컨텐츠

컨텐츠

테크니컬 세션
Technical Session

April 13(Thu), 10:00-13:00 l Alrim 2 Room

Chris Salls

Title : Automatic Exploitation in the Cyber Grand Challenge and Beyond

Chris Salls is a PhD student at the security lab of UC Santa Barbara where he studies binary analysis. As a member of Shellphish, he has competed in many Capture the Flag competitions as well as the first automated hacking competition, the Cyber Grand Challenge. Chris is also a core contributor to the angr binary analysis framework. Recently, he has dabbled in smartphone exploitation, and demoed an Android root exploit at Geekpwn. 

# Abstract

Exploitation is a challenging task for experienced security researchers and an even more challenging task for computers. In the Cyber Grand Challenge (CGC), competitors were asked to create a system to automatically find, patch, and exploit bugs in software.  In this talk, I will be discussing Shellphish’s automatic exploitation system. Shellphish’s bot exploited the most binaries and stole more flags during the finals of the Cyber Grand Challenge than any other team. I will explain the design of our automatic exploitation engine, as well as the specific techniques we implemented for the Cyber Grand Challenge.  I will briefly explain how we generate crashing inputs by combining fuzzing  with symbolic execution. Then I will show how we use symbolic tracing (specifically using angr) to collect constraints along the path. From here, we must determine what control we have over the crash.  Depending on the type of crash and control, we apply one or multiple techniques to transform the crashing input into an exploit.   Finally, I will discuss the limitations in automatic exploitation. This includes why even state of the art systems are typically unable to automatically exploit bugs in complex real-world binaries and what advancements are needed for these systems to become effective for modern binary exploitation. 

Timothy Vidas

Title : Hacking with, and without, Humans: Pushing the state-of-the-art in cybersecurity Capture-the-Flag

Tim's research interests often revolve around mobile platform security and privacy, but these interests often stray into digital forensics, reverse engineering and malware analysis. Some of Tim's recent noteworthy endeavors include acting as team lead for DARPA's Cyber Grand Challenge competition framework integrity team, working to make the Internet a safer place through innovation at SecureWorks, digital forensics research at CERT and other computer and network security projects including a high-assurance security kernel, collaborative reverse engineering and RAM analysis from a forensic perspective. Tim regularly publishes research at academic venues and presented at industry conferences such as IEEE Security and Privacy, USENIX, WOOT, Shmoocon, DEFCON, and Blackhat.    In addition to research, Tim likes to teach and has a wide set of IT-related interests. He maintains several affiliations including ACM, IEEE, and USENIX, has been part organizing committee for DFRWS for many years and is a member of a non-profit think-tank: The Shmoo Group. Tim has a Ph.D. in Electrical and Computer Engineering, B.S. and M.S. in Computer Science, is a DC3 Forensics Challenge Grand Champion and is a DEFCON CTF black badge holder, a contest he later organized for four years with three other talented individuals. In his free time he contributes to open source software, runs CTF exercises for others, and toys around with digital forensics competitions, CTF exercises, and any other interesting looking challenges. 

# Abstract

In the summer of 2016, seven finalists competed in the final event of DARPA's Cyber Grand Challenge (CGC).  The challenge was years in the making, the finalists advancing through qualification to earn their invitation. Inviting elite hackers to Las Vegas, in the summer, to compete in Capture-the-Flag (CTF) for top honors is not new, DEF CON has done this for years.  However, with CGC, the finalists were all computers.  Given that the stakes were high and the contestants had no human ability to adapt, the CGC infrastructure had to be up to the challenge of executing the world's first all-computer CTF.  The competition infrastructure consisted of a custom operating system, a unique executable file format, and novel IDS format resulting the the most reproducible head-to-head CTF contest ever conducted. In the wake of CGC, The CTF Collective was established to make the capabilities realized in executing the CGC final event readily available and to continue pushing the state-of-the-art in cybersecurity CTFs.  In this talk, we describe the inception of The CTF Collective, what it takes to organize humanless hacking competitions (design, engineering, and orchestration), and the strange intersection of human and humanless hacking.

Yonghui, Jin

Korea University
 

 

# Abstract

 

April 13(Thu), 14:00-17:00 l Alrim 2 Room

Stefan Esser

Title : Port(al) to the Core

Stefan Esser is the CEO of Antid0te UG a german security company that specializes in MacOS and iOS security topics. He is a regular speaker and trainer at international security conferences like Syscan, CanSecWest, Recon, HITB and BlackHat. He is a co-author of the iOS Hackers Handbook. In a former life he was a web application security specialist, better known as the PHP security guy and co-founder of SektionEins a german application security company.

# Abstract

For year now Apple has kept adding new security mitigations to iOS and iOS devices that put them often ahead of the competition in regards to security. Naturally attackers had to adopt their techniques to break into the new versions of iOS with every new protection. Because of this techniques used by private jailbreaks have usually been kept quiet.
In this session the audience will be introduced to a set of iOS kernel exploitation techniques that have been used in private jailbreaks for a while now and only recently have been leaked into the public via a partial iOS 10.2 jailbreak that has been uploaded to GitHub. This session will give a complete walkthrough of the original technique and explain how exactly they were intended to be used.

Philip Pettersson

Samsung Security Center, Hacker team: Hacking for Soju

Title : Linux Namespaces: Security Boon or Bane?

Philip Pettersson is a Senior Security Engineer at the Samsung Security Center, where he does pentesting and product security for the Samsung Group. He is a member of the Hacking For Soju CTF team which has participated in competitions around the world since 2009.
In his spare time he enjoys auditing open source software and keeping his skills sharp by playing binary exploitation war games.

# Abstract

Linux namespaces originated in the early 2000s and now permeate the Linux kernel architecture. It is the underlying system that container technologies such as Docker and LXC rely on to implement their isolation features.
Containers have been hailed as a security benefit by making it easier to isolate separate parts of a complex deployment. However, Linux namespaces have allowed several critical privilege escalation bugs to surface in the last few years.
In this talk we will discuss the new attack surfaces that these features have opened up in the kernel and take a detailed look at an exploit for CVE-2016-8655, the most recent Linux namespaces related privilege escalation bug.

Blackfort Security

 

 

# Abstract