Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

English [clear filter]
Tuesday, October 13

10:15 IDT

KEYNOTE: The Rebellious Teenage Years: 15 years of Web Security
avatar for Jeremiah Grossman

Jeremiah Grossman

Founder, WhiteHat Security
Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the... Read More →

Tuesday October 13, 2015 10:15 - 11:00 IDT
Main Auditorium

11:15 IDT

0x3E9 Ways to DIE

Along the years many attempts have been made to combine static and dynamic analysis results. Some were good, other were bad, however the fact is that those two approaches still remain mostly separated as most analysis tools focus on one of them only.

For many years, this lack of integration and mental passing of data between static and dynamic tools has caused lot of frustration among researchers.

This was the main motivation in creating DIE.

DIE is a new Hex-Rays IDA plugin that crosses the static-dynamic gap directly into the native IDA GUI. It gives the researcher access to runtime values from within his standard dissembler screen.

As opposed to previous projects with similar goals, DIE takes a different approach by using an extensive plugin framework which allows the community to constantly add logic in order to better analyze and optimize the retrieved runtime values. With a click of a button, everything is accessible to the researcher: he can inspect handles passed to a function, analyze injected code or runtime strings, enumerate dynamic structures, follow indirect function calls and more (and the list keeps on growing). All of this happens without the researcher ever leaving his comfortable dissembler screen.

Even better, as DIE is tightly coupled with IDA, it will basically support any architecture, data type or signature supported by IDA.

DIE currently has a small but well-respected community of contributors. Starting with the alpha version, DIE users have been able to cut their research time by 20%-40%. As complex reverse engineering tasks may take several weeks or even several months to complete, DIE has already proved to be a valuable resource and a prominent part of the researcher`s toolkit.

DIE was first introduced to the public at RECON-2015 and received amazing feedbacks. Today, we will introduce its secrets to the respected Israeli research community.

During this talk I will explain the basic idea behind DIE, describe its architecture, and show live examples of how to use its extensive plugin framework to speed up the research process.

The talk includes *live examples* which have been carefully selected from real research projects in various security fields and demonstrate how DIE can be used to speed up bypassing software protections, unpack malware, and super-quickly locate a malware de-obfuscation functions.


Yaniv Balmas

Security Researcher, Check Point Software Technologies
Yaniv is a software engineer and a seasoned professional in the security field. He wrote his very first piece of code in BASIC on the new Commodore-64 he got for his 8th birthday.As a teenager, he spent his time looking for ways to hack computer games and break BBS software. This... Read More →

Tuesday October 13, 2015 11:15 - 12:00 IDT
Room 10 - CS and Communications Building
  Track 2

12:00 IDT

The Node.js Highway: Attacks are at Full Throttle

The popularity of the Node.js coding language is soaring. Just five years after its debut, the language’s framework now boasts more 2 million downloads a month. It’s easy to understand why. This event-driven language kept the simplicity of existing Web concepts and trashed the complexities; applications built on Node.js do not require a dedicated Web server to run; and Google is even pushing the language with its enhanced V8 engine for the Google Chrome Web browser. In fact, just consider Node.js as the drive-and-go language. But before accelerating too quickly, it is important to understand the power – and corresponding mishaps – of this language.

We’ll delve under-the-hood of the language’s engine and present our 6-month research into the Node.js language. In particular, we reveal new attack techniques against applications built on top of this language. This part of the talk includes demonstrations to engage the audience.

Attacks include:

  • Application-layer DDoS attacks. With just 4(!) requests, a server is brought to its knees, effectively denying services from all users of the Node.js application.
  • Password exposure attacks. Leveraging the “Forgot My Password” feature of applications based on Node.js in order to reveal the passwords of all users of the application.
  • Business logic attacks. Running malicious code on all machines of users of the applications when exploiting a weak business feature due to the language’s inherent coupling of the application and the server it runs on.

This talk is not intended to put the brakes on Node.js. On the contrary, this talk’s aim is to raise awareness to its security issues during application development.

avatar for Helen Bravo

Helen Bravo

Product Management Director, Checkmarx
Helen Bravo is the Product Manager at Checkmarx. Helen has more than fifteen years of experience in software development, IT security and source-code analysis. Prior to working at Checkmarx, Helen has worked in Comverse one of the biggest Israeli Hi-tech firms as a software engineer... Read More →

Tuesday October 13, 2015 12:00 - 12:30 IDT
Main Auditorium
  Track 1

14:15 IDT

The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications

Side channel analysis is a remarkably powerful cryptanalytic technique. It allows attackers to extract secret information hidden inside a secure device, by analyzing the physical signals (e.g., power, heat) that the device emits as it performs a secure computation. While the potency of side-channel attacks is established without question, their application to practical settings is debatable. The main limiting factor to the practicality of side-channel attacks is the problematic attack model they assume; with the exception of network-based timing attacks, most side-channel attacks require the attacker be in “close proximity” to the victim.

In this work, we challenge this limiting assumption by presenting a successful side-channel attack that assumes a far more relaxed and practical attacker model. In our model, the victim merely has to *access a website* owned by the attacker using his personal computer. Despite this minimal model, we show how the attacker can still launch a side-channel attack in a practical time frame and extract meaningful information from the system under attack. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.

Joint work with Vasileios P. Kemerlis, Angelos D. Keromytis and Simha Sethumadhavan.

avatar for Yossi Oren

Yossi Oren

Senior Lecturer, Ben Gurion University
Hi! I am a senior lecturer at the Department of Information Systems Engineering in Ben Gurion University, and a member of BGU's Cyber Security Research Center. Before joining BGU I was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City... Read More →

Tuesday October 13, 2015 14:15 - 15:00 IDT
Main Auditorium
  Track 1

16:00 IDT

Theories of Agile, Fails of Security

Buzzwords about Agile are flying around in overwhelming speed, talks about Scrum, Kanban, XP and other methodologies and practices are thoroughly discussed while security is still left as a 'high level' talk or sometimes as understanding how to adapt from traditional development methodologies. Some best practices will leave you scratching your head, unsure what was the original intention and without understanding how to implement security in Agile, effectively. This lecture will bring the all the undocumented failures during such process, and best ways of avoiding them prior to experiencing them.

avatar for Daniel Liber

Daniel Liber

R&D Security Leader, CyberArk
Daniel Liber is the R&D security leader in CyberArk, a leader in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Previously he has worked as an application security consultant for Comsec Consulting, working... Read More →

Tuesday October 13, 2015 16:00 - 16:30 IDT
Room 10 - CS and Communications Building
  Track 2

16:40 IDT

Game of Hacks: Play, Hack & Track

We created “Game of Hacks”– a viral web app marketed as a tool to train developers on secure coding – with the intention of building a honeypot. Game of Hacks, built using the node.js framework, displays a range of vulnerable code snippets challenging the player to locate the vulnerability. A multiplayer option makes the challenge even more attractive and the leaderboard spices up things when players compete for a seat on the iron throne.

Within 24 hours we had 35K players test their hacking skills...we weren't surprised when users started breaking the rules.

Join us to: • Play GoH against the audience in real time and get your claim for fame. • Understand how vulnerabilities were planted within Game of Hacks. • See real attack techniques (some caught us off guard) and how we handled them. • Learn how to avoid vulnerabilities in your code and how to go about designing a secure application. • Hear what to watch out for on the ultra-popular node.js framework.

avatar for Amit Ashbel

Amit Ashbel

Cyber Security Evangelist
Amit has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and... Read More →

Tuesday October 13, 2015 16:40 - 17:25 IDT
Main Auditorium
  Track 1