May TASK Meeting: Breaking In - News Ways to Exploit the 'Net
25 May 2011; 6:00 - 9:00 PM
Health Science Centre, 155 College Street, Room 610
Talk 1: Practical Spearphishing, from Targeting to Exfiltration
While most of us understand that users are often our weakest line of defense, most security teams and CSO's don't really grasp the mechanics of actually running a targeted, narrowband "APT" operation against an organization.
We'll walk through the process of enumerating targets, identifying which human assets will grant us the highest rate of success and access, constructing payloads that are likely to succeed (without 0days, and even without "patchable" vulnerabilities), demonstrate bypassing AV and network defenses, and talk through escalating that foothold into total control of the target environment and exfiltration of data.
Speaker Bio: Shawn Moyer is a Managing Principal Research Consultant with Accuvant Labs. Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR, and the New York Times. Shawn is an eight-time speaker at the BlackHat Briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada, and Japan.
Talk 2: Exploring privilege escalation within Windows
This demo will show how a hypothetical malicious employee could use privilege escalation to disable security controls (antivirus and host-based IPS) in an actual corporate workstation image, and how he could delete the security logs to impede forensic investigation.
Marcos Santiago works as an Information Security Control Specialist for a financial institution in Toronto. He holds several security certifications including SANS GIAC GPEN (Penetration Tester).
Talking 3: Android Hacking
We will teach several Android hacking techniques by demonstrating exploits and showing the audience an analysis of the sections of source code responsible for the vulnerabilities being exploited. Topics covered will include: information disclosure through logs, file access, and weak encryption protocols on the device. Audience members are not expected to be familiar with the Android environment, but we do expect some familiarity with Unix/Linux and the Java programming language.
Speaker Bios:Yuk Fai Chan is a Security Consultant with Security Compass. He has performed web application and internal network vulnerability assessments for some of Security Compass’ largest clients. In addition, Yuk Fai brings his expertise in application security to development of Security Compass’ leading application security training courses, including instructor-led and computer-based delivery methods.
Max Veytsman is a Security Consultant with Security Compass. He specializes in web and mobile security assessments. Max also leads Security Compass' training development in the mobile space. Max studied Computer Science at the University of Toronto. His interests include cryptography and programming language design.