Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Friday, May 5
 

8:00am

Registration/Doughnuts/Coffee
Doughnuts from Maker's (https://www.makersdonuts.com/)

Friday May 5, 2017 8:00am - 9:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

9:00am

Eliminating XSS in PHP: Applying Context-Sensitive Auto-Sanitization to the PHP Programming Language
Cross-Site Scripting (XSS) has been a problem in the modern web dating back to the earliest instances of dynamic web pages. XSS arises when programmers of web applications improperly sanitize user input, which allows malicious or otherwise undesirable input to be inserted into the business logic of the vulnerable application. Though sanitization routines provided by programming languages can prevent these attacks in most cases, they only work if programmers remember to wrap user inputs in these routines. Worse yet, the standard HTML sanitization routines of certain web frameworks (such as PHP) may not be enough to prevent XSS in all contexts. Context-sensitive auto-sanitization (CSAS) seeks to remedy this issue by automatically sanitizing untrusted data for the context in which it is output. While many modern web frameworks provide good protection against XSS, there are few options for existing PHP codebases. In this paper, we present our open-source work sponsored by Cisco Systems to implement CSAS in PHP as a PHP extension that has seen positive results of preventing XSS in PHP web applications automatically and with minimal overhead. It is additionally compatible with PHP 7 and recent versions of Wordpress, MediaWiki, RoundCube Webmail, and other widely used PHP web applications. Join us for a riveting story of the turbulent past of PHP applications numerous XSS vulnerabilities, and witness the beginning of a future of PHP web applications without XSS.

Speakers
JR

Joseph R. Connor

Joseph is a Software Security Engineer at Cisco’s Advanced Security Initiatives Group. He graduated from the University of Tennessee, Knoxville in 2016 with a BS in Computer Science. He also co-founded and led UT’s computer security organization, HackUTK.
avatar for Jared M. Smith

Jared M. Smith

Security Researcher, Oak Ridge National Laboratory
Jared is a Cyber Security Research Scientist at Oak Ridge National Laboratory, where he leads several projects on the Systems Security Research Team. He is currently working on his PhD in Computer Science at the University of Tennessee, Knoxville, where he also received his BS in... Read More →


Friday May 5, 2017 9:00am - 10:00am
KEC 17 Market Square #101, Knoxville, TN 37902

9:00am

Burning Down the Haystack
How do you find the needle in the haystack? Burn all the hay! In this talk, Tim aims to show how automation can help "burn the hay" and deal with the overwhelming volume of alerts that IR analysts deal with on a daily basis. Tim will give examples of Security Automation & Orchestration (SAO) speeding up the alert triage process through enrichment from internal and external tools, proceeding to a human decision in the loop and then going directly to take response action through integration with existing security tools such as firewalls, proxies, and endpoint solutions.

Speakers
avatar for Tim Frazier

Tim Frazier

Security Engineer, Phantom
After 10+ years working on IT Networking and InfoSec in and with large organizations such as the US Army and the Federal Government, Tim made the only logical choice and joined a Cyber Security start up. During his varied career, Tim has built networks, led teams, architected security... Read More →


Friday May 5, 2017 9:00am - 10:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

9:00am

Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware
Ransomware is spreading at an alarming pace and infecting networks across all industries and company sizes, primarily though phishing attacks. The cyber criminals behind the attacks are furiously innovating and keeping ahead of the defenses. In this session we will have an interactive discussion related to the latest in ransomware threats and how to best protect your organization and yourself against this growing threat. In this session we will examine:
  • Current phishing trends
  • Ransomware and how it is infecting networks
  • Effective mitigation strategies
  • Recovering from an attack

Speakers
avatar for Erich Kron

Erich Kron

Security Awareness Advocate, KnowBe4
KnowBe4



Friday May 5, 2017 9:00am - 10:00am
Preservation Pub 28 Market Square, Knoxville, TN 37902

10:00am

MMU Magic in JavaScript: breaking ASLR from a sandbox
This talk presents an ASLR-breaking side channel that exploits a fundamental property of the CPU architecture yet is exploitable from JavaScript. This means browser exploitation from JavaScript will be easier, because memory disclosure bugs are no longer needed to exploit bugs in the browser and JavaScript runtime to leak ASLR information. We have POCs for Firefox and Chrome. This side channel has been confirmed to be present in all 22 different microarchitectures that we tried - including many current-day Intel, AMD and ARM CPU microarchitectures.

More concretely, we are able to write malicious JavaScript code that is able to compute full 64bit virtual addresses of JavaScript data and code locations, as they are being looked up by the MMU, hence breaking the JavaScript ASLR.

We do not rely on any software vulnerabilities to do this. Rather, we exploit the fact that page table cachelines are stored in the CPU cache when used for a lookup. An EVICT+TIME cache attack profiles the cachelines necessary to lookup an address, letting us compute the target lookup address.

Having these addresses makes bugs in the browser and JavaScript runtime easier to exploit. We now know code and data locations that the JavaScript code has filled with whatever code and data the exploit might want to leverage. An exploit can then use this prepared code and data at computed locations at exploitation time - memory disclosure bugs to obtain these addresses are no longer needed.

In this talk we detail the technical workings of this technique, revisiting some CPU architecture lessons as need be. We combine these to form this side channel. Then we discuss its implementation in Javascript, show its performance in some metrics, and show a video demo.

Speakers
avatar for Ben Gras

Ben Gras

Research Intern, Cisco systems
Ben was in the systems security research group of prof. Herbert Bos of the VU University in Amsterdam for 2 years, working on software reliability, defensive research projects, and most recently, offensive research, most noticeably publishing on making cross-VM Rowhammer exploitation... Read More →



Friday May 5, 2017 10:00am - 11:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

10:00am

You can't screw up Poptarts
Implementing an Information Security Program is not a simple process. There's not a simple, one size fits all, two instruction (e.g. Poptarts), playbook for getting it done, and as a result things can be missed.

This is not a technical talk. This is a talk about gaps commonly found in the information security programs in place at organizations of all sizes, verticals, and industries. Its about the details that are sometimes missed within the blueprints of an organizations security program designs. I will discuss some of these key gaps I've seen in my experiences as a Security and Compliance consultant of 15 years and offer guidance on how to address them.




Speakers
avatar for Kevin Thomas

Kevin Thomas

Co-Founder, Contextual Security
Co-founder of Contextual Security Solutions, Halo Enthusiast, Fan of Poptarts, Bald.


Friday May 5, 2017 10:00am - 11:00am
KEC 17 Market Square #101, Knoxville, TN 37902

10:00am

OSINT For the Win: Integrating with Social Engineering for Better Pen Testing
Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. But those attacks are only as good as the information used to create them. This presentation will arm you with the latest open-source intelligence (OSINT) tools and techniques needed for gathering detailed information on your targets, turning your social engineering ops into carefully targeted precision strikes that can greatly improve your results. We'll also cover steps that you can take to reduce your own OSINT exposure, protecting you and your organization. You'll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Social Engineer Toolkit and recon-ng.

Speakers
avatar for Joe Gray

Joe Gray

Senior Security Architect, IBM
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys... Read More →


Friday May 5, 2017 10:00am - 11:00am
Preservation Pub 28 Market Square, Knoxville, TN 37902

11:00am

Open Source Defense: Building a Security Program with Zero Budget
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

Speakers
avatar for Kyle Bubp

Kyle Bubp

Founder & Principal Consultant, Savage Security
For over a decade, Kyle Bubp has been elevating the state of security for enterprises, service providers, government organizations and the industry at large. Throughout his career, Kyle has worked on several privileged and classified U.S. government projects for multiple 3-letter... Read More →



Friday May 5, 2017 11:00am - 12:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

11:00am

FTFY: The Addictive Game of Mending Malware Misbehavior with flare-qdb and Vivisect
flare-qdb is a Python CLI and library for observing and manipulating native software execution. It is also the gateway drug that led me down the path to excessive and highly pleasurable abuse of the Vivisect library. I'll discuss and demonstrate using flare-qdb and Vivisect to solve CTF challenges, turn a backdoor into a docile CLI string decoder, and unpack the PowerDuke backdoor that APT29 used against the DNC. To get a preview, check out tinyurl.com/flare-qdb-intro.

Speakers
avatar for Michael Bailey

Michael Bailey

Senior Reverse Engineer @ FLARE, FireEye
Come see my Python-based DBI talk, "FTFY: The Addictive Game of Mending Malware Misbehavior with flare-qdb". @mykill on twitter. Also check out http://baileysoriginalirishtech.blogspot.com/ Bio: Michael Bailey is a reverse engineer for FLARE who lives in Huntsville, Alabama. He... Read More →


Friday May 5, 2017 11:00am - 12:00pm
Preservation Pub 28 Market Square, Knoxville, TN 37902

11:00am

Code BROWN in the Air
The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device.

Speakers
avatar for Stephen Hilt

Stephen Hilt

Sr. Threat Researcher, Trend Micro
tephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for over 10 years. He began his career working for a large power utility in the United States where he gained an extensive background in security network engineering, incident response, forensics... Read More →


Friday May 5, 2017 11:00am - 12:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

12:00pm

Catered Lunch
Lunch will be handed out in Scruffy City Hall (Track 1)

Friday May 5, 2017 12:00pm - 1:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

1:00pm

The Luxury of Security
We're rapidly approaching computational post-scarcity. The history of computing has gone through many phases that could be defined by what we do with 'spare cycles' - do we increase performance, do we add usability features, add interconnectivity, or even add security?
I'll take a look back at some history of hardware and software development to identify how we allocated our spare cycles over time, and perhaps explain why securing things will continue be a challenge for some time to come and how we can best approach it.

Speakers
avatar for Joe FitzPatrick

Joe FitzPatrick

Trainer and Researcher, SecuringHardware.com
Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com. Joe spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware... Read More →


Friday May 5, 2017 1:00pm - 2:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

2:00pm

Escape And Evade: Fugitive Infosec Lessons from CBS's "HUNTED"
About the Talk
We will talk about the ways the people on CBS's "HUNTED" used technology to escape, evade, and even taunt the trained hunters pursuing them. We will use these clips to talk about security techniques, methods, and real world applications for today's information security professional.

About Hunted
Hunted follows nine teams of two in a real-life manhunt as they attempt the nearly impossible task of disappearing in today’s vast digital world as highly skilled investigators combine state-of-the-art tracking methods with traditional tactics to pursue and catch them. From searching their targets’ homes and scouring their internet and cell phone histories, to identifying behavioral patterns, Hunters in the field and Command Center investigators work together to identify clues to potential hiding places and collaborators that can ultimately lead to capture. A grand prize of $250,000 will be awarded to each team that successfully evades being caught for up to 28 days.

Speakers
SP

Shannon Powers

He first started hacking on a TRS80 at the kitchen table. While not in front of a glowing screen, he has a growing interest in escape rooms.



Friday May 5, 2017 2:00pm - 3:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

2:00pm

Hillbilly Storytime - Pentest Fails
Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to talk a load off for a bit, come and join in as a hillbilly spins a yarn about a group unfortunate pentesters and their misadventures. All stores and events are true (but the names have been be changed to prevent embarrassment).

Speakers
AC

Adam Compton

Adam Compton has been a programmer, researcher, professional pentester, father, husband, and farmer. Adam has over 17 years of programming, network security, incident response, security assessment, and penetration testing experience. Throughout Adam's career, he has worked for both... Read More →


Friday May 5, 2017 2:00pm - 3:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

3:00pm

The Details of Forensic Case Studies
Digital forensics talks can take various approaches. One angle is the detailed art of digital forensics that describes the low level details of how we succeed as forensic analysts. Another angle to provide the entertaining case studies that demonstrate the fruits of our efforts. In this talk, Bill Dean will take the hybrid approach of case studies followed up with the needed “how to” that involves the necessary details on methodology, tools, and results that make case studies possible. Attendees will hear:

• How digital forensics provides value
• Details of tools and approaches to be successful, including commercial and open source forensics tools
• Case studies of success

Speakers
BD

Bill Dean

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information... Read More →


Friday May 5, 2017 3:00pm - 4:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

3:00pm

Weaponizing Splunk: Using Blue Team Tools for Evil
Splunk is a log aggregation and correlation tool that is normally used for defensive analysis and infrastructure management. What if Attackers could use this same tool against the blue team? Companies deploy security products with no real purpose other than checking a box. While these tools can be used for good they can also turn against the organization and become their worst nightmare. During this presentation, I will discuss creative uses of Splunk that penetration testers and red teamers can use to gain more access and move laterally within an organization.

Speakers
avatar for Ryan Hays

Ryan Hays

Director of Security Engineering, TBG Security
Ryan is the Director of Security Engineering at TBG Security. With 15 years of experience in the IT field, he has worked in a variety of capacities, currently specializing in offensive security and threat emulation techniques. During his career, he has worked with a multitude of Fortune... Read More →


Friday May 5, 2017 3:00pm - 4:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

4:00pm

Exploit Kits Explained
Exploit kits (EKs) first appeared in 2006 but their initial growth was limited by the high level of technical expertise required to use them. Over time, however, EKs have steadily evolved into easy to use (and important) tools in the growing Crimeware-as-a-Service (CaaS) industry. Due to their effectiveness in delivering many different kinds of malware, Blue Teams should understand them. This presentation will begin by differentiating an exploit from a payload. It will then define the term exploit kit and discuss their most common characteristics, including their management consoles and delivery techniques. To give attendees some perspective, the presentation will examine several famous EKs to explain what makes them so successful. Attendees will then be led through an example EK Infection Chain, including a discussion of the crucial role that DNS plays in EK effectiveness. The session will close with a discussion of current best practices for protecting against EKs and predictions of what Blue Teams can expect to see from EKs in the future.

At the end of this presentation participants will be able to:
•Explain what exploits kits are and what they are most commonly used for
•Describe the relationship between exploit kits and Crimeware-as-a-Service (CaaS)
•Describe the difference between an exploit and a payload
•Name exploit kit components and architecture
•Discuss exploit kit delivery methods
•List the prerequisites required for an exploit kit to successfully compromise a device
•Deploy those best practices that will most protect against exploit kits
•Explain why exploit kits will continue to threaten all types of organizations for the foreseeable future

Speakers
avatar for David Vargas

David Vargas

SNE, VATG, Inc.
Dave Vargas is a lead consultant at VATG, Inc. where he fights (and sometimes defeats) all kinds of malware. In his spare time, he teaches cybersecurity at several colleges in the Washington, DC-area. Dave graduated magna cum laude from The George Washington University and has completed... Read More →


Friday May 5, 2017 4:00pm - 5:00pm
KEC 17 Market Square #101, Knoxville, TN 37902

4:00pm

Saving My Car By Hacking It: A Tale of Joy and Woe
One fine summer day, my 1997 Chevrolet Cavalier decided to die. Desperate to save my beloved car, I embarked on a journey to save it.
After some troubleshooting, the problem was narrowed down to the car’s anti-theft system. Even after replacing every component, including the car’s computer, the anti-theft system would still shut off the engine a few seconds after starting it. Rather than give up, I decided to attack the component responsible for making this decision -- the computer.
This talk will discuss my descent into madness as I strove to hack the car’s PCM to disable its anti-theft feature. Everything from physically extracting and dumping the Flash chip holding the PCM’s firmware, to reverse engineering the code, to actually writing a simulator and debugger for a completely unknown device, to finally patching the PCM’s firmware will be described for your entertainment and edification.

Speakers
avatar for Brandon Wilson

Brandon Wilson

Brandon Wilson is an East Tennessee State University graduate, software developer, application security consultant, and hacker of random things like game consoles and TI graphing calculators. An avid tinkerer of anything USB-related, he has spoken at DerbyCon about BadUSB and appeared... Read More →


Friday May 5, 2017 4:00pm - 5:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

5:00pm

How to kick start an application security program
Management wants a security program setup in the software development life cycle (SDLC). You have very little programing experience. What do you do? This talk will walk through my experience of setting up appsec programs with minimal programming experience. The first part of the journey will cover tools. How a dynamic and static analyzer fit into an appsec program. Options for tracking vulnerabilities. Working with developers to remediate findings. Training developers to use the tools. The second part of the journey will focus on strategy. Understanding the environment. Implementing assessments and processes. Training developers to improve their security mindset. Finally, the talk will touch on potential next steps. This talk is for those looking to make an impact in the SDLC.

Speakers
avatar for Timothy DeBlock

Timothy DeBlock

Senior Software Security Engineer
Timothy De Block is a senior software security engineer based in Nashville, TN. In his current role he provides guidance to the development on all things security. He believes in building strong relationships and putting people in a position to succeed. As a presenter he believes... Read More →


Friday May 5, 2017 5:00pm - 6:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902

5:00pm

You can run, but you can't hide. Reverse engineering using X-Ray
Most of us have knowledge of PCB construction. In the past reversing someone's design was an easy task most of the time. Now with BGA's and manufacturers using several plane layers cover the entire PCB design while obscuring the details within the PCB from view. Thru the use of X-Ray, we are able to reverse engineer virtually anything. Slides will be shown of several PCB designs and how easy it was to reverse engineer the PCB. New to the presentation this year will be videos of Dynamic zoom; this will demonstrate the true power of the X-Ray and its ability to see sub-micron features within the PCB structure and devices while presenting a live view.

Speakers
GT

George Tarnovsky

Working with Cisco for several years, coming from 16 years in the conditional access world reverse engineering devices used for signal theft. Focus on FPGA design.


Friday May 5, 2017 5:00pm - 6:00pm
KEC 17 Market Square #101, Knoxville, TN 37902