BSidesLV 2017

There is a saying in security - "attacks only get better". At DEF CON 23, a tool called "brainflayer" was released, able to crack Bitcoin keys generated from passwords. Work has continued on it with the addition of a slew of optimizations that have more than quadrupled the speed, and features to crack other cryptocurrencies and weak key generation techniques.

Many password cracking tools, including brainflayer, have optimizations in how they compute and look up hashes, but when cracking Bitcoin keys the biggest bottleneck is computing public keys from private keys. This talk will cover the various techniques used to make that faster, some special case optimizations, touch on how more general tricks are applied, and go over new features since release.

Bitcoin brain wallets, were way of turning nothing but a password into a keypair, at least until it was widely understood what a bad idea this was. The wake of data left behind includes a very interesting corpus of passwords to analyze and logs of attacker activity - after all blockchains never forget. This talk focuses on what we can learn from this. Do people select stronger passwords when more money is on the line? How quickly does bitcoin sent to weak brain wallets get drained? How many distinct thieves can be identified?

Most of what we've been told over the years about what makes a good password has been wrong, so it's no surprise most people pick bad passwords. This talk will cover the history of password policy and password cracking starting from the days before computers had passwords up to modern password cracking and modern protections against it. Along the way I'll cover Richard Stallman's little-known history as a password cracker, the golden days of password guessing featured in movies like Hackers and WarGames, and draconian IT password policies and why they don't work. By the end everyone should have plenty of ammunition to take back to their IT department and get rid of those horrible password policies.

Have you ever tried to crack a password that was just too difficult to crack? This talk will focus on some new techniques for cracking passwords that work 100% of the time. In 2012 I released an FPGA-based DES cracking service with Moxie Marlinspike for cracking MSCHAPv2 and quickly started seeing it being used for cracking other things besides MSCHAPv2. In this presentation we'll take a look at some of the research we've done into other widely used protocols and services that still rely on DES for security and provide an quick intro into the https://crack.sh API so you too can use this service for your own projects.

Specifically, we will demonstrate tools for doing exhaustive brute-force cracking of MSCHAPv2 (PPTP VPNs, WPA-Enterprise), des_crypt() hashes, Kerberos5, and release a free real-time service for cracking MSCHAPv1 (Windows Lanman and NTLMv1 authentication) in a matter of seconds.

It is commonly thought that gift cards must be activated to have any monetary value. Often displayed on countertops and lining grocery store aisles, seemingly worthless unactivated gift cards are free for anyone to grab a handful. However, weaker security features than the average credit card makes these gift cards nearly as valuable as cash. Mass produced, their numbers follow a predictable pattern and have limited built-in security, such as a chip or pin, to prevent fraud.

Many people now recognize that passwords can be a problem for many of our web citizens. They are forgotten, weak, stolen, rarely changed, annoying, and difficult to manage. Let's examine new passwordless authentication schemes being used in the modern era, when they should be used, and release tooling to help service providers eliminate their passwords if they are so inclined.

Like it or not, security question password reset isn’t going away. Most organizations find it to be a cost effective approach that seems to work in practice. While there are many problems with this approach, one has received little attention: how to safely store the answers. I show that common methods used for storing password validation information are not suitable for security questions, and propose better alternatives.

Yes it is 2017 and you have not traveled back in time. This talk is about "instant" password recovery, the new advances in this field, and uses of these "lossy hash tables". There are people actively using these to crack passwords. When time is critical. We'll discuss optimizations and optimal settings along with general sizes and times.

Everywhere you need a password, the requirements follow a basic pattern: X length; must contain (or not contain?!?) lowercase, uppercase, digits, and symbols; must be rotated every Y days. But is that enough? This talk rethinks how we approach password strength, or “entropy”, in the real world.

There are many people who create passwords nonrandomly and think they’re making their passwords look random, but many common “clever” tricks aren’t so, and in fact are very guessable. Rather than calculating entropy as if the passwords were created randomly, we can find new and clever ways of calculating entropy given this knowledge.

Average users might never be safe from credential-theft on Windows, but security professionals have a significant enough threat model and have the necessary skills to protect themselves beyond clicking on a few UAC prompts. Through some extreme hardening measures, a handful of 3rd party and custom tools, and perhaps a few over-the-top security practices, you will learn to turn a default Windows installation into a highly secure computing environment.

Because Windows is a leaky bucket when it comes to user credentials, it's critical that you understand the Windows security model and mitigations available, but it is also important to use those features to the fullest, way beyond what a regular IT professional might apply. It's vital to know exactly what is happening on your system and be aware of any changes that might affect security. You must maximize the encryption facilities available to you and implement extra measures where appropriate.

Windows is a huge operating system with an attack surface to match. It has a legacy of insecurity but certainly is capable of becoming a solid computing environment. 

"Are you a password cracker ... or do you just crack passwords?" -epixoip

My goal with this talk is to help occasional, casual, and non-specialist practitioners bootstrap themselves to the next level of password auditing.

After briefly touching on the basics, I will cover some common pitfalls, some non-obvious assumptions made by the experts, and other lessons from my pursuit of password cracking as a dedicated discipline.

Key takeaways include specific cracking techniques, perspectives on cracking culture, and ways to advance further under your own power.

Prerequisites: Previous experience with cracking tools (hashcat, John the Ripper) and concepts (brute force, masks, rules, keyspace, etc.) is helpful, because we won't spend a lot of time on the basics. But anyone interested in learning more about password cracking is welcome!

We present a new and efficient approach to systematic testing of
cryptographic software: differential fuzzing. Unlike general-purpose
software fuzzing such as afl, differential fuzzing doesn't aim to find
memory corruption bugs (although they might come as a by-product), but
to find logic bugs. Compared to test vectors, differential fuzzing
provides greater code coverage. Compared to formal verification,
differential fuzzing is easier to apply, both for testers and
developers.

We'll release CDF, a tool that implements differential fuzzing for most
common cryptographic APIs: RSA encryption and signatures, elliptic-curve
cryptography, or any symmetric-key schemes through a unified interface.
CDF combines differential fuzzing with a number of unit tests to detect
vulnerabilities specific to the cryptographic functions tested. It can
also detect timing leaks, thanks to state-of-the-art leakage detection
techniques.

CDF is coded in Go, and is trivially portable to various CPU
architectures. Unlike other tools, CDF runs its tests in a totally
black-box fashion: no source code is needed, you only need an executable
file such as a binary program, Python script, or shell script calling a
remote service.

We ran CDF on high-profile, widely used crypto software components.
CDF discovered issues in a number of libraries including Go's crypto
package, OpenSSL, and mbedTLS.

Back in 2016, it was very new the way how the Facebook mobile application implements content through "Instant articles". A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on.

In this talk, we will share how these Instant articles, and the way they were shared, lead us to the possibility to access Facebook accounts and how through internet searches this became a huge problem! We'll discuss how we identify the issue and how it was tested, reported, fixed, rewarded and also we talk about a new vector attack for further research.

Passwords? Who needs those anymore. An examination of attempting to use 2FA for all corporate functions.