Talk. Transport Layer Security – TLS 1.3 and backwards security issues

Abstract. Since the publication of CRIME and BEAST, many new attacks on TLS implementations surfaced each year. It turned out that some of the basic designs of TLS were flawed, e.g. the MAC-then-PAD-then-ENCRYPT construction of the TLS Record Layer. The IETF has therefore initiated work on TLS version 1.3, a major revision of the TLS standard. This new standard is influenced by Google's QUIC protocol, has lower latency, and improved security features.

In this talk, the outlines of the new standard will be sketched, and the current state of standardization described. In addition, we will have a look at backwards compatibility attacks, and ask if simply adding a new TLS version without deactivating the older ones will really improve security.

Biography. Since September 2003, Prof. Dr. Jörg Schwenk is the owner of the Chair for Network and Data Security at the Ruhr University Bochum. The chair belongs to the renowned Horst Görtz Institute for IT Security. Professor Schwenk is an internationally recognized expert in the areas of cryptography and IT security. After completing his doctorate in the Department of Mathematics at the University of Giessen he moved in 1993 to Darmstadt, where he worked at the Telekom Technology center for applied research in the field of IT security. Professor Schwenk is an author of numerous international publications in renowned conferences (for example Eurocrypt, Asiacrypt or Communications and Multimedia Security), author of textbooks on cryptography and Internet security, and about 60 patents in the field of IT security.

Talk. Security Nightmares in the Internet of Things: Electronic Locks and More

Abstract. Wireless embedded devices have become omnipresent in applications such as access control (to doors or to PCs), identification, and payments. The talk reviews the security of several commercial devices that typically employ cryptographic mechanisms as a protection against ill-intended usage or to prevent unauthorized access to secured data. A combination of side-channel attacks, reverse-engineering and mathematical cryptanalysis helps to reveal and exploit weaknesses in the systems that for example allow opening secured doors in seconds. At hand of the real-world examples, the implications of a key extraction for the security of the respective contactless application are illustrated. As a powerful tool for security-analyzing and pentesting NFC and RFID systems, the open source project  "ChameleonMini" is presented: Besides virtualization and emulation of contactless cards, the device allows to log the NFC communication, and in its latest revision acts as an active RFID reader.

Biography. Timo Kasper studied electrical engineering and information technology at the Ruhr University Bochum and at the University of Sheffield, UK. In 2006, his Diploma thesis "Embedded Security Analysis of RFID Devices" won the first place award for IT security (CAST, Darmstadt). Timo Kasper has been research assistant at the Chair for Embedded Security of the Horst Görtz Institute for IT Security (HGI) since October 2006. He completed his studies 2011 with a PhD in Engineering. In 2012, his PhD thesis "Security Analysis of Pervasive Wireless Devices - Physical and Protocol Attacks in Practice" won the first place award for IT security (CAST, Darmstadt). Timo is co-founder of Kasper & Oswald GmbH offering innovative products and services for security engineering.

Talk. An Abusive Relationship with AngularJS v2

Abstract. Some voices claim that "Angular is what HTML would have been if it had been designed for building web applications". While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away.

This talk will have a stern, very stern look at AngularJS 1.x in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its
own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0?

Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base?

This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson
learnt and hopefully agree that progress doesn't invariably mean an enhancement.

Biography. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetoric.

Talk. The beast within - Evading dynamic malware analysis using Microsoft COM

Abstract. Microsoft Common Object Model (COM) is technology which aims at providing binary programming interface for Windows programs. Despite its age almost ancient age, it still forms the internal fundament of many new Microsoft technologies such as .NET. However, in more than twenty years of further development, the inevitable pressure to retain backwards compatibility have turned the COM runtime into a obscure beast. These days, many COM interfaces exist that mirror almost the same functionality provided by common Windows APIs. Malware authors can easily execute almost any operation (creating files, starting new processes, etc.) only using COM calls. Dynamic malware analyzers must deal with this accordingly without getting lost in the shadowy depths of the COM runtime. The talk presents various aspects of automated dynamic COM malware analysis and shows which approaches are actually realizable and which ones are hopeless.

Biography. Ralf achieved his Ph.D. in computer science / IT-security at the Ruhr-University of Bochum in 2013. During his studies he focused on new analysis methods for binary software, with a strong focus on malware. Since then, he has been one of the co-founders and the CTO of VMRay GmbH, a Bochum-based IT-security company focusing on 3rd generation threat analysis and detection using advanced hypervisor-based dynamic analysis. He has experience in malware research and software development for more than 15 years and is an active speaker at various academic and industrial conferences. His special interests lie in virtualization techniques and its application to software analysis.

Talk.The DROWN Attack

Abstract. We present DROWN, a novel cross-protocol attack thatcan decrypt passively collected TLS sessions from up-to-dateclients by using a server supporting SSLv2 as aBleichenbacher RSA padding oracle. We implemented theattack and can decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours using Amazon EC2, at a costof $440. Using Internet-wide scans, we find that 33% ofall HTTPS servers and 22% of those with browser-trustedcertificates are vulnerable to this protocol-level attack,due to widespread key and certificate reuse.

Biography. Sebastian is a professor for computer security at Münster University of Applied Sciences since 2013. His research topics include penetrationtesting techniques, applied cryptography, side channel attacks, and he speaks regularly at information security conferences.

Talk. Cache Side-Channel Attacks and the case of Rowhammer

Abstract. Software security relies on isolation mechanisms provided by hardware and operating system.  However, isolation mechanisms are often insufficient, for instance due to the existence of  caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks.

The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target  cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of  hardware features. This broadens the field of cache attacks and increases their impact significantly.

The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain  unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites.

Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on identifying and minimizing architecture dependent code in operating system kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed through a remote website, known as Rowhammer.js.

Talk. Automatic Extraction of Indicators of Compromise for Web Applications

Abstract. Indicators of Compromise (IOCs) are forensic artifacts that are used as signs that a system has been compromised by an attack or that it has been infected with a particular malicious software. In this paper we propose for the first time an automated technique to extract and validate IOCs for web applications, by analyzing the information collected by a high-interaction honeypot. Our approach has several advantages compared with traditional techniques used to detect malicious websites. First of all, not all the compromised web pages are malicious or harmful for the user. Some may be defaced to advertise product or services, and some may be part of affiliate programs to redirect users toward (more or less legitimate) online shopping websites. In any case, it is important to detect those pages to inform their owners and to alert the users on the fact that the content of the page has been compromised and cannot be trusted. Also in the case of more traditional drive-by-download pages, the use of IOCs allows for a prompt detection and correlation of infected pages, even before they may be blocked by more traditional URLs blacklists. Our experiments show that our system is able to automatically generate web indicators of compromise that have been used by attackers for several months (and sometimes years) in the wild without being detected. So far, these apparently harmless scripts were able to stay under the radar of the existing detection methodologies – resisting for long time on public web sites.

Biography. Marco Balduzzi holds a Ph.D. in applied IT security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics on which he worked on are web and browser security, code analysis, botnets detection, cybercrime investigation, privacy and threats in social networks, malware and intrusion detection systems.

Talk. Eavesdropping on WebRTC Communication with Funny Cat Pictures

Abstract. WebRTC is one of the newest additions to the ever growing arsenal of Web browser-based technologies. In a shift away from the Web's classic Server-client architecture, WebRTC enables the creation of peer-to-peer channels between browsers, that do not traverse the Web server after initialization, allowing direct data transfer as well as audio/video chat. Well established protocols, such as HTTPS and DTLS/SCTP, outfit WebRTC's network communication (Both the browser-server as well as the browser-to-browser connections) with strong security guarantees, that render Man-in-the-Middle attacks virtually impossible. But -- not uncommon in Web scenarios -- the weakest link of the chain can be found on the JavaScript layer in the browser.

In this talk, we will show how a single Cross-site Scripting vulnerability, a compromised signaling server, or a malicious CDN can be utilized to fully intercept Web RTC communication and leak video & audio of both participants of the communication to a malicious third party. The attack is fully hidden from the compromised parties and requires no server infrastructure on the attacker's site.

Biography. Dr. Martin Johns is a Research Expert in the Security and Trust group within SAP AG, where he leads the web application security team. Furthermore, he serves on the board of the German OWASP chapter. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new millennium, he earned his living as a software engineer in German companies (including Infoseek Germany, and TC Trustcenter). He holds a diploma in Computer Science from the University of Hamburg and a Doctorate from the University of Passau. Martin has a track record of over eight years applied WebAppSec research, published more than 20 papers on the subject, and is a regular speaker at international security conferences, including Black Hat, the OWASP AppSec series, CCS, ACSAC, ESORICS, PacSec, HackInTheBox, RSA Europe, and the CCC Congress.

Talk. Code-Reuse Attacks and Beyond

Abstract. Code-reuse attacks have become a prevalent technique to exploit memory corruption vulnerabilities in software programs. The focus of most attacks is on modifying code pointer and a variety of corresponding defenses has been proposed, of which many have already been successfully bypassed — and the arms race continues. In this talk, we provide an overview of some recent work we performed at Ruhr-University Bochum towards code-reuse attacks with and without modifying code pointers. On the one hand, we present some recent results on a technique called counterfeit object-oriented programming (COOP). We demonstrate that many existing defenses that do not consider object-oriented C++ or Objective-C semantics precisely can be generically bypassed in practice. On the other hand, we focus on non-control data attacks. We demonstrate some potential attacks and focus on data-only attacks that can bypass many of the existing defenses. We conclude the talk with an overview of potential other targets of code-reuse attacks and an outlook of future challenges.

Biography. Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include systems oriented aspects of secure systems, with a specific focus on applied computer security. Currently, his work concentrates on automated analysis of malicious software, reverse engineering, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria.

Talk. On the Security of Browser Extensions

Abstract. In an everlasting struggle to find the balance between security, privacy and that toolbar which slipped in after you've installed Java, browser extension systems constantly evolve. Three years after Kotowicz has pwned our stuff, we will explore old and new attack techniques for both Firefox and Chrome. Finally, we will engage in a jolly expedition to long-forgotten extension types and convince them to exploit the browser itself.

Biography. Nicolas is a soon-to-be former student of the Ruhr University Bochum. After finishing his master's degree, he will move to Zurich to join Google's web security efforts. Due to being a HackPra supervisor for roughly three years, Nicolas had the pleasure of listening to many great speakers and is eager to show that he has learned quite a few tricks of their trade over time.

Talk. Hacking with Unicode in 2016

Abstract. This presentation explores common mistakes made by programmers whendealing with Unicode support and character encodings on the Web. Foreach mistake, I explain how to fix/prevent it, but also how it couldpossibly be exploited.

Biography. Mathias is a Belgian web standards freak. He likes HTML, CSS, JavaScript, Unicode, performance, and security. At Opera Software he’s a member of the Developer Relations team.

Talk. On Securing Legacy Software Against Code-Reuse Attacks

Abstract. Code-Reuse attacks such as return-oriented programming constitute a powerful exploitation  technique that is frequently leveraged to compromise software on a wide range of architectures. These attacks generate malicious computation based on existing code (so-called gadgets) residing in linked  libraries. Both academia and industry have recently proposed defense techniques to mitigate code-reuse attacks. However, a continuous arms race has evolved between attacks and defenses. In this talk, we  will elaborate on the evolution of code-reuse attacks. In particular, we explore prominent defense  techniques that are based on control-flow integrity (CFI) enforcement and code randomization. Further, we discuss promising research directions such as hardware-assisted defenses and protection against  these attacks at the kernel layer.

Biography. Lucas Davi is an independent Claude Shannon research group leader of the Secure and Trustworthy Systems group at Technische Universität Darmstadt, Germany. He received his PhD from Technische Universität Darmstadt, Germany in computer science. He is also a researcher at the Intel Collaborative Research Institute for Secure Computing (ICRI-SC). His research focuses on software exploitation technique and defenses. In particular, he explores modern software exploitation attacks such as return-oriented programming (ROP) for ARM and Intel-based systems.

Talk. Cheshire Cat's Grin

Abstract. There is malware, and then, there is m.a.l.w.a.r.e. Last year we got our fingers on a set of exquisite binaries which were definitely not the usual kind. No I'd never call malware sophisticated, after all thats not what it takes to be dangerous; or interesting. But those were a challenging beast, unusually intriguing.

For the lack of a better name, and given all the whacky traits the binaries come with, we dubbed the family CheshireCat. Thats the pink cat in Alice's wonderland with the most stupid grin. The CheshireCat binaries have been around since 2002, some are built for workstations as old as Windows NT4, they support dial-up connections and executable header checks for the NewExecutable file format. Go figure. We came to the conclusion, someone very dedicated has built CheshireCat for very special networks and kept his operation under the radar for more than a decade.

This talk will introduce CheshireCat's implementation traits, stealth tactics and wonderous functionalities. The term attribution might appear, once, to leave some clues about where CheshireCat might have come from.

Biography. Marion Marschalek is Principal Malware Researcher at GData AdvancedAnalytics, focusing on the analysis of emerging threats. Marion startedher career within the anti-virus industry and also worked on advancedthreat protection systems where she built a thorough understanding ofhow threats and protection systems work and how both occasionally fail.Next to that Marion teaches malware analysis at University of AppliedSciences St. Pölten and frequently contributes to articles and papers.She has spoken at international conferences around the globe, amongothers Blackhat, RSA, SyScan, hack.lu and Troopers. Marion came off aswinner of the Female Reverse Engineering Challenge 2013, organized by REprofessional Halvar Flake. She practices martial arts and has a vividpassion to take things apart. Preferably, other people's things.

Talk. Java deserialization vulnerabilities - The forgotten bug class

Abstract. Java deserialization vulnerabilities are a bug class on its own. Although several security researchers have published details in the past, still the bug class is fairly unknown. This talk is about finding and exploiting deserialization flaws in Java. Details on a new gadget will be disclosed, allowing Remote Code Execution. And several vulnerabilities discovered by Code White will be shown as Case Studies including a 0day.

Biography. Matthias is the Head of Vulnerability Research at Code White. He enjoys bug-hunting in Java Software because it's so easy. He found vulnerabilities in products of Oracle, IBM, SAP, Symantec, Apache, Adobe, Atlassian, etc. Currently, he enjoys researching deserialization and looking into COM/OLE.