CiderSecurityCon in Mannheim was canceled due to the Corona outbreak. It was replaced by CyberCyderSecurityCon!
|9.00 - 10.00||Registration||Registration|
|10.00 - 10.10||Orga Team||Welcome!|
|10.15 - 11.00||Sebastién Dudek||Smart grid (in)security|
|11.15 - 12.00||Stefan Hager||The attacker’s view|
|12.00 - 12.30||King Kévin||I just want a USB cable!|
|12.30 - 13.30||The Cook||Lunchbreak|
|13.30 - 14.15||Jayson Salazar||Efficient Security Operations in
Cloud-Native, DevOps Environments
|14.30 - 15.15||Sergej ‘winnie’ Schmidt||Automated and Architecture-Agnostic
Extraction of Message Formats
|15.30 - 16.15||Andreas Fobian||Analysis and Exploitation of a Use After Free in ws2ifsl|
|16.15 - 16.45||Various||Lightning Talks|
|17.15 - 20.00||Hacker Jeopardy|
|21.00 - xxxx||Somewhere||Something|
|9.55 - 10.00||Orga Team||Good Morning!|
|10.00 - 10.45||Benedikt Schmotzle||Howto audit Sourcecode in 2020|
|11.00 - 11.45||Henrik Ferdinand Nölscher||Let’s reverse engineer PCBs!|
|11.45 - 12.30||Patrick Eisenschmidt||IoT Security and alarm systems|
|12.30 - 13.30||The Cook||Lunchbreak|
|13.30 - 14.00||?||?|
|14.15 - 15.00||superhero1||Welcome to the land of PWN -
recreatin gopen source hardware & hacking tools
|15.15 - 16.00||Walter Legowski||Invoke-CovenAtion|
|16.00 - 16.30||?||?|
|16.30 - 16.45||Orga Team||Good Bye!|
The timeslots might still be shifted a little.
Talks & Speakers
Ordered by first letter of name!
Andreas Fobian: Analysis and Exploitation of a Use After Free in ws2ifsl (CVE-2019-1215)
Timeslot: Saturday, 15:30 - 16:15
Andreas studied IT security at the Ruhr University Bochum and worked at an antivirus company in the past. Today, I am a Security Researcher at Blue Frost Security with a focus on Windows kernel security.
This talk is about the root cause analysis and exploitation of a recently patched vulnerability in the windows kernel. It will discuss the bug discovery using patch diffing and how the various mitigations on Windows 10 19H1 (1903) can be bypassed.
Benedikt Schmotzle: Howto audit Sourcecode in 2020
Timeslot: Sunday, 10:00 - 10:45
Benedikt is currently employed as a security researcher for a small german firm. He likes to figure out easier ways to tackled hard problems which he also enjoys to do while rock climbing.
While many Infosec fields have a defacto standard tool to tackle most tasks like Ida,Ghidra or Binja for binaries or the burp suite for Webapps not much can be found on good tooling for source code auditing. This is rather strange as many interesting targets nowadays are available as open-source. This talk will present and highlight the pros/cons of different tools/approaches the presenter has found and tried.
Henrik Ferdinand Nölscher: Let’s reverse engineer PCBs!
Timeslot: Sunday, 11:00 - 11:45
Ferdinand has been very passionate about information security ever since he was young and specializes in hardware security. You may know him from presentations he did at Defcon, Usenix or Hardwear.io and he has given numerous hardware security trainings since 2014. He used to work at penetration testing companies and various automotive OEMs, where he enjoyed building and breaking secure embedded systems with his fantastic colleagues. Currently, he is running Noelscher Consulting GmbH, a company providing information security services focusing on designing and analyzing secure embedded systems.
Embedded Systems are growing more complex and connected. At the same time, there is also a growing ecosystem of vastly different integrated circuits, processor architectures and firmware components, which makes it challenging to draw conclusions that affect all embedded systems. However, there is one thing that all of them have in common: printed circuit boards. Every embedded system consists of electrical components which are connected through wires or traces on a circuit board. When we attack systems, we care about how the components connect and interact. If we don’t know how the components work together, we may not be able to consider the full attack surface of the system. Hence, reverse engineering the PCB, its components and their connections is essential. This talk is about inspecting interesting ways on how one could approach PCB reverse engineering. I will list a variety of methods and share my experience with them. Apart from that, during the talk we will realize that reverse engineering a PCB can open up new opportunities that are impossible if the PCB is only analyzed in hindsight. We will look at sources of data that we can tap into for free (Images, Data Sheets etc.) and how make the most out of them. Finally, I present how using computer vision and some scripting can make our lives as attackers easier. If you like looking at a lot of pictures of circuit boards then this is the right talk for you!
Jayson Salazar: Efficient Security Operations in Cloud-Native, DevOps Environments
Timeslot: Saturday, 13:30 - 14:15
Colombian engineer and computer scientist working as Senior Security Engineer at GitLab Inc. His current areas of focus are Security in Cloud Environments, Log Analytics, Data Engineering and all things DevOps. He can usually be found working as a developer, purple teamer, advisor and trainer.
Companies, small and big, often structure their sec-ops programs as they go without forethought or much planing, reinvent the wheel and experience painful lessons because of this. In this talk Jayson will discuss Tools, Techniques and Procedures that help the security team at GitLab operate at scale and protect their cloud-native, all-remote, devops environments. He will go over complexity and observability as risk measures, into tooling, automation and preparation as risk mitigatigations, all the way to incident response as a holistic process that combines them all. In this session he’ll share the main take-aways from his tenure at the DevOps Unicorn.
King Kévin: I just want a USB cable!
Timeslot: Saturday, 12:00 - 12:30
Building gadgets, mostly silly, but sometimes useful.
USB cables can be used to:
- transfer data, at different rates
- power or charge gadgets, phones, and even laptops
- connect to headphones and displays
- … and everything else you could imagine which uses wires But somehow I never manage to find the right one for the current task, also because sometimes they can’t even be visually distinguished. And when some device doesn’t work right, how long did you spend debugging everything else before suspecting the cable? In this talk we will see how USB cables work and how to distinguish them to prevent this waste of time. This becomes even more important with USB-C, which just makes things more complicated.
Patrick Eisenschmidt: IoT Security and alarm systems
Timeslot: Sunday, 11:45 - 12:30
Studied Business Informatics at Cooperative State University Karlsruhe. Started at Hochschule Mannheim University of Applied Sciences computer science and finished with his Bachelor’s degree. After that he joined NVISO as a security consultant, where he focuses on penetration testing, technical demonstrations and trainings. He works in the Software and Security Assessment department, where he provides security for IoT devices, web and mobile applications.
This talk is about the security of IoT and embedded devices followed by some research about smart alarms used by the physical security sector.
Sebastién Dudek: Smart grid (in)security
Timeslot: Saturday, 10:15 - 11:00
Sebastién Dudek is the founder and a security engineer at PentHertz. He has been particularly passionate about flaws in radio-communication systems, and published researches on mobile security (baseband fuzzing, interception, mapping, etc.), and on data transmission systems using the power-line (Power-Line Communication, HomePlug AV) like domestic PLC plugs, as well as electric cars and charging stations. He also focuses on practical attacks with various technologies such as Wi-Fi, RFID and other systems that involve wireless communications.
Due to the variability of the weather and its demand, solar and wind energy output are difficult to predict accurately. Their price variability has therefore increased during the day, which strengthened the business case for energy storage. To follow consumer demand patterns, solutions of energy storage systems like B2G (Battery-to-Grid) and V2G (Vehicle-to-Grid) have been deployed. Nevertheless, these technologies use the Power-Line Communication systems at its endpoints and might present some interesting vectors of attack. In this talk, we will talk about the HomePlug technologies used in this context, and introduce our attacks against V2G systems with a Proof of Concept. Then we will talk about some advancement made around HomePlug that is used for domestic, industrials and smart cities purposes.
Sergej ‘winnie’ Schmidt: Automated and Architecture-Agnostic Extraction of Message Formats
Timeslot: Saturday, 14:30 - 15:15
Sergej Schmidt started his IT security career in 2011 as a pentester for web and mobile apps. His fetish for UNIX began long before. While being a pentester with different focus remained his job over the years, he is a GNU/Linux admin, enjoys coding, reversing and building dynamic analysis tools by night.
AAAXMF (Automated and Architecture-Agnostic eXtraction of Message Formats) is a network message analyzer based on the PANDA Analysis Framework. Through dynamic binary analysis it monitors incoming network messages. The corresponding message buffers are tainted in order to track all instructions which access the packets. Through further analysis of memory access patterns of instructions AAAXMF makes it possible to infer fields and field boundaries such as delimiters, length and static fields. The latter is based on inference methods introduces by the work “Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis” by Caballero et al. This work’s novelty is that it implements the analysis on LLVM intermediate language, rather then platform-specific Assembly. Thereby it is possible to infer network messages agnostic to a program’s platform.
Stefan Hager: The attacker’s view
Timeslot: Saturday, 11:15 - 12:00
Stefan works for the Internet Security Team at German company DATEV eG. He started messing with computers in the 80s and turned it into a job as a programmer in the early 90s. Since 2000 he has been securing networks and computers for various enterprises in Germany and Scotland. His main focus nowadays is security research, raising security awareness, coming up with creative solutions to security problems and discussing new ideas concerning threat mitigation. When not trying to do any of the stuff mentioned above, he is either travelling, procrastinating or trying to beat some hacking challenge.
One of the first phases of targeted attacks always is reconnaissance. The crafty attacker tries various methods to gather as much information as they can about their destination before striking. This phase is often overlooked by defenders, because seemingly there is nothing that can be done against it, and it’s also hard to detect. Yet analysing what’s left in the open and getting a proper understanding of how a company looks to an attacker gives valuable information to the defenders, even if the gathered information is stuff that can’t be fixed; it still gives helpful information what to look out for. Defenders have a disadvantage, which can be somewhat softened by putting themselves in the footsteps of an adversary to discover the same information an attacker would use. The gathered information can be used to tweak logging alerts, set up honeytokens, or even to remove critical information from the public to reduce possible attack vectors or to get alerted quickly when something is up. Get a jump start on how to research the digital presence of your company from network level to social media without any inside information (and no big budgets).
superhero1: Welcome to the land of PWN - recreating open source hardware & hacking tools
Timeslot: Sunday, 14:15 - 15:00
Sebastian has been enjoying computers since being a child loving to take everything apart. The internet, mobile phones and microcontrollers fueled his passion to know more about various kinds of technology. After taking a break for 9 months to improve his management skills outside of IT he will soon go back to designing cloud solutions and APIs for applications at a large enterprise by day and being a bug bounty hunter at night.
Buy crypto with your super secure hardware wallet, pay your coffee safe & easy contactless, access the gym or workplace with your personal badge, enjoy free wifi - why would you care? In this talk I will share my experience from recreating a proxmark3, ChameleonMini, MagSpoof, pwnagotchi & Trezor clone and show it only takes a few Euros to recreate open source hardware to impersonate you or steal your secrets.
Walter Legowski: Invoke-CovenAtion
Timeslot: Sunday, 15:15 - 16:00
Offensive Windows Consulting Jack of no trade, learner of some….
Weaponizing VSCode for multi-platform multi-user multi-session multi-target multi-language multi-command corporate post-exploitation with Covenant and a bit of PowerShell.