The Presentations

Who X-Rays the X-Rays – A deeper dive into Medical Device Security

Richard Oak

The healthcare industry has (finally) woken up to cyber-security. Hospitals are starting to demand cyber-security in new devices and manufacturers are delivering. This is great news for the future – but what about the past and the present? In this talk we examine the current state of cyber security in healthcare. We look at the protocols that are used to transfer information round the networks, and the devices themselves to see how well they would stand up to a modern cyber-attack.

Hack you a Koober Netty for Great Good!

Dino Dai Zovi

Do you want a koober netty? Or do you already have one? You may even already have many koober netties (pronounced: "kubernetes"). Either way, it turns out that they can be used for more things than just running your Linux containers in the cloud. They can also be used to give attackers access to thousands more computers than just the one running the container that the attacker got a shell in. How cool is that? In this talk, we'll discuss all of the magical ways that Kubernetes can give attackers access to your entire cluster and cloud environments. We'll also discuss some ways that it can be made to not do this if making attackers sad is your thing.

Blackhat Ethereum

Ryan Stortz and Jay Little

In the blockchain, there are no secrets. Every transaction is logged and everyone has a copy of all of the code. Nearly all of this code can only be analyzed through reverse engineering. Over the past year, we've seen enterprising hackers use flaws in smart contracts to whisk away millions. This was made possible thanks to Ethereum, the technology that powers cryptocats, and Solidity, a high level language that describes Ethereum's Turing complete smart contracts. This talk will introduce smart contract security, present common vulnerability classes, and demonstrate how to reverse engineer EVM code to identify these vulnerabilities. The talk will also present tools to support vulnerability discovery in EVM code and Solidity.

Exploiting the Exploiters: Hunting Fraud in Telecom Networks

Vlad Wolstencroft

Lurking underneath our increasingly mobile-connected world is a growing fraud problem -- one which exposes user data to security and privacy risks. Interconnect bypass fraud has been an issue within telecom networks ever since mobile phones were allowed to roam between countries. GSM Gateways, also known as "simboxes," are one of the primary keys for criminals to unlock the ability to conduct fraud on these networks.

In this talk, we'll explore how carriers and aggregators globally send your SMS and voice traffic through these IoT-based devices, which are not subject to any of the security or privacy requirements of critical infrastructure. However, these devices still handle our critical data -- both offering a profit opportunity for fraudsters as well as creating a privacy nightmare for mobile subscribers.

Then, we'll delve into the defensive devices dedicated to heuristic measurements, detection, and destruction of GSM gateways, and the retaliatory countermeasures employed to avoid detection, simulate real subscriber behavior, and outsmart the mobile network operators.

Next, we'll explore multiple GSM Gateway vendors and the equipment they provide for legitimate -- sometimes less-than-legitimate -- purposes. We'll examine how these systems operate and what actual security controls they provide for our voice and signaling data. While we expect stringent controls when data flows through network operators, can we hold the same expectation for these network elements operated in someone's basement?

Finally, I will propose new techniques to detect, map, and disable these devices remotely, as well as track the operators of these systems -- without the pitfalls of relying on heuristic measurements. With these methods, we can begin disrupting the $6b in fraudulent revenue running on the backs of flawed and vulnerable devices.

The New Hotness – Hunting for Code Similarity at Scale

Juan Andres Guerrero-Saade

Researching digital espionage involves a steep and unforgiving learning curve. Techniques come in waves, some more promising than others. Be it proprietary sandboxes, YARA retrohunting, passiveDNS analysis, or malware investigation platforms. Entire companies and niche industries have spawned to help researchers further their hunting at scale. The new hotness is code similarity analysis. By honing in on the particularities of the malware developer's coding conventions and setup, and their lazy reuse of code, researchers can identify clusters of shared activity. At scale, this technique yields fascinating results in otherwise unattributable cases. However, it has also proven a treacherous and uncertain technique, as fringe cases require manual analysis to avoid silly mistakes. And don't forget, threat hunting involves a puzzle that fights back. Just as we are testing and building up this new technique, adversaries have already begun to subvert its promise and turn it against us. Let's discuss the secrets and intricacies of this New Hotness.

More presentations to be announced soon!