When asked how to crack a safe open, most people will have a picture in mind, where a thief uses a stethoscope to listen to the inadvertent clicking noises of the lock. Despite usually not being clicking noises, the security of modern computers suffers similar problems. Adversaries can use inadvertent side effects of caching to crack our digital safes open. In this talk we will start with the basics on software-based microarchitectural attacks like Flush+Reload and then look at simple attacks that can be performed. Based on this, we will gain a deep understanding of transient execution attacks like Meltdown and Spectre and learn what the fundamental differences between these are. Finally, we will also look at a few other attacks to complete the overview of microarchitectural attacks.
Cyber-physical systems are attracting a lot of attention: attacks on connected cars received a lot of media exposure, as did attacks on industrial control systems, medical devices, and more generally on IoT devices. A lot of this interest is driven by vulnerability research (often in the form of "stunt hacking"). While useful and frankly engaging and attractive, this research does not really help answer the fundamental question of how to embed security analysis in design. In this talk, we will use automotive security as a case study to try to outline a risk-based design methodology that can be used to deal with our hyper-connected future.
Modern embedded and IoT devices are often equipped with a radio transceiver for communication, for example to send sensor readings or to receive commands from a gateway or controller. While security testing on *standard* radio protocols is aided by the many tools available to the community, working on *non*-standard protocols require knowledge of digital and analog signal theory, embedded protocols, and a lot of creativity. In this talk, I'll take you to a tour from ABC to complete reverse-engineering of a real system, with concrete examples, practical demonstrations, and even some tips for soldering onto teeny tiny pins with no sophisticated or expensive equipment needed. You will take home a small but hopefully useful ""bag"" of knowledge that you could start practicing right away!
We will explore the journey which lead to the USB armory Mk II R&D to illustrate how state-of-the-art hardware security can be achieved on all kind of embedded systems. We will analyze the interaction of Secure Boot and FDE schemes to understand common patterns in breaking, and fixing, all kind of implementations, whether employed in automotive, consumer or industrial systems. We will delve into the engineering challenges (say Type-C one more time...) that the USB armory Mk II security goals entailed, exploring how this open hardware has been developed.
Malware threats have been impacting the way that companies make and protect their business. In general, most of companies have bought several different products to compose their infrastructure and defense line, but they are only efficient against known and simple threats. Curiously, most infections start through simple vector such as a malicious document or a simple fishing. However, the problem is another one: what kind of malware a simple dropper can download in the system? Most ring 3 threats are visible, but some of them are not. Additionally, ring 0 threats are usually very dangerous because they work under the radar, compromising deeply the system and bypassing my protection. Worse, they can make the monitoring tools useless and open the way to advanced threats like BIOS/UEFI malware. What kind of techniques are used by these threats? What protections do we have? This presentation aims to show and explain some techniques used by malware advanced threats and protections against them.
Capture the Flag (CTF) competitions have attracted an increasing interest over the last decade. They proved to be an effective tool employed in academic, professional, and military contexts to teach practical IT security topics, as well as to strengthen lateral thinking skills and to acquire hands-on experience in the field. This talk will give you an insight into the various challenges that a team has to face while playing an attack and defence competition by leveraging on the experience gained by mhackeroni. We will report on the infrastructure developed by the Italians to clash with the world's best teams at DEF CON CTF and present some concrete examples from well-known hacking competitions.
How cybercriminals and State-sponsored hackers failed their opsec We like to think that most digital investigations took advantage of sophisticated technologies and analysis methods. But many of them actually started from something much more trivial: an opsec fail. From the suspect accused to have breached Capital One to many drug vendors or marketplace administrators, from APT28 to hacktivists and leakers, the difference between a good or a bad opsec is just one mistake. Usually, more than one. The human factor often exploited by attackers is the same that might compromise them. An undisciplined past, the need of opsec persistence, money flows, the rush to get results and group dynamics are some of the most common vulnerabilities.
The history of the Italian hacker scene from the 80s till today, characters, crews, associations, zines, events. An underground world that became mainstream: how things changed since Cyber Security became a real market. Stories from an unrepeatable period in which a small group of heroes made history. Many of them disappeared into the void, others are today's leaders of the Italian and international Cyber Security business.
In this talk, we analyze the cyber-espionage attack that took place against the service centers of Samsung Italy in Spring 2018. To a certain extend, this is also similar to another one targeting Samsung's Assistance Centers in Russia. We see how the attack has evolved over the months, by analyzing the different campaigns and RATs used to access the victims' system. By reconstructing how the malware connected to its command&control server, we believe that the actors behind the attack were qualified; the spear-phishing emails sent to the victims were a starting point for a planned targeted attack with the goal of industrial espionage. Thanks to our threat intelligence activity, we have reconstructed the evolution of the attack and share our insights with the audience.