Follow live coverage on Twitter: #JailbreakSec
The world's only security summit held at a production brewery.
Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.
Tickets include breakfast, lunch, and some drink tickets for happy hour. Oh, and it includes a seat at the Security Summit to partake in the talks and discussion.
Come participate in the talks, the conversation, and the beer!
Friday, April 28, 2017
Jailbreak Brewing Company
9445 Washington Blvd N
Laurel, MD 20723
Happy Hour 5p-?
Thank you to all the speakers and to The CyberWire for covering the event! The speakers' talks and slides are now available for viewing. All talks are available here or you can view individual talks by clicking on the appropriate link below the speaker.
1000 Jeremiah Clark
The Most Insecure Security Tool of All
Jeremiah Clark is the Technical Director of Threat at Carbon Black, driving strategy and innovation for next generation endpoint security. Prior to joining Carbon Black, Jeremiah worked at Microsoft as a Reverse Engineer on the Incident Response team and a Secure Development consultant. Jeremiah's experience is rooted in a decade working in offensive and defensive cyber security at multiple intelligence and military agencies in the Department of Defense.
Employees represent the biggest threat to an organization, the absolute hinderance to an effective cyber security posture. From clicking on a link to monitor a giraffe's birthing status, to installing new software via USB, or hoarding government secrets to give to WikiLeaks - humans are the weakest link in the chain. How can we do a better job of detecting, mitigating, and managing this threat?
1100 Patrick Wardle
OverSight: Exposing Spies on macOS
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA and the NSA, as well as presented at many security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on automated vulnerability discovery, and the emerging threats of OS X and mobile malware. In his personal time, Patrick collects OS X malware and writes free OS X security tools. Both can be found on his personal website: http://www.Objective-See.com
One of the most insidious actions of malware is abusing the video and audio capabilities of an infected host to record an unknowing user. Macs of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, and others, all attempt to spy on OS X users.
And as was recently shown by the author, more advanced malware could piggyback into legitimate webcam sessions in order to covertly record the local user. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection.
After examining various ‘webcam-aware’ OS X malware samples and describing the technical details of the piggyback attack, the talk will dive into OverSight. OverSight is a free tool that implements various novel protection mechanisms in order to alert Mac users of any code that attempts to access the mic or webcam (even via the stealthy piggyback attack). We’ll dive into the design and technical details of tool, describing various components.
Following this, we’ll look at an interesting case study, where OverSight discovered that a popular mac application was continuing to record, even when the user turned it off. Yikes! Finally, the talk will conclude by discussing future trends of both webcam/mic aware macOS malware and defensive detection methodologies. With such insights, we’ll strive to keep macOS users protected and secure!
1300 Alexei Bulazel
Detecting & Evading Automated Malware Analysis
Alexei Bulazel is an NYC and DC-based security researcher. A recent graduate of Rensselaer Polytechnic Institute (RPI), Alexei worked under Dr. Bülent Yener on developing anti-emulation techniques for malware. He has previously presented his research at venues such as Black Hat, ShmooCon, and the USENIX Workshop on Offensive Technologies, among others. Alexei's research interests include Windows kernel / rookit development, reverse engineering, and exploitation; anti-emulation and anti-virtualization; and reverse engineering antivirus software.
Automated dynamic malware analysis systems, aka "malware sandboxes", are an important tool on the front lines of defense against modern malware. Unfortunately for defenders, these systems can be easily detected and evaded by malware.
In this presentation we'll take a comprehensive look at the design of automated dynamic malware analysis systems as used in industry, academia, and consumer antivirus software. We'll then survey actual offensive detection and evasion techniques as observed in the wild and proposed in academic literature and security conference presentations.
After introducing anti-analysis, we'll focus in on the seldom discussed emulators used by consumer antivirus software to analyze unknown binaries. While these emulators are installed on hundreds of millions of antivirus-protected computers worldwide, their design and internals have rarely been discussed publicly in conference talks or papers. We'll discuss AVLeak, a tool developed to help offensive researchers discover antivirus emulator "fingerprints" that can be used to detect and evade them. We'll demo the tool live and show real world fingerprints that can be used to detect and evade popular consumer AVs including Kaspersky, Bitdefender engine (licensed out to 20+ other AV products), AVG, and VBA.
We'll conclude by discussing future directions for research in anti-analysis - both offensive and defensive; and try to address some of the inherent weaknesses in automated analysis systems that make them so easy for attackers to evade despite defensive innovation.
1400 Jonathan Levin
Know Your Unknowns: Runtime Analysis of Suspicious Software
Jonathan Levin is a trainer and consultant specializing in operating system internals. He is the author of definitive books on Android Internals as well as "Mac OS X and iOS Internals" (now in its second edition), and provides plentiful tools and research for the community on the books' web sites. He is founder and CTO of Technologeeks.com, a group of like-minded expert trainers and consultants.
This talk will focus on one of the most difficult problems reverse engineers, malware and security researchers face: How to determine what an unknown software does. Focusing on Android and iOS, as well as their desktop counterparts (Linux and MacOS), Jonathan will discuss and demonstrates tools and techniques for monitoring process access to system resources and kernel APIs.
1515 Ben Clark & Matt Hulse
How President Trump’s 400 lb Hacker Bypasses Security Products
Ben Clark is the Director of Cybersecurity at Millennium Corporation, where he leads the company's Red Team mission, internal R&D, and strategic vision and growth for Millennium's cyber portfolio. Prior to joining the Millennium Team in 2008, Ben served 6 years as a Department of Defense civilian supporting the National Intelligence Community. Since joining Millennium, he has been instrumental in the execution of several hundred Red Team missions in support of Millennium's customers. He is also the author of the best selling book, The Red Team Field Manual (RTFM) and co-author of the Blue Team Field Manual (BTFM).
Matt has been an operator on Millennium’s Red Team since 2013. During this time, he has conducted numerous red team missions and contributed to the development of new tactics and techniques. Prior to working at Millennium, he was a penetration tester for Verizon Enterprise Solutions, and a technical lead for the Air Force Red Team.
Organizations are increasingly layering security products and tools in the hopes of preventing attacks. Unfortunately, most of these products are playing simple numbers games, hoping to catch most, but failing to catch all, malware. The talk focuses on operational techniques used to circumvent detection. It will emphasize the understanding of security product weaknesses, and the tools and tricks available to take advantage of them.
1615 Travis Goodspeed / Ryan Speers
Confusing Disassemblers of Compressed RISC Instruction Sets
Travis Goodspeed is a Southern Appalachian expat trapped in Pizza Rat City. When not fighting for elbow room on public transportation, he drives a 6.8 liter V10 with a fifty foot microwave tower. He and Ryan have collaborated on more than a few nifty papers, and you ought to read them.
Ryan Speers is a security researcher and developer who enjoys embedded systems, low-power radio protocols, and reversing proprietary systems. He has worked in offensive and defensive roles on networks, Windows, micro controllers, and many things in-between. As co-founder at River Loop Security, he tests embedded systems for security issues, and helps clients build more secure systems. He is also Director of Research for Ionic Security where he leads system and cryptographic research. He has previously spoken at a number of security conferences and written some articles for journals ranging from peer-reviewed academic publications to PoC||GTFO.
X86 has all sorts of fun ways to mess with reverse engineers at the instruction set level by varying offsets to execute in the middle of an instruction. In the holy ideal of RISC, this wouldn't happen because instructions are of fixed length.
But then RISC got all uppity while targeting the embedded market, trying to squeeze itself into 16-bit aligned instructions whose length can sort of--but not really--vary. MSP430, ARM, MIPS, and PowerPC all support these shortened instructions, so let's take a look at some specific examples in which disassemblers and reverse engineers can be confused by them. We'll split instructions apart, graft them back together as chimera freaks of nature, and the hardware will happily run it just as disassemblers run off-track.
It only seems fitting...
That the world's only security summit held at a production brewery be held at Jailbreak Brewing Company. Jailbreak Brewing Company was founded by computer security professionals looking to liberate themselves from cubicle jobs and to create a product that helps free you from whatever drama is present in your life.
While some of the world's finest security researchers are talking about security topics, our brew team will be hard at work on the other side of the gigantic window making the next batch of creative juice for your enjoyment. During breaks in the summit, tours of the brewery will be given to those who want to see the magic happening.
Our tasting room provides the perfect venue for creative discussion over some cold, fresh beer.