehicle that is being made available to the public.

Lectures

A New Technique in Data Exfiltration and Confidentiality

In this presentation, we unveil a new proof-of-concept tool that combines the confidentiality of encryption, the integrity of message hashing, the availability of a distributed architecture, and the stealth of steganography into a single cohesive application. This new use of these mature technologies creates a secure environment for your data, and easy retrieval, without the liability of keeping it on your personal system. This unique approach to data storage can help you keep the data you value the most from falling into the wrong hands.

Attacking CAPTCHAs for Fun and Profit

CAPTCHAs are a potent mechanism to protect web applications against automated form submissions. To analyze the strength of CAPTCHA deployments on the Internet, a research spanning hundreds of high traffic websites and several CAPTCHA service providers was conducted. The research looked at CAPTCHA image design, CAPTCHA implementation and Verification mechanisms. During the research, several interesting implementation flaws and attacks were identified that will be discussed during the presentation. Some of these flaws/attacks include CAPTCHA fixation, CAPTCHA Rainbow Tables, In-Session CAPTCHA Bruteforcing, OCR Assisted CAPTCHA Bruteforcing, Chosen CAPTCHA Text Attack, CAPTCHA Accumulation etc.

It was observed that an alarming number of visual CAPTCHAs (image designs) could be broken by combination of good image preprocessing and Optical Character Recognition (OCR) engines. TesserCap was thus written to test CAPTCHA designs based upon these observations.

TesserCap is a GUI based, highly flexible and first of its kind CAPTCHA analysis tool. TesserCap retrieves CAPTCHAs from the target website and solves those locally. Each CAPTCHA is subjected to TesserCap.s 8 stage image preprocessing module and the OCR engine. The image preprocessing algorithms work around color complexities, spatial irregularities, and other types of random noise that developers introduce into the CAPTCHAs to achieve higher detection rates.

Attacking the GoogleTV

The talk will focus on the three current GoogleTV devices, the security measures used by each device and the platform the devices run. The talk will include video demonstrations of bugs and exploits found for each device as well as specific details about how each bug works. The presentation will also include interesting experiences we have encountered along with information on the future of the GoogleTV platform.

How to Encrypt and Dedup Archives at the Same Time

Everyone who appreciates security and privacy would love to have an off site archiving solution. The problem with current technology is that efficient archiving is achieved via deduplication but that is at odds with encrypting data. Encryption and deduplication are orthogonal technologies however there are some clever tricks that enable these two fundamental forces to come together. The trick is to do this without loosing privacy and disclosing/leaking information.

This lecture will go into the details that were used to create a working prototype of such a solution. This prototype is being further developed into a product that is an open source solution that marries these two technologies. Additionally this lecture will describe peripheral crypto bits to describe the entire process from login through storing data of the open source solution.

Cyberwar 4-G - aka The Coming Smart Phone Wars

What do governments, agencies, critical infrastructures and cyber-commands do when it has 2 billion more potential targets to shoot at and defend against in a period of four years? Or what about in 2020 when there may be as many as 20 billion new intelligent endpoints?

More than 20 years ago a number of us were warning allied governments and defense organizations about a number of key developments.

  • Class I Information Warfare: The loss of privacy and Identity Theft
  • Class II: Private espionage and organized cybercrime
  • Class III: Nation-state, NGO and terrorist use of Internet technologies as offensive weapons.

We were ignored. Defense groups said, "if it doesn't explode, it's not ours," and Congress said, "why would a criminal or terrorist ever want to use the Internet...?"

Now we know. And here it comes again.

Exploit Shop : 1-day Patch Analysis Project

ExploitShop project kicked off at Sep 2011, and this project aims at analyzing Microsoft patches. Until now, ExploitShop covered six MS vulnerabilities, and released three new PoCs. To highlight our project, we were the first to present the vulnerability analysis on Duqu (MS11-087), and we were the first to investigate the possibility of MS11-083 attack (people were really frustrated for this vulnerability). Yes. We always cover the patch if it seems to have big impacts.

The presentation will introduce our ExploitShop project. For patch analysis and PoC development process, we will show 1) how to efficiently catch up the vulnerability patch, 2) how to merge up fuzzing techniques for the patch analysis, and 3) what's the important messages to zero-day bug hunters. The presentation would be very interesting. For the beginners, the presentation will give them a chance to see how the cutting-edge vulnerability analysis is working. For the advanced audiences, this will gives them better intuitions to see the future vulnerability research directions.

Exploiting Memory Corruption in the Java Runtime

The Oracle (previously Sun) Java Runtime Environment (JRE) is among the most widely attacked software packages on the Internet. Despite being viewed as low hanging fruit, exploiting memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.

Improving Software Security with Dynamic Binary Instrumentation

This talk will present an analysis of popular dynamic binary instrumentation frameworks, focusing on the performance of the engine and the feasibility for use in vulnerability mitigation technologies.

Dynamic Binary Instrumentation (DBI) is a process control technique that forgoes the traditional debugging facilities supplied by the operating system in favor of an in-process framework for manipulating the runtime state of a process. The most common frameworks available for performing DBI include Pin, DynamoRIO, and Valgrind. These frameworks facilitate the development of Dynamic Binary Analysis (DBA) tools that can perform security related tasks such as process tracing and debugging or sandboxing and other exploit mitigations. This talk will begin with a discussion the general shared architecture of a DBI framework. Further, an analysis of the performance of each engine and the feasibility for use in vulnerability mitigation technologies will be presented and illustrated with code examples.

Ripe for the Picking: 100 Million Leaked Passwords and its Impact on Password Research

In the past year, over 100 million passwords, and password hashes have been leaked by attackers. Most of these leaks takes place on sites such as pastebin/twitter and mediashare. What can we lean about password creation from this new set of data? A set of data that did not publicly exist 2-3 years ago. What did we find out? Your passwords suck. And web-sites have no idea how to fix it.

JS 2.0 Encoders - Forcing Change in Browser Exploit Detection

Contrary to popular belief, not all attackers are dumb and some have found use in AJAX when building their malicious JavaScript. This problem has caught some by surprise, but it doesn't need to be that way. If we can think and build like an attacker, then we are more in a position to combat against their techniques.

This talk will highlight improvements on existing techniques and introduce new ones that could soon become normal operations. Audience members should expect to walk away thinking how these issues could be solved and more importantly, how browser-based exploits could be better detected.

Security Patent Medicine Side Show

After yeas of patient study and delving into the dusty record of the past, as well as following modern experiments in the realms of information security science, Dr. Lurene Grenier and Nicholas DePetrillo ESQ. 18 Chats Paw Rd, Fort Wayne, Indiana makes the startling announcement that they have surely discovered the elixer of defense; That they are able, with the aid of a mysterious algorithm, known only to themselves, produce as a result of the years they have spent in searching for this precious impenetrable security boon to cure any and every vulnerability that is known to computer systems throughout the world.

Selecting Features to Classify Malware

Polymorphic malware is a menace to modern computing and a strain on business productivity. The challenge faced by antivirus technology is that there is not enough time for new variants of this type of malware to be collected, sent to antivirus companies, and analyzed, and for signatures to be created and returned to customers. To attempt to address this problem, we explore the classification of malware using machine learning. We compare some classifiers for malware and present a carefully selected set of attributes that result in good classification between malware and clean programs. We discuss the application of this research to security technologies.

We apply well-known machine-learning algorithms to help address the problem of malware classification. From experience, I know that the nature of antivirus research is reactive. Researchers have to and tend to focus on technical problems or addressing particular families of malware. This research was done for my master's thesis at UC Irvine where there was less pressure on me to focus on the daily problems of antivirus research. I approach the general problem of polymorphic malware classification instead of the topical problems of detecting particular malware. In addition, this research uses machine-learning techniques, which are seemingly underutilized by industry to solve security problems but that are used by other computing disciplines with success. Hence, this is research that is novel in its scope and in its techniques. In our best results, we achieved a 98.56% classification rate for malware using only seven executable file-format features: DebugSize, ImageVersion, IatRVA, ExportSize, ResourceSize, VirtualSize2, and NumberOfSections. Industry and other security researchers will benefit from receiving this research, the whitepaper, and the tool.

Speaking with Cryptographic Oracles

Cryptography is often used to secure data, but few people have a solid understanding of cryptography. It is often said that if you are not strictly a cryptographer, you will get cryptography wrong. For that matter, if you ARE a cryptographer, it is still easy to make mistakes. The algorithms might be peer reviewed and unbroken for 15 years, but if you use them incorrectly, they might leak information. Cryptographic oracles are systems which take user-controlled input and leak part or all of the output, generally leading to an attacker being able to defeat the cryptography, in part or in whole. This lecture will teach you about what encryption, decryption, and padding oracles are; why it doesn't matter that the algorithm you're using is unbroken; how to find cryptographic oracles; and the various ways in which these oracles can be used to mount attacks against your target.