WAHCKon['3"} Perth 2016

Perth's First Hacker Con
30th of April and & 1st of May 2016

Adventures in glitching PIC microcontrollers to defeat firmware copy protection

Speaker: Dr Silvio Cesare

Glitching is a non-invasive fault injection attack. For microcontrollers, the clock and the voltage are typical vectors for glitching. In some previous talks, I came across PIC microcontrollers that were found in home alarm systems and remote keyless entry keyfobs. These PICs had copy protection enabled. Defeating that copy protection and getting the code and data would be pretty useful . It would allow me to hunt for vulnerabilities in firmware. In this talk, I'll document my approach and results having built a glitcher to attack these PIC microcontrollers. I tried clock glitching and voltage glitching using an FPGA coded with Verilog, a Pickit3 PIC programmer and custom electronics. I didn't get a complete result, but so far I've been able to partially defeat the data protection of a PIC16F883.

Your ******** REDACTED ********* is a bit buggy

Speaker: Faz

So a few ******** REDACTED ********* ago whilst trawling through the internet I inadvertently came across a ******** REDACTED ********* that probably shouldn't have been there. In the spare ******** REDACTED ********* I had here and there over ******** REDACTED ********* I found some pretty serious ******** REDACTED ********* places in Australia. Over the past few weeks, I've been working with ******** REDACTED ********* to remediate the ******** REDACTED *********. This is just as much a tale of ******** REDACTED ********* as it is of the success and maturity of ******** REDACTED ********* in Australia.

Fuzzing rabbits for fun and profit

Speaker: Hugh Davenport

Fuzzing is the art of applying random data in the hopes of finding inputs to programs that cause unexpected behaviors. Traditionally, this has taken a deterministic approach which is akin to something to do with monkeys, typewriters, and Shakespear. Enter american fuzzy lop (afl), not just a weird looking bunny [1], but actually a new generation fuzzer from Google that takes into account code coverage. This talk will give a brief overview of afl-fuzz, show off its features, and gives an example of things I have found, and how much bounty has been made. Comparisons to other fuzzers will be made.

How do you catch a badger

Speaker: Raymond Schippers

How do you catch the more persistent and creative attackers out there? What 'sexy' tools can the blue team use without paying much if anything?

Impossibilities of Privacy

Speaker: The Dogg of the West

It's foolish to think that we can hold onto 20th century ideals of privacy in the Internet age, yet people still think that they can. The sheer volume and type of information that we have no option but to share if we want to operate in common society makes this the case. This talk will discuss just how much we are forced into disclosing about ourselves, the impact that this has had on our long held views on privacy and what the future holds.. Spoiler alert- Scott McNealy was right.

Adventures in USB land

Speaker: Val (@vbakaitis)

A somewhat pessimistic talk on the state and the future of USB security. A number of attacks on USB have been discovered in the past. This talk will cover the commons traits that these attacks share, the suggested protections and the ways these protections fail. It will also feature a demo of things you can build in your own garage or in somebody's office while they're AFK.

How Vulnerable are Internet and Telecom Networks

Speaker: Dr Walter Green

The evaluation of the vulnerability of telecom networks will be presented by reviewing telecom network failures due to hacking, human error, faulty software and poor practices with un-intended outcomes. This analysis will identify potential network weaknesses that can be exploited by third parties. selected weaknesses will then be used as a benchmark for the Vulnerability assessment. New types of threats based on recent design flaws will also be presented. The vulnerability assessment will be based on a comparison of performance data published in the media and in current network designs, with the benchmarks selected for this presentation.

PHP Malware: Detection and Cleanup

Speaker: Andrew Jeffree

A look into PHP Malware mostly talking about ways to Detect, Remove and Preventing it (Hint: it involves updating your CMS). I'll also talk briefly about the common attack vectors you'll see and what the malware actually looks like and does.

EFF "Secure" IM Scorecard Review

Speaker: eltt

In recent years, the importance of using secure private messaging applications for communication has come to the forefront of public attention. It's not uncommon to find news articles written almost weekly on user privacy concerns and what the more tech savvy can do to limit their exposure to interception and monitoring from external parties. One particularly interesting website is the Electronic Frontier Foundation (EFF) secure messaging scorecard, which aims to assist users in choosing “Which apps and tools actually keep your messages safe”. This type of score card drastically simplifies the problem domain, and leads one to question what the tradeoffs are when installing an application from the list. While the advocacy of privacy based communication is something we love to see reach a mainstream audience, we believe the scorecard misses many considerations and metrics that are critical to the discussion. We have been performing a review of the documentation and source code of a subset of applications in the EFF scorecard to understand their privacy versus security tradeoffs. This is a subtle and often overlooked difference - as passive monitoring may be disrupted with the use of encrypted communications, but attacks against software vulnerabilities can negate the advantage of using those IM applications in the first place. We believe sharing this perspective is important to assist users in deciding on the right balance between privacy and security. We will present an introduction, run through the assessments we have performed of various clients, then share our perspectives to takeaway.

Naval-gazing with Docker

Speaker: Frenchie

Docker. The devs won't shut up about it. What is it? Why do so many bearded JavaScript hipster developers love it? And most importantly, how do you break it? This talk aims to cover:

• Intro to Docker,
• Demo: How to use Docker to deploy your tools to The Cloud™,
• Known attacks (& subsequent security patches) against different versions of Docker,
• boatloads of puns.

Reclaiming "Hacking" as an Infinite Game

Speaker: Nathalie Collins

Reclaiming “hacking” as an infinite game. The word “Hacker” has been hijacked. We know this. Reclaiming it from the ignorant is a challenge. Nathalie is a marketing professional, but not one of the wanky ones. Her talk is respectfully offered as one way forward in reclaiming the word “hacking” from ignorant hordes. The philosophical metaphor of “finite and infinite games” is a great way of thinking about hacking: try it on and see if it fits. If you are annoyed enough about the situation to do something about it, her talk will give you some ideas about how. And finally, she will let you know why this dyed-in-the-wool marketer/philosopher cares about the hacking community in the first place.

Why you shouldn't use SSL

Speaker: Wasabi

Feds and intelligence agencies use taxpayer dollars to perform dragnet surveillance of Internet traffic. Using SSL makes their job hard, and increases the cost of intercepting your traffic. TLS makes it even harder. This talk starts with a very brief intro to encryption, moves into the history of SSL and why you shouldn't use it, and finishes with coverage of its successor TLS. Current best practices on implementing TLS, including recommended ciphers and browser compatibility will be discussed. Lesser known gotcha's such as weak Diffie-Hellman and “imperfect” forward secrecy will also be covered. Trust the maths, not the programmer.

lol random php

Speaker: ss23

Lets have a chat about randomly generating things in your applications. You know there's a right way, and a wrong way? Clearly most developers don't! Together, we'll explore such issues as "Why does this manual page tell me in big red letters that it's not secure? Can I still use it?" and "Some developer totally used that function with the big red letters that says it's not secure, how can I exploit it?". We'll focus on PHP, but lots of the core lessons will be applicable to both (like, don't use the functions with the BIG RED LETTERS TELLING YOU NOT TO USE THEM)."

Data Combat - Warfare in the Age of Big Data

Speaker: kezef

Big data is everywhere. Organisations now store and process data that is growing at an exponential rate. In the age of store-first-think-later, what if the data your organisation stored was actually your biggest threat and the enemy lurks within? What would the implications of 'evil' data be, how would you identify it and protect yourself whilst still relying on a fundamental component of daily business life? This presentation looks at the concept of data warfare, its roots in information warfare and how cyber security needs to evolve to become more data-aware and address this threat. Already we have seen the beginnings of data-based attacks and their ability to have significant impacts at not only an organisational level, but also at an economic level. In the age of quantum trading and businesses driven by big data analytics, organisations are becoming increasingly reliant on accurate, reliable and trustworthy data. Their biggest asset now also has the potential to become their biggest weakness.

Aftermarket Vehicle Trackers & Immobilizers: Redux

Speaker: skooch

Vehicles of all shapes and sizes are bought and sold every day with measures designed to protect them from being stolen or make them easier to retrieve. Re-enforced doors, various locking mechanisms, key based immobilizers and proximity fobs are just some of the countermeasures designed by manufacturers. Unfortunately, not everyone can afford the latest and greatest security when they buy a car, not to mention a second-hand one. So what about aftermarket solutions? I'm sure I could grab something off AliExpress! I mean, it couldn't be that bad? Right? This presentation will cover the deconstruction (both software and hardware) of cheap vehicle immobilizers and trackers that you can buy for less than the price of a takeaway dinner. Purchasable from retail stores across the globe, and through online sites like AliExpress, these wonderful [citation needed] devices can be installed into your vehicle with very little electrical knowledge. In fact, some mechanics offer to buy and install these devices as a service. Just how many of these devices exist though? Well, at the time of writing the manufacturers boast shipping 360,000 plus units. Not only do we get the ability to communicate with these devices by texting them, but we get a webapp to use and a mobile app too! I wonder what we can find in this one. Oh, and it looks like the manufacturers were generous enough to use common chips when building the device too. Serial wire debug, anyone? Let's just say that the phrase ""You get what you pay for"" comes to mind very strongly throughout this talk.

A not so SmartRider: The law, and did I just break it?

Speaker: Jack Carruthers

We all like fun hacking projects, but sometimes we can cross the legal line without realising it. The story of a research project into the Public Transport Authority's SmartRider system and how it all went to court.

The matryoshka doll of fuckery

Speaker: Chris

A breakdown of the worst code review I ever did in search of the answer "has my client been beached?" Hint: the answer is probably not no.

From pcaps to Report in 5 days: Traffic Analysis Sucks

Speaker: omnifocal

When given one working week to go from raw pcaps to a report on any detected malicious activity, two security dudes rush to perform the best analysis they can given their situation. After making sure the traffic was actually captured properly of course. I'll be talking about my experience with this particular engagement, some of the gotchas we faced with the initial capture and later analysis, some of the actual analysis we performed, and finally what we would have liked to do given an easier situation.

Reverse Engineering Swift Apps

Speaker: Mike

Since it's introduction at WWDC in 2014 Swift has progressed significantly as a language and has seen increased adoption by iOS and OSX developers. This talk will dive into the Swift language and explore reverse engineering Swift apps from a security perspective. Topics covered include, Swift 101, obtaining class information from Swift binaries, Objective-C/Swift bridging, Swift runtime manipulation and hooking Swift methods.

Car Hole Hacking

Speaker: Doles

Your garage is a gaping security hole right at the front of your dwelling. Let's explore some of the ways we can attack and protect it.