Security BSides London 2014

Privacy is a basic human right; our democracy has the secret ballot at its very foundation. This critical right is at risk and is being infringed by governments and big business. How can you protect yourself in the electronic and physical world? How practical are the current defences? Can you live a normal life and retain the dignity of being free from surveillance?
(Some of the tools and techniques may also be useful during the singularity/robot uprising but are presented for information only, any use may be subject to local legal restrictions and Stephen, for one, will not be held responsible should you alienate our new computer overlords.)
[Presentation may include bright flashing lights, bad 70's haircuts and the kind of critique of current GCHQ/NSA policy that puts DV clearance at risk.]

We have long known that Android can be affected by malware. Most users are now aware that they need to take care about what they install on their phones. But what about a brand new device that’s fresh out of the box? We will show that for two flagship Android devices, they are not as secure as people might suppose.
Android has been through a security revolution in the last year in response to an avalanche of malware designed to take advantage of its permissive behaviour. We will talk through the latest advances in what is by far the world quickest selling mobile platform. We will then look at how the race for new features and functionality is undermining security in the latest Android devices.
Finally we will look at how attackers can use these weaknesses to go beyond the realm of a person’s personal device and into their employer’s corporate network."

When you're hunting for bugs, let's face it - grepping for strcpy just doesn't cut it anymore. Instead of waiting for unsafe memory management functions to come back into fashion like moustaches or mustard coloured corduroys, I decided to check in with "the future", and see what it had to offer me.

What I found was a sea of similarly puzzled individuals, bizarre terminology, and a number of code snippets that would only compile on specific, different versions of libraries. So I set about piecing together what I could, and ended up producing a working tool in a fairly short period of time.

This talk shows what can be achieved if you want to build static analysis tools, and you don't want to spend a load of money or upload all your precious code to "the cloud". I will be making sense of the complex terminology surrounding this field, and detailing my struggles and conquests building a fast, flexible, and most importantly usable static analysis tool, all for free.

If you're interested, but you wouldn't know a TranslationUnit from a bar of soap, this is the talk for you!

Malicious software is all around us. It permeates the Internet by riding on data transmissions. Once you communicate, you risk getting in touch with malware (another name for malicious software). This is why every single one of us, be it individual, company or organisation, runs anti-virus software. The idea is to have specialised software detect malware, so all the bad things are kept out of your network and away from your end-points. So much for the theory. In practice any self- respecting attacker can evade anti-virus filters by a variety of means, depending on their skills and resources. Security researchers know about this fact. Stuxnet and Flame were a proof for sceptics (and a failure of the whole anti-virus industry). How can this be?

All IT security professionals know that antivirus systems can be avoided. However, a few of them knows that it is very easy to do. (If it is easy to do, it's impact is huge!) In this presentation I will, on the spot, fully bypass several antivirus systems using basic techniques! I will bypass: signatures detection, emulation/virtualization, sandboxing, firewalls. How much time (development) is needed for it, for this result? Not more than 15 hours without a cent of investment! If I could do this, anyone can do this... so I think we have to focus to this problem.

Using these easy technique I can create a 'dropper' what can deliver any kind of Metasploit (or anything else) shellcode and bypass several well-know antivirust in real-life and full bypass the VirusTotal.com detection where a detection rate in 0.

In my presentation I use 6 virtual machines and 9 real-time demos. Resulting the audience always have a big fun and surprise when they see the most well-know systems to fall - and the challanges what the AVs cannot solved are ridiculously simple and old. So the IT professionals think too much about the systems which they rely on and which cost so much.

Ever wonder how to find vulnerabilities? In 2013, I averaged 4-6 CVE assignments each month and in this presentation I will go over general tips and tricks I have found most effective at locating unknown vulnerabilities. Vulnerabilities explored will include web vulnerabilities (XS*, command-injection, SQLi, etc) and C/C++ application vulnerabilities (memory corruption, logic errors, etc). To demonstrate the effectiveness of these techniques, I will provide examples vulnerabilities along with the path which led me to finding them without the use of commercial analysis tools. I will also discuss some of my experiences working with vendors and developers to harden their products.

This talk is a running account of a few weeks spent attacking and reverse-engineering a widely deployed network device. I went from having little knowledge of the system, to producing some powerful and interesting exploits. The focus of this talk is more towards how the issues were found, rather than the issues themselves. To that end, a generic set of hints and tips will be proposed for analysing and attacking binary protocols, including a method for classifying and identifying unknown cryptography used on data.

Currently the issues that will be presented in this talk are being worked on with the vendor. It is hoped that by the time that BSidesLondon takes place we will be in a position to openly talk about specifics of the issues in question and the fixes that have been implemented. If this is not the case then the talk will not disclose the specific product or vendor, but instead cover the techniques and interesting finds in a manner that is in line with our co-ordinated disclosure programme.

Roll up, Roll up, my Lords, Ladies and Gentleman, come see the bizarre and wondrous marvels that the Cirque de Vendeurs Sécurité has to offer. Tales of miracle machines that can see into the future and tell their masters of all the dangers they face. Devices so wise that they can see the very threats of tyrants and evil doers before they've even been thought of. Contraptions that possess a mystical sixth sense that can see every footstep and action a would be assailant takes before any deadly blow is delivered. These miracle machines that give defenders a suit of armour that mean the wearer needs no warrior skills in defending their castles. Come see for yourself, and purchase one of the miracle wondrous machines!

Although the above sounds ludicrous and out of place, it isn't that far fetched from a lot of the literature produced by Network Intrusion Prevention/Detection System vendors. This talk looks at the very long and fruitful history the world of network detection systems has to offer (you'll be surprised they're nearly 4 decades old). With a overview of just some of the failings these systems have had over the years, and how these failures shaped their development. At places this talk will be cynical and it won't win any friends from vendors, but attendees will be given enough background information to understand why detection systems like IDS/IPS can work, but why they're set to fail all at the same time.

Poor testing and the general acceptance by nearly everyone within the security industry that these systems can't deliver is only the beginning of their history of fail. I intend to discuss why certain evasion techniques worked, and why they will continue to work until we understand the inherent problems. Consider this talk a historical journey with one eye fixed on the future.