Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies, where she specialises in payment technologies and application security. In her spare time, she is a blogger and video maker. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory. She has presented and authored research on ATM security, Mobile Point of Sales terminal vulnerabilities, and application security, and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, and Black Hat USA. You can follow Leigh-Anne on twitter as @L_AGalloway
Dr.-Ing. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) "security researcher" is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides.
Jonathan Claudius is an ethical hacker and security engineer at Mozilla. He is a member of Mozilla’s Enterprise Information Security team; where he serves as the product owner for security assessments, which include vulnerability assessment, penetration testing, and red team exercises. Jonathan is also a contributing member and operator of one the first bug bounty programs in existence, the Mozilla bug bounty program. He has over 17 years of experience in IT with the last 15 years specializing in security. Before coming to Mozilla, Jonathan was a Senior Lead Security Researcher at Trustwave SpiderLabs where he lead multiple research teams to help fight cybercrime, protect data, and reduce security risk. Jonathan has also presented at DEFCON, BlackHat, BSides, SOURCE, THOTCON, and other leading security conferences.
André Baptista and Federico Bento
We are not in the 90’s anymore. Many memory corruption mitigations were introduced through all these years. Are you a curious person about memory corruption vulnerabilities or you want to learn how to develop exploits that will work in the present? We prepared this workshop for you!
In this workshop we will cover modern exploitation techniques, including: ROP chains, read/write-what-where primitives, return to libc, heap exploitation, use-after-free and kernel exploitation techniques. We will focus on Linux, using simple examples, but these techniques can also be used on other operating systems.
* Basic knowledge about binary exploitation mitigations (ASLR, NX, Stack Canaries)
* Reverse engineering techniques (static and dynamic analysis)
* Debugging on Linux with GDB ([GEF - GDB Enhanced Features](https://github.com/hugsy/gef) recommended)
* [Pwntools](https://github.com/Gallopsled/pwntools) installed on a Linux distribution (Ubuntu 16.04 recommended)
André is a security researcher and bug bounty hunter. Currently, he is an invited professor at the University of Porto (MSc in Information Security) and the captain of the xSTF CTF team. He is a researcher at INESC TEC and he also contributes to C3P (Center of Competence in Cyber Security and Privacy). He's known for finding a critical SSRF on the Shopify cloud infrastructure and being the H1-202 MVH, a live-hacking event organized by HackerOne this year.
Federico is just your average dude who enjoys computer security related topics. He's currently taking his Masters in Information Security at the University of Porto, so if you think he's cool enough, offer him a job that pays him loads of money. He's very much interested in memory corruption type of bugs, exploitation techniques against real-world systems/defenses, reverse engineering and all those nice things. He's known (to his mommy) for having written a couple of exploits against real targets, winning a Pwnie, being nominated for another Pwnie and, last but not least, for being a total player, so do not bring your wife with you to this con!
Rémi Escourrou and Nicolas Daubresse
Pentester or attacker often exploit the same obvious vulnerabilities in Active directory. Come learn how to exploit and mitigate them.
Welcome in Noob Firm, the most insecure network ever, we have a very large Active Directory environment and we do no security at all. For now, no one ever hacked our corporate network (at least we hope) but our new CISO requires us to perform a security assessment.
Your mission, should you choose to accept it, is to evaluate our security level and fix the issues.
In this fully hands-on workshop, we’ll guide you through 8 of the lowest hanging fruits weaknesses that we witnessed during numerous penetration tests. You’ll learn how to :
* Spot passwords inside user descriptions
* Find passwords on shared folders
* Spray passwords over accounts
* Quickly detect obsolete workstations and servers
* Get free password hashes by kerberoasting
* Pivot from machine to machine by reusing local credentials
* Spot machines where Domain Admins are connected
* Retrieve Domain Admins credentials in memory
Crackmapexec, Powerview, SharpRoast, Mimikatz will be your best friends during this workshop.
Hand-on exercises will be performed on our lab environnement with more than twenty virtual machines. For each attack, we will also discuss about mitigation techniques.
This training is aimed at people willing to start with Active Directory security and hands-on sessions. There is no specific requirement for attendees except a basic IS and infosec culture.
All attendees will need to bring a laptop capable of running virtual machines (4GB of RAM is a minimum). Each attendee will be given a USB key with a Windows virtual machine with the necessary pentesting tools to perform the lab sessions.
Rémi Escourrou (@remiescourrou) is security consultant at Wavestone. For 3 years, he has been developing his skills as a pentester of IT infrastructure and more specifically on Active Directory environment. He is also involved in the CERT-W as First Responder.
Nicolas Daubresse (@nicolas_dbresse) is security consultant at Wavestone. For 3 years, he has mainly performed penetration tests on global IT infrastructure and Active Directory environments. Involved in the CERT-W, he also had the occasion to see the other side of the attack.
Hans-Martin Münch and Timo Müller
CANAPE is a Windows toolkit for analyzing binary protocols in a graphical environment, written by James Foreshaw. This workshop provides a practical overview by analyzing an example protocol.
CANAPE is a capture and manipulation tool for arbitrary network protocols. It was developed by James Forshaw during his time at Context IS. Simplified, CANAPE can be described as “Burp forbinary protocols”
Sadly, the tool is not well documented, which often causes trouble for users that never worked with CANAPE before. This workshop tries to fix that by providing an practical overview of CANAPE. It is based on a original workshop that James Forshaw hosted in 2014 at 44con.
Participants must have a Windows system (at least Windows 7), Virtual Machines are fine.
Hans-Martin Münch: CEO of MOGWAI LABS GmbH, a small security consulting company from South-Germany
Timo Müller: TBA