Loading…
BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Ground1234! [clear filter]
Tuesday, July 25
 

11:30

Optimizations for Bitcoin key cracking
There is a saying in security - "attacks only get better". At DEF CON 23, a tool called "brainflayer" was released, able to crack Bitcoin keys generated from passwords. Work has continued on it with the addition of a slew of optimizations that have more than quadrupled the speed, and features to crack other cryptocurrencies and weak key generation techniques.

Many password cracking tools, including brainflayer, have optimizations in how they compute and look up hashes, but when cracking Bitcoin keys the biggest bottleneck is computing public keys from private keys. This talk will cover the various techniques used to make that faster, some special case optimizations, touch on how more general tricks are applied, and go over new features since release.

Presenters
avatar for Ryan Castellucci

Ryan Castellucci

Principal Security Researcher, White Ops
Ryan Castellucci has been interested in cryptography and computer security since childhood. He has been doing work on Bitcoin key cracking for several years, first presenting on it at DEF CON 23. By day, Ryan does browser security research to detect bots, scrapers and other forms... Read More →


Tuesday July 25, 2017 11:30 - 12:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Measuring the Use and Abuse of Brain Wallets
Bitcoin brain wallets, were way of turning nothing but a password into a keypair, at least until it was widely understood what a bad idea this was. The wake of data left behind includes a very interesting corpus of passwords to analyze and logs of attacker activity - after all blockchains never forget. This talk focuses on what we can learn from this. Do people select stronger passwords when more money is on the line? How quickly does bitcoin sent to weak brain wallets get drained? How many distinct thieves can be identified?

Presenters
avatar for Ryan Castellucci

Ryan Castellucci

Principal Security Researcher, White Ops
Ryan Castellucci has been interested in cryptography and computer security since childhood. He has been doing work on Bitcoin key cracking for several years, first presenting on it at DEF CON 23. By day, Ryan does browser security research to detect bots, scrapers and other forms... Read More →
avatar for Marie Vasek

Marie Vasek

Assistant Professor, University of New Mexico
Marie Vasek is an assistant professor in the computer science department at the University of New Mexico. She helps lead StopBadware, an anti-malware organization for which she started working in 2011. Her research focuses on cybercrime measurement, particularly web-based malware... Read More →


Tuesday July 25, 2017 14:00 - 14:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Sex, Secret and God: A Brief History of Bad Passwords
Most of what we've been told over the years about what makes a good password has been wrong, so it's no surprise most people pick bad passwords. This talk will cover the history of password policy and password cracking starting from the days before computers had passwords up to modern password cracking and modern protections against it. Along the way I'll cover Richard Stallman's little-known history as a password cracker, the golden days of password guessing featured in movies like Hackers and WarGames, and draconian IT password policies and why they don't work. By the end everyone should have plenty of ammunition to take back to their IT department and get rid of those horrible password policies.

Presenters
avatar for Kyle Rankin

Kyle Rankin

Vice President, Engineering Operations, Final, Inc.
Kyle Rankin is the Vice President of Engineering Operations for Final Inc.; the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, and Knoppix Hacks, among other books; and an award-winning columnist for Linux Journal magazine... Read More →


Tuesday July 25, 2017 15:00 - 15:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Think Complex Passwords Will Save You?
Have you ever tried to crack a password that was just too difficult to crack? This talk will focus on some new techniques for cracking passwords that work 100% of the time. In 2012 I released an FPGA-based DES cracking service with Moxie Marlinspike for cracking MSCHAPv2 and quickly started seeing it being used for cracking other things besides MSCHAPv2. In this presentation we'll take a look at some of the research we've done into other widely used protocols and services that still rely on DES for security and provide an quick intro into the https://crack.sh API so you too can use this service for your own projects.

Specifically, we will demonstrate tools for doing exhaustive brute-force cracking of MSCHAPv2 (PPTP VPNs, WPA-Enterprise), des_crypt() hashes, Kerberos5, and release a free real-time service for cracking MSCHAPv1 (Windows Lanman and NTLMv1 authentication) in a matter of seconds.

Presenters
DH

David Hulton

Chairman, ToorCon
David Hulton organizes the ToorCon suite of conferences and has spent nearly 20 years doing security research mostly focused on reverse engineering and cracking crypto. He’s mostly known for developing the bsd-airtools wireless attack tools in the early 2000’s, developing and... Read More →


Tuesday July 25, 2017 17:00 - 17:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

Cash in the aisles: How gift cards are easily exploited
It is commonly thought that gift cards must be activated to have any monetary value. Often displayed on countertops and lining grocery store aisles, seemingly worthless unactivated gift cards are free for anyone to grab a handful. However, weaker security features than the average credit card makes these gift cards nearly as valuable as cash. Mass produced, their numbers follow a predictable pattern and have limited built-in security, such as a chip or pin, to prevent fraud.

Presenters
avatar for William Caput

William Caput

Information Security researcher and pen-tester. Former Marine and supporter of the EFF.


Tuesday July 25, 2017 18:00 - 18:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

19:00

Going Passwordless
Many people now recognize that passwords can be a problem for many of our web citizens. They are forgotten, weak, stolen, rarely changed, annoying, and difficult to manage. Let's examine new passwordless authentication schemes being used in the modern era, when they should be used, and release tooling to help service providers eliminate their passwords if they are so inclined.

Presenters
avatar for Evan Johnson

Evan Johnson

Security, Segment
Security of all kinds! Software engineering. Distributed systems.


Tuesday July 25, 2017 19:00 - 19:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169
 
Wednesday, July 26
 

10:00

Safer Storage and Handling of User Answers to Security Questions
Like it or not, security question password reset isn’t going away. Most organizations find it to be a cost effective approach that seems to work in practice. While there are many problems with this approach, one has received little attention: how to safely store the answers. I show that common methods used for storing password validation information are not suitable for security questions, and propose better alternatives.

Presenters
avatar for Arnold Reinhold

Arnold Reinhold

A G Reinhold
Arnold Reinhold has been involved with password and passphrase security since the mid-1990s. He is the developer of Diceware, RockSalt, CipherSaber and HEKS, the first password hash designed to consume memory resources as well as CPU time. He has worked on spacecraft navigation... Read More →


Wednesday July 26, 2017 10:00 - 10:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

TMTO...Y?
Yes it is 2017 and you have not traveled back in time. This talk is about "instant" password recovery, the new advances in this field, and uses of these "lossy hash tables". There are people actively using these to crack passwords. When time is critical. We'll discuss optimizations and optimal settings along with general sizes and times.

Presenters
avatar for Steve Thomas

Steve Thomas

Steve specializes in crypto and password research. Steve was one of the panelists for the Password Hash Completion. "I do stuff... sometimes." Like PAKE to HSM or finding bugs in Signal Protocol, CryptoCat, Adobe ColdFusion 9's password encryption key generator, and password hashing... Read More →


Wednesday July 26, 2017 11:00 - 11:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Rethinking P@ssw0rd Strength Beyond Brute-force Entropy
Everywhere you need a password, the requirements follow a basic pattern: X length; must contain (or not contain?!?) lowercase, uppercase, digits, and symbols; must be rotated every Y days. But is that enough? This talk rethinks how we approach password strength, or “entropy”, in the real world.

There are many people who create passwords nonrandomly and think they’re making their passwords look random, but many common “clever” tricks aren’t so, and in fact are very guessable. Rather than calculating entropy as if the passwords were created randomly, we can find new and clever ways of calculating entropy given this knowledge.

Presenters
avatar for Ross Dickey

Ross Dickey

Senior Software Engineer, Rapid7
I am a SysAdmin turned Software Engineer turned DevOp turned security-minded DevOp. I have been in the industry for 14 years but strong into security for over three. Starting around the time of the Ashley Madison hack I've had a passion for passwords, and their use and misuse by... Read More →


Wednesday July 26, 2017 12:00 - 12:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Protecting Windows Credentials: An Excessive Guide for Security Professionals
Average users might never be safe from credential-theft on Windows, but security professionals have a significant enough threat model and have the necessary skills to protect themselves beyond clicking on a few UAC prompts. Through some extreme hardening measures, a handful of 3rd party and custom tools, and perhaps a few over-the-top security practices, you will learn to turn a default Windows installation into a highly secure computing environment.

Because Windows is a leaky bucket when it comes to user credentials, it's critical that you understand the Windows security model and mitigations available, but it is also important to use those features to the fullest, way beyond what a regular IT professional might apply. It's vital to know exactly what is happening on your system and be aware of any changes that might affect security. You must maximize the encryption facilities available to you and implement extra measures where appropriate.

Windows is a huge operating system with an attack surface to match. It has a legacy of insecurity but certainly is capable of becoming a solid computing environment. 

Presenters
avatar for Mark Burnett

Mark Burnett

Consultant, Mark Burnett
Mark Burnett is an infosec consultant and author. He has spent most of the last twenty years researching, consulting, writing, and sometimes just ranting about how to secure the software and operating systems we work with every day. Mark has written several books, published numerous... Read More →


Wednesday July 26, 2017 14:00 - 14:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Password Cracking 201: Beyond the Basics
"Are you a password cracker ... or do you just crack passwords?" -epixoip

My goal with this talk is to help occasional, casual, and non-specialist practitioners bootstrap themselves to the next level of password auditing.

After briefly touching on the basics, I will cover some common pitfalls, some non-obvious assumptions made by the experts, and other lessons from my pursuit of password cracking as a dedicated discipline.

Key takeaways include specific cracking techniques, perspectives on cracking culture, and ways to advance further under your own power.

Prerequisites: Previous experience with cracking tools (hashcat, John the Ripper) and concepts (brute force, masks, rules, keyspace, etc.) is helpful, because we won't spend a lot of time on the basics. But anyone interested in learning more about password cracking is welcome!

Presenters
avatar for Royce Williams

Royce Williams

Password auditor & enthusiast
After 13 years as a sysadmin for a regional ISP in Alaska, I jumped into security full time in 2012 for the financial sector and critical infrastructure. As an independent researcher and a Hashcat beta tester and contributor, my password research interests include deliberately... Read More →


Wednesday July 26, 2017 15:00 - 15:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Automating Crypto Bugs Discovery
We present a new and efficient approach to systematic testing of
cryptographic software: differential fuzzing. Unlike general-purpose
software fuzzing such as afl, differential fuzzing doesn't aim to find
memory corruption bugs (although they might come as a by-product), but
to find logic bugs. Compared to test vectors, differential fuzzing
provides greater code coverage. Compared to formal verification,
differential fuzzing is easier to apply, both for testers and
developers.

We'll release CDF, a tool that implements differential fuzzing for most
common cryptographic APIs: RSA encryption and signatures, elliptic-curve
cryptography, or any symmetric-key schemes through a unified interface.
CDF combines differential fuzzing with a number of unit tests to detect
vulnerabilities specific to the cryptographic functions tested. It can
also detect timing leaks, thanks to state-of-the-art leakage detection
techniques.

CDF is coded in Go, and is trivially portable to various CPU
architectures. Unlike other tools, CDF runs its tests in a totally
black-box fashion: no source code is needed, you only need an executable
file such as a binary program, Python script, or shell script calling a
remote service.

We ran CDF on high-profile, widely used crypto software components.
CDF discovered issues in a number of libraries including Go's crypto
package, OpenSSL, and mbedTLS.

Presenters
avatar for Jean-Philippe Aumasson

Jean-Philippe Aumasson

Principal Research Engineer, Kudelski Security
Jean-Philippe (JP) Aumasson is Principal Research Engineer at Kudelski Security, in Switzerland. He obtained his PhD in cryptography from EPFL in 2010. JP designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX. He presented at Black... Read More →
avatar for Yolan Romailler

Yolan Romailler

Kudelski Security
Yolan Romailler is a Security Researcher at Kudelski Seucrity, where he delves into (and dwells on) cryptography, crypto code, and other fun things. He graduated in mathematics at EPFL and later in information security at HES-SO, both in Switzerland. He tweets as @anomalroil.


Wednesday July 26, 2017 17:00 - 17:25
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

17:30

How To Obtain 100 Facebooks Accounts Per Day Through Internet Searches
Back in 2016, it was very new the way how the Facebook mobile application implements content through "Instant articles". A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on.

In this talk, we will share how these Instant articles, and the way they were shared, lead us to the possibility to access Facebook accounts and how through internet searches this became a huge problem! We'll discuss how we identify the issue and how it was tested, reported, fixed, rewarded and also we talk about a new vector attack for further research.

Presenters
avatar for Yael Basurto

Yael Basurto

Security Snr Consultant, Deloitte MX
I work as a Cyber Security Snr. Consultant at Deloitte MX & I'm really into security & coding; due to my laziness I've wrote some code to automatize certain things at work, such as parsing nmap & nessus reports.
avatar for Guillermo Buendia

Guillermo Buendia

Cyber Security Consultant, Deloitte
Guillermo is a Cyber Security Penetration Testing Consultant at Deloitte Mexico; he has worked for many Financial Institutions and Public sector for the last 5 years.


Wednesday July 26, 2017 17:30 - 17:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

F! Passwords!
Passwords? Who needs those anymore. An examination of attempting to use 2FA for all corporate functions.

Presenters
avatar for David M. Zendzian

David M. Zendzian

CSO / Founder, Undisclosed
David is a systems and security expert with more than 25 years of Executive, Departmental, Team Management, and hands-on experience in Fortune 50 organizations, small businesses, and startups. David is currently the CSO and a founding member of an undisclosed financial company opening... Read More →


Wednesday July 26, 2017 18:00 - 18:55
Ground1234! (The Tuscany, Tuscany Room) 255 E Flamingo Rd, Las Vegas, NV 89169