Technical Briefings


Exploit the Exploit Kits (Dhruv Soi)

Exploit kits are being used by cyber criminals to carry out targeted attacks against the victims by exploiting the browser vulnerabilities or the vulnerabilities in the accompanied plugins like Adobe PDF, Flash, Java etc. Most of the botnets like Zeus take a ride over the exploit packs to get injected into the victim’s computer. Eleonore, Crime Pack, Black Hole exploit packs have been lately in the news for infecting few sensitive government departments.

Exploits packs can be bought from their authors who are available over the ICQ/Jabber and the money can be transferred as e-currency. These packs are sold as licensed software bound to a particular IP address or domain name and the source code otherwise is obfuscated which is hard to be decompiled.

While researching over the exploit kits, speaker arrived at a unique and unknown mechanism to bypass the restriction of IP address or domain name on an exploit kit without burning the mid-night oil in reversing or decompiling the pack.

This talk is completely oriented towards the exploit kits starting from fundamentals and working of the exploit kits, followed by the economics involved. Speaker will demonstrate the live infections using these packs to make the audience aware about its significant impact. Presentation will also talk about the mechanism using which researchers can bypass the IP or domain based restriction embedded into the exploit kits. After this talk, running a stolen or publically available exploit pack would be a matter of seconds. Boom!!!

Android Tamer (Anant Shrivastava)

Android is emerging as a leading mobile brand however, with rise of any system also rises the misuse, and so we need a security tool to keep a check on stuff.
This presentation will look at the available toolset for security professionals and will introduce some new combinations in a consolidated form of a VM environment. This will be a one stop tool required to perform any kind of operations on Android devices / applications / network, be it forensic evaluation or source code review or software security testing or customizing ROM with pre embedded stuff. everything is provided in a single package. More usages will include malware analysis along with review check of new applications inside a controlled environment. Environment will be bundled with eclipse, droiddraw, gingerbread source code. And most of the well known security tools in one single package. You can call it swiss army knife for android security.

One link Facebook (Anand Kishore Pandey)

Facebook have millions of users and nearly everyone wants to have a look at others profile, read their messages to know their secret and facebook itself provides a method to do so. A direct link to your account which will bypass username, password, checkpoint and user’s location based authentication. On successful crafting a legitimate URL one can get unrestricted and full access to the account. Here we will discuss the various parts of the URL and how to form a direct access URL.

Android Forensics (Manish Chasta)

Smartphones can be used in cyber crimes like shooting illegal videos, sexual harassment cases, used by terrorists or for financial crimes.
Talk starts with brief introduction of Android internals i.e. Dalvik VM, SQLite database, underlying Kernel.
Presentation covers the steps of cyber forensics in context of Android:

  •  Seizing the phone and maintaining its state so that we don’t lose any important data
  • Taking image of the phone memory and memory card. In case of Android, we need to ROOT the device first to  take the bit by bit image.
  • Recovering useful data from the image. Device memory can contain extremely valuable data including contact list, call logs, sms, emails, passwords, application data, phone data etc.
  •  Analyzing the data to discover evidences. It will cover decrypting the encrypted files, cracking the passwords, recovering deleted files etc.
  •   Chain of custody to preserve evidences so that they can be presented in a court of law.

The presentation also demonstrates:

  • Rooting Android Phone
  • Taking image and Discovering evidences

Takeaway for the audience:

  • Insights to the Android System
  • Techniques and concepts to recover and analyse evidences from Android phone
  • Live Forensics for Android System.

DOM XSS — Encounters of the 3rd Kind (Bishan Singh Kochher)

Frontend development paradigm has shifted to Rich Internet Applications. Existing and newer technologies are creating nearly unlimited opportunities that drive better user engagement and rich experience. Along, they bring new attack vectors and exponentially raise severity and manifestation of existing ones like DOM XSS. We are in an era where a lot of code sits on the browser necessitating defensive coding or at the minimum context specific validation of un-trusted input on the Fronted, that typically existed server-side.

Existence of DOM XSS vulnerabilities in the open is alarming if statistics and disclosures are anything to go by
– 56 out of Alexa top 100 sites vulnerable
– 2370 vulnerabilities on 92 sites out of 850 Fortune 500 sites tested
– in the list top 5 security issues for 2011 according to security researchers.

This is a highly demo oriented talk covering  following major areas
– evolution of DOM XSS
– root cause, taint sources and sinks
– detection and analysis (covers DOMinator)
– mitigation techniques leveraging defensive coding and output encoding
– covers issues and precautions needed with jQuery and YUI, the most popular JS libraries

Mere pass Teensy hai (Nikhil Mittal)

The title of the talk is “inspired” from an answer to a question from a famous Hindi movie which
needs no introduction. In that timeless drama, a brother boasts off his assets and makes a mockery
of his brother by asking him about the assets he owns, a difficult question but with a very simple
answer. We as hackers and penetration testers are asked the same question, time and again during
our engagements. Whenever we are unable to get into a system we are being asked the same
question, whenever an AV blocks or kicks us off a system we are being asked the same question,
whenever we have to leave some systems out of pwnage as they are too fragile and/or valuable to
be exploited using memory corruption bugs we are being asked the same question. Do we have an
answer? Yes we do, we have Teensy.

Teensy which is a USB Micro-controller device can be used as a keystroke dongle and can be
programmed to “type” commands and use mouse when a specific condition is met. All you need to
do is to program commands into the device, connect it to a system using USB port and you will see
commands being sent. Much work has been done on Teensy, with some really great things done
with this.

This talk focuses on usage of Teensy in a Penetration Test. You will see how easy it is to pwn a
machine using teensy with just a few keystrokes. Some intuitive attack methods and payloads will be
demonstrated. We will have a look on how fabulously teensy goes through the instructions
provided. We will also go through some steps in tutorial mode so that you can program your own
teensy device. This is a relatively new attack vector and needs attention and community
contribution. The talk will be full of live demos.

‘How Android based phone helped me win American Idol’  (Elad Shapira)

The lecture will enable a rare glimpse into the workings of hackers, when moving rapidly through a wide range of topics by using examples and stories of personal experience –
All in a wild and fun atmosphere but with a serious, in-depth and “out-of-the-box” perspective.

We will discuss and show updated android related attacks, reversing tools and malware analysis methodology, android internals and terminology, android forensics methdology and cool stuff you can do with your phone.

Handle Exploitation of Remote System From Email Account (Merchant Bhowmick)

In this talk , we gonna cover offline exploitation ways . One of the way shows spawning the Dynamic Reverse Shell and the other one shows , how we can get victim data with using an email account of Gmail,yahoo etc. All the communication between the attacker and Victim is done using a stand alone email account.

One of the problem being an attacker we find that once we exploit the system,  it is so tricky to get access every time when victim system is up (internet connected!) for further command execution, both victim and attacker should be online my mechanism works on different which if one is online  No Problem At All!!  so in this presentation i am gonna show how we can use gmail,yahoo mail services to gain control over remote system with my tool as a payload and backdoor and it is anonymous, so no reverse trace backs  no need for complicated methods for accessing remote systems. It is a new type of method of Maintaining remote access so if we create the exe using C# or any language it can be used as a payload in metasploit exploitation framework.

Pentesting Mobile Applications (Prashant Verma)

Recent studies show that the attacks on mobile applications are on the rise. With mobile applications now used for payments, securing Mobile applications is of utmost importance.

The presentation briefs the audience on “Penetration Testing the Mobile applications” to assess the level of security built into them. Key aspects in the mobile applications space include-
1.    Reading the application stored data on devices.
2.    Capturing the requests and manipulating the parameters.
3.    Reverse Engineering the application package.
4.    Mobile Platform Specific issues.

The presentation further delves into similarities and differences in the manifestation of above issues in Andriod and iOS platforms. The differences are mainly because of how the platform works, for e.g. the iPhone may store data in the plist files but there is no plist concept in other mobiles. Similarly, the solutions and the Platform specific issues call for specific implementations.

The presentation also demonstrates-
•    Configuring a proxy for the phone.
•    Reading stored data (iOS and Android).

These are presented based on the internal research work done on these platforms, auditing and pentesting real world mobile applications.
•    Vulnerabilities or Insecurities in mobile applications.
•    Techniques to find mobile application vulnerabilities.
•    Securing mobile applications.

Scenario Based Hacking in Wi-Fi Enterprise (Vivek Ramachandran)

In this talk, we will explore how perfectly legitimate and useful features like the Wi-Fi Hosted Network on Windows 7 can be abused by malware to wreck havoc! We will see how an attacker could create Wi- Fi worms, backdoors and botnets using different techniques and attack Windows 7 clients using WPA2- PSK networks. These malware will use their own private Wi-Fi network to propagate and communicate with the attacker, and each other. We will also look at how to create proxy chains using Wi-Fi clients and how this technique makes it almost impossible to trace back the attacker! Who knows, the next Stuxnet may just use Wi-Fi for propagation over USB

Till date Wi-Fi security and hacking has concentrated on breaking into networks by cracking WEP/WPA or by hacking into the client using Hotspot/ Honeypot attacks. This talks opens up a new dimension for the abuse of Wi-Fi on the latest windows operating systems (Windows 7, Server 2008 R2 and above). We will release tools which will demonstrate how Wi-Fi worms, backdoors and botnets can be written to leverage Wi-Fi in damaging new ways. Due to the nature of Wi-Fi these malware will be more difficult to detect and hence remove.

Hacking your Droid (Aditya Gupta)

In the present world scenario, there is one more thing than our computers which need to be secure. They could sometime contain more sensitive information, which you don’t want anyone else to see. Mobile Phone security is a fast growing field in terms of security. With the entry of Android into the cellphone market, the security has been overcritical and malwares are being developed at an exponential rate.

In this talk, you will learn about the security of the Android OS, How to create a Malware for fun and profit and your brains would finally be  filled with how to conduct a mobile application Penetration Testing.
Be ready for the demos.!

Will be starting off with the Android basics, the OS and the Android Security model. After that, he will be diving into Android Applications and Dalvik Virtual Machine. Then he will be talking about the most important part of this presentation “Reverse Engineering” and “How to make our own malware” . The sent details to the server would include the IMEI, IMSI no of the device, Call and SMS Logs, and even some of the files from the SD Card. Ofcourse, there is a lot more possible . He is also be speaking about how to bypass the Anti Viruses for this platform, and where and how to spread. In the end, he would be concluding with a demo on How to conduct a successful mobile application Penetration Test.


Leave a Reply