Tal zeltzer

Talk : Virtually Secure, Analysis to Remote Root 0day on an Industry Leading SSL-VPN Appliance

Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses
we’ve experienced – EVER!

Bio :

Tal Zeltzer is an Israeli security researcher, reversing by day and hacking by night. Tal has a history of 0days behind him, ranging from his latest PCAnywhere findings to embedded systems and web applications. He spends most of his free time conducting research and developing research tools. He tweets under @talzeltzer and blogs at http://exploit-code.com

Glenn Wilkinson

Talk : The Machines that Betrayed their Masters: Mobile Device Tracking & Security Concerns

The devices we carry betray us to those who want to invade our privacy and security by emitting uniquely identifiable signals. The most common example is that of the wireless signals emitted by your mobile phone (even whilst tucked safely into your pocket), but as new technologies develop so do new signatures. Such signals may be used to track you, or be used toward more malicious intent.

The risk of an attack on these implementation flaws was first demonstrated in 2004 with the Karma exploit, however, the flaws still exist and have become more numerous as the number of WiFi enabled devices has grown. What’s more the privacy risks have not been fully explored until now.

This talk will discuss the process the author has gone through to build a resilient, modular, reliable, distributed, tracking framework. Data captured from several security conferences will be explored and discussed.

While Snoopy has been presented before, it was still in the earlier stages of development. Since then, a significant amount of work has been put into the framework (e.g XBee, SnooPi, and Quadcopters), and much experience gained in its use. A live demonstration will be given during the talk.

Bio :

Glenn currently works at SensePost with his role divided between penetration testing, training, and research. He holds two masters degrees from the University of Oxford.