00
days
00
hours
00
minutes
00
seconds
#ncn2k20
Live edition on twitch!
Address
bc1qr7uat3k6hl3lwn5jqlwl8vhlsrs3e33qdz6pku3ag9zl7t4mss2qvlx5pg
Privacy & Net Neutrality Track
Deploying and protecting onion services
Silvia Puglisi
Tor is an important tool for providing privacy and anonymity online. We provide privacy at the application level through the Tor Browser, and with .onion services, Tor allows users to hide their locations while offering various kinds of services.
With .onion services you can provide any service on the Tor network while also preserving your anonymity as an operator.
Because .onion services live on the Tor network, you do not need hosting or a public IP address to offer some app via an .onion address.
The Onion can be hosted anywhere, on your computer, on an IoT device or on any hosting service.
Deploying an .onion is easier than you might think, but there are a few things that you might have to consider.
This talk is about using onion services, how to deploy and protect them. We will discuss some of the latest advancements and a demystifying a few of the known attack and ddos techniques.
Systems Engineer based in Barcelona, EU. Currently working at torproject.org. In the past was part of the Information Security Group in the Department of Telematics Engineering at Universitat Politècnica de Catalunya (UPC) where got Ph.D. I research topics in the fields of privacy and anonymity and interested in online disinformation operations.
Una visión al día de la normativa europea de gestion de datos, personales o no.
Josep Jover
Analizamos las diversas directivas y reglamentos europeos en vigor que modifican el RGPD y toda la normativa española. Veremos que se crean nuevos derechos fundamentales, como el derecho al acceso de la información pública.
Abogado, especializado en propiedad intelectual y derechos de autor , y gestor de conflictos. Es director del bufete Estudios Jurídicos. Obtiene su licenciatura por la Universidad de Barcelona y ejerce como abogado desde 1983 en las ramas de derecho civil, mercantil y comunitario; y como auditor informático desde 1997.
Abusos institucionales de los datos
Simona Levi
El derecho a la protección de datos personales es un derecho fundamental relacionado con la privacidad que garantiza a la persona el control
sobre sus datos, sobre su uso y destino. En pocas palabras, hablar de datos es hablar de control; es preguntarse sobre quién puede saber
quiénes somos, dónde vivimos, qué hacemos durante el día y durante la noche; qué gustos, convicciones, vicios, placeres, dolores tenemos, etc.
Es un derecho que debería ser respetado tanto por parte de organismos públicos como privados. Se ha hablado mucho de los abusos con los datos personales por parte de Facebook y otras compañías privadas, pero en cambio, se han comentado poco los incumplimientos por parte de Administraciones públicas o instituciones, las políticas que socavan la privacidad del conjunto de la ciudadanía, los pequeños (o grandes) abusos cotidianos a los que se somete a las personas.
Es un derecho que debería ser respetado tanto por parte de organismos públicos como privados. Se ha hablado mucho de los abusos con los datos personales por parte de Facebook y otras compañías privadas, pero en cambio, se han comentado poco los incumplimientos por parte de Administraciones públicas o instituciones, las políticas que socavan la privacidad del conjunto de la ciudadanía, los pequeños (o grandes) abusos cotidianos a los que se somete a las personas.
Cybersecurity Talks
Understanding and Hiding your Operations
Daniel Lopez Jimenez
Operational Security (OPSEC) is one of the most important aspects to consider in Adversary Simulations
(usually called "Red Teaming"). When talking about OPSEC, it is common to think around matters like
AV/EDR evasion, avoiding "noises" or using builtin/legitimate tools whenever is possible. In fact, the
scope of the term OPSEC is usually wider than that.
OPSEC usually refers to the identification and protection of data that could be useful for an adversary. In
Adversary Simulations, the adversary is the organisation's security team (Blue Team) and the goal is to
improve their detection capabilities. This is why the maturity of an organisation should dictate the
complexity required to carry out these operations, so that the objectives are met with the minimum
effort, as it would do an attacker in real life.
For example, for experienced Blue Teams, the mere fact of using legitimate tools such as net.exe (e.g.
“net users /domain”) or powershell.exe could be a reason for the whole operation to be discovered,
whereas in other organisations or situations these same actions could remain completely unnoticed.
In this talk we will discuss how you should review and understand your own toolset and procedures in
order to gain OPSEC. We will comprehend how to deal with trade-offs, and why understanding your
adversary is key in that matter. In addition, sources of detection (disk, memory, network...) and
resources commonly employed by defenders (events, hooks, callbacks...) will be explained visually and
practically to help you building and improving your operations.
Understanding and Hiding your Operations’ goal is to be a resource for comprehending the meaning of
OPSEC and creating awareness in your operations, so as you can successfully face – and improve –
experienced security teams and their detection capabilities.
Daniel has been focused on the penetration testing field since he finished his studies back in 2018. Currently he is a Security Consultant at NCC Group, where he delivers different kinds of security assessments and he collaborates developing tools for the Full Spectrum Attack Simulation (FSAS) team, in charge of delivering Red Teaming exercises around the world, has been pretty involved in the security community. He is a regular speaker in security conferences, mainly focused on enterprise security and Red Team operations.
Advanced fuzzing workshop
Antonio Morales
In this workshop, covers some advanced fuzzing techniques and tricks for finding bugs in real modern software.
The workshop has a practical orientation so that attendees get a chance to learn by themselves and use their acquired knowledge. The format of the workshop will be a CTF (Capture-the-flag).
Also show real vulnerabilities that I have found during the last year, as well as how I've used fuzzing to find them. Such bugs will serve as a starting point for the rest of the workshop.
- Basic knowledge of fuzzing
- Working knowledge of C programming
- Command-line basics
- Bug hunting experience is desirable
Covers different fuzzing topics, including the following:
- Sanitizers (ASAN, UBSAN, MSAN, etc.)
- Custom coverage and efficient instrumentation
- Dictionaries optimization
- Dealing with checksums, ciphers, and other monsters
- Structure-aware fuzzing & Custom Mutators
- Domain-specific feedback (FuzzFactory)
- Parallel fuzzing and Mutation scheduling
URL: https://github.com/NocONName/NoConName_Advanced_Fuzzing_Workshop-
The workshop has a practical orientation so that attendees get a chance to learn by themselves and use their acquired knowledge. The format of the workshop will be a CTF (Capture-the-flag).
Also show real vulnerabilities that I have found during the last year, as well as how I've used fuzzing to find them. Such bugs will serve as a starting point for the rest of the workshop.
- Basic knowledge of fuzzing
- Working knowledge of C programming
- Command-line basics
- Bug hunting experience is desirable
Covers different fuzzing topics, including the following:
- Sanitizers (ASAN, UBSAN, MSAN, etc.)
- Custom coverage and efficient instrumentation
- Dictionaries optimization
- Dealing with checksums, ciphers, and other monsters
- Structure-aware fuzzing & Custom Mutators
- Domain-specific feedback (FuzzFactory)
- Parallel fuzzing and Mutation scheduling
URL: https://github.com/NocONName/NoConName_Advanced_Fuzzing_Workshop-
Scaling detection with osquery + osctrl
Javier Marcos
Understanding well how the osquery remote API works is the first step to build scalable software around it. We will discuss the approach to go from just a few nodes to dozens of thousands while keeping everything working smoothly.
None of the secret sauce is actually secret, since it’s still open source!
Osquery (https://osquery.io) is an open source tool, originally developed by the Facebook Security team and currently managed by its own community as part of the Linux Foundation. It allows you to run a SQL engine on top of your operative system, and to use SQL queries to extract information about the health state and changes of the systems in your networks. This tool enhances the incident response capabilities of a Security team and it is important to understand the differences between the osquery shell (osqueryi) and the osquery daemon (osqueryd) and how to use them in a large enterprise network. In particular the remote API of osquery.
Understanding well how the osquery remote API works is the first step to build scalable software around it. We will discuss the approach to go from just a few nodes to dozens of thousands while keeping everything working smoothly. None of the secret sauce is actually secret, since it’s still open source!
A solution to enhance the detection capabilities of osquery is osctrl (https://osctrl.net), a fast and efficient osquery management solution, that implements its remote API as TLS endpoint, and allows to monitor, configure and interact with all your production or corporate assets, that use osquery as host instrumentation solution.
Osctrl has been used in corporate and production environments with thousands of nodes, thanks to its ability to scale and provide a reliable solution. Its particular architecture is key to scale, whether the environment is cloud, virtualized, container based or even bare metal.
None of the secret sauce is actually secret, since it’s still open source!
Osquery (https://osquery.io) is an open source tool, originally developed by the Facebook Security team and currently managed by its own community as part of the Linux Foundation. It allows you to run a SQL engine on top of your operative system, and to use SQL queries to extract information about the health state and changes of the systems in your networks. This tool enhances the incident response capabilities of a Security team and it is important to understand the differences between the osquery shell (osqueryi) and the osquery daemon (osqueryd) and how to use them in a large enterprise network. In particular the remote API of osquery.
Understanding well how the osquery remote API works is the first step to build scalable software around it. We will discuss the approach to go from just a few nodes to dozens of thousands while keeping everything working smoothly. None of the secret sauce is actually secret, since it’s still open source!
A solution to enhance the detection capabilities of osquery is osctrl (https://osctrl.net), a fast and efficient osquery management solution, that implements its remote API as TLS endpoint, and allows to monitor, configure and interact with all your production or corporate assets, that use osquery as host instrumentation solution.
Osctrl has been used in corporate and production environments with thousands of nodes, thanks to its ability to scale and provide a reliable solution. Its particular architecture is key to scale, whether the environment is cloud, virtualized, container based or even bare metal.
Javier is an experienced Security Engineer and Systems Architect with extensive experience in both well established corporations and startups. In the last 10+ years he has applied the expertise acquired in the field of software and systems engineering, towards building offensive and defense capabilities for some of the top companies in the world. His passion for Linux and open source has been reflected by his contributions to large projects, such as osquery, and recently with the creation of osctrl, a scalable and modular TLS endpoint for osquery assets.
Hardware Keyloggers around the world
Joel Serna Moreno
En esta charla se mostrará el uso de keyloggers físicos en hacking ético/red team desde un enfoque técnico, mostrando su desarrollo, funcionamiento, configuración, etc.
Los asistentes podrán ver los diferentes keyloggers comerciales y el desarrollo de keyloggers propios más avanzados y específicos, usando hardware de bajo coste, con el fin de desarrollar dispositivos keyloggers con otras funcionalidades añadidas: hacking WiFi, BadUSB, ADB, etc.
Durante la charla se mostrará el proceso del desarrollo de un keylogger de hardware (DIY) básico, usando la memoria EEPROM para almacenar las teclas presionadas, explicando el funcionamiento del mismo y el uso de las teclas/modificadores.
Finalmente se mostrará el desarrollo de un keylogger más avanzado, un dispositivo multi-uso capaz de actuar como un keylogger de hardware, capaz de almacenar las teclas presionadas en una tarjeta MicroSD y tener el control del dispositivo mediante una comunicación inalámbrica (WiFi). El dispositivo también tendrá otras funciones (hacking wifi, badusb, ejecución de comandos ADB, etc).
Los asistentes podrán ver los diferentes keyloggers comerciales y el desarrollo de keyloggers propios más avanzados y específicos, usando hardware de bajo coste, con el fin de desarrollar dispositivos keyloggers con otras funcionalidades añadidas: hacking WiFi, BadUSB, ADB, etc.
Durante la charla se mostrará el proceso del desarrollo de un keylogger de hardware (DIY) básico, usando la memoria EEPROM para almacenar las teclas presionadas, explicando el funcionamiento del mismo y el uso de las teclas/modificadores.
Finalmente se mostrará el desarrollo de un keylogger más avanzado, un dispositivo multi-uso capaz de actuar como un keylogger de hardware, capaz de almacenar las teclas presionadas en una tarjeta MicroSD y tener el control del dispositivo mediante una comunicación inalámbrica (WiFi). El dispositivo también tendrá otras funciones (hacking wifi, badusb, ejecución de comandos ADB, etc).
Attacking Big Data Land
Jeremy Brown
In this talk, we'll break down how one can exploit an ecosystem that enables management, querying, processing, and storage of, yes you guessed it, copious amounts of data. Hadoop and its many friends have been making their way into companies analyzing (sometimes, after massively collecting...) such data for years now, but they also make it easy to find organizations deploying things internally with security either off by default or otherwise exposed to various critical misconfigurations and access control issues.
If you're running engagements, this should also give you a headstart on what to look for, how to attack networks where these products are running along with a few good ways to make them more defendable. Because if you want to defend well, you need to optimize towards mitigating actual risk vs theoretical, and there's no better way to determine if attacks are real than trying them out yourself. Let's say you just want to better understand how to shell out on servers running Apache Cassandra, Drill, Mesos... well, it may add a few pages to your playbook.
If you're running engagements, this should also give you a headstart on what to look for, how to attack networks where these products are running along with a few good ways to make them more defendable. Because if you want to defend well, you need to optimize towards mitigating actual risk vs theoretical, and there's no better way to determine if attacks are real than trying them out yourself. Let's say you just want to better understand how to shell out on servers running Apache Cassandra, Drill, Mesos... well, it may add a few pages to your playbook.
Jeremy is a security professional largely focused on offensive security along with vulnerability research and automation. He has gained extensive software security experience working at software and service companies, large and small, for over a decade as well as publishing research in the security community. He has taken the opportunity to gain expertise in many different areas including bug hunting, app/prod/infra security, fuzzing, as well as breaking cloud and web services.
Unrelocating Windows modules in memory dumps
Ricardo J. Rodríguez
Memory forensics is useful to provide a fast triage on running processes at the time of memory acquisition in order to avoid unnecessary forensic analysis. However, due to the effects of the execution of the process itself, traditional cryptographic hashes, normally used in disk forensics
to identify files, are unsuitable in memory forensics.
To minimize the avalanche effect, similarity digest algorithms allow an analyst to compute a similarity score of inputs that can be slightly different. In this talk, we focus on the issues caused by relocation of Windows processes and system libraries when computing similarities between them and introduce two methods (Guided De-relocation and Linear Sweep De-relocation) to pre-process a memory dump.
The goal of both methods is to identify and undo the effect of relocation in every module contained in the dump, providing sanitized inputs to similarity digest algorithms that improve similarity scores between modules. Both methods have been integrated in a Volatility plugin and evaluated them in different scenarios, showing the practicability of our approach.
To minimize the avalanche effect, similarity digest algorithms allow an analyst to compute a similarity score of inputs that can be slightly different. In this talk, we focus on the issues caused by relocation of Windows processes and system libraries when computing similarities between them and introduce two methods (Guided De-relocation and Linear Sweep De-relocation) to pre-process a memory dump.
The goal of both methods is to identify and undo the effect of relocation in every module contained in the dump, providing sanitized inputs to similarity digest algorithms that improve similarity scores between modules. Both methods have been integrated in a Volatility plugin and evaluated them in different scenarios, showing the practicability of our approach.
My Google Scholar is accessible in https://scholar.google.es/citations?user=HlQC1OcAAAAJ&hl=en ,while my publications are available in https://webdiis.unizar.es/~ricardo/publications/
I’ve experience in other CONs such as several past editions of NcN, RootedCON, HackLU, HackInParis, HITB Amsterdam, among others. My research interests span over program binary analysis and forensics.
Istio is BKF (best kubernetes friend)
Antonio Juanilla
Se aprenderá a utilizar istio para securizar los microservicios que corren en los pods de kubernetes.
En este taller se busca enseñar los conceptos base de la cultural secdevops en entornos cloud native con kubernetes e istio como service mesh para securizar pods.
En este taller se busca enseñar los conceptos base de la cultural secdevops en entornos cloud native con kubernetes e istio como service mesh para securizar pods.
Antonio Juanilla es desarrollador de software, amante del hacking y la ciberseguridad en los ratos libres, con una mente “inquieta” y fuertemente involucrado con las nuevas tecnologías. Co-Organizador de las comunidades de HackMadrid %27 y HackBarcelona %27, defensor de la democratización de la tecnología para mejorar sociedad, Speaker en los diferentes eventos de ciberseguridad de España y Latam.
Explorations in Wireless cracking techniques
Michael Saine and Juan Wilson
This program will demonstrate the not only the inherent vulnerability towards current wireless network standards, but also explain/demonstrate the ease at which a much, much younger hacker can obtain these items and configuration to build a device using free and available information to secure network connections, using the pwnogotchi device as an example.
This talk will finish with a frank discussion of the appropriate attack vectors this device can provide, within the context of attack vectors and ways to mitigate the probable/possible damages and discuss the training of the next generation of young future security personnel, WHO is training them, and why aren’t we starting now?
This talk will finish with a frank discussion of the appropriate attack vectors this device can provide, within the context of attack vectors and ways to mitigate the probable/possible damages and discuss the training of the next generation of young future security personnel, WHO is training them, and why aren’t we starting now?
Michael Saine has a 4.00 MS degree with honors in Cybersecurity from University of Maryland College (2020) with a myriad of different industrial certificates. He was most recently published in the 2020 ITSN Journal Publication.
Enrique Wilson is a 9 th grader and future aspiring Ethical Hacker
Hacking Music
Pete Herzog and Xavi de la Iglesia
Is it really just a song?
We applied AI and a meta research approach correlating the research on sound, music, behavioral psychology, and the physical effects of frequencies to determine a template for creating constructive music with a purpose. We will walk you through our findings and provide examples of the music we created according to these templates.
Understanding what’s in your music is almost as important as knowing what’s in your food. We know how important sound is in movies for building the atmosphere but few people recognize how what’s in their music can also affect their behaviors. And there’s no patch for it.
We applied AI and a meta research approach correlating the research on sound, music, behavioral psychology, and the physical effects of frequencies to determine a template for creating constructive music with a purpose. We will walk you through our findings and provide examples of the music we created according to these templates.
Understanding what’s in your music is almost as important as knowing what’s in your food. We know how important sound is in movies for building the atmosphere but few people recognize how what’s in their music can also affect their behaviors. And there’s no patch for it.
XAVI DE LA IGLESIA Músic, compositor, lletrista i il·lustrador de Barcelona. Co-fundador de Invisibles. Fundador, compositor, lletrista i productor de Blaumut.
PETE HERZOG Hacker, Discrete Problem-Solver, Straight-shooter. Co-founder of Invisibles, ISECOM, Urvin.AI, and Akiya Research. Creator of the OSSTMM and Hacker Highschool. Five-time speaker at RSA San Francisco, regular Keynote speaker at security conferences, and Security Trainer. Advisor at NATO, Blackberry/Cylance.
Colaboradores
Schedule (GMT+1)
Friday 18th December 2020 (Privacy)
Saturday 19th December 2020 (Cybersecurity Track)
Introduction Staff
Joel Serna Moreno - Hardware Keyloggers around the world
Daniel López Jiménez - Understanding and Hiding your Operations
Break – Take your breakfast
Michael Saine & Juan Wilson - Explorations in Wireless cracking techniques
Silvia Puglisi - Deploying and protecting onion services
Break – Take your dinner
Antonio Morales - Advanced fuzzing workshop
Closing Saturday Cybersecurity Track
Sunday 20th December 2020 (Cybersecurity Track)
Introduction Staff
Jeremy Brown - Attacking Big Data Land
Antonio Juanilla - Istio is BKF(best kubernetes friend)
Ricardo J Rodriguez - Unrelocating Windows modules in memory dumps
Javier Marcos de Prado - Scaling detection with osquery + osctrl
Closing Sunday Cybersecurity Track
Closing #ncn2k20 edition