GreHack-2013-Speakers Talks

De Ensiwiki
Révision de 6 septembre 2013 à 18:58 par Jeanneg (discussion | contributions) (Mathieu Cunche)

Aller à : navigation, rechercher

> GREHACK'13 Entrance Ticket <


Sommaire

Conference - overview

Slides + Talks in english.

Invited Speakers

Keynote

Pic Speaker name Talk Corp/Lab/Gov/Self
Grehack-2013-speakers-herbert bos.jpg Herbert Bos Tain't not enough to fuzz all the memory errors (summary) Vrije Universiteit Amsterdam, Netherlands

Invited Speakers

Pic Speaker name Talk Corp/Lab/Gov/Self
Grehack-2013-speakers-halvar flake.jpg Halvar Flake The many flavors of binary analysis Zynamics,

now a Google company, Zurich, Switzerland

Grehack-2013-speakers-juan-caballero.jpg Juan Caballero Specialization in the malware distribution ecosystem IMDEA, Madrid, Spain

Accepted Papers & Talks

Pic Author(s) Corp/Lab/Gov/Self Paper + Talk
Grehack-2012-speakers-missing picture.png Markku-Juhani Olavi Saarinen CMDCTRL.CC Developing a Grey Hat C2 and RAT for APT Security Training and Assessment (summary)

Grehack-2013-speakers-mathieu cunche.png Mathieu Cunche INSA-Lyon, Lab. CITI, INRIA Privatics I know your MAC Address: Targeted tracking of individual using Wi-Fi (summary)

Grehack-2013-speakers-ludovic apvrille.png Ludovic Apvrille Telecom ParisTech Pre-filtering Mobile Malware with Heuristic Techniques (summary)
Grehack-2013-speakers-axelle apvrille.png Axelle Apvrille FORTINET

Grehack-2012-speakers-missing picture.png Josselin Feist VERIMAG Statically Detecting Use After Free on Binary Code (summary)
Grehack-2012-speakers-missing picture.png Laurent Mounier
Grehack-2013-speakers-marie-laure potet.png Marie-Laure Potet

Grehack-2013-speakers-alejandro nolla.png Alejandro Nolla Amplification DDoS attacks with game servers (summary)

Grehack-2013-speakers-eireann leverett.png Eireann Leverett IOActive, US Vulnerability Inheritance in Programmable Logic Controllers (summary)
Grehack-2013-speakers-reid wightman.png Reid Wightman

Grehack-2013-speakers-jagdish achara.jpg Jagdish Achara Inria Privatics Detecting Privacy Leaks in the RATP App: how we proceeded and what we found (summary)
Grehack-2013-speakers-james-douglas lefruit.png James-Douglas Lefruit
Grehack-2013-speakers-vincent roca.jpg Vincent Roca
Grehack-2013-speakers-claude castelluccia.png Claude Castelluccia

Grehack-2013-speakers-ruo ando.png Ruo Ando NICT, Japan Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism (summary)
Grehack-2012-speakers-missing picture.png Yuuki Takano
Grehack-2013-speakers-satoshi uda.png Satoshi Uda

Grehack-2012-speakers-missing picture.png François Desplanques Ensimag Attacks using malicious devices: a way to protect yourself against physical access (summary)
Grehack-2012-speakers-missing picture.png Guillaume Jeanne

Rump sessions

At the end of the afternoon, rump sessions will take place.

Conference - detailed content

Invited Talks - bio + summary


Herbert Bos - Tain't not enough time to fuzz all the memory errors

Tain't not enough time to fuzz all the memory errors

In this talk, I will discuss the past, present, and future of memory errors, and some of the projects in my group that build on information flow tracking (sometimes referred to as taint analysis) to detect and stop memory corruption attacks, These projects include plain old tainting solutions like Argos and Minemu, as well as more elaborate defenses like BinArmor. Finally, I will discuss new work in my group on fuzzing for buffer overflows (sec13-paper_haller.pdf) which combines taint analysis with symbolic execution and some cool heuristics to track down those pesky overflows in real programs."

Herbert Bos

Grehack-2013-speakers-herbert bos.jpg
  • General Co-Chair for EuroSys 2014
  • Professor at VU University Amsterdam
  • Three of his students have won the ACM SIGOPS Eurosys Roger Needham Award for best Ph.D. thesis in computer systems in Europe.
  • Ph.D. from Cambridge University (UK)

Accepted Papers & Talks - bio + summary

Markku-Juhani Olavi Saarinen - Developing a Grey Hat C2 and RAT for APT Security Training and Assessment

Markku-Juhani Olavi Saarinen

Grehack-2012-speakers-missing picture.png

Dr. Markku-Juhani O. Saarinen is a Research Scientist with Temasek Laboratories, NTU, Singapore. He has worked as a Security Engineer, Consultant and an Academic in the Information Security space for about 15 years. He has authored some 30 peer-reviewed research papers (mainly on breaking symmetric ciphers) but also maintains a well-rounded skill set related to real-life hacking and security engineering.

Markku started out as a software engineer and cryptographer with SSH Communications Security in 1997, where he helped to build the now-ubiquitous SSH2 protocol. After couple of years with Nokia Research and some academic projects, he left to do security consulting in the Middle East in 2004. He operated as a Penetration Testing professional, Security Auditor (PCI DSS QSA) and built custom network filtering and monitoring solutions. He enrolled as a part-time student in the Royal Holloway (University of London) Information Security Ph.D. program in 2005 while continuing to do consulting.

Dr. Saarinen graduated in 2009 with a thesis on Hash Function Cryptanalysis. Prior to joining Temasek Labs @ NTU, he was a Principal Investigator of a DARPA-Funded lightweight cryptography research project with (now defunct) Revere Security Corp. of Texas, USA and a Freelance security analyst with Help AG, Dubai.

Developing a Grey Hat C2 and RAT for APT Security Training and Assessment

We report on the development of a Remote Access Tool (RAT) and related Command and Control (C2) system for the purposes of simulating Advanced Persistent Threat (APT) attacks during security audits. The system, a set of tools collectively called HAGRAT, is a clean-slate in-house development and remarkable for its compact size. As such, it is backdoor-free and not readily identifiable by Anti-Malware and Intrusion Detection tools (as it has not been indiscriminately distributed). We discuss the design requirements, implementation and the actual the effort required todevelop such software.



Mathieu Cunche - I know your MAC Address: Targeted tracking of individual using Wi-Fi

Mathieu Cunche

Grehack-2013-speakers-mathieu cunche.png I am an associate professor at INSA-Lyon / INRIA, member of the Privatics team hosted by the CITI laboratory. Prior to that, I was a researcher at NICTA in the Network Research Group where I was working with Roksana Boreli in the Trusted Networking project. I obtained a Ph.D. in computer science from Grenoble University. This Ph.D. has been done under the supervision of Vincent Roca in PLANETE team at INRIA Grenoble.

I know your MAC Address: Targeted tracking of individual using Wi-Fi

This work is about wireless communications technologies embedded in portable devices, namely Wi-Fi, Bluetooth and GSM. Focusing on Wi-Fi, we study the privacy issues and potential missuses that can affect the owners of wireless-enable portable devices. WiFi enable-devices periodically broadcast in plain-text their unique identifier along with other sensitive information. As a consequence, their owners are vulnerable to a range of privacy breach such as the tracking of their movement and inference of various private information [9, 7]. As serious as those information leakage can be, linking a device with an individual and its real world identity is not a straightforward task. Focusing on this problem, we present a set of attacks that allow an attacker to link a Wi-Fi device to its owner identity. We present two methods that, given an individual of interest, allows to identify the MAC address of its Wi-Fi enabled portable device. Those methods do not require a physical access to the device and can be performed remotely, reducing the risks of being noticed. Finally we present scenarios in which the knowledge of an individual MAC address could be used for mischief.


Ludovic Apvrille and Axelle Apvrille - Pre-filtering Mobile Malware with Heuristic Techniques

Ludovic Apvrille

Grehack-2013-speakers-ludovic apvrille.png bio

Axelle Apvrille

Grehack-2013-speakers-axelle apvrille.png bio

Pre-filtering Mobile Malware with Heuristic Techniques

With huge amounts of new Android applications released every day, in dozens of different marketplaces, Android malware unfortunately have no difficulty to sneak in and silently spread, and put a high pressure on antivirus teams. To try and spot them more easily, we built an infrastructure, named SherlockDroid, whose goal is to filter out the mass of applications and only keep those which are the most likely to be malicious for future inspection by Anti-virus teams. SherlockDroid is made of marketplace crawlers, code-level property extractors and a data mining software which decides whether the sample looks malicious or not. This data mining part is named \textit{Alligator}, and is the main focus of the paper. Alligator classifies samples using clustering techniques. It first relies on a learning phase that determines the intermediate scores to apply to clustering algorithms of Alligator. Second, an operational phase classifies new samples using previously selected algorithms and scores. Alligator has been trained over an extensive set of both genuine Android applications and known malware. Then, it was tested for proactiveness, over new and more recent applications. The results are very encouraging and demonstrate the efficiency of this first heuristics engine for efficiently pre-filtering Android malware.



Laurent Mounier, Marie-Laure Potet and Josselin Feist - Statically Detecting Use After Free on Binary Code

Josselin Feist

Grehack-2012-speakers-missing picture.png

bio

Statically Detecting Use After Free on Binary Code

We present GUEB a static tool detecting Use after Free vulnerabilities on disassembled code. This tool has been tested on a real vulnerability in ProFTPD (CVE-2011-4130).


Alejandro Nolla - Amplification DDoS attacks with game servers

Alejandro Nolla

Grehack-2013-speakers-alejandro nolla.png

bio

Amplification DDoS attacks with game servers

This paper describes how a DDoS amplification attack using game servers works as well as various methods to find vulnerable games and techniques to detect this kind of attack and how to try to mitigate these attacks at different levels of OSI topology as well as different levels at a network schema.


Eireann Leverett and Reid Wightman - Vulnerability Inheritance in Programmable Logic Controllers

Eireann Leverett

Grehack-2013-speakers-eireann leverett.png

bio

Reid Wightman

Grehack-2012-speakers-missing picture.png

bio

Vulnerability Inheritance in Programmable Logic Controllers

200 Programmable Logic Controller (PLC) models from a variety of vendors rely on the same third party library.This CodeSys Runtime library gives these controllers access to 'ladder logic'. The authors discovered authentication bypass vulnerabilities in this library. An unauthenticated attackercould potentially upload ladder logic to the PLCs or halt the programs presently running. The authors subsequently performed a scan of the complete IPv4 internet (0.0.0.0/0) to identify controllers, potentially providing access to critical infrastructure, and shared that data with trusted incident responders.


Jagdish Achara - Detecting Privacy Leaks in the RATP App: how we proceeded and what we found

Jagdish Achara

Grehack-2013-speakers-jagdish achara.jpg

Jagdish Achara got his research master in computer science (Specialty: Services, Security and Networks) from Nancy University in 2011 and since then, working as an Engineer at Inria Privatics team. He is interested in the field of "Security and Privacy (S&P) aspects of Internet" in general. As of today, he is focusing on investigating smart devices (for example, smartphones, smartglasses, smartwatches, smartmeteres etc.) from S&P point of view. Previously, as part of his master studies, he designed and implemented a decentralized shared calendar (abbreviated as DeSCal). On holidays (not all of them however!), you could find him in playgrounds, mountains, parks and of course, somewhere on the roads but rarely in front of the computer.

Detecting Privacy Leaks in the RATP App: how we proceeded and what we found

We analyzed the RATP App, both Android and iOS versions, using instrumented versions of these mobile OSes that we designed. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn't even respect Apple guidelines on device tracking for advertising purposes and profiles user activities across the device through various mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from any App. In addition, our findings are representative of a trend of Advertising and Analytics (A\&A) librairies that try to collect as much information as possible regarding the smartphone and user. These libraries also generate their own persistent identifiers for user profiling across the device to better track the user, and this happens even if the user has opted-out of device tracking. Above all, all this happens without the user knowledge, and sometimes even without the App developer's knowledge who naively includes these libraries during the App development. Therefore this article raises many questions concerning both the bad practices of some actors and the limitations of the privacy control features proposed by iOS/Android Mobile OSs.


Ruo Ando, Yuuki Takano and Satoshi Uda - Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism

Ruo Ando

Grehack-2012-speakers-missing picture.png

bio

Yuuki Takano

Grehack-2012-speakers-missing picture.png

bio

Satoshi Uda

Grehack-2013-speakers-satoshi uda.png

bio

Unraveling large scale geographical distribution of vulnerable DNS servers using asynchronous I/O mechanism

The Domain Name System (DNS) has become one of the most important infrastructures of Internet. Despite of its importance, we have not obtained the comprehensive view of DNS servers deployed in real-world to evaluate the security level with the fine-grained information. This paper we present some results of analyzing DNS servers in some security concerns such as software version and geographical distribution. In experiment, we have succeeded to obtain information of 10,334,293 DNS servers in 24 hours. For rapid crawling, we adopt Libevent which provides asynchronous I/O mechanisms and MongoDB which is fast and document based NoSQL cluster. By analyzing the result of 24 hours monitoring, we have found some important facts for security assessment of DNS deployment in Internet. For example, more than 1000 servers still uses the oldest version of BIND 4.x. Besides, we show in-depth study of geographical distribution of vulnerable DNS servers with time series analysis. It is shown that even advanced IT countries achieving high security level has "weakest link" which means these countries actually has vulnerable DNS servers. Also, it is turned out that the large scale information gathering of vulnerable DNS servers could be easily achieved in only several hours.


Guillaume Jeanne and François Desplanques - Attacks using malicious devices : a way to protect yourself against physical access

François Desplanques

Grehack-2012-speakers-missing picture.png

bio

Attacks using malicious devices : a way to protect yourself against physical access

In recent years, attacks by external devices have experienced a growing interest. These devices are everywhere, we live with them and take them everywhere, even at work. By creating corrupted devices, we can break into private networks which are not connected to the Internet. Just plug the device. This study mainly focuses on attacks by programmable USB devices. To begin with, we make an inventory of the potential of these attacks. Then we analyse weaknesses of these attacks and we give several ways to improve them. Finally, we discuss about various existing measures to limit the impact of such attacks and give countermeasures to our own improvements.