GreHack-2013-Speakers Talks : Différence entre versions
Ligne 315 : | Ligne 315 : | ||
* [https://www.linkedin.com/pub/fran%C3%A7ois-desplanques/67/7ba/475 François Desplanques on LinkedIn] | * [https://www.linkedin.com/pub/fran%C3%A7ois-desplanques/67/7ba/475 François Desplanques on LinkedIn] | ||
|} | |} | ||
+ | ====Guillaume Jeanne==== | ||
+ | |||
+ | {| | ||
+ | | [[Image:Grehack-2012-speakers-missing_picture.png|160px|link=GreHack-2013-Speakers_Talks#Guillaume_Jeanne]] | ||
+ | | | ||
+ | * [https://www.linkedin.com/pub/guillaume-jeanne/54/871/b9a Guillaume Jeanne on LinkedIn] | ||
+ | |} | ||
+ | |||
====Attacks using malicious devices : a way to protect yourself against physical access==== | ====Attacks using malicious devices : a way to protect yourself against physical access==== | ||
In recent years, attacks by external devices have experienced a growing interest. These devices are everywhere, we live with them and take them everywhere, even at work. By creating corrupted devices, we can break into private networks which are not connected to the Internet. Just plug the device. This study mainly focuses on attacks by programmable USB devices. To begin with, we make an inventory of the potential of these attacks. Then we analyse weaknesses of these attacks and we give several ways to improve them. Finally, we discuss about various existing measures to limit the impact of such attacks and give countermeasures to our own improvements. | In recent years, attacks by external devices have experienced a growing interest. These devices are everywhere, we live with them and take them everywhere, even at work. By creating corrupted devices, we can break into private networks which are not connected to the Internet. Just plug the device. This study mainly focuses on attacks by programmable USB devices. To begin with, we make an inventory of the potential of these attacks. Then we analyse weaknesses of these attacks and we give several ways to improve them. Finally, we discuss about various existing measures to limit the impact of such attacks and give countermeasures to our own improvements. |
Version du 11 octobre 2013 à 13:27
> GREHACK'13 Entrance Ticket <
- Keynote: Herbert Bos (VU University, Netherlands)
- Invited Speakers: Halvar Flake (Zynamics-Google, Switz.) and Juan Caballero (IMDEA, Spain)
- Accepted Papers
Sommaire
- 1 Conference - overview
- 2 Conference - detailed content
- 2.1 Invited Talks - bio + summary
- 2.2 Accepted Papers & Talks - bio + summary
- 2.2.1 Markku-Juhani Olavi Saarinen - Developing a Grey Hat C2 and RAT for APT Security Training and Assessment
- 2.2.2 Mathieu Cunche - I know your MAC Address: Targeted tracking of individual using Wi-Fi
- 2.2.3 Ludovic Apvrille and Axelle Apvrille - Pre-filtering Mobile Malware with Heuristic Techniques
- 2.2.4 Laurent Mounier, Marie-Laure Potet and Josselin Feist - Statically Detecting Use After Free on Binary Code
- 2.2.5 Alejandro Nolla - Amplification DDoS attacks with game servers
- 2.2.6 Eireann Leverett and Reid Wightman - Vulnerability Inheritance in Programmable Logic Controllers
- 2.2.7 Jagdish Achara, James-Douglas Lefruit, Vincent Roca and Claude Castelluccia - Detecting Privacy Leaks in the RATP App: how we proceeded and what we found
- 2.2.8 Ruo Ando, Yuuki Takano and Satoshi Uda - Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism
- 2.2.9 Guillaume Jeanne and François Desplanques - Attacks using malicious devices : a way to protect yourself against physical access
Conference - overview
Slides + Talks in english.
Planning at a glance
GreHack 2013 - Planning at a glance
Invited Speakers
Keynote
Pic | Speaker name | Talk | Corp/Lab/Gov/Self |
![]() |
Herbert Bos | Tain't not enough to fuzz all the memory errors (summary) | Vrije Universiteit Amsterdam, Netherlands |
Invited Speakers
Pic | Speaker name | Talk | Corp/Lab/Gov/Self |
![]() |
Halvar Flake | The many flavors of binary analysis | Zynamics,
now a Google company, Zurich, Switzerland |
![]() |
Juan Caballero | Specialization in the malware distribution ecosystem | IMDEA, Madrid, Spain |
Accepted Papers & Talks
Rump sessions
At the end of the afternoon, rump sessions will take place.
Conference - detailed content
Invited Talks - bio + summary
Herbert Bos - Tain't not enough to fuzz all the memory errors
Tain't not enough time to fuzz all the memory errors
In this talk, I will discuss the past, present, and future of memory errors, and some of the projects in my group that build on information flow tracking (sometimes referred to as taint analysis) to detect and stop memory corruption attacks, These projects include plain old tainting solutions like Argos and Minemu, as well as more elaborate defenses like BinArmor. Finally, I will discuss new work in my group on fuzzing for buffer overflows (sec13-paper_haller.pdf) which combines taint analysis with symbolic execution and some cool heuristics to track down those pesky overflows in real programs."
Herbert Bos
Halvar Flake - TBA
TBA
Halvar Flake
![]() |
twitter: @halvarflake
Funny bio from Syscan'13: "Halvar needs no introduction... but I'm going to give him one just to be irritating. A mathematician at heart, Halvar really wants nothing more in life than for things to work just as they should, and for there to be cake afterwards. However, having not revolutionized mathematics by the age of 20, he wisely decided to turn his hand to revolutionizing reverse engineering instead. Since then, he has spent years eviscerating software, building tools that sucked less than all the existing ones and relentlessly pointing out all of the areas where our approaches just aren't working. I pine for a softer, kinder world where formal methods solved everything, other people's software didn't suck so damn much, and gentle giants like Halvar would be free to read poetry and eat their cake in peace.:("
|
Juan Caballero - Specialization in the malware distribution ecosystem
Specialization in the malware distribution ecosystem
In the cybercrime ecosystem attackers have understood that tackling the entire monetization chain is a daunting task requiring highly developed skills and resources. Thus, specialized services have emerged to outsource key parts to third parties such as malware toolkits, exploit marketplaces, and pay-per-install services. Such outsourcing encourages innovation and specialization, enabling attackers to focus on their end goals. This talk describes our research into the specialized services dominating malware distribution.
Juan Caballero
Accepted Papers & Talks - bio + summary
Markku-Juhani Olavi Saarinen - Developing a Grey Hat C2 and RAT for APT Security Training and Assessment
Markku-Juhani Olavi Saarinen
Developing a Grey Hat C2 and RAT for APT Security Training and Assessment
We report on the development of a Remote Access Tool (RAT) and related Command and Control (C2) system for the purposes of simulating Advanced Persistent Threat (APT) attacks during security audits. The system, a set of tools collectively called HAGRAT, is a clean-slate in-house development and remarkable for its compact size. As such, it is backdoor-free and not readily identifiable by Anti-Malware and Intrusion Detection tools (as it has not been indiscriminately distributed). We discuss the design requirements, implementation and the actual the effort required todevelop such software.
Mathieu Cunche - I know your MAC Address: Targeted tracking of individual using Wi-Fi
Mathieu Cunche
I know your MAC Address: Targeted tracking of individual using Wi-Fi
This work is about wireless communications technologies embedded in portable devices, namely Wi-Fi, Bluetooth and GSM. Focusing on Wi-Fi, we study the privacy issues and potential missuses that can affect the owners of wireless-enable portable devices. WiFi enable-devices periodically broadcast in plain-text their unique identifier along with other sensitive information. As a consequence, their owners are vulnerable to a range of privacy breach such as the tracking of their movement and inference of various private information [9, 7]. As serious as those information leakage can be, linking a device with an individual and its real world identity is not a straightforward task. Focusing on this problem, we present a set of attacks that allow an attacker to link a Wi-Fi device to its owner identity. We present two methods that, given an individual of interest, allows to identify the MAC address of its Wi-Fi enabled portable device. Those methods do not require a physical access to the device and can be performed remotely, reducing the risks of being noticed. Finally we present scenarios in which the knowledge of an individual MAC address could be used for mischief.
Ludovic Apvrille and Axelle Apvrille - Pre-filtering Mobile Malware with Heuristic Techniques
Ludovic Apvrille
![]() |
Ludovic Apvrille obtained his M.Sc. in Computer Science, Network and Distributed Systems specialization in 1998 from ENSEIRB and ISAE. He then completed a Ph.D. in 2002, in the Department of Applied Mathematics and Computer Science at ISAE, in collaboration with LAAS-CNRS and Alcatel Space Industries (now, Thalès Alenia Space). After a postdoctoral term at Concordia University (Canada), he joined LabSoc in 2003 as an assistant professor at Telecom ParisTech, in the Communication and Electronics department. He obtained his HDR (Habilitation à Diriger les Recherches) in 2012. His research interests focus on tools and methods for the modeling and verification of embedded systems and Systems-on-Chip. Verification techniques target both safety and security properties. He's the leader of the open-source UML/SysML toolkit named TTool.
|
Axelle Apvrille
![]() |
I am a senior Anti-Virus analyst and researcher for Fortinet. I specialize in mobile malware: reverse engineering, detection, and related research & publications. Before that, my field of expertise was implementation of cryptology algorithms, security protocols and OS.
|
Pre-filtering Mobile Malware with Heuristic Techniques
With huge amounts of new Android applications released every day, in dozens of different marketplaces, Android malware unfortunately have no difficulty to sneak in and silently spread, and put a high pressure on antivirus teams. To try and spot them more easily, we built an infrastructure, named SherlockDroid, whose goal is to filter out the mass of applications and only keep those which are the most likely to be malicious for future inspection by Anti-virus teams. SherlockDroid is made of marketplace crawlers, code-level property extractors and a data mining software which decides whether the sample looks malicious or not. This data mining part is named \textit{Alligator}, and is the main focus of the paper. Alligator classifies samples using clustering techniques. It first relies on a learning phase that determines the intermediate scores to apply to clustering algorithms of Alligator. Second, an operational phase classifies new samples using previously selected algorithms and scores. Alligator has been trained over an extensive set of both genuine Android applications and known malware. Then, it was tested for proactiveness, over new and more recent applications. The results are very encouraging and demonstrate the efficiency of this first heuristics engine for efficiently pre-filtering Android malware.
Laurent Mounier, Marie-Laure Potet and Josselin Feist - Statically Detecting Use After Free on Binary Code
Josselin Feist
![]() |
bio |
Laurent Mounier
![]() |
Marie-Laure Potet
![]() |
Statically Detecting Use After Free on Binary Code
We present GUEB a static tool detecting Use after Free vulnerabilities on disassembled code. This tool has been tested on a real vulnerability in ProFTPD (CVE-2011-4130).
Alejandro Nolla - Amplification DDoS attacks with game servers
Alejandro Nolla
![]() |
Security consultant and ethical hacking. Madrid, España. |
Amplification DDoS attacks with game servers
This paper describes how a DDoS amplification attack using game servers works as well as various methods to find vulnerable games and techniques to detect this kind of attack and how to try to mitigate these attacks at different levels of OSI topology as well as different levels at a network schema.
Eireann Leverett and Reid Wightman - Vulnerability Inheritance in Programmable Logic Controllers
Eireann Leverett
Reid Wightman
![]() |
Vulnerability Inheritance in Programmable Logic Controllers
200 Programmable Logic Controller (PLC) models from a variety of vendors rely on the same third party library.This CodeSys Runtime library gives these controllers access to 'ladder logic'. The authors discovered authentication bypass vulnerabilities in this library. An unauthenticated attackercould potentially upload ladder logic to the PLCs or halt the programs presently running. The authors subsequently performed a scan of the complete IPv4 internet (0.0.0.0/0) to identify controllers, potentially providing access to critical infrastructure, and shared that data with trusted incident responders.
Jagdish Achara, James-Douglas Lefruit, Vincent Roca and Claude Castelluccia - Detecting Privacy Leaks in the RATP App: how we proceeded and what we found
Jagdish Achara
![]() |
Jagdish Achara got his research master in computer science (Specialty: Services, Security and Networks) from Nancy University in 2011 and since then, working as an Engineer at Inria Privatics team. He is interested in the field of "Security and Privacy (S&P) aspects of Internet" in general. As of today, he is focusing on investigating smart devices (for example, smartphones, smartglasses, smartwatches, smartmeteres etc.) from S&P point of view. Previously, as part of his master studies, he designed and implemented a decentralized shared calendar (abbreviated as DeSCal). On holidays (not all of them however!), you could find him in playgrounds, mountains, parks and of course, somewhere on the roads but rarely in front of the computer.
|
James-Douglas Lefruit
![]() |
Vincent Roca
![]() |
I'm permanent researcher, working at Inria, a French public research institute. Since 2013 I am part of the Privatics Inria research team that focuses on privacy. Before that, in 2000-2012, I was member of the Planete Inria research team whose goal was to carry out research in the context of protocol and applications for the Internet. I also spent three years, in 1997-2000, working as an Associate Professor in the Pierre et Marie Curie University (Paris 6), in the Network and Performances group.
|
Claude Castelluccia
Detecting Privacy Leaks in the RATP App: how we proceeded and what we found
We analyzed the RATP App, both Android and iOS versions, using instrumented versions of these mobile OSes that we designed. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn't even respect Apple guidelines on device tracking for advertising purposes and profiles user activities across the device through various mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from any App. In addition, our findings are representative of a trend of Advertising and Analytics (A\&A) librairies that try to collect as much information as possible regarding the smartphone and user. These libraries also generate their own persistent identifiers for user profiling across the device to better track the user, and this happens even if the user has opted-out of device tracking. Above all, all this happens without the user knowledge, and sometimes even without the App developer's knowledge who naively includes these libraries during the App development. Therefore this article raises many questions concerning both the bad practices of some actors and the limitations of the privacy control features proposed by iOS/Android Mobile OSs.
Ruo Ando, Yuuki Takano and Satoshi Uda - Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism
Ruo Ando
Yuuki Takano
![]() |
Satoshi Uda
![]() |
Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism
The Domain Name System (DNS) has become one of the most important infrastructures of Internet. Despite of its importance, we have not obtained the comprehensive view of DNS servers deployed in real-world to evaluate the security level with the fine-grained information. This paper we present some results of analyzing DNS servers in some security concerns such as software version and geographical distribution. In experiment, we have succeeded to obtain information of 10,334,293 DNS servers in 24 hours. For rapid crawling, we adopt Libevent which provides asynchronous I/O mechanisms and MongoDB which is fast and document based NoSQL cluster. By analyzing the result of 24 hours monitoring, we have found some important facts for security assessment of DNS deployment in Internet. For example, more than 1000 servers still uses the oldest version of BIND 4.x. Besides, we show in-depth study of geographical distribution of vulnerable DNS servers with time series analysis. It is shown that even advanced IT countries achieving high security level has "weakest link" which means these countries actually has vulnerable DNS servers. Also, it is turned out that the large scale information gathering of vulnerable DNS servers could be easily achieved in only several hours.
Guillaume Jeanne and François Desplanques - Attacks using malicious devices : a way to protect yourself against physical access
François Desplanques
![]() |
Guillaume Jeanne
![]() |
Attacks using malicious devices : a way to protect yourself against physical access
In recent years, attacks by external devices have experienced a growing interest. These devices are everywhere, we live with them and take them everywhere, even at work. By creating corrupted devices, we can break into private networks which are not connected to the Internet. Just plug the device. This study mainly focuses on attacks by programmable USB devices. To begin with, we make an inventory of the potential of these attacks. Then we analyse weaknesses of these attacks and we give several ways to improve them. Finally, we discuss about various existing measures to limit the impact of such attacks and give countermeasures to our own improvements.