Workshop sessions

On the workshop the participants learn the basics of Ethereum and we exploit common smart contract security flaws together.

The workshop has three parts:
– Introduction to Ethereum (blockchain, transactions, states, smart contrats, gas, nodes, mining)
– Introduction to common Ethereum based vulnerabilities (RPC, nodes, image fails, Solidity based vulnerabilities)
– Exploiting vulnerabilities together

The Workshop also provides hints for those who participate in the CCTF game. The idea of the workshop is born from the lack of Ethereum security trainings.

Introduction to firmware reverse engineering process of IoT devices. The process, described with an example on a home router, is based on:

– Information Gathering of hardware and software, to identify main device components, to locate UART and JTAG interfaces and to get the firmware file or the EPROM content and the root file system

– Building a debugging friendly Emulation Environment, to run IoT binaries, using QEMU and with a root file system built with a build system like “BuildRoot”

– Techniques to analyse, hack, reverse engineer and modify the firmware using file system analysis, analysing output on the system console and using the Gnu Debugger in the emulation environment

Reverse engineering and firmware modification of the example home router requires overcoming difficult obstacles: the firmware upgrade file and the kernel are cryptographically signed to prevent firmware modification and unsigned kernel loading by the bootloader.

Analyzing a binary or firmware often starts from a more or less blank page of assembly code. Decompilers such as the Hexrays or Ghidra decompiler can make assembly code more readable but if symbol information such as function names, user defined structures or class information are missing it can still be a mess to work through. Enriching you project with symbol information is a lot of work but in the end can be the difference of successfully achieving your reversing/bug finding goals. Within this workshop i will present various approaches and open source tools to add symbol information to a real world firmware and then will train to use these with the attendees inside a prebuild virtual machine.

Fuzzing techniques enable the detection of vulnerabilities such as buffer overflows, integer overflows, format string vulnerabilities, use after free.

This workshop gives the audience a detailed overview about blind, input based fuzzing, finding memory bugs, diving into topics such as:

– Intro to Fuzzing
The fundamentals of fuzzing, understanding why fuzzing is needed and how to make the process of fuzzing efficient.

– Smart Fuzzing
We will look at using american fuzzy lop (AFL), which demonstrates the process of compile time instrumentation. We will understand the color code in AFL, process timing, stages, findings, yields, path geometry and stability. We will integrate address sanitizer (ASAN/MSAN) which helps in identifying address and memory corruption bugs, making the process smarter.

– Triage Analysis
We look at POC’s generated by AFL during the fuzzing process, attaching it to the actual binaries to see, how the input is handled by the binaries.

The prime focus of this workshop would be around the following areas:
Fuzzing using spike, Blind & input based fuzzing (AFL), Finding memory bugs using ASAN with AFL integration, Protocol fuzzing (HTTP).

We will conclude the workshop by showcasing multiple bugs found during our research on various binaries and protocols and leveraging fuzzing in IBB programs.

If you are familiar with K8s secrets, you know that these secrets are placed in etcd. When we say that we intend to bypass K8s security, we mean by not touching etcd at all. The problem with etcd is that when data is encrypted at rest, it is encrypted with a global key. That might be a problem in a multi-tenant cluster, where independent and unrelated users could potentially gain access to the secrets of others. Also, if you already have a security team that’s operating a certified Vault installation, they’re probably not going to be happy about placing an unencrypted secret in an intermediary location.

Our mutating admission webhook injects an executable into containers (in a non-intrusive way) inside Deployments/StatefulSets which can then request secrets from Vault through special environment variable definitions.

This hands on workshop focuses on building a DevSecOps approach towards malware detection and threat intelligence. It is designed to teach about building your own threat detection pipeline using public cloud services like Azure and AWS. This class will focus on creating a fully automated pipeline which will be capable performing both static and dynamic analysis on user submitted files. We will also learn about extending this pipeline to extract critical intelligence features out of the scanned files to build a threat intelligence as well as Machine learning engines utilizing the public cloud. The entire pipeline will work in an automated fashion without any physical server and capable of handling millions of file scans everyday.

Analyzing a binary or firmware often starts from a more or less blank page of assembly code. Decompilers such as the Hexrays or Ghidra decompiler can make assembly code more readable but if symbol information such as function names, user defined structures or class information are missing it can still be a mess to work through. Enriching you project with symbol information is a lot of work but in the end can be the difference of successfully achieving your reversing/bug finding goals. Within this workshop i will present various approaches and open source tools to add symbol information to a real world firmware and then will train to use these with the attendees inside a prebuild virtual machine.

On the workshop the participants learn the basics of Ethereum and we exploit common smart contract security flaws together.

The workshop has three parts:
– Introduction to Ethereum (blockchain, transactions, states, smart contrats, gas, nodes, mining)
– Introduction to common Ethereum based vulnerabilities (RPC, nodes, image fails, Solidity based vulnerabilities)
– Exploiting vulnerabilities together

The Workshop also provides hints for those who participate in the CCTF game. The idea of the workshop is born from the lack of Ethereum security trainings.

Fuzzing techniques enable the detection of vulnerabilities such as buffer overflows, integer overflows, format string vulnerabilities, use after free.

This workshop gives the audience a detailed overview about blind, input based fuzzing, finding memory bugs, diving into topics such as:

– Intro to Fuzzing
The fundamentals of fuzzing, understanding why fuzzing is needed and how to make the process of fuzzing efficient.

– Smart Fuzzing
We will look at using american fuzzy lop (AFL), which demonstrates the process of compile time instrumentation. We will understand the color code in AFL, process timing, stages, findings, yields, path geometry and stability. We will integrate address sanitizer (ASAN/MSAN) which helps in identifying address and memory corruption bugs, making the process smarter.

– Triage Analysis
We look at POC’s generated by AFL during the fuzzing process, attaching it to the actual binaries to see, how the input is handled by the binaries.

The prime focus of this workshop would be around the following areas:
Fuzzing using spike, Blind & input based fuzzing (AFL), Finding memory bugs using ASAN with AFL integration, Protocol fuzzing (HTTP).

We will conclude the workshop by showcasing multiple bugs found during our research on various binaries and protocols and leveraging fuzzing in IBB programs.

Introduction to firmware reverse engineering process of IoT devices. The process, described with an example on a home router, is based on:

– Information Gathering of hardware and software, to identify main device components, to locate UART and JTAG interfaces and to get the firmware file or the EPROM content and the root file system

– Building a debugging friendly Emulation Environment, to run IoT binaries, using QEMU and with a root file system built with a build system like “BuildRoot”

– Techniques to analyse, hack, reverse engineer and modify the firmware using file system analysis, analysing output on the system console and using the Gnu Debugger in the emulation environment

Reverse engineering and firmware modification of the example home router requires overcoming difficult obstacles: the firmware upgrade file and the kernel are cryptographically signed to prevent firmware modification and unsigned kernel loading by the bootloader.

This hands on workshop focuses on building a DevSecOps approach towards malware detection and threat intelligence. It is designed to teach about building your own threat detection pipeline using public cloud services like Azure and AWS. This class will focus on creating a fully automated pipeline which will be capable performing both static and dynamic analysis on user submitted files. We will also learn about extending this pipeline to extract critical intelligence features out of the scanned files to build a threat intelligence as well as Machine learning engines utilizing the public cloud. The entire pipeline will work in an automated fashion without any physical server and capable of handling millions of file scans everyday.

If you are familiar with K8s secrets, you know that these secrets are placed in etcd. When we say that we intend to bypass K8s security, we mean by not touching etcd at all. The problem with etcd is that when data is encrypted at rest, it is encrypted with a global key. That might be a problem in a multi-tenant cluster, where independent and unrelated users could potentially gain access to the secrets of others. Also, if you already have a security team that’s operating a certified Vault installation, they’re probably not going to be happy about placing an unencrypted secret in an intermediary location.

Our mutating admission webhook injects an executable into containers (in a non-intrusive way) inside Deployments/StatefulSets which can then request secrets from Vault through special environment variable definitions.