DEF CON 22 [Materials] Speeches from the Hacker Convention.

Slides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Kouns-Eiram/DEFCON-22-Kouns-Eiram-Screw-Becoming-A-Pentester-Bug-Bounty-Hunter-UPDATED.pdf

Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!
Jake Kouns CISO, RISK BASED SECURITY
Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY
Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter!

Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble?

Ultimately, we’ll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting.

Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the OSVDB.org and DataLossDB.org. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, FIRST, CanSecWest, SOURCE and SyScan. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.

Twitter: @jkouns

Carsten Eiram is the Chief Research Officer of Risk Based Security and previously worked 10 years for Secunia, managing the Research team. Carsten has a reverse engineering background and extensive experience in the field of Vulnerability Intelligence, referring to himself as a vulnerability connoisseur. He has deep insights into vulnerabilities, root causes, and trends, and is also an avid vulnerability researcher, having discovered critical vulnerabilities in high-profile products from major vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Blue Coat, and Trend Micro. Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec, as well as keynoting Defcamp 2013. He is also a regular contributor to the "Threat of the Month" column in SC Magazine, a credited contributor for the "CWE/SANS Top 25 Most Dangerous Software Errors" list, and member of the CVE Editorial Board and FIRST VRDX-SIG.

Twitter: @CarstenEiram

Slides Here:https://www.defcon.org/images/defcon-22/dc-22-presentations/Strazzere-Sawyer/DEFCON-22-Strazzere-and-Sawyer-Android-Hacker-Protection-Level-UPDATED.pdf

Android Hacker Protection Level 0
Tim Strazzere LEAD RESEARCH & RESPONSE ENGINEER
Jon Sawyer CTO OF APPLIED CYBERSECURITY LLC
Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different protectors for developers to choose. With such limited resources online about attacking these protectors, what is a new reverse engineer to do? Have no fear, after drinking all the cheap wine two Android hackers have attacked all the protectors currently available for everyones enjoyment! Whether you've never reversed Android before or are a hardened veteran there will be something for you, along with all the glorious PoC tools and plugins for your little heart could ever desire.

Tim "diff" Strazzere is a Lead Research and Response Engineer at Lookout Mobile Security. Along with writing security software, he specializes in reverse engineering and malware analysis. Some interesting past projects include having reversing the Android Market protocol, Dalvik decompilers and memory manipulation on mobile devices. Past speaking engagements have included DEFCON, BlackHat, SyScan, HiTCON and EICAR.

Jon "Justin Case" Sawyer - 31 yr old father of four, and CTO of Applied Cybersecurity LLC. Jon likes to spend his nights with a fine (cheap) glass of wine, writing exploits for the latest Android devices. When not researching vulnerabilities or writing exploits, he dabbles in dalvik obfuscation.

Slides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Morris-McAtee/DEFCON-22-Lucas-Morris-Michael-McAtee-ShareEnum-We-Wrapped-Samba.pdf

ShareEnum: We Wrapped Samba So You Don’t Have To
Lucas Morris MANAGER, CROWE HORWATH
Michael McAtee SENIOR CONSULTANT, CROWE HORWATH
CIFS shares can tell you a lot about a network, including file access, local administrator access, password reuse, etc.. Until now most people have relied on add-ons to scanning tools to implement Microsoft’s complicated network APIs. Some tools wrap existing clients, such as smbclient, or use RPC calls; however, this is inefficient. What we need is a scanner that utilizes the closest thing we can get to Microsoft’s SMB libraries to scan network shares efficiently and quietly. ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.

Lucas is a manager responsible for leading application security assessments and penetration testing services to various clients at Crowe Horwath LLP. Lucas is responsible for developing the methodology infrastructure reviews, penetration testing services and to aid clients in developing strategies for secure technologies within corporate environments. He also focuses on developing new tools, resources, and research within the Crowe Technology Risk consulting group. For the past seven years Lucas has been working on penetration testing, security program design, application security testing, and information security assessment testing annually.

Michael is a senior security consultant at Crowe Horwath and responsible for management of Crowe's Security Penetration & Forensics labs. With a passion for programming and security, Michael has been involved in developing security tools for automation and assessment needs at Crowe. Michael's experience includes enterprise Windows administration, enterprise network design, penetration testing, and security consulting and is part of over 35 security engagements annually.

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Tal/DEFCON-22-Shahar-TaI-I-hunt-TR-069-admins-UPDATED.pdf

I Hunt TR-069 Admins: Pwning ISPs Like a Boss
Shahar Tal SECURITY & VULNERABILITY RESEARCH TEAM LEADER, CHECK POINT SOFTWARE TECHNOLOGIES
Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever so often do we hear of yet another vulnerable device, with the occasional campaign targeted against specific versions of devices through independent scanning or Shodan dorking. We shine a bright light on TR-069/CWMP, the previously under-researched, de-facto CPE device management protocol, and specifically target ACS (Auto Configuration Server) software, whose pwnage can have devastating effects on critical amounts of users. These servers are, by design, in complete control of entire fleets of consumer premises devices, intended for use by ISPs and Telco providers. or nation-state adversaries, of course (sorry NSA, we know it was a cool attack vector with the best research-hours-to-mass-pwnage ratio). We investigate several TR-069 ACS platforms, and demonstrate multiple instances of poorly secured deployments, where we could have gained control over hundreds of thousands of devices. During the talk (pending patch availability), we will release exploits to vulnerabilities we discovered in ACS software, including RCE on a popular package, leading to ACS (and managed fleet) takeover.

Shahar Tal leads a team of Security & Vulnerability Researchers at Check Point Software Technologies. Prior to joining Check Point, Shahar held leadership roles in the Israel Defense Force (IDF), where he was trained and served as an officer in elite technology R&D units. Shahar (that's Major Tal, for you) brings over ten years of experience in his game, eager to speak and share in public domain. Shahar is a proud father, husband and a security geek who still can't believe he's getting paid to travel to awesome infosec cons. When you meet him, ask him to show you his hexdump tattoo.

Panel - Diversity in Information Security
Jennifer Imhoff-Dousharm Informatics student, co-organizer of theSummit, NCWIT affiliate member
Sandy “Mouse” Clark Security Researcher and part-time Phd. candidate
Kristin Paget
Jolly Full time hacker
Vyrus Independent Security Consultant
Scott Martin CIO Spikes Security

Discussion from the point of view of a diverse panel of leading representatives currently in or thinking of becoming part of the Information Security industry. This panel will give you insight to the evolutionary landscape of diversity in the hacking community. We will present statistical evidence showing the lack of sub-culture representation in the hacking community and while these numbers have been decreasing we can still work to encourage cultural variance. By analyzing how diversity is critical to improving the information security industry we will explore positive approaches to encourage recruiting and retention of deficient subcultures, removing of unconscious bias’ and discouraging inclusiveness, and introduce the audience to a wide variety of existing support structures. There will be no witch hunt here, there will be no judgement, only information. All of this and more will be answered with open and honest dialogue into one of the most controversial issues currently within our community.

Jennifer Imhoff-Dousharm - Lil Jinni is currently a student of informatics and network security. She is a primary coordinator for Vegas 2.0 and co-founder/principal of the Cuckoo's Nest hacker space. She is an affiliate member of NCWIT and avid participant in many local women in tech groups. When not studying, planning theSummit fundraiser, or herding hackers, she spends her free cycles as a Curiosity Hacked guild leader and Kitchen OverLord contributor.

Twitter: @lil_jinni

Sandy Clark (Mouse) is a security researcher and part-time Phd. candidate in the Distributed Systems Lab at the University of Pennsylvania and is advised by Matt Blaze and co-advised by Jonathan Smith. Her research focuses on understanding the mechanisms involved in the computer security Arms Race, and in modeling the cyber-security eco-system. Early in her career, she wrote the back-up flight control computer for the US Air Force F-16 aircraft, and a gate-level software simulator for NASA), after several years as a sys-admin for Princeton University, she ended up in the hacker community. It was at a hackercon that someone introduced her to Matt Blaze and he invited her to come hang around his lab at Penn. Her first project was breaking wiretap systems and with its success and after much encouragement and mentoring, she got the courage to enroll as a student. It is taking much longer for her to get her degree than she thought (going back to school is hard as a grownup), but definitely worth it!

Her broad experience, excessive curiosity and ability to make connections from many different areas is leading to some interesting new ways to think about systems security. She's still an active member of the hacker community and considers it one of her missions in life to bridge the gap between hackers and academia.

Sandy can be reached at [email protected] or [email protected]

Kristin Paget - Princess Kristin hacks hardware, software, networks, radios, people, the law, herself, and society - and she’s still getting warmed up. She’s been hacking things ever since she heard that POKE 35136,0 gave her infinite lives in Manic Miner, and she's truly thrilled to be returning to Def Con after taking a couple of years off the speaking circuit to de-anonymize her brain.

Twitter: @KristinPaget

Jolly - Hacker, Photographer and conference addict. Jolly has previously been a back to back winner of Hacker Fortress. In the past 2 years he has not stayed in any one place more than 11 days. His team, Jolly and Friends, has won Capture the Flag. Avid health nut. Loves taking advantage of vendors easy contests to win prizes at conferences.

Twitter: @Jolly

Carl "Vyrus" Vincent is a self-proclaimed nerd who learned to build radios from his grandfather, a fellow nerd who worked in the aerospace industry. Carl first attended Def Con as a teenager and earned money doing small IT projects while still in high school. Today he his an independent security consultant.

Twitter: @vyrus001

Scott Martin is currently CIO of Spikes Security and formerly the Director of Firewall Operations for Symantec Corporation. He works throughout the Silicon Valley advising various startups and is the Committee Chair for Donations and Community Outreach for Vegas 2.0