ToorCon San Diego’s Deep Knowledge Seminar sessions are aimed to provide the best information for decision makers and IT/IS professionals. Entrance to the seminars includes admission to all of the seminar talks on Friday Sept 1, 2017 and includes complementary continental breakfast, lunch, and Conference admission for the rest of the weekend. Online registration closes on Aug 25, 2017. Tickets can still be purchased at the door. Our pricing schedule is listed below:
|Round 1||$550 – SOLD OUT|
|Round 2||$750 – SOLD OUT|
Friday – September 1st, 2017
|8:30||Registration & Continental Breakfast|
|9:00||Explore firmware in different platforms with CHIPSEC framework
In this research, we’ve explored attack surface of hypervisor and firmware in two different platforms: arm and x86. We will explain different attack scenarios using interrupts and other interfaces, as well as interaction methods between firmware and hypervisor privilege levels. We will explore common vector attacks for both architectures.
|10:30||How to Hunt (Threats, not Bambi)
Threat Hunting is a fun way to turn the tables on attackers on your network by proactively looking for them instead of reacting to alerts. How can you get started in hunting? We’ll start with some hunting basics and then get into some things you CAN try at home (or at work) to find badness on computers or networks.
|13:30||Combating Java Deserialization Vulnerabilities with LAOIS
Java Serialization is an important and useful feature of Core Java that allows developers to transform a graph of Java objects into a stream of bytes for storage or transmission and then back into a graph of Java objects. Unfortunately, the Java Serialization architecture is highly insecure and has led to numerous vulnerabilities, including remote code execution (RCE) and denial-of-service (DoS) attacks. Any Java program that deserializes a stream is susceptible to such vulnerabilities unless proper mitigations are taken. One such mitigation strategy is look-ahead deserialization or look-ahead object input streams (LAOIS). This presentation examines Java deserialization vulnerabilities and evaluates various LAOIS solutions including JDK Enhancement Proposal (JEP) 290.
Robert C. Seacord
|15:00||SDN and the future of network security
Software Defined Networking is no longer a fledgling technology. Google, Amazon, Facebook, and Verizon all rely on the scalability, programmability, flexibility, availability, and yes, security provided by SDN. So why is there so little discussion on the security risks, advantages, and current research on the topic?This talk will provide a brief introduction to SDN and security, demonstrate ways of compromising and securing a Software Defined Network and will illustrate new ways of using the power of open source SDN coupled with machine learning to maintain self-defending networks.
|16:30||Disrupting the Mirai Botnet
The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to become familiar with the structure, design, and weaknesses of Mirai and its variants. At this talk you’ll learn how to detect members of the botnet, mess with them through various means and setup a safe live fire lab environment for your own amusement. I will demonstrate how to join a C2 server, how to collect new samples for study, and some changes that have occurred since release of the source code. By the end you’ll be armed and ready to take the fight to these jerks. Unless you’re a botnet operator. Then you’ll learn about some of the mistakes you made.
|19:00||ToorCon Conference Reception|