http://www.securitytube.netWatch ... Learn ... Contribute Computer Networking and Security videosen-us http://www.securitytube.net/video/17833 Securitytube_Poster Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracademy.com/onlinelabs PentesterAcademy courses library: https://www.pentesteracademy.com/topics http://www.securitytube.net/video/17832 Securitytube_Poster Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracademy.com/onlinelabs PentesterAcademy courses library: https://www.pentesteracademy.com/topics http://www.securitytube.net/video/17831 Securitytube_Poster Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracademy.com/onlinelabs PentesterAcademy courses library: https://www.pentesteracademy.com/topics http://www.securitytube.net/video/17817 hAxel In this presentation titled What The Shellcode, James Haughom Jr. (@rnranalysis) continues from the Part 1 of the talk and gives a deep dive into analyzing Windows x86 shellcode. Unfortunately the lighting was not great for this presentation and James's screen is washed out for a large portion of the presentation. Please see James's blog post for another walkthrough of the sample mentioned in the presentation. http://rinseandrepeatanalysis.blogspot.com/2018/12/analyzing-windows-shellcode-triage.html XOR ECX (named so for the combination of the company name and the general purpose counter register in Assembly language, ECX) is a bimonthly min-conference hosted by XOR Security. The first event, XOR ECX, 0x00 was held in January of 2019. The purpose of XOR ECX is give security professionals an opportunity to share information with their fellow security professionals as well as have the opportunity to practice a talk they may be working on for a larger conference such as ShmooCon, DEFCON, etc. with a smaller audience. In addition to the presentation, other activities such as a Capture the Flag (CTF), Splunk Boss of The SOC (BOTS), etc. are held after the presentation wraps up. James's blog: http://rinseandrepeatanalysis.blogspot.com James's Twitter: https://twitter.com/rnranalysis XOR Security's site: https://www.xorsecurity.com/ http://www.securitytube.net/video/17816 hAxel In this presentation titled What The Shellcode, Billy Meyers (@_hAxel) gives a quick primer for Assembly language, and then goes over some quick analysis of shellcode for x86 Linux. XOR ECX (named so for the combination of the company name and the general purpose counter register in Assembly language, ECX) is a bimonthly min-conference hosted by XOR Security. The first event, XOR ECX, 0x00 was held in January of 2019. The purpose of XOR ECX is give security professionals an opportunity to share information with their fellow security professionals as well as have the opportunity to practice a talk they may be working on for a larger conference such as ShmooCon, DEFCON, etc. with a smaller audience. In addition to the presentation, other activities such as a Capture the Flag (CTF), Splunk Boss of The SOC (BOTS), etc. are held after the presentation wraps up. Billy's blog: https://www.haxel.io/ Billy's Twitter: https://twitter.com/_hAxel XOR Security's site: https://www.xorsecurity.com/ http://www.securitytube.net/video/17815 hAxel Quick analysis with Volatility of a memory image from a system that was infected with zeus bot malware. http://www.securitytube.net/video/17814 B31212Y This is an feature abuse where in a user who is a member of DNSAdmins group can load arbitary dll on the DNS server. Lets try to first find the users which are a part of DNSAdmins group. we will be using DNSadmin cmd to load dll on the DC server where the DNS service is running.We will be using MSFVenom for creating malicious DLL and will load the DLL on the DNS Server. The only caveat is that the DNS service needs to be restarted. http://www.securitytube.net/video/17813 Securitytube_Poster This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which, when combined, compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions. Joint work with Pedro Y. S. Barbosa, Thiago N. C. Cardoso, Caio Lüders and Paulo Matias. For More Information Please Visit:- https://www.blackhat.com/asia-19/ http://www.securitytube.net/video/17812 Securitytube_Poster HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specification has a long list of workarounds, countermeasures and caveats, which must be carefully followed to prevent attack. This is evident from the fact that PKCS #1 v1.5 padding, RC4 encryption, and CBC mode ciphers can all be used in TLSv1.2. This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. The GOLDENDOODLE attack also demonstrates that a Cisco ASA CVE previously not known to affect confidentiality can, in fact, reveal sensitive data, such as session cookies to a network-based attacker. For More Information Please Visit:- https://www.blackhat.com/asia-19/ http://www.securitytube.net/video/17811 Securitytube_Poster The number of cyber attacks is undoubtedly on the rise targeting government, military, public and private sectors. Most of these cyber attacks make use of malicious programs (Malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use various techniques to execute their malicious code and to remain undetected from the security products. With adversaries becoming sophisticated and carrying out advanced malware attacks, it is critical for the cybersecurity professionals to detect and respond to such intrusions. This presentation mainly focuses on the practical concept of memory forensics and shows how to use memory forensics to detect, investigate and understand the capabilities of malicious software. In addition to that, with the help of various demonstrations, the presentation also covers various tricks and techniques used by the malware including some of the stealth and evasive capabilities. For More Information Please Visit:- https://www.blackhat.com/asia-19/ http://www.securitytube.net/video/17810 Securitytube_Poster CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation and network attacks! This toolkit allows you to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom shell generation, custom payload generation, hiding code from antivirus solutions, various keyloggers and leverage this information to deliver attacks. Some of the tools are based on discoveries that were released to the world for the first time by CQURE Team; some of the tools took years to complete, and all of the tools work in a straightforward manner. CQTools is the ultimate toolkit to have when delivering a penetration test. The tools work simply, and we use them in practice during our cybersecurity assignments. Come and have a look at how our CQTools can boost your penetration testing experience! For More Information Please Visit:- https://www.blackhat.com/asia-19/ http://www.securitytube.net/video/17809 Securitytube_Poster The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons they are developing are different from any other kind of weapon we've ever seen, and we are now seeing the very beginning of the next arms race. For More Information Please Visit:- https://www.blackhat.com/asia-19/ http://www.securitytube.net/video/17807 Cyb3rw0rm Ultimate phishing tool. Socialize with the credentials. http://www.securitytube.net/video/17806 Cyb3rw0rm Find Vulnerability of any router exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. http://www.securitytube.net/video/17800 Securitytube_Poster Privacy is fairly cut and dry when it’s US verses THEM, but what if it’s ME verses YOU within US? What are YOUR Privacy Rights, in the context of OUR relationship? Am I your non-trusting girlfriend? Am I your controlling boyfriend? Am I your snooping wife? Am I your abusive husband? How do YOU protect your privacy from ME? I will be providing tips, techniques, and resources to enable someone (anyone – even YOU) to protect their Privacy in a relationship, perhaps even one with ME. Highlights will include ways you can be surveilled, at home techniques you can use to protect yourself when using your phone and computer, and individual privacy rights within a marriage. Presented by someone who may have needed the information, and had to discover this path themselves, and is zealous about assisting those in need of this talk. Even YOU. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17747 Securitytube_Poster As the enterprise continues to be bombarded with advanced and increasingly more sophisticated attacks, the CISO must shift to accomplish three critical objectives: Gain Superior Visibility and Control over their environment, Automate tasks that enhance security posture, Utilize integrated systems that identify breaches, and facilitate rapid remediation This can only be done by partnering with vendors that have strong threat research, broad capabilities, powerful tools and integrations with existing tools. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17746 Securitytube_Poster When the shuttle Challenger was destroyed in 1986, poor NASA culture was significant in the events the led to the disaster. NASA made serious changes to their space program to ensure human life was at the least risk possible. But in 2003, the shuttle Columbia suffered a disaster and all hands were lost upon re-entry. The ensuing investigation specified that "NASA organizational culture had as much to do with this accident as the foam." This talk will look at how culture affects risk in organizations, using both the Challenger and Columbia as examples, and talk about the difficulties of risk management, and give guidance on how to deal with and overcome difficult risk decisions, such as the final decision by NASA not to inform the astronauts they were doomed. Takeaways will be how to understand how culture impacts risk, what you can do about it, and how to make better risk decisions. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17745 Securitytube_Poster Acquisitions, partnerships, BYOD, IoT are just some business demands that increase security headaches for businesses and place demand on IT. Come explore segmentation as a mechanism to combat compromises of one system to another. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17744 Securitytube_Poster Mobile smart devices from the consumer perspective are easy to activate for a enriched user experience. Enable smart devices in the enterprise, after the basics, the user experience they know drops while users and InfoSec demand more with competing agendas. This presentation will provide you with a blueprint of the various mobile data protection technologies. We will review what is provided natively, as well as, third party options to help you decide what will fit best in your environment and corporate culture. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17743 Securitytube_Poster GrrCon 2017 - The Future of Cyber Security For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17742 Securitytube_Poster GrrCon 2017 - Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17741 Securitytube_Poster In this talk, Michael Belton discusses his past experiences delivering penetration testing services. The format for this talk is conversational and audience participation is encouraged. Michael will provide background on the situation, discuss the actual techniques and attacks used in the hack and use that to identify defense-in-depth measures that could have mitigated risk. This talk is intended to learn from the mistakes of the past. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17740 Securitytube_Poster We have all read the reports from the successful breaches from Target to Equifax. Have you ever questioned the nature of the security products not preventing or alerting earlier to breach? Trend Micro,s presentation will focus on the Proof-of-Concept phase of testing a solution from start to finish. Learn the key steps of a POC, and how companies run product tests and what is effective and the errors. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17739 Securitytube_Poster GrrCon 2017 - Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17738 Securitytube_Poster An in depth look into the NotPetya malware outbreak from a boots-on-ground incident responder with first-hand experience assisting organizations through response, recovery and investigation. This talk will cover how NotPetya operates, the geopolitical significance of this attack, ramifications of fake news during NotPetya response efforts, methods to recover certain files encrypted by Salsa20, and what you can do to prepare for similar destructive malware attacks in the future. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist http://www.securitytube.net/video/17737 Securitytube_Poster Today's episode of The Tool Box features SessionGopher. We breakdown everything you need to know! Including what it does, who it was developed by, and the best ways to use it! Check out Session Gopher here: Github - https://github.com/fireeye/SessionGopher Thanks for watching and don't forget to subscribe to our channel for the latest cybersecurity news! Visit Hacker Arsenal for the latest attack-defense gadgets! https://www.hackerarsenal.com/ FOLLOW US ON: ~Facebook: http://bit.ly/2uS4pK0 ~Twitter: http://bit.ly/2vd5QSE ~Instagram: http://bit.ly/2v0tnY8 ~LinkedIn: http://bit.ly/2ujkyeC ~Google +: http://bit.ly/2tNFXtc ~Web: http://bit.ly/29dtbcn http://www.securitytube.net/video/17736 Securitytube_Poster At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe our attempts to trace the IP spoofing and why attack attribution is so hard. Our architecture allows us to perform most attack mitigations in software. We'll explain a couple of effective L3 mitigation techniques we've developed to stop our servers burning. While L3 attacks are a real danger to the internet, they don't need to be. With a bit of cooperation and couple of technical tricks maybe we can fix the IP spoofing problem for all. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17735 Securitytube_Poster High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry. This talk aims to show the listeners that, as many tech companies have found, the HFA community is ripe with individuals who could be the best of the best in the security industry if given the chance. The audience will realize that a small investment in time, understanding, and acceptance can result in the addition of an invaluable member to a Security Operations team. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17734 Securitytube_Poster Portia: it's a new tool we have written at SpiderLabs to aid in internal penetration testing test engagements. The tool allows you to supply a username and password that you have captured and cracked from Responder or other sources as well as an IP ranges, subnet or list of IP addresses. The tool finds its way around the network and attempts to gain access into the hosts, finds and dumps the passwords/hashes, reuses them to compromise other hosts in the network. In short, the tool helps with lateral movements in the network and automating privilege escalation as well as find sensitive data residing in the hosts. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17733 Securitytube_Poster Taking a modern day look on the 20 year anniversary of Craig Rowland's article on Covert TCP, we explore current day methods of covert communications and demonstrate that we are not much better off at stopping these exploits as we were 20 years ago. With the explosion of networked devices using a plethora of new wired and wireless protocols, the covert communication exploit surface is paving new paths for covert data exfiltration and secret communications. In this session, we will explore uPnP, Zigbee, WiFi, P25, Streaming Audio Services, IoT, and much more. Through real-world examples, sample code, and demos; we bring to light this hidden world of concealed communications. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17732 Securitytube_Poster The use of Amazon Cloud as a base of operations for businesses is increasing at a rapid rate. Everyone from 2 person start-ups to major companies have been migrating to the cloud. Because of this migration, cloud vendors have become the focus of potential exploitation and various role abuse in order to achieve persistence. This presentation will cover several different methods of post-infection and account persistence along with a discussion on best practices that can be used to protect from such techniques. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17731 Securitytube_Poster Can you tell the difference between gооgle.com and google.com? How about xn--ggle-55da.com and google.com? Both domain names are valid and show up in the Certificate Transparency log. This talk will be a fun and frustrating look at typosquatting, bitsquatting and IDN homoglyphs. This talk will cover the basics, show real-world examples and show how to use Certificate Transparency to track down particularly malicious impersonating domain names which have valid X.509 certificates. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17730 Securitytube_Poster Cross-site Scripting (XSS) is the most widespread plague of the web but is usually restricted to a simple popup window with the infamous vector. In this short talk we will see what can be done with XSS as an attacker or pentester and the impact of it for an application, its users and even the underlying system. Many sorts of black javascript magic will be seen, ranging from simple virtual defacement to create panic with a joke to straightforward and deadly RCE (Remote Command Execution) attacks on at least 25% of the web! For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17729 Securitytube_Poster In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who were effected. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17728 Securitytube_Poster WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expected WannaCry attacked the pot, and interestingly there are more juicy collection than that! In this session, we would like to present the stories from a 15 days SMB honeypot. As a honeypot hobbyist, we deployed an emulated Windows 7 machine which implanted with DoublePulsar backdoor. Yes, a Windows system infected with DoublePulsar! Also, our honeypot is up for the CVE 2017-7494 SambaCry vulnerability. We observed tons of scanning which looks for targets to spread the expected WannaCry ransomware. Surprisingly, there are more juicy collection in the pot, e.g. EternalRocks, Reverse Shell, RAT, DDoSers, Coin Miner, Trojan, etc (you name it you have it!). We love to share various interesting data, with the 15 days observation from a single home-based sensor in the entire IP space. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17727 Securitytube_Poster The conflict between cyber attackers and defenders is too often in favor of attackers. Recent results of graph theory research incorporated into red-team tools such as BloodHound, shift the balance even more dramatically towards attackers. Any regular domain user can map an entire network and extract the precise path of lateral movements needed to obtain domain admin credentials or a foothold at any other high-value asset. In this talk, we present a new practical defensive approach: deceive the attackers. Since the time of Sun Tzu, deceptions have been used on the battlefield to win wars. In recent years, the ancient military tactic of deceptions has been adopted by the cyber-security community in the form of HoneyTokens. Cyber deceptions, such as fictitious high-privilege credentials, are used as bait to lure the attackers into a trap where they can be detected. To shift the odds back in favor of the defenders, the same BloodHound graphs that are generated by attackers should be used by defenders to determine where and how to place bait with maximum effectiveness. In this way, we ensure that any shortest path to a high-value asset will include at least one deceptive node or edge. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17726 Securitytube_Poster 802.11ac networks present a significant challenge for scalable packet sniffing and analysis. With projected speeds in the Gigabit range, USB Wi-Fi card based solutions are now obsolete! In this workshop, we will look at how to build a custom monitoring solution for 802.11ac using off the shelf access points and open source software. Our "Hacker Gadget" will address 802.11ac monitoring challenges such as channel bonding, DFS channels, spatial streams and high throughput data rates. We will also look different techniques to do live streaming analysis of 802.11 packets and derive security insights from it! For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17725 Securitytube_Poster On March 17th, Cisco Systems Inc. made a public announcement that over 300 of the switches it manufactures are prone to a critical vulnerability that allows a potential attacker to take full control of the network equipment. This damaging public announcement was preceded by Wikileaks' publication of documents codenamed as "Vault 7" which contained information on vulnerabilities and description of tools needed to access phones, network equipment and even IOT devices. Cisco Systems Inc. had a huge task in front of them - patching this vast amount of different switch models is not an easy task. The remediation for this vulnerability was available with the initial advisory and patched versions of IOS software were announced on May 8th 2017. We all heard about modern exploit mitigation techniques such as Data Execution Prevention, Layout Randomization. But just how hardened is the network equipment? And how hard is it to find critical vulnerabilities? To answer that question I decided to reproduce the steps necessary to create a fully working tool to get remote code execution on Cisco switches mentioned in the public announcement. This presentation is a detailed write-up of the exploit development process for the vulnerability in Cisco Cluster Management Protocol that allows a full takeover of the device. For More Information Please Visit:- https://defcon.org/ http://www.securitytube.net/video/17724 Securitytube_Poster Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game Shankar Narayan, Technology and Liberty Project Director, American Civil Liberties Union of Washington Rapidly growing data flows and game-changing advances in aggregation, analytics, and machine learning are changing the game for all of our civil liberties. The public discourse around data often tends to focus on information security, but rarely is inequality at the core of the discussion. Yet we are in a new space where discretion and control over our basic civil liberties is being transferred to private entities from traditional government actors, making it more difficult to recognize threats to our civil liberties, much less respond to them. Our ability to use traditional statutory and constitutional protections is also rendered more challenging by the “tech-washing” of decisions through unaccountable algorithms. The result may be a world in which technology reinforces existing biases everywhere from education to criminal justice, creating a de facto two tier society. This talk will walk through the above dynamics using real-world examples such as police body cameras, advanced metering infrastructure, and other surveillance tools. It will also point to ways to create transparency and accountability around data flows. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17723 Securitytube_Poster Aastha Mehta and Eslam Elnikety, Max Planck Institute for Software Systems (MPI-SWS); Katura Harvey, University of Maryland, College Park and Max Planck Institute for Software Systems (MPI-SWS); Deepak Garg and Peter Druschel, Max Planck Institute for Software Systems (MPI-SWS) Many database-backed systems store confidential data that is accessed on behalf of users with different privileges. Policies governing access are often fine-grained, being specific to users, time, accessed columns and rows, values in the database (e.g., user roles), and operators used in queries (e.g., aggregators, group by, and join). Today, applications are often relied upon to issue policy compliant queries or filter the results of non-compliant queries, which is vulnerable to application errors. Qapla provides an alternate approach to policy enforcement that neither depends on application correctness, nor on specialized database support. In Qapla, policies are specific to rows and columns and may additionally refer to the querier’s identity and time, are specified in SQL, and stored in the database itself. We prototype Qapla in a database adapter, and evaluate it by enforcing applicable policies in the HotCRP conference management system and a system for managing academic job applications. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17722 Securitytube_Poster Kevin Eykholt, Atul Prakash, and Barzan Mozafari, University of Michigan Ann Arbor Database-backed applications rely on access control policies based on views to protect sensitive data from unauthorized parties. Current techniques assume that the application’s database tables contain a column that enables mapping a user to rows in the table. This assumption allows database views or similar mechanisms to enforce per-user access controls. However, not all database tables contain sufficient information to map a user to rows in the table, as a result of database normalization, and thus, require the joining of multiple tables. In a survey of 10 popular open-source web applications, on average, 21% of the database tables require a join. This means that current techniques cannot enforce security policies on all update queries for these applications, due to a well-known view update problem. In this paper, we propose phantom extraction, a technique, which enforces per user access control policies on all database update queries. Phantom extraction does not make the same assumptions as previous work, and, more importantly, does not use database views as a core enforcement mechanism. Therefore, it does not fall victim to the view update problem. We have created SafeD as a practical access control solution, which uses our phantom extraction technique. SafeD uses a declarative language for defining security policies, while retaining the simplicity of database views. We evaluated our system on two popular databases for open source web applications, MySQL and Postgres. On MySQL, which has no built-in access control, we observe a 6% increase in transaction latency. On Postgres, SafeD outperforms the built-in access control by an order of magnitude when security policies involved joins. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17721 Securitytube_Poster Fan Zhang, Ittay Eyal, and Robert Escriva, Cornell University; Ari Juels, Cornell Tech; Robbert van Renesse, Cornell University Blockchains show promise as potential infrastructure for financial transaction systems. The security of blockchains today, however, relies critically on Proof-of- Work (PoW), which forces participants to waste computational resources. We present REM (Resource-Efficient Mining), a new blockchain mining framework that uses trusted hardware (Intel SGX). REM achieves security guarantees similar to PoW, but leverages the partially decentralized trust model inherent in SGX to achieve a fraction of the waste of PoW. Its key idea, Proof-of-Useful-Work (PoUW), involves miners providing trustworthy reporting on CPU cycles they devote to inherently useful workloads. REM flexibly allows any entity to create a useful workload. REM ensures the trustworthiness of these workloads by means of a novel scheme of hierarchical attestations that may be of independent interest. To address the risk of compromised SGX CPUs, we develop a statistics-based formal security framework, also relevant to other trusted-hardware-based approaches such as Intel’s Proof of Elapsed Time (PoET). We show through economic analysis that REM achieves less waste than PoET and variant schemes. We implement REM and, as an example application, swap it into the consensus layer of Bitcoin core. The result is the first full implementation of an SGX-based blockchain. We experiment with four example applications as useful workloads for our implementation of REM, and report a computational overhead of 5—15%. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17720 Securitytube_Poster Loi Luu, National University of Singapore; Yaron Velner, The Hebrew University of Jerusalem; Jason Teutsch, TrueBit Foundation; Prateek Saxena, National University of Singapore Cryptocurrencies such as Bitcoin and Ethereum are operated by a handful of mining pools. Nearly 95% of Bitcoin’s and 80% of Ethereum’s mining power resides with less than ten and six mining pools respectively. Although miners benefit from low payout variance in pooled mining, centralized mining pools require members to trust that pool operators will remunerate them fairly. Furthermore, centralized pools pose the risk of transaction censorship from pool operators, and open up possibilities for collusion between pools for perpetrating severe attacks. In this work, we propose SMARTPOOL, a novel protocol design for a decentralized mining pool. Our protocol shows how one can leverage smart contracts, autonomous blockchain programs, to decentralize cryptocurrency mining. SMARTPOOL gives transaction selection control back to miners while yielding low-variance payouts. SMARTPOOL incurs mining fees lower than centralized mining pools and is designed to scale to a large number of miners. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17719 Securitytube_Poster Sebastian Zimmeck, Carnegie Mellon University; Jie S. Li and Hyungtae Kim, unaffiliated; Steven M. Bellovin and Tony Jebara, Columbia University Online tracking is evolving from browser- and device-tracking to people-tracking. As users are increasingly accessing the Internet from multiple devices this new paradigm of tracking—in most cases for purposes of advertising—is aimed at crossing the boundary between a user’s individual devices and browsers. It establishes a person-centric view of a user across devices and seeks to combine the input from various data sources into an individual and comprehensive user profile. By its very nature such cross-device tracking can principally reveal a complete picture of a person and, thus, become more privacy-invasive than the siloed tracking via HTTP cookies or other traditional and more limited tracking mechanisms. In this study we are exploring cross-device tracking techniques as well as their privacy implications. Particularly, we demonstrate a method to detect the occurrence of cross-device tracking, and, based on a cross-device tracking dataset that we collected from 126 Internet users, we explore the prevalence of cross-device trackers on mobile and desktop devices. We show that the similarity of IP addresses and Internet history for a user’s devices gives rise to a matching rate of F-1 = 0.91 for connecting a mobile to a desktop device in our dataset. This finding is especially noteworthy in light of the increase in learning power that cross-device companies may achieve by leveraging user data from more than one device. Given these privacy implications of cross-device tracking we also examine compliance with applicable self-regulation for 40 cross-device companies and find that some are not transparent about their practices. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17718 Securitytube_Poster Tao Wang, Hong Kong University of Science and Technology; Ian Goldberg, University of Waterloo Website fingerprinting (WF) is a traffic analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using privacy technologies such as proxies, VPNs, or Tor. Recent work has highlighted the threat of website fingerprinting to privacy-sensitive web users. Many previously designed defenses against website fingerprinting have been broken by newer attacks that use better classifiers. The remaining effective defenses are inefficient: they hamper user experience and burden the server with large overheads. In this work we propose Walkie-Talkie, an effective and efficient WF defense. Walkie-Talkie modifies the browser to communicate in half-duplex mode rather than the usual full-duplex mode; half-duplex mode produces easily moldable burst sequences to leak less information to the adversary, at little additional overhead. Designed for the open-world scenario, Walkie-Talkie molds burst sequences so that sensitive and non-sensitive pages look the same. Experimentally, we show that Walkie-Talkie can defeat all known WF attacks with a bandwidth overhead of 31% and a time overhead of 34%, which is far more efficient than all effective WF defenses (often exceeding 100% for both types of overhead). In fact, we show that Walkie-Talkie cannot be defeated by any website fingerprinting attack, even hypothetical advanced attacks that use site link information, page visit rates, and intercell timing. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17717 Securitytube_Poster Roei Schuster, Tel Aviv University, Cornell Tech; Vitaly Shmatikov, Cornell Tech; Eran Tromer, Tel Aviv University, Columbia University The MPEG-DASH streaming video standard contains an information leak: even if the stream is encrypted, the segmentation prescribed by the standard causes content-dependent packet bursts. We show that many video streams are uniquely characterized by their burst patterns, and classifiers based on convolutional neural networks can accurately identify these patterns given very coarse network measurements. We demonstrate that this attack can be performed even by a Web attacker who does not directly observe the stream, e.g., a JavaScript ad confined in a Web browser on a nearby machine. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17716 Securitytube_Poster Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl, SBA Research Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly used to do so. However, it has been shown that deploying it in a truly secure fashion is challenging for a large fraction of online service operators. While Let’s Encrypt was specifically built and launched to promote the adoption of HTTPS, this paper aims to understand the reasons for why it has been so hard to deploy TLS correctly and studies the usability of the deployment process for HTTPS. We performed a series of experiments with 28 knowledgable participants and revealed significant usability challenges that result in weak TLS configurations. Additionally, we conducted expert interviews with 7 experienced security auditors. Our results suggest that the deployment process is far too complex even for people with proficient knowledge in the field, and that server configurations should have stronger security by default. While the results from our expert interviews confirm the ecological validity of the lab study results, they additionally highlight that even educated users prefer solutions that are easy to use. An improved and less vulnerable workflow would be very beneficial to finding stronger configurations in the wild. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17 http://www.securitytube.net/video/17715 Securitytube_Poster Imagine that you've purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only one broken HTTP packet. Now stop imagining. In the end of 2016, my fellow researcher Yoav Orot and myself published our research paper about a hundreds of thousands of white labeled ip security cameras being vulnerable to a simple attack that allows an attacker to gain complete control of the camera, including code execution as root without any ability to patch. We did not publish any technical details yet since we had to wait for the vendor's answer. This talk will dive deeply into the product, our research process and into the vulnerabilities themselves. I will walk through all of the steps in our research (from hardware hacking to firmware dumping and just plain ol' reversing) and demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. There will be root shells, there will be exploits, there will be tears. Attendees of this talk will leave with some insights about IoT security and embedded device hacking. Amit leads the security research at Cybereason's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering. He also has extensive experience researching attacks on large scale networks and investigating undocumented OS resources and APIs. Prior to joining Cybereason, Amit spent nine years leading security research projects and teams for the Israeli government, specifically in embedded system security. He's presented at RSA, BSides Tel Aviv and LayerOne. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist http://www.securitytube.net/video/17714 Securitytube_Poster Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet our ultimate goal is to detect them. I joined Fortinet in 2004, and is currently working as a Senior Security Researcher/ AV Team Lead. I am also one of the Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, DefCamp, BCAware, AtlSecCon, and BSidesCalgary. I am a regular contributor to the Fortinet blog and also in the Virus Bulletin publication, where I have published 22 articles. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist http://www.securitytube.net/video/17713 Securitytube_Poster Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email. But does phishing training actually work? In this talk, we'll cover the psychology behind successful phishing campaigns, then walk through a series of attacks run against a Bay Area tech company. We'll cover how effective campaigns were built, including bypassing existing protections. Finally, we'll discuss evidence-based techniques to prevent, rather than just mitigate, credential phishing. Karla has a varied offensive security background: she's reverse engineered train ticketing systems, written articles on TLS and SSH, and competed in the Defcon CTF finals for the last several years running. She officially works on authentication and application security at Stripe, but builds internal phishing campaigns when she has business hours to spare. She's triggered many bouts of internal paranoia, and has built a reputation as being entirely untrustworthy when it comes to email. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist http://www.securitytube.net/news/security/1400 JB Financial services has been a favorite target for sophisticated attacks in the last few years, but cyber criminals are moving on to other "critical sectors of the economy," according to McAfee. In the security giant's fourth quarter threats report, researchers highlighted some of the new schemes being used in this regard and other high-profile attacks, including advanced persistent threats (APTs) such as Operation High Roller and Project Blitzkrieg. Both of these methods attack financial services infrastructures, with the former aimed at manufacturing and import/export firms in the United States and Latin America, while Blitzkrieg hits both consumers and their banks through illicit electronic fund transfers. Vincent Weafer, senior vice president of McAfee Labs, explained in the report why many of these cyber criminals are becoming more interested in government, manufacturing and commercial transaction infrastructure targets. http://www.securitytube.net/news/security/1399 JB There is a long-standing argument that encrypting all data sent to the cloud could make the data sovereignty debate irrelevant, enabling Australian companies to make use of cheaper, offshore clouds. The basis of the argument is that data, once encrypted, is random and cannot be read, so the problem is shifted toward the issue of key management — which can be solved by ensuring that keys remain onshore. But security vendors Trend Micro and Sophos, and systems integrator CSC, have argued that encrypting everything isn't necessarily the answer for everyone, and that doing so would come at too high a cost. At a media briefing, Trend Micro vice president for Data Centre and Cloud Security Bill McGee stated that encryption brings about additional challenges that have flow-on effects in terms of scaling a cloud solution, and the financial implications that brings. http://www.securitytube.net/news/security/1398 JB I hate to use the term "sexy" to describe a gadget, but if the myIDkey isn't "sexy," at least it's "damn fine." It takes the concept of a USB drive that protects all your passwords and does it up right with voice-activated search, biometric fingerprint identification, and Bluetooth. Making a USB password protection device sound exciting? That's pretty hot. I'm not the only person who thinks myIDkey is worth a look. It just launched its Kickstarter project and already has pulled in more than $87,000 (and rising fast) toward its $150,000 goal. A $99 pledge gets you a myIDkey with two different protective sleeves. Like most other USB password keys, you can plug myIDkey into a computer and it will auto-complete your information into pertinent forms. You can also store documents and files on it like a regular USB drive. What's cooler, though, is the voice-search function. Say the name of your bank, for example, and the key will show the information on an OLED display. Not just anyone can talk to the key and get results, though. You first have to unlock it by swiping your finger. http://www.securitytube.net/news/security/1397 JB Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off. Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases). This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled. http://www.securitytube.net/news/security/1396 JB Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of the ongoing attacks that use vulnerabilities in Adobe Reader and other PDF readers as infection vectors. Attackers have been preying on Reader and Acrobat vulnerabilities for several years now, although the sandbox that Adobe added to Reader X and later versions has helped protect users against many exploits. Just last week, though, the first confirmed Reader sandbox escape exploit surfaced. Adobe patched that vulnerability on Tuesday. Mozilla officials said the inclusion of the built-in PDF viewer should make life a little easier for Firefox users when they encounter a PDF on a site. http://www.securitytube.net/news/security/1395 JB While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe. Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market. Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, which is more commonly used by cybercriminals than by government spying. Also, investigators have tracked at least one server being used by the hackers to a Ukrainian hosting company. http://www.securitytube.net/news/security/1394 JB A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently. It is not every day that remorseful confessions over lapsed adherence to the Five Precepts of Buddhism help researchers identify a hacker. In early 2012, hacker Zhang Changhe admitted, on Chinese social network Kaixin001, to breaking all Five Precepts of Buddhism. Sexual misconduct, lying, and drinking aside, Zhang Changhe wrote that he also stole "continuously and shamelessly," though he hoped that he could stop stealing in the future. Turns out that Zhang Changhe runs a botnet. (Perhaps that is what he was alluding to when he spoke of stealing "continuously and shamelessly"?) Two security researchers, Dell SecureWorks's Joe Stewart and a 33-year-old blogger called "Cyb3rsleuth", claim that Zhang Changhe also reportedly works for the Chinese army and teaches at PLA Information Engineering University, a center for electronic intelligence, comparable to the US's National Security Agency's university. http://www.securitytube.net/news/security/1393 JB Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen. In both cases, a Java zero-day vulnerability had been exploited by attackers, in this case, to gain access to Apple machines. Reuters is reporting that the same attack was used against other Mac computers at hundreds of companies, including some in the defense industrial base. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," said Reuters, quoting a statement from Apple. "We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.” http://www.securitytube.net/news/security/1392 JB A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information. The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server. The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of the OS X printing system, specifically the following: com.apple.cocoa.plist cupsd (Mach-O binary) com.apple.cupsd.plist com.apple.cups.plist com.apple.env.plist http://www.securitytube.net/news/security/1391 JB The US says it has repeatedly raised concerns with Beijing about cyber theft, as a report linked a hacking group with a Chinese military unit. While not commenting directly on the report, a White House spokesman called cyber theft a "major challenge" in the national security arena. The report identified a Shanghai high-rise used by the military as the likely home of a prolific hacking group. China's Defence Ministry has denied any role in hacking. Cyber sabotage, including hacking, was banned, China Daily quoted the ministry as saying, sentiments echoed by Foreign Ministry spokesman Hong Lei.