RuhrSec 2019

Training. Advanced Client-Side Web Security

Abstract. In the training for client-side web security, we use real-life examples to teach you how an attacker finds and exploits client-side security vulnerabilities in modern web applications. By going far beyond the usual scope, this training will show you in-depth knowledge about topics, such as cross-site scripting and UI redressing. The goal of this intensive training is to enable you to conduct smaller audits and penetration tests within the field of client-side web security on your own. In addition, you will be able to understand and evaluate common attacks and to continually secure your web application regarding to these topics.

Course Outline.

• Short Introduction: HTTP, HTML, CSS, XML and DOM
• Same-Origin Policy & Cross-Origin Resource Sharing
• Social Engineering
• Information Disclosure
• Logical Flaws
• Cross-Site Request Forgery
• Cross-Site Scripting
  • Non-persistent XSS
  • Persistent XSS
  • DOM-based XSS
  • Self-XSS
  • Mutation-based XSS
  • Scriptless Attacks
• Session Hijacking and Session Fixation
• UI Redressing and Clickjacking
• DOM Clobbering
• Secure Coding
  • Content Security Policy
  • Pentesting Tools
  • Security Requirements

What to bring? Laptop, VirtualBox

Prerequisites. The course is designed for people who wish to familiarize themselves with web hacking. It is helpful if you have knowledge of web languages, such as HTML.

Who Should Attend? Web developers, heads of web development departments, and inter alia information security officers.

What to expect? The training will address the following questions, among others:

• How do attackers proceed when looking for client-side vulnerabilities in a web application? Which tools and procedures are used?
• How well is my web application protected against client-side attacks?
• How can I harden my web application against these attacks?
• Which measures are necessary to prevent future attacks against my web application?

What not to expect? One-fits-all solutions, because it is totally dependent on your use case and threat model.

About the trainer. For over a decade Dr.-Ing. Marcus Niemietz has been working as a penetration tester and web security trainer. As a co-founder of Hackmanit, he has been responsible for web security since 2014. In addition, he is also actively researching at the Ruhr University Bochum to prevent both UI redressing and cross-site scripting attacks. He is a regular speaker at numerous international IT security conferences, including the USENIX Security, Black Hat, and Microsoft‘s renowned hacker conference BlueHat. Marcus Niemietz is the publishing author of a book in the field of web security.

Training. ChameleonMini and NFC Security

Abstract. The hands-on training course about RFID (Radio Frequency Identification) in general and NFC (Near Field Communication) in particular covers the basics of RFID (e.g., working principle, classification, use cases, transponder types) and summarizes attacks on commercial NFC systems (e.g., key recovery, side-channel attacks). During the course, our NFC tool ChameleonMini is introduced and its usage for practical security analyses of NFC access control systems is trained, e.g., reading and emulating (cloning) contactless cards, sniffing, cracking keys with card-only or reader-only attacks, logging and interpreting the communication. The successful participants obtain a ChameleonMini RevG. and a participation certificate.
What is ChameleonMini?!
https://github.com/emsec/ChameleonMini/wiki, https://shop.kasper.it/chameleonmini/

Note: This training requires a minimum number of 5 participants.

Course Outline.

• Basics of RFID and related Security Threats
• Tools for NFC Security (ChameleonMini, libnfc)
• Details about ISO14443 / ISO15693 / NFC
• Security Vulnerabilities in Commercial NFC Systems
  • Mifare Ultralight
  • Mifare Classic
  • Mifare DESfire

What to bring? Laptop with VirtualBox, if possible. We will provide USB sticks with VirtualBox images, ChameleonMinis, NFC door locks, NFC cards, RFID readers, et cetera.

Prerequisites. Basic knowledge about RFID and NFC is helpful but not required. We will explain everything step by step. Basic Python programming skills are useful to automatize things, see e.g. the chamtool.py or chamlog.py in the open source project.

Who Should Attend? Everyone who is interested in understanding NFC technology and the security of contactless smartcards, and wants to learn to distiguish between secure and not-so-secure variants of NFC systems. Learn the different capabilities of different cards with and without cryptographic features, and test on your own what can go wrong in commercial systems and how to bypass flawed NFC systems.

What to expect? In-depth understanding of the open-source project ChameleonMini and how to use it for NFC pentesting or security-analyzing NFC systems. Learn to read (sniffing) logs of the ChameleonMini. Find out why this door lock is easy to bypass and another one is impossible to hack, how to detect if authentication or crypto functions are used at all, how to spoof Mifare Classic based payment systems, Mifare Ultralight (EV1) systems, and how to hack ISO15693 NFC toys. If you pass the course, expect to keep your ChameleonMini RevG and obtain a personal participation certificate.

What not to expect? This is no programming course for writing new firmware for the ChameleonMini, as this would require more than two days. Further, don't expect us to clone Mifare DESfire cards by means of EM side-channel attacks, nor expect a out-of the-box solution to bypass the security of any NFC system.

About the trainers. Kasper & Oswald GmbH (KAOS) are the inventors of the versatile NFC Tool ChameleonMini and have many years of experience with NFC Security.

Training. Kubernetes Security

Abstract. Hidden under the hood of Kubernetes are a lot of security features. Starting from the Linux namespaces used in containers to the network there are a lot of configurations with many bells and whistles supporting or totally annealing the security of a cluster. Some of them are obvious, some are byzantine and cause bizarre and unexpected side effects in combination with the flaws of the Linux kernel.
The workshop gives a general comprehensive overview of the security of the container ecosystem. The two-day course introduces the most important topics of Kubernetes Security. It is intended to raise awareness on the security features built-in or missing. The training shows which problems are obvious and need to be addressed first in daily security problems.

Course Outline.
Day One:

• Recap
  • Introduction: Top findings - what is really running in production
  • Containers: The Linux Heritage
    • Namespaces
    • Containers are just apps sorted in namespaces
    • Capabilities
    • Understanding the basic privileges of applications
    • SecComp, AppArmor, SELinux
    • Advanced security
    • Containers or hypervisor
    • Use both on bare metal
    • Spectre and Meltdown
    • The missing kernel feature
  • Pods: The Fundamental Concept
    • Creating and updating applications
    • Container pattern, designing containers for security
    • Checks, quotas, and limits
    • Basic necessities
    • Least privileges: Necessary and dangerous settings
    • Port 80 and beyond port 1024
  • Services: Connecting Applications to the Internet
    • Exposing services
    • Ports, hostports and external load balancers
    • Avoiding privileged ports
    • Remapping ports multiple times
    • Pitfalls in definitions
  • Ingress: Integrating of Services to a Site
    • Defining a complex website
    • Multiple services under one site
    • Managing keys and secrets with ingress
    • Secrets for certs
    • Complexity and pitfalls of ingress
    • How many ingresses should you use
    • Let's Encrypt
    • How to automate certs completely
• Container Patterns for Security
  • Container Pattern Introduction: Definition and examples
  • Sidecars: Protecting insecure applications from sidecars
  • Proxies: Controlling the traffic of an application
• Images: Docker and Beyond
  • Building images securely: Alternatives to Docker - containerd and cri-o
  • Running your own registries: Internal vs. public registries
  • Limits of metadata: Not every vulnerability is packaged
  • Images from scratch: Minimize the image footprints and make them undebugable
  • Best practices: Secure, but wait, where is the cert team?

Day two:

• AdmissionControllers: Check Everything
  • Definition: Concept and most important examples
  • PodSecurity
    • Basics
    • Role-Based Access Control (RBAC)
  • Clear project and role structure: Avoid confusing yourselves with complex rules
  • Worst practice examples: The internet ruins your installation
    • Helm: stable != secure
    • Helm 2: Don't use, move to Helm v3 (trivial exploit, cloudbombs reloaded)
  • OpenPolicyAgent: Policies for security
• Scripting: Simplest Way of Analyzing Clusters
  • Templates: Templates with go and JsonPath templates
  • Checking clusters with scripts: Checking for images, security contexts, roles, -bindings, etc.
  • How many scripts: Alternatives
• Network Security: Control Every Connection in the Cluster
  • Network Policies
    • Network Implementations: The Container Network Interface (CNI)
    • Implementations: Cilium, Calico
    • Examples
    • Testing Network Policies: Netcat for testing
    • Limits: Liquid services
  • Service Meshs
    • Definition
    • Distributed firewalls
    • Envoy
    • Implementations: Linkerd, Istio
  • Istio
    • Installation: Default installation
    • Use case: Trust nothing! Really?
    • Implementation: Inside the proxy
    • Scripting against Istio: initContainers
    • Sidecars vs. the Container Network Interface: Privileges in userspace vs. central management
• Misc
  • Audit Logs: Cluster auditing with Stackdriver, Elasticsearch, and Splunk
  • Disc encryption: Securing data at rest
  • Kubernetes in critical infrastructure: Resilience and encryption of connections
  • Linux without the GNU stuff: Kernel and kubelet only
  • Latest developments
  • Your topics: Bring your own observations, questions, and proposals

There might be minor changes to the topics according to the latest developments in Kubernetes and its security.

What to bring? Laptop with your preferred operating system or access to a non-productive Kubernetes cluster, some examples can be harmful. If using your laptop, RAM of at least 16GB is more important than CPU power.
Please preinstall the latest versions of Minikube, Kubectl, Helm, and Docker. A Linux-based Laptop is a plus, but not necessary.

Prerequisites. Good Linux knowledge, basic knowledge of Kubernetes. A good preparation is the book
Kubernetes: Up and Running: Dive into the Future of Infrastructure, 2nd edition by Kelsey Hightower, Brendan Burns, Joe Beda.
A full read is not necessary.

Who Should Attend? Developers, system and security engineers and architects, who work with Kubernetes microservices. Especially, if Kubernetes shall be used in security-critical environments.

What to expect? An introduction to the most relevant topics. There will some punctual deep dives, but generally, the examples are on a scripting level. We might find exploits, but this cannot be guaranteed or is intended. At the end, the participants should be able to judge typical Kubernetes setups and rate their security settings.

What not to expect? Full coverage of every aspect of Kubernetes security is not possible within two days. Sophisticated exploits, where several minor glitches are chained are possible, but not disclosed until today. They are not part of this workshop. Kubernetes code security, cluster resilience and side-channel attacks like Spectre, Meltdown and related are mentioned, but not covered.

About the trainers. Thomas Fricke is partner, member of the advisory board and former CTO of Endocode. He is a cloud architect, focussing on system automation, DevOps, now SecDevOps and is a cloud, database and software architect. He is doing audits and giving workshops and trainings on Kubernetes, with focus on container and network security.

Talk. More information will be added soon.

Abstract. More information will be added soon.

Biography. Karthikeyan Bhargavan (Karthik) is a directeur de recherche (DR) at Inria in Paris, where he leads a team of researchers working on developing new techniques for programming securely with cryptography. He was born in India and did his undergraduate studies at the Indian Institute of Technology Delhi before pursuing his PhD at the University of Pennsylvania. He then worked at Microsoft Research in Cambridge until 2009 when he moved to France. Karthik’s research lies at the intersection of programming language design, formal verification, and applied cryptography. Most recently, his work has focused on the design and analysis of the TLS 1.3 Internet standard and the design and deployment of the HACL* cryptographic library.

Talk. Post-Quantum Cryptography in the Internet-of-Things

Abstract. The security of embedded systems and IoT devices pose a large variety of challenges for security designers: this includes, for example, the requirement for cryptographic services that provide solid security guarantees for applications on the upper layer. Most of our currently used public-key cryptosystems (e.g., RSA or Elliptic Curve Cryptography) rely on the hardness of factorization or a variant of the discrete logarithm problem as trapdoor function. However, it is well-known that all those public-key cryptosystems will be broken as soon as sufficiently powerful quantum computers will become available. For long-term-secure use-cases, such as the protection of patient and health data, it is essential to identify and implement viable replacements already today. In this context, this talk highlights the challenges and latest achievements in the field of post-quantum cryptography for the Internet-of-Things.

Biography. Tim Güneysu is professor and head of the chair for Security Engineering at Ruhr-Universität Bochum in Germany. Since 2016 he is professor at the department for Cyber Physical Systems (CPS) of the German Research Center for Artificial Intelligence (DFKI) in Bremen. Prior to his current positions, he was senior researcher and visiting professor at UMass Amherst (US) and Hubert Curien Lab in Saint-Etienne (FR). His primary research topics targeting all aspects of secure system engineering with particular focus on applied cryptography, the design of security architectures for embedded systems and hardware security. In the area of IT security, he published and contributed to more than 120 peer-reviewed journal and conference publications and was appointed program co-chair of CHES 2015, TRUSTED 2016, CARDIS 2019 and FTDC 2020. He is managing director of the IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) as well as associate editor of IEEE Transaction on Computers (IEEE TC) and IEEE Transactions on Information Forensics and Security (IEEE T-IFS).

Talk. Towards Cognitive Obfuscation

Abstract. In a world in which interconnected digital systems permeate almost all facets of our lives, cybersecurity attacks form devastating threats with catastrophic consequences. Hardware components are the root of trust in virtually any computing system and are valuable targets of cyberattacks. In order to conduct malicious manipulations, hardware reverse engineering is usually the tool-of-choice. While hardware reverse engineering is a highly complex and universal tool for legitimate purposes, it can also be employed with illegitimate intentions, undermining the integrity of ICs via piracy, subsequent weakening of security functions, or insertion of hardware Trojans. In particular, Intellectual Property (IP) piracy has become a major concern for the semiconductor industry which causes losses in the range of several billion dollars. Due to the serious threats posed by attacks based on hardware reverse engineering, strong countermeasures, e. g. obfuscation, are indispensable. The security of most existing obfuscation techniques is assessed exclusively based on technical measures. However, the process of hardware reverse engineering cannot be fully automated, yet, and the lack of holistic tools forces human analysts to combine several semi-automated steps. Accordingly, cognitive processes and strategies applied by humans in the context of hardware reverse engineering must be considered for the development of cognitively difficult countermeasures (cognitive obfuscation).

Our research focuses on understanding how human analysts reverse parts of unknown hardware designs in realistic scenarios. Therefore, we perform several psychological studies and analyze the behavior of engineers at different levels of expertise. Based on an initial investigation we were able to derive a model of reverse engineering, consisting of three phases: (1.) Candidate Identification, (2.) Candidate Verification, and (3.) Realization. Furthermore, we analyzed more and less efficient strategies of reverse engineers and took cognitive abilities (e.g., working memory capacity) into account. In our talk, we will give an overview of the technical and cognitive aspects of hardware reverse engineering. In more detail, we will present our study design, the applied methods, and present our results. At the end of our talk, we will discuss implications for novel cognitive obfuscation techniques based on our findings.

Biography. Steffen Becker is currently working towards his Ph.D. degree under the supervision of Prof. Christof Paar at the Embedded Security Group, Ruhr University Bochum, Germany. He is also a member of the SecHuman graduate school and the Horst Görtz Institute for IT Security. His research focuses on human factors in reverse engineering. In particular, he explores underlying processes of hardware reverse engineering to facilitate the development of sound obfuscation methods.

Talk. HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs

Abstract. Given the popularity of the Web platform, attackers abuse JavaScript to mount different attacks on their victims. Due to the plethora of such malicious scripts, detection systems rely on static analysis to quickly process JavaScript inputs, sending only suspicious scripts to dynamic components. For an accurate detection of previously unseen JavaScript files, static approaches combine an abstraction of the source code at a lexical or syntactic level (based on the Abstract Syntax Tree (AST)) with machine learning algorithms.

In this talk, we present HideNoSeek, a novel and generic camouflage attack, which evades the entire class of detectors based on syntactic and lexical features, without needing any information about the system it is trying to evade. Our attack consists of automatically rewriting the ASTs of malicious JavaScript files into existing benign ones, while keeping the initial malicious semantics. In particular, HideNoSeek uses malicious seeds and searches for similarities at the AST level between the seeds and traditional benign scripts. Specifically, it replaces benign sub-ASTs by identical malicious ones and adjusts the benign data dependencies--without changing the AST--, so that the malicious semantics is kept after execution.

In practice, we leveraged 23 malicious seeds to generate 91,020 malicious scripts, which perfectly reproduce ASTs of Alexa top 10k web pages. Overall and by construction, a standard trained classifier has 99.98% false negatives on such crafted inputs, while a classifier trained on such samples has over 88.74% false positives, rendering the targeted static detectors unreliable. Similar to Android malware in repackaged applications, HideNoSeek could automatically alter benign JavaScript libraries and present them as an improved version of the original ones, for malicious purpose. In particular, such a modification of jQuery 1.12.4 would affect over 30% of the websites.

Biography. Aurore Fass is a third-year Ph.D. student at the CISPA Helmholtz Center for Information Security (Germany), jointly supervised by Michael Backes and Ben Stock. Her areas of interest include static malware analysis and detection (with special focus on JavaScript code), machine learning, and adversarial attacks. She presented her research work at several academic and non-academic venues like CCS, ACSAC, DIMVA, MADWeb, and Blackhoodie.

Twitter: @AuroreFass

Talk. Code emulation for reverse engineers: a deep dive into radare2's ESIL

Abstract. Code emulation is a well-known technique widely used in many scenarios non related to reverse engineering. However, it can also be leveraged as a great tool aiding in different reversing processes and it is becoming more and more popular for this purpose recently.

We will start by providing an overview of the capabilities and basic usage of the radare2 free and open source reverse engineering framework.

Then, we will explain the basics of code emulation, focusing on the reasons why it can be useful in reverse engineering processes and how it is implemented and used within radare2 by ESIL (Evaluable Strings Intermediate Language). In particular, we will explain the workings behind its implementation as a "stack machine on steroids".

Finally, we will explore practical examples and live demos that will show how to make the most out of it in different case scenarios related to reverse engineering, ranging from simple CTF challenges up to pseudo-debugging and analysis of non-native architectures, safe dynamic analysis of untrusted code and recovering original code from encryption/decryption routines inside obfuscated malware code.

The main goal of the talk is to introduce the radare2 reversing framework, mainly its emulation engine ESIL, and highlight the different ways in which reverse engineers can take advantage from code emulation techniques for daily tasks in different scenarios.

Biography. Arnau, 22 years old, is a student of Mathematics and Computer Engineering at the University of Barcelona, specially interested in the field of reverse engineering and focusing his research in advanced techniques for code deobfuscation. He has worked as a software developer in a project of the European Research Council and has been a DFIR summer intern at Arsenal Consulting. Speaker at seminars and university meetings as well as in several security conferences (RootedCON, OverdriveConference, r2con, HITB...). He collaborates in the organization of the radare2 congress (r2con) and is co-founder and president of @HackingLliure, a non-profit association of ethical hacking and computer security.

Twitter: @arnaugamez

Talk. Efficient Forward Security for TLS 1.3 0-RTT

Abstract. The TLS 1.3 0-RTT mode enables a client reconnecting to a server to send encrypted application-layer data in "0-RTT" ("zero round-trip time"), without the need for a prior interactive handshake. This fundamentally requires the server to reconstruct the previous session's encryption secrets upon receipt of the client's first message. The standard techniques to achieve this are session caches or, alternatively, session tickets. The former provides forward security and resistance against replay attacks, but requires a large amount of server-side storage. The latter requires negligible storage, but provides no forward security and is known to be vulnerable to replay attacks.

In this talk, we discuss which drawbacks the current 0-RTT mode of TLS 1.3 has and which security we actually would like to achieve. We then present a new generic construction of a session resumption protocol and show that it can immediately be used in TLS 1.3 0-RTT and deployed unilaterally by servers, without requiring any changes to clients or the protocol. This yields the first construction that achieves forward security for all messages, including the 0-RTT data.

Biography. Kai Gellert is a PhD student at the chair of IT Security and Cryptography at the University of Wuppertal, where he is supervised by Tibor Jager. The focus of his research is the construction and security analysis of forward-secure 0-RTT protocols. His results are published at leading security and cryptography conferences such as Eurocrypt and the Privacy Enhancing Technologies Symposium.

Twitter: @KaiGellert

Talk. LangSec – The View on Software Security from the Tower of Babel

Abstract. This talk gives an introduction to Language-theoretic Security (LangSec) for pragmatists. Fundamental results from LangSec are applied to real world security problems and give a clear direction on how to (not) solve these problems. The talk does not require you to have knowledge in theoretical computer science in order to take away results you can apply in daily security life.
LangSec regards the Internet insecurity epidemic, which started with the discovery of buffer overflows, as a consequence of ad hoc programming of input handling code. To overcome this ongoing crises Lansec postulates to create trustworthy software, i.e. (un)parser, that take untrusted input and treat it by means of formal language theory.

Biography. Lars Hermerschmidt is Security Champion guide elder at AXA Konzern AG and strives to integrate Security into DevOps. In LangSec he researches unparser to solve injection vulnerabilities for arbitrary languages. In addition, he worked in the field of security architecture modeling languages and developed an approach to perform automated threat modeling. Since 2009 he is working in the field of Software Security, and since 2000 running his own Server; lately with Ansible and Docker.

Twitter: @bob5ec

Talk. Analysis of DTLS Implementations Using Protocol State Fuzzing

Abstract. Recent years have witnessed an increasing number of protocols relying on UDP. Due to UDP's simplicity and performance advantages over TCP, it is being adopted in Voice over IP, tunneling technologies, IoT, and novel Web protocols. To protect sensitive data exchange in these scenarios, the DTLS protocol has been developed as a cryptographic variation of TLS. DTLS's main challenge is to support the stateless and unreliable transport of UDP. This has forced the protocol designers to make choices that affect the complexity of DTLS, and to incorporate features that need not be addressed in the numerous TLS analyses. We present the first comprehensive analysis of DTLS implementations using protocol state fuzzing. To that end, we extend TLS-Attacker, an open-source framework for analyzing TLS implementations, with support for DTLS tailored to the stateless and unreliable nature of the underlying UDP layer. We build a framework for applying protocol state fuzzing on DTLS servers and use it to learn state machine models for thirteen DTLS implementations. Analysis of the learned state models reveals 4 serious security vulnerabilities, including a full client authentication bypass in the latest JSSE version, as well as several functional bugs and non-conformance issues. It also uncovers considerable differences between the models, confirming the complexity of DTLS state machines.

Biography. Robert Merget is a PhD Student at the Chair for Network and Data security at Ruhr University Bochum. The focus of his research is practical TLS implementations and their analysis. He is the main developer of TLS-Attacker and TLS-Scanner.

Twitter: @ic0nz1

Talk. The Hacker Hippocampus: Meet your brain on games

Abstract. Always on the edge of your seat when it comes to new exploits and tricks. From bug bounties, CTFs, live hacking events, simulations, and interactive educational modules, they have been proven to stimulate and enforce new tools and knowledge to become stronger red teamers, blue teamers, and purple teamers. But how did gamification come into play and in infosec? And how does our brain process gamification and threats as hackers? This gamified/interactive talk shares the history of gamification in infosec, how our brains are stimulated by them, and how it’s transforming lives.

Biography. Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to change the statistics of women in InfoSec. She is the President and cofounder of Women of Security (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community that provides support and resources for hundreds of women hackers at all levels.

Twitter: @chloemessdaghi

Talk. Restricting the scripts, you're to blame, you give CSP a bad name

Abstract. In a current research project, we investigated the longitudinal evolution of the Content Security Policy header over the course of the last seven years. Throughout this analysis of the 10.000 highly ranked sites, we conducted case studies that illustrate the struggle of Web sites that try to deploy a CSP in a secure fashion and examples of sites that give up on CSP. In addition to that, we shed light on the other security capabilities of CSP, especially regarding framing control and TLS enforcement.

The CSP can be used to enforce that resources are only loaded via TLS secured connections. This can be achieved by either forbid the loading of HTTP resources by specifying the block-all-mixed-content directive in CSP or by using the upgrade-insecure-requests directive. This directive forces the automatic rewriting of all HTTP URLs to HTTPS upon page loading. This is useful to gracefully implement a transition from HTTP to HTTPS while preventing warnings and breakage due to the use of mixed content. Based on an analysis of live Web sites, we show that most sites could deploy upgrade-insecure-requests right now to avoid any mixed content without errors.

In case of framing control, we have investigated that within the Top 10K sites 3,253 made use of XFO, whereas only 409 used frame-ancestors. Due to the inconsistencies of the XFO header, the protection of the 3,253 sites might be weaker in comparison to the protection offered by the frame-ancestors Web sites. The ALLOW-FROM mode of XFO is not supported in some of the major browsers (including Google Chrome). Thus, an operator that uses this mode would not secure all user of this browser, because unsupported headers will be ignored. In addition to that, the SAMEORIGIN mode of XFO is in some cases susceptible to so-called Double Framing attacks. This is caused by the fact that the XFO standard does not define whether the top-most frame, the parent frame, or even all frame ancestors (like the CSP directive) have to be hosted within the same origin.

Due to this inconsistencies, we send notifications to 2,700 Web sites that suffer from this problem. By investigating the responses, we were able to get valuable information regarding the roadblocks of CSP deployment in the wild. While most of the Web developers were aware of the protection that CSP can offer, they are massively intimidated by the complexity of CSPs content restriction. Due to this complexity or because of the unawareness of the additional capabilities of CSP, they do not consider framing control or TLS enforcement as legitimate use cases of the CSP.

In this talk, we want to raise the awareness regarding issues of some of the widely used security header as well as presenting and explaining the more secure CSP alternatives for them. Furthermore, we want to involve the audience to discuss with us about their “horror stories” and roadblocks for CSP deployment such that we can build better tools and improve informational material regarding the CSP.

Biography. Sebastian Roth is a first-year PhD student in the Information Security and Cryptography Group at the CISPA Helmholtz Center for Information Security, where he is supervised by Michael Backes. His research interest is focused on client-side Web Security as well as Usable Security for developers. Thus his work is done in collaboration with the Secure Web Applications Group headed by Ben Stock. Currently, he is specifically looking into the prevalence and the usage of security header present in Web applications.

Twitter: @s3br0th

Talk. A Practical Guide to Become a Successful Cybercriminal

Abstract. This talk is about hacks, online scams, cyber-attacks and other IT-related crimes that have happened in recent years. The lecturer presents it as a practical guide for people who want to become successful cybercriminals. Among the cases introduced are recent ransomware disasters, darknet markets, cybercurrency scams, and password hacks. A focus will lie on the mistakes cybercriminals made that led to their arrest. For instance, a hacker gave himself away because a photo he published anonymously contained geotags; darknet platform operator Ross Ulbricht (Silk Road) posted an e-mail address containing his real name in an online forum, which led to investigators identifying him; whistleblower Reality Winner and a railroad blackmailer were caught when police investigators evaluated the yellow dots (Machine Identification Code) on their computer printouts; US Spy Brian Regan was caught because his messages contained numerous spelling mistakes, which enabled FBI profilers to search for a dyslexic person. Stories like these not only give insight in how forensic IT-specialists fight cybercrime but also inform about the dangers of modern IT and how one can protect oneself against them. Like in all his presentations, the lecturer engages a humorous, yet still informative presentation style supported by cartoons, Lego models and unconventional slide designs in order to make the talk more attractive and easier to understand.

Biography. Klaus Schmeh has published 16 books, 200 articles, 1,200 blog posts and 25 research papers about encryption technology, which makes him the most-published cryptology author in the world. As his main profession of security consultant at the German company, cryptovision, Klaus utilizes his special skill in explaining complex technical topics, often using self-drawn cartoons and Lego brick models for visualization. He has hosted presentations at more than 200 conferences in Europe, Asia, and the USA. His presentations at RSA Conference, TrusTech, NSA Crypto History Symposium, HistoCrypt, 44CON, Charlotte International Cryptologic Symposium and other major events were enthusiastically received because of their clarity and because of Klaus' engaging presentation style.

Twitter: @KlausSchmeh

Talk. Agile Threat Modeling the DevSecOps Way

Abstract. After the challenge of integrating security into DevOps was tackled with DevSecOps, the next integration problem is just around the corner: Threat Modeling! If we can build software reliably, reproducibly and quickly at any time using pipeline-as-code and have also automated security scans as part of it, how can we quickly capture the risk landscape of projects to ensure we didn’t miss an important thing? Actually, this happens in workshops with lots of discussion and model work on the whiteboard with boxes, lines and clouds. These events are very useful and important, because only with this depth some threats in an architecture can be detected in time. It's just a pity that it usually stops then: Instead of a living documentation, a slowly but surely eroding artifact is created. In order to counteract this process of decay, something has to be done continuously, something like "Threat-Model-as-Code" in the DevSecOps sense. See in this talk the ideas behind this approach: Agile developer-friendly threat modeling - in true style with a live demo of a freely available tool. Result? Models editable in developer IDEs and diffable in Git, automatically derived risks including graphical diagram and report generation with recommended actions. The architecture is changing? A new run and you have the current risk view.

Biography. Christian has pursued a successful career as a freelance Java software developer since 1997 and expanded it 2005 to include the focus on IT-Security. His major areas of work are Security Architecture Consulting and Penetration Testing. As an excellent trainer Christian regularly conducts in-house training courses on topics like web application security and coaches agile projects to include security as part of their process by applying DevSecOps concepts.

Twitter: @cschneider4711

Talk. Fuzzing the Solidity Compiler

Abstract. In this talk, we present the (1) R&D work in the Solidity team for discovering vulnerabilities introduced by the Solidity compiler before a release is made, and (2) findings from our internal security audits. Solidity is the most popular compiler for Ethereum smart contracts. It parses, compiles, and optimizes smart contracts and generates Ethereum virtual machine (EVM) bytecode which is then deployed on the Ethereum blockchain.

Bugs in the compiler may introduce unintended security vulnerabilities. We describe the Solidity compiler and the types of bugs it can introduce. We describe our internal effort to discover optimizer bugs before every new compiler release. Fuzzing a compiler introduces several challenges not the least of which is generating programs that are syntactically well-formed. We use grammar-based fuzzing using a setup consisting of libFuzzer + libProtobufMutator (LPM) to generate valid Solidity code.

Biography. Bhargava Shastry is a Security Engineer at the Ethereum Foundation. He spends most of his work time finding interesting ways to fuzz test the Solidity compiler. In his spare time, he likes to develop techniques to find hidden bugs in open-source software. He holds a PhD from TU Berlin where he spent 5 wonderful years researching new ways to probe for security vulnerabilities in open-source software.

Twitter: @ibags

Talk. Restricting the scripts, you're to blame, you give CSP a bad name

Abstract. In a current research project, we investigated the longitudinal evolution of the Content Security Policy header over the course of the last seven years. Throughout this analysis of the 10.000 highly ranked sites, we conducted case studies that illustrate the struggle of Web sites that try to deploy a CSP in a secure fashion and examples of sites that give up on CSP. In addition to that, we shed light on the other security capabilities of CSP, especially regarding framing control and TLS enforcement.

The CSP can be used to enforce that resources are only loaded via TLS secured connections. This can be achieved by either forbid the loading of HTTP resources by specifying the block-all-mixed-content directive in CSP or by using the upgrade-insecure-requests directive. This directive forces the automatic rewriting of all HTTP URLs to HTTPS upon page loading. This is useful to gracefully implement a transition from HTTP to HTTPS while preventing warnings and breakage due to the use of mixed content. Based on an analysis of live Web sites, we show that most sites could deploy upgrade-insecure-requests right now to avoid any mixed content without errors.

In case of framing control, we have investigated that within the Top 10K sites 3,253 made use of XFO, whereas only 409 used frame-ancestors. Due to the inconsistencies of the XFO header, the protection of the 3,253 sites might be weaker in comparison to the protection offered by the frame-ancestors Web sites. The ALLOW-FROM mode of XFO is not supported in some of the major browsers (including Google Chrome). Thus, an operator that uses this mode would not secure all user of this browser, because unsupported headers will be ignored. In addition to that, the SAMEORIGIN mode of XFO is in some cases susceptible to so-called Double Framing attacks. This is caused by the fact that the XFO standard does not define whether the top-most frame, the parent frame, or even all frame ancestors (like the CSP directive) have to be hosted within the same origin.

Due to this inconsistencies, we send notifications to 2,700 Web sites that suffer from this problem. By investigating the responses, we were able to get valuable information regarding the roadblocks of CSP deployment in the wild. While most of the Web developers were aware of the protection that CSP can offer, they are massively intimidated by the complexity of CSPs content restriction. Due to this complexity or because of the unawareness of the additional capabilities of CSP, they do not consider framing control or TLS enforcement as legitimate use cases of the CSP.

In this talk, we want to raise the awareness regarding issues of some of the widely used security header as well as presenting and explaining the more secure CSP alternatives for them. Furthermore, we want to involve the audience to discuss with us about their “horror stories” and roadblocks for CSP deployment such that we can build better tools and improve informational material regarding the CSP.

Biography. Ben Stock is a Tenure-Track Faculty at the newly founded CISPA-Helmholtz Center for Information Security. In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined CISPA as a postdoc, focussing on both Web Security as well as Usable Security research. He currently heads the Secure Web Applications Group at CISPA and is a regular speaker at academic and non-academic venues like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec.

Twitter: @kcotsneb

Talk. Attacking the Dragonfly handshake of WPA3 and EAP-pwd

Abstract. In this talk, we show that the Dragonfly handshake of WPA3 and EAP-pwd is affected by several design and implementations flaws. Most prominently, we present side-channel leaks that allow an adversary to perform brute-force attacks on the password. Additionally, we present invalid curve attacks against all EAP-pwd and one WPA3 implementation. These implementation-specific attacks enable an adversary to bypass authentication. Finally, we briefly discuss countermeasures that have been incorporated into the Wi-Fi standard.

Biography. Mathy Vanhoef is a postdoctoral researcher at New York University Abu Dhabi. He is most well known for his KRACK attack against WPA2, the RC4 NOMORE attack against RC4, and the Dragonblood attack against WPA3. His research interest is in computer security with a focus on network security, wireless security (e.g. Wi-Fi), network protocols, and applied cryptography. Currently, his research is about analyzing security protocols to automatically discover (logical) implementation vulnerabilities. Apart from research, he is also interested in low-level security, reverse engineering, and binary exploitation.

Twitter: @vanhoefm

Talk. Towards Cognitive Obfuscation

Abstract. In a world in which interconnected digital systems permeate almost all facets of our lives, cybersecurity attacks form devastating threats with catastrophic consequences. Hardware components are the root of trust in virtually any computing system and are valuable targets of cyberattacks. In order to conduct malicious manipulations, hardware reverse engineering is usually the tool-of-choice. While hardware reverse engineering is a highly complex and universal tool for legitimate purposes, it can also be employed with illegitimate intentions, undermining the integrity of ICs via piracy, subsequent weakening of security functions, or insertion of hardware Trojans. In particular, Intellectual Property (IP) piracy has become a major concern for the semiconductor industry which causes losses in the range of several billion dollars. Due to the serious threats posed by attacks based on hardware reverse engineering, strong countermeasures, e. g. obfuscation, are indispensable. The security of most existing obfuscation techniques is assessed exclusively based on technical measures. However, the process of hardware reverse engineering cannot be fully automated, yet, and the lack of holistic tools forces human analysts to combine several semi-automated steps. Accordingly, cognitive processes and strategies applied by humans in the context of hardware reverse engineering must be considered for the development of cognitively difficult countermeasures (cognitive obfuscation).

Our research focuses on understanding how human analysts reverse parts of unknown hardware designs in realistic scenarios. Therefore, we perform several psychological studies and analyze the behavior of engineers at different levels of expertise. Based on an initial investigation we were able to derive a model of reverse engineering, consisting of three phases: (1.) Candidate Identification, (2.) Candidate Verification, and (3.) Realization. Furthermore, we analyzed more and less efficient strategies of reverse engineers and took cognitive abilities (e.g., working memory capacity) into account. In our talk, we will give an overview of the technical and cognitive aspects of hardware reverse engineering. In more detail, we will present our study design, the applied methods, and present our results. At the end of our talk, we will discuss implications for novel cognitive obfuscation techniques based on our findings.

Biography. Carina Wiesen is a research assistant at the Educational Psychology Lab in the Institute of Educational Research at Ruhr University Bochum, Germany (supervisor Prof. Dr. Nikol Rummel). She is also a Ph.D. candidate in the SecHuman graduate school which is part of the Horst Görtz Institute for IT Security. Her research focuses on problem-solving and learning processes in cybersecurity. In particular, she is strongly interested in analyzing the so far understudied cognitive processes and factors of human analysts which determine the success of hardware reverse engineering.