Bern 2007-10-19 2007-10-21 3 0.7 11:00 01:00 19:00 01:00 Talk 0sec07opening Talks Other English Opening event of 0sec 2007, with welcome aperitif sponsored by Dreamlab. nick 21:00 01:00 Talk oracleseckornbrust Talks Lecture English Oracle databases are the leading databases in companies and organizations. In the last 3 years Oracle invested a lot of time and engery to make the databases more secure, adding new features, ... But even 2007 most databases are easy to hack. This talk will describe the current status, the typical problems in customer installations and the trends for the future for Oracle Security. I will show some scenarios how to attack (and prevent) databases, abuse Oracle security features (like Oracle Transparent Database Encryption (TDE)) and the latest trends in SQL Injection (e.g. why a table "!rm -rF /" sometimes executes code). Alexander Kornbrust 14:00 02:00 Talk Talks Workshop English Most of the actual vulnerabilities which security researchers and also bad guys (doesn't) report every day, are related to web applications. Even if this is the case, the security community didn't get the big picture of what security related problems we've got through web applications. In this demonstration, Sven Vetsch (aka. Disenchant) will show you an overview of the most important web vulnerabilities like SQLi, XSS, CSRF, Path Traversal, Session Fixation and much more. The focus in this demonstration is not to show you the latest research results in webappsec, it's to show the big picture of this topic to the attendees. Sven Vetsch 17:00 01:00 Talk flashsec Talks Lecture English Flash is used for so-called RIA quite a long time now. Many of us know that Flash can be evil and used for bad and ugly things, but it was not too easy to audit Flash apps in the past. The lecture will start with an overview over the history of Flash and ActionScript, its capabilities and design flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be introduced. fukami https://www.flashsec.org/ 18:00 02:00 Talk Talks Other 0sec orga team 20:00 01:00 Talk 10gbemonitoring Talks Lecture English Capturing network packets is a valuable technique for troubleshooting network problems, especially when the troubleshooter has to deal with network elements that are not under his or her control. There are many open source tools available to do packet capturing and analysis on general-purpose computer hardware. This hardware is by far is too slow for the highest possible 10GE data rates. A solution for that issue is to lower the data rates by filtering out ’uninteresting’ data out before it gets processed by the general purpose computer hardware. This can be accomplished via a specialised Network Interface Card (NIC). The specialised NIC presented in this talk was originally developed for security purposes, but it allows for modifications since it is built around programmable logic. This presentation will consist of three parts, namely: 1/ Introduction 10 Gigabit Ethernet frame and data rates. Problem description, with some empirical data on the performance of generic computer hardware. 2/ Overview of the architecture of the proposed solution. MISD architecture. Overview of the homegrown firm and software. 3/ Details and demos on the implemented features The presentation is aimed towards a technical audience and considers some knowledge on network protocols and the generic programming. Perhaps we can have a discussion on next steps if that is interesting? Ariën Vijn 22:00 01:00 Talk unknownrfbaseddata aka fun with 27Mhz keyboards Talks Lecture English In today's nomad working style, radio frequencies are all over the place. Bluetooth gets involved in many transmissions, but the vintage 27Mhz frequency transmission is still used in the most low-price products like wireless keyboards and/or mice. During our product research on wireless keyboards and their protocols, we discovered many pitfalls and resources. This talk should assist other in the process of analyzing unknown rf based data transmission signals and discovers some new details on wireless keyboards. Max Moser Philipp Schroedel 14:00 01:00 Talk selinux an Introduction to MAC and DTe Talks Lecture English To quote a now (in)famous security researcher "0-day can happen to anyone". While to a certain degree this may be true, SELinux with a well thought out policy can greatly limit the impact of an attack. This talk will contrast high level differences between Discretionary and Mandatory Access Control. It will also introduce the concepts of Domain and Type Enforcement (specifically SELinux's TE implementation). It will conclude with a demonstration of Type Enforcement protecting a system from an application/user-land attack Robert E. Lee 15:00 04:00 Talk metasploitworkshop Talks Workshop English Metasploit 3.0 offers a lot of new features and tricks for the exploit writer. In this talk, we shall take a few examples of vulnerabilities, write an exploit from the ground up, and see how Metasploit 3.0 assists the process of writing exploits. We shall also see how your exploits can be integrated as plugins into the Metasploit framework, and how to use Metasploit's excellent post-exploitation capabilities. We shall re-visit some classic attacks and also cover advanced exploits such as browser attacks via heap spraying. Participants shall get insights into discovery and verification of vulnerabilities, finding the entry points, gaining control of program flow, choices of shellcode and finally writing a working exploit for the vulnerability. Participants shall also get an overview of Metasploit 3.0's internal modules and how to integrate custom exploits with the Metasploit framework. Before coming to workshop, I would sincerely request you to spare a couple of hours to prepare your laptop with some required software, and test it, so that we do not waste any class time in technical issues and troubleshooting. LAPTOP READINESS ---------------- Hardware Requirements: - Intel x86 hardware required. - 512MB RAM required, at a minimum. - Wired 10/100 Network card. - CDROM drive (built in, or USB based) - 5 GB free Hard disk space, at a minimum *note: there is no Wireless LAN in the class, and therefore the Wired 10/100 card requirement is a MUST. *note: tools and vulnerable images shall be distributed on CDs in the class. Therefore, the CDROM drive is a must too. Some sleek and ultra portable laptops do not have a CD drive. Please bring a USB CD drive along in that case, and make sure the drivers work. Operating Systems (one of the following): - Windows 2000 SP4/XP SP2 -OR- - Linux kernel 2.4 or above a) Windows 2000/XP operating system (this means NO Vista) - Administrator access mandatory - Ability to disable Anti-virus / Anti-spyware programs - Ability to disable Windows Firewall or personal firewall b) Linux kernel 2.4 or above: - Kernel 2.4 or 2.6 required (check with uname -a) - Root access mandatory - Ability to use an X-windows based GUI environment - Perl 5.8 should be available (check with perl -v) - SSH should be available (check with ssh -v) - Netcat (nc) should be available (chech with nc -h) SOFTWARE TO BE PRE-INSTALLED ---------------------------- I would request you to download and install the following free software. a) Firefox 2.0 browser (install as default) http://www.getfirefox.com/ b) Metasploit Framework 3.0 http://metasploit.com/ c) VMWare Player 2.0.x http://www.vmware.com/download/player/ *if you have a copy of the latest VMWare workstation (5 and above), you need not d) Active Perl (for Windows users only) http://www.activestate.com/Products/ActivePerl/ Please ensure that the above items and installed and TESTED before bringing your laptops to class. Saumil Shah