Kiwicon 8: Hackers just wanna have fun

When Super Mario looks at your average network topology diagram he sees opportunity in those bricks and adventure in those pipes! Join Mario as we target the Cisco ASA firewall on our way to rescue Princess Peach from Bowser's Castle.

Chaining no less than three previously unknown exploits we will remotely compromise the perimeter Cisco ASA firewall. Then, using the firewall's built-in NAT functionality we will explore the possibility of moving laterally while evading anomaly and flow analytics based network intrusion detection.

This talk will explore the inner workings of the Cisco ASA appliance and present opportunities for further exploit development and the placement of reboot persistent rootkits. This presentation will have you question the security of your network security devices and leave you asking if we should hold security vendors to a higher standard.

2 guys, 1 talk... wepiv and narc0sis are going to tag team this presentation WWF styles, just like its the 80's. This talk is a collection of ideas and concepts from wepiv and narc0sis' rage sessions about the snake oil being hawked today, and branded as threat intelligence.

wepiv will dive into the scaling effects in network attack and defence, the asymmetrical advantages for defenders, and how to implement them in your network from both an architecture and operational perspective. narc0sis will explain why information sharing is dead, why information exchange is the next revolution for defenders, and how threat intelligence and asymmetric defence underpin this revolution.

wepiv has led diverse technical and strategic efforts in network and product security for government agencies and fortune 50 enterprises. wepiv specializes in security architecture, adversary emulation, network analysis, attack methodologies, incident response, threat intelligence and product security. He has spoken at numerous conferences including RECON, DerbyCon, BSides PDX, BSides Vancouver and BSides Seattle.

narc0sis $dayjob involves working in security response and drinking lots of koolaid. Originally from the land of the long white cloud, narc0sis now resides in the somewhat 'smokey' clouds of Seattle, and he gets warm fuzzies working on security automation and enabling information exchange.

It's 2014 and people still care about DVD and Blu-ray region encoding. The number of easily-modifiable players has decreased. Companies will charge you to re-chip players to let you watch your legally purchased goods. But in a world where it's cheaper to throw Linux on a Chinese SoC than it is to design anything yourself, a world where most people's idea of DRM is "stick it in a kernel driver", a world where nobody can write secure code to save their fucking life, is there an easier way?

(Spoiler: yes)

Have you ever wanted someone to just cut to the chase and tell you which secure messaging app to use? If so, you will probably hate this talk.

We can't really discuss OPSEC without getting into threat modelling, and that takes ages. Communications Security, on the other hand, can be considered a little more generally. That's not to say, however, that one can simply magic up a list of assorted tools, pick some arbitrary checkboxes and then produce a set of rankings. That would be stupid. In this talk we run over the core principles of COMSEC, examining real-world successes and failures. Then, based on that, we'll get into a detailed analysis of considerations and concrete options for tooling.

SPOILER: None of the options are Cryptocat.

@rantyben is a hacker warrior poet, with a lineage of verse spanning from the opening of the eEye through to modern treatise on pig nuts (not a metaphor; Ben deals only in the literal.) Ben spends his time ranting drunkly with equal vehemence towards bad grammar, SMT Solvers and whatever infosec trend is So Hot Right Now.

If @rantyben is a hacker warrior poet, @thegrugq is more... a hacker eastern european arms bazaar?

"A fucking menace"

Ed Note: Previous winner of the Kiwicon award for "most likely to be arrested after his talk"

Devops (or SRE etc) is a booming buzzword these days among mammals who run services. One of the things those mammals are rediscovering is that complex systems have complex failures, that all your base are complex systems, and that assuming a single cause of failure is doin it rong.

We’ll talk about better techniques in incident retrospectives, cool civil engineering disasters, comp.risks, how this is like defense in depth, and why it’s awesome when security and reliability teams are pals.

ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen with just a phone.

Any user that has screen and keyboard access to a shell (CLI, GUI or even a Web Management shell) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access (VPN, VDI, ..) and End Point Security (DLP, AV, ..) architectures have no effect on the outcome.

In this session I will take you from first principles to a full exploitation framework. At the end of the session you'll learn how build on this unidirectional file transfer and augment the solution into a full duplex communications channel (a virtual serial link) and then a native PPP link, from a user controlled device, through the remote enterprise- controlled screen and keyboard, to the most sensitive infrastructure in the enterprise.

This is an exciting and cross-discipline presentation that picks up the story in the DEC VT220 terminal era and will take you on a journey to exploiting modern enterprise security architectures. So join me, whatever your knowledge or skill-set and learn something interesting!

One of the biggest issues with BeEF is that each hooked browser has to talk to your BeEF server. What about all those vegetarian browsers that don’t want to touch your juicy BeEF? Don’t worry Internet-friends, those crazy pioneers at Google, Mozilla and Opera have solved this problem for you with the introduction of Web Real-Time Communications (WebRTC). Initially designed to allow browsers to stream multimedia to each other, the spec has made its way into most Chrome and Firefox browsers, not to mention it’s enabled by default.

Using this bleeding-edge web technology, we can now mesh all those hooked browsers in your organisation, funnelling all your BeEF comms through a single sacrificial sheep^H^H^H^Hcow. Leveraging WebRTC technologies (such as STUN/TURN and even the fact the RTC-enabled browsers on local subnets can simply UDP each other), meshing browsers together can really throw a spanner into an incident-responders work. The possibilities for a browser-attacker are fairly endless, channeling comms through a single browser, or, making all the browsers round-robin. This is just another tool tucked into your belt to try and initiate and maintain control over browsers.

This presentation will present a background into WebRTC, and then demonstrate (and release) the WebRTC BeEF extension.

Magazines with photo shoots of super slim super models... Dictators releasing images that show their military might... YouTubers releasing unbelievable videos of UFOs... Presidents providing copies of their birth certificates to prove they weren’t born overseas... “Amateur” videos capturing amazing stunts using construction site tools... Hundreds of people claiming they won the $100 million lotto, with photos to prove it... Professionals displaying a copy of their credentials, certifications, or qualifications online...

With the prevalence of CGI, Photoshop, and photo and video sharing sites, we are exposed to more and more images and videos where we are doubtful of their authenticity.

This presentation will cover the more popular techniques to uncover fake images and videos. Topical, humorous, and even Kiwicon-related images and videos will be demoed. Techniques covered include:

• Finding the original, unaltered image, e.g. through Google reverse image search.
• Eyeballing “obvious” Photoshopped images.
• Examining metadata.
• Statistical methods, e.g. histogram analysis, error-level analysis, principle component analysis, wavelet transformations.
• Tracing objects and their shadows to detect light source inconsistencies.
• Hand-held camera jitter analysis in videos to detect unhuman-like motion.
• Motion tracking of moving objects within videos to detect violations of Newton’s laws.

"A fucking menace"

Ed Note: Previous winner of the Kiwicon award for "most likely to be arrested after his talk"

One night in a fit of frustration with his debugging tools, snare hacked up a few hundred lines of python to make his life easier. Thus began the saga of Voltron. 10000-odd lines of code, a few complete rewrites, a vast quantity of Kraken, and a number of pub-hacking sessions with richo later, and his dream of an extensible console debugger UI has been realised.

In this talk snare will take a quick tour of Voltron, demonstrate how to extend it for your own evil purposes, and hopefully convince a few people to use it and contribute to it. There will also be a limited number of free hugs available.