BSidesTLV 2019 Agenda 24/6

Registration will start at 9:00

Time Title Speaker
9:30 Opening Words Keren Elazari
9:50 Mystery opening keynote
10:25 “Alexa and Cortana in Windowsland”: Hacking an Innovative Partnership and Other Adventures Amichai Shulman, Yuval Ron
11:15 The GandCrab Ransomware Mastermind Sergey Shykevich
11:45 SHORT BREAK
12:00 The Butterfly Effect - Actively Manipulating VMs Through Hypervisor Introspection Sofia Belikovetsky
12:30 ReDTunnel: Explore Internal Networks via DNS Rebinding Tunnel Nimrod Levy, Tomer Zait
13:00 LUNCH BREAK
14:30 10 tips for Powershell as a hacking tool Yossi Sassi
14:45 Bypassing User-mode Hooks 101 Omri Misgav
15:15 Low Hanging Blue Fruit: Defending With Open-Source Tools Yaron King
15:45 Karta - Fast Source Code Assisted Binary Matching Eyal Itkin
16:15 LONG BREAK
16:45 CTF Anouncement Guy Barnhart-Magen
17:00 Pasten - Capture the Flag Danny Grander, Yuval Ofir
17:50 SHORT BREAK
18:05 Volunteer Thank You Awards Elad Shuster
18:10 Security lessons from the Woofmutt… Chris Roberts (Sidragon)
18:25 16Shop: A Deep Dive into the Swiss Army Knife of Phishing Kits Amiram Cohen
19:15 Special Closing Keynote - The Real Hacker behind "Mr. Robot" Marc Rogers
19:50 Closing remarks
20:00 After Party: beers, music, food and friends @TAU Sponsored by ClearSky

“Alexa and Cortana in Windowsland”: Hacking an Innovative Partnership and Other Adventures Amichai Shulman & Yuval Ron

Hacking Windows machine through the Alexa / Cortana combination and other combinations. Taking over locked machines, breaking into account and stealing money - all through voice commands.

The GandCrab Ransomware Mastermind Sergey Shykevich

The GandCrab ransomware was one of the most significant cybercrime threats in 2018-2019. In this presentation, we will profile this mastermind and the Ransomware-as-a-Service business model he manages. We will explore how he generates and launders millions of dollars per month in illicit gains. We will learn about his crisis management skills and how he uses the cyber security industry for his own PR.

The Butterfly Effect - Actively Manipulating VMs Through Hypervisor Introspection Sofia Belikovetsky

Imagine your cloud was compromised with malware and you couldn’t do anything about it. In our case, even though the cloud environment was ours, the virtual machines (VMs) running inside it weren’t, and we couldn’t just ssh our way in. Facing this challenge, we have decided to leverage the power of virtualization against malware without running a single line of code inside the VM itself.

ReDTunnel: Explore Internal Networks via DNS Rebinding Tunnel Nimrod Levy & Tomer Zait

ReDTunnel is a tool that combine DNS Rebinding attack and JavaScript technique in order to access and explore internal networks without any agent on victim computer. Open a URL, sleep 2 minutes and start explore victim’s internal network (The tool has been presented at BlackHat Asia 2019).

10 tips for Powershell as a hacking tool Yossi Sassi

If Python, bash, KSH, C shell scripts & .NET had an intimate night together, powershell would be the love fruit of this encounter 🙂 Living of the land, running fileless in memory, no process launched, access to Win API/COM objects/.NET/whatever you wish, and more!?! come see how deeply MS Linux with quick & dirty tips/commands/know-hows that you don't want to miss!

Bypassing User-mode Hooks 101 Omri Misgav

Malware that bypass user-mode hooks spreads like a virus. Since such hooks are being relied upon by many security products and tools it was only natural for attackers to come up with different shenanigans to bypass them. We’ll review known bypass techniques used in the wild and what makes them effective to this day. We’ll try to understand the attacker’s approach and goals behind implementation of different methods and reveal new techniques of our design.

Low Hanging Blue Fruit: Defending With Open-Source Tools Yaron King

When the CISO can’t buy all the security products we as defenders want– We need to get creative with what we have! Using open-source tools and the Microsoft ecosystem, we can improve our security to catch the low hanging fruit, for free: detect password-spraying attacks, scan for known vulnerabilities, find employees with weak passwords and gain insight regarding IT organizational behavior patterns. If you can’t afford caviar, you better improve the taste of your infosec bread & butter!

Karta - Fast Source Code Assisted Binary Matching Eyal Itkin

“Karta” (Russian for “Map”) is a source code assisted binary matching plugin for IDA (support for radare2 is now being added). The plugin is used to identify open source libraries in a compiled binary, and match their symbols, regardless of the size of the firmware / executable binary.

Pasten - Capture the Flag Danny Grander & Yuval Ofir

Capture the Flag (CTF) is a computer security competition that are designed to give participants experience in conducting and reacting to the sort of attacks found in the real world requiring the skills in reverse-engineering, exploitation, protocol analysis, programming, and cryptanalysis. In this talk we will discuss various types of CTF games, and walk through interesting challenges our team, Pasten had the opportunity to tackle on the path to winning both CCC and Google CTF games.

Security lessons from the Woofmutt… Chris Roberts (Sidragon)

• Curiosity killed the cat, but in OUR world, that’s the job of an OSINT analyst. • Speaking of cats, plan ahead, they are faster and more agile… think BEFORE acting • Puppy eyes, drool AND sideways looks work…social engineering IS a good skill to have • Try everything at least once, even if it means sticking your head in the trash can…

16Shop: A Deep Dive into the Swiss Army Knife of Phishing Kits Amiram Cohen

16Shop is one of the most advanced phishing kits available to criminals. Until now, this kit has been shrouded in secrecy, but in this talk I’ll examine the entire structure and operation 16Shop, including previously unknown details.

Anything man makes, man can break: Cybersecurity through the eyes of a Hacker Marc Rogers

I have been a Hacker since the late 1980's, An organiser and leader of DEF CON since the 1990's and a well known Whitehat hacker since the 2000's. From hacking things like the iPhone or Tesla Model S sports car, to helping shape the hacks used by TV Show Mr Robot a lot has changed for Whitehat hackers like me. I will look back over some of these milestones, and talk about how they changed in execution and results over the years. Finally I'll take a look at what this might mean for the future of hackers in the constantly changing roller-coaster that is cybersecurity.``