1.2
nnc2021
NoNameCon 2021
2021-09-02
2021-09-03
2
00:05
https://cfp.nonamecon.org/nnc2021/schedule/
Europe/Kiev
2021-09-02T10:00:00+03:00
10:00
00:40
Main track
nnc2021-148-----
https://cfp.nonamecon.org/nnc2021/talk/KJPGHK/
false
Де моя стратегія, чумба?
Talk
en
Виступ про нову Стратегію кібербезпеки України: її ключові положення, відмінності від попередньої, перспективи та можливі наслідки.
В Україні схвалено нову Стратегію Кібербезпеки.
Я хотів би розказати про її ключові положення, чим вона відрізняється від попередньої Стратегії, у чому переваги нової над попередньої та які нова Стратегія має недоліки.
Також розкажу про перспективи, прогнози та можливі наслідки реалізації Стратегії.
Усі аналогії з CyberPunk 2077 – не випадкові.
Kostiantyn Korsun
2021-09-02T11:00:00+03:00
11:00
00:40
Main track
nnc2021-127-influence-operation-mitigation-with-the-amitt-framework
https://cfp.nonamecon.org/nnc2021/talk/9NW8E8/
false
Influence operation mitigation with the AMITT framework
Talk
en
CogSecCollab introduces updates to the AMITT framework and complementary countermeasures. We'll look at how these countermeasures are being used in the wild by disinformation responders of all sizes, and explore our work integrating disinformation response into a SOC.
Roger Johnston
2021-09-02T12:00:00+03:00
12:00
01:00
Main track
nnc2021-155-android-application-hacking-with-damn-vulnerable-bank
https://cfp.nonamecon.org/nnc2021/talk/WCKLTN/
false
Android Application Hacking with Damn Vulnerable Bank
Village
en
From mobile devices to smartwatches, automotives, smart refrigerators, and many other devices, Android is ruling the market. This gives an onus on developers to protect the information and integrity of their users by developing a secure code for the applications. This enforces us to secure Android applications used by millions and billions of people across the globe.
This session aims to demonstrate our open-source application, Damn Vulnerable Bank. This application provides an interface for folks interested in android application security to assess their skills. This short course will be packed with static and dynamic analysis, dynamic instrumentation, binary analysis, hacking APKs at a low level, playing with multiple debuggers, and many other interesting discussions. By the end of this session, you will gain an understanding of different threat vectors and exploitability means.
I have released a guide on solving the challenges in Damn Vulnerable Bank: https://rewanthtammana.com/damn-vulnerable-bank/
We are having many more ideas and different scenarios to include in this application. We will release the new version of the application with upgraded features soon.
/media/nnc2021/submissions/WCKLTN/rewanthtammana-damn-vulnerable-bank_87ctmdw.PNG
Rewanth TammanaAkshansh JaiswalHrushikesh Kakade
2021-09-02T14:00:00+03:00
14:00
00:40
Main track
nnc2021-146-let-s-play-a-game
https://cfp.nonamecon.org/nnc2021/talk/M3D3LW/
false
Let's play a game
Talk
en
Gaming industry experienced huge growth in recent years.
As with most massive businesses, it also became a target for various malicious actors.
This is an analysis of publicly known cyber attacks on gaming:
- general trends
- primary entry vectors
- malicious techniques in use
- defense lessons that can be learned
Oksana Safronova
2021-09-02T15:00:00+03:00
15:00
00:40
Main track
nnc2021-128-dfa-and-code-control-flow-obfuscation-a-real-world-example
https://cfp.nonamecon.org/nnc2021/talk/W7KLPC/
false
DFA and code control flow obfuscation: a real-world example
Talk
en
We analyze code control flow obfuscation, based on deterministic finite automata (DFA), in a third-party iOS application downloaded from AppStore.
The talks consists of five parts:
1. **Intro.** Hello everyone, blah-blah-blah. _No special background needed_ (5min or less)
2. **Math.** DFA definition, state transition table. _Set theory background needed_ (~10 min)
3. **Reversing the obfuscated code.** Reversing the iOS app, detailed analysis of the machine code. _ARMv8a/iOS internals background needed_ (~15 min)
4. **Putting the math and the code together** Representation of the reversed code as DFA and vise versa. Beautiful of DFA states -> code calls (~10 min)
5. **Summary** A quick summary with some useful/interesting links (~5min)
Dima Kovalenko
2021-09-02T16:00:00+03:00
16:00
00:40
Main track
nnc2021-132-attacks-on-windows-infrastructure-blue-team-edition-
https://cfp.nonamecon.org/nnc2021/talk/NN3YQX/
false
Attacks on Windows Infrastructure (Blue Team edition)
Talk
en
Nowadays with the peak of security incidents adversaries detection became crucial challenge for blue teamers. Beside detection of the most popular tactics, techniques and procedures like network discovery and lateral movement, are you ready for incidents where adversaries abuse windows infrastructure to achieve their goals? We will dive into internals of such attacks as kerberoasting and golden tickets to find detection opportunities to detect them before the first ticket was passed.
Common attacks on Windows infrastructure and their detection:
1. Initial reconnaissance
2. Password spraying/LLMNR/NBT-NS/mDNS
3. Kerberoasting/AS-REProasting
4. Pass-the-hash/Pass-the-ticket/Overpass-the-hash
5. SilverTicket/GoldenTicket
6. Constrained and Unconstrained delegation
7. DCSync and DCShadow
Bogdan
2021-09-02T16:45:00+03:00
16:45
01:15
Main track
nnc2021-159-hacker-quiz
https://cfp.nonamecon.org/nnc2021/talk/JSGR8S/
false
Hacker Quiz
Social Event
en
Team competition on professional topics prepared and conducted by the professional game editors.
Quiz language is Ukrainian.
Description and details: https://nonamecon.org/quiz-time/
Team registration: https://forms.gle/mbPXMp8yYVayvP9c7
2021-09-02T18:00:00+03:00
18:00
00:40
Main track
nnc2021-129-discovering-c-c-in-malicious-pdf-using-deobfuscation-encoding-and-other-techniques
https://cfp.nonamecon.org/nnc2021/talk/JKAP3K/
false
Discovering C&C in Malicious PDF using deobfuscation, encoding and other techniques
Talk
en
Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.
Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code. By the end of this “talk” it will be clear to everyone, differences in binaries structures, how can the researcher should conduct each of these kind of analyzes, besides of course, it should seek more basic knowledge, with file structures, software architecture and programming language.
Similiar presentations:
https://www.youtube.com/watch?v=mJZCNqcO10A&t=51s (NahamCon's on RTV 2021 - Discovering C&C in Malicious PDFs)
https://www.youtube.com/watch?v=nxlqxLWO16k (GrayHat - Red Team Village - 2020- US) - Dissecting;
https://www.youtube.com/watch?v=0pp6xcFsXgE&feature=youtu.be (HITB -2020 - Hack In The Box Security Conference - Europe) - Threat Hunting;
https://www.youtube.com/watch?v=yAjvfTYEhOw (D.C. Cybersecurity Professionals - 2020 - US) - Dissecting PDF Files to Malware Analysis;
https://www.youtube.com/watch?v=oWkgyPgAMsg (BSIDES DFW - 2020 - US) - Dissecting;
https://www.youtube.com/watch?v=NVXpBy3RNTE (CIA Conference 2020 - India) - Dissecting PDF Files to Malware Analysis
/media/nnc2021/submissions/JKAP3K/Filipi_Pires_-_Event_Mx1oIZL.jpeg
Filipi Pires
2021-09-02T19:00:00+03:00
19:00
01:00
Main track
nnc2021-158-special-interview-with-daniel-miessler
https://cfp.nonamecon.org/nnc2021/talk/SUK3NW/
false
Special Interview with Daniel Miessler
Talk
en
Daniel Miessler is a security professional, writer, long-time contributor to OWASP, author of Unsupervised Learning podcast and SecLists project. Throughout his carrier Daniel worked with companies like HP, Apple, Robinhood, and started a consultancy of his own as well.
Daniel Miessler
2021-09-02T10:00:00+03:00
10:00
03:00
Workshops
nnc2021-134-hunting-for-apt-in-network-logs
https://cfp.nonamecon.org/nnc2021/talk/XQ9CKD/
false
Hunting for APT in network logs
Workshop
en
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Netflow Mitre Matrix view
Full packet captures vs Netflow
Zeek
Zeek packages
RDP initial comprometation
Empire Powershell and CobaltStrike or what to expect after initial loader execution.
Empire powershell initial connection
Beaconing. RITA
Scanning detection
Internal enumeration detection
Lateral movement techniques widely used
Kerberos attacks
PSExec and fileless ways of delivering payloads in the network
Zerologon detection
Data exfiltration
Data exfiltration over C2 channel
Data exfiltration using time size limits (data chunks)
DNS exfiltration
Detecting ransomware in your network
Real incident investigation
BogdanOleh Levytskyi
2021-09-02T10:00:00+03:00
10:00
10:00
HashHash
nnc2021-161-hash-cracking-competition-day-1
https://cfp.nonamecon.org/nnc2021/talk/3YFNU7/
false
Hash Cracking Competition - Day 1
Social Event
en
Take part in digital forensics and hash cracking competition during the conference!
Check out https://nonamecon.org/hashhash after the conference opening for more details!
2021-09-03T10:00:00+03:00
10:00
00:40
Main track
nnc2021-144-cryptographic-protection-of-ml-models
https://cfp.nonamecon.org/nnc2021/talk/XU3NQZ/
false
Cryptographic protection of ML models
Talk
en
Imagine a system that operates with ML models. These models are unique and work with user-generated content better than anyone else. For various business reasons, instead of running one large sophisticated model on the server, developers have to to run models on mobile devices (_viva TensorFlow!_). Our challenge is to protect these models from leakage and massive accumulation, which leads to reverse engineering of their unique approach.
This talk explains building DRM-like protection with end-to-end encryption using envelope encryption on ephemeral keys. We will discuss risks, threats, dataflow, cryptographic layer, key management and integration with traditional appsec controls for defense-in-depth approach.
**Tags**: blue team, security engineering, design of security controls, e2ee, cryptography, mobile and backend
Anastasiia Voitova
2021-09-03T11:00:00+03:00
11:00
00:40
Main track
nnc2021-135-all-roads-lead-to-openvpn-pwn-ing-industrial-remote-access-clients
https://cfp.nonamecon.org/nnc2021/talk/7KXE3Y/
false
All Roads Lead to OpenVPN: Pwn’ing Industrial Remote Access Clients
Talk
en
In the past year, due to the increased popularity and growing remote workforce, we decided to explore VPN/remote-access solutions. We found that the majority of these solutions, in their client side, consist of an application that manages an OpenVPN instance to handle the secure tunnel. After inspecting a couple of such products, especially in the industrial sector, we identified a key problem with the way these types of products harness OpenVPN—a problem that, in most cases, can lead to a 1-click RCE on the VPN client side, just by luring a victim to a malicious website.
In this talk we will describe what industrial remote access solutions are, their common architecture, why most of them are using OpenVPN behind the scenes to control the encrypted tunnel, and how they manage the VPN tunnel using the OpenVPN Management Interface. We will continue with presenting the key implementation flaw we identified in the VPN client side software, and how we were able to exploit it to gain a SSRF to RCE with high-privileges on endpoint machines.
Finally, we will showcase 4 CVEs of 4 different vendors (Siemens, eWon, mbConnectLine, and PerFact) that we were able to exploit following our research. The exploits range from a local privilege escalation and 1-click RCE with SYSTEM privileges (Windows). Our demo will be focused around how an innocent looking phishing campaign can result with a reverse shell to a remote attacker.
Sharon Brizinov
2021-09-03T12:00:00+03:00
12:00
00:40
Main track
nnc2021-154-why-the-options-pattern-is-great-for-security
https://cfp.nonamecon.org/nnc2021/talk/MTFEVR/
false
Why the Options Pattern is Great for Security
Talk
en
The speaker will demonstrate three security benefits of the options pattern for object initialization by showing three examples. They will also suggest and explain a small but significant improvement to the options pattern that increases security even more.
Secure coding and functional programming are rarely mentioned in the same sentence. What if by applying a functional programming construct, we could write more secure code? Enter the Options Pattern, a hidden gem in securing your approach to object initialization.
The options pattern is a modern object initialization idiom. It involves writing a set of second-order functions returning options that roughly correspond to the initialization parameters. An option receives the object for initialization and applies a narrow modification to it.
The options pattern provides security benefits as side effects of encapsulation and separation of concerns. The main benefit is that it can make complex objects difficult to misuse, a necessary quality for modern cryptography, networking, and low-level libraries. It aids with code readability, reliability, and resilience. When properly implemented, the options pattern ensures sensible defaults, detects configuration conflicts at initialization, and provides logical grouping and consistency with entangled parameters.
In this talk, the speaker will explain how wider adoption of the options pattern improves code security for any project. Several examples will be examined and described as a demonstration of how to properly apply the secure coding options pattern in your own code.
## Outline
1. (1min) Review the options pattern.
2. (1min) State the goal of the presentation: adopt this pattern
3. (2min) Explain problems it can solve:
- Secure defaults
- Parameter grouping
- Parameter conflicts
- Parameter misuse
4. (4min) Suggest and explain an improvement to the classic pattern
5. Three examples of improved security by adding the options pattern
6. (2min) Conclusion
Dima Kotik
2021-09-03T14:00:00+03:00
14:00
00:40
Main track
nnc2021-151-dzie-dobry-you-re-hacked-review-of-the-biggest-recent-security-incidents-related-to-state-business-and-mass-sectors-in-poland-
https://cfp.nonamecon.org/nnc2021/talk/JUAMUX/
false
Dzień dobry, you’re hacked. Review of the biggest recent security incidents related to state, business, and mass sectors in Poland.
Talk
en
"Janusz turned around and froze, terrified. The bank was sliding. An avalanche of sand and gravel rushed down the steep slope. The air was filled with dust, then a flow of dirty, foamy water gushed out. He saw it breaking trees, tearing out power poles, pulling boulders along. It was the last thing Janusz Murawiec ever saw.”
This is a fragment of a crime fiction book by Jakub Szamalek “The Hidden Web”, which gained success among Polish readers. The author says “It’s not science fiction” in the preface to the book. And though the plot is fictitious, the cybercrimes described are pretty close to reality.
So, what makes such a good basis in Poland for the book to appear? What is the cyber threat landscape? What were the biggest hacks and incidents recently? Why does the biggest cybersecurity community in Poland have more than 135K followers? Let’s take a look at Poland together with Andriy Varusha, CISSP, an information security expert, co-founder, and CSO at BSG, who’s been living in Krakow for the last 6 years.
Andriy Varusha
2021-09-03T15:00:00+03:00
15:00
00:40
Main track
nnc2021-147-why-can-t-developers-make-it-secure-
https://cfp.nonamecon.org/nnc2021/talk/9PTUCG/
false
Why can't developers make it secure?
Talk
en
Have you ever seen a situation when the company hires highly skilled software developers, but the resulting product fails security review completely? In my talk, I raise the problem of shared responsibility, the importance of communication, and following the processes. The audience will learn the iterative process of building a secure architecture and how it's different from secure coding.
Have you ever seen a situation when the company hires highly skilled software developers, but the resulting product fails security review completely? In my talk, I raise the problem of shared responsibility, the importance of communication, and following the processes. The audience will learn the iterative process of building a secure architecture and how it's different from secure coding.
Building a secure application is "a tradeoff game" – the security level should be enough for the product and company's business goals. Luckily, the security industry has standards, best practices and guidelines. Making a secure product is a lot about the processes: it is not enough to build a system you consider safe; you need to maintain it and periodically reevaluate risks and threats.
Join my talk to learn how the business owners and stakeholders can cooperate with the development teams to create secure products.
Julia Potapenko
2021-09-03T16:00:00+03:00
16:00
00:40
Main track
nnc2021-139-centralised-monitoring-and-alerting-system-over-aws
https://cfp.nonamecon.org/nnc2021/talk/WXWMWW/
false
Centralised Monitoring and Alerting system over AWS
Talk
en
**“DIAL: Did I just alert lambda?”**, is a centralised monitoring and alerting system completely running stateless, which gives us end to end visibility on internal threats, security misconfigurations like database going public, over permissive IAM policies, happening across different AWS accounts. It runs on the top of AWS Lambda, thus making it infinitely scalable which is easily deployable across multiple AWS accounts.
##### What is DIAL and what are the features of DIAL?
---
* An In house monitoring and alerting system which gives us alerts on any malicious activity happening across our different AWS accounts over Slack or email,
* Assigns severity to each alert based on our severity classification module
* Stores all the generated alerts in DynamoDb and also forwards it to an open source incident response tool - **theHive** for further an analysis and enrichment
* Modular tool which makes it easy to add more alerting modules
* Improved error handling capabilities
##### What advantages this has over traditional SIEM for detection and alerting?
---
* Detection time of DIAL for any malicious activity over AWS is < 5 seconds. Traditional SIEM detection time is > 5-10 minutes.
* Completely stateless, infinitely scalable and cost effective
* Modular which makes it easy to increase our security coverage to any of the AWS resources
* Easy to deploy in multiple AWS accounts which we spawn
* While it does not replace the capabilities of a SIEM architecture, it gives us a huge advantage when it comes to detection time and complete control over granularity of an alert.
##### AWS Services that DIAL is currently covering:
---
* EC2
* Guard Duty
* RDS & Dynamo DB
* IAM
* SSM (Parameter Store)
* Secrets Manager
* S3
* VPC & VPC Peering Connections
* Internet Gateway
* Route Tables & Subnet Associations
* Security Groups
/media/nnc2021/submissions/WXWMWW/DIAL_1_M02omrj.png
Saransh RanaDivyanshu Mehta
2021-09-03T17:00:00+03:00
17:00
01:00
Main track
nnc2021-160-professional-debates
https://cfp.nonamecon.org/nnc2021/talk/ZFDT9M/
false
Professional Debates
Social Event
en
Oxford-style team debates on professional topics.
2021-09-03T19:00:00+03:00
19:00
01:00
Main track
nnc2021-157-special-keynote-eva-galperin
https://cfp.nonamecon.org/nnc2021/talk/EZNC9K/
false
Special Keynote: Eva Galperin
Talk
en
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation, where she runs EFF’s Threat Lab. She has spent the last 14 years helping to improve the digital security of vulnerable populations, ranging from journalists to activists to survivors of domestic abuse. She has published research on APTs from Lebanon, Vietnam, Syria, and Kazakhstan, and is one of the founders of the Coalition Against Stalkerware.
Eva Galperin
2021-09-03T15:00:00+03:00
15:00
03:00
Workshops
nnc2021-145-bug-bounty-hunting-workshop
https://cfp.nonamecon.org/nnc2021/talk/RAESPF/
false
Bug bounty hunting Workshop
Workshop
en
Bug bounty hunting is (probably) the most hype topic in the hacking subworld, some people read amazing stories of how a 18 years old won 1 million dollars only doing legal hacking. Many hit a wall when they realize that after two months they only won points, thanks or cheap swag. Where's the money?, they ask. What should I learn and how? How many books should I read? How many minutes of Youtube tutorials? What if I lose some weight? [always recommended] How can I be the next bug bounty millionare?
In this workshop I will show you a path to be a bug bounty hunter, from my experience starting by chance and from scratch. I will teach you how to use the tools I use everyday to find bugs, but most importantly how to see bug bounty hunting as a complex business process .
What to know before
Basic idea of bugs (and bounty hunting)
Basic Linux commands (sed, awk, grep)
Shell scripting basics
Have some practice doing recon
What you will learn
How bug bounty programs/platforms work
What tools hunters use and how do they work
How to hunt for bugs (hopefully for profit)
Automatization of your hunting process
How technical is the class
30% theory and concepts
70% Installing, configuring and using tools to find bugs. Send some reports if we are lucky.
What tools are we going to use
Scanners/automated tools: nuclei, axiom, bbrf, dalfox, Burp.
Recon tools (subfinder, amass, assetfinder, waybackurls, httpx and more)
What to read/watch in advance
Books
The Web Application Hacker's Handbook, 2nd Edition
Hands-On Bug Hunting for Penetration Testers (Joseph E. Marshall)
Web Hacking 101 (Peter Yaworski)
Videos
Live Recon and Distributed Recon Automation Using Axiom with @pry0cc (https://bit.ly/3gPsonz)
The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix (https://bit.ly/2PzHUsr)
Finding Your First Bug: Choosing Your Target by InsiderPhD (https://bit.ly/3uiF3n7)
HOW TO GET STARTED IN BUG BOUNTY (9x PRO TIPS) by STÖK (https://bit.ly/3u81U4m)
This workshop is 80% technical, 10% theoretical and 10% motivational
Map road for a successful workshop:
VM configs, checking, last minute difficulties, defeating Murphy's Law. (15 mins)
Introduction (20 mins)
Bugs
What is bug bounty hunting?
How did I start
Bugs I've found
How did I find bugs
Rewards I have received
Programs
Types of programs
Finding new programs
Finding and reporting bugs outside programs
Platforms
HackerOne, BugCrowd, Intigriti
The truth about OpenBugBounty
Are triagers also people?
Automated vs manual scanning
What's better?
Should I use one or both?
Tools of the trade (3 hours)
Recon
How much recon do I need?
Let's test some tools: amass, subfinder, assetfinder
BBRF
Installation
Usage, store your first program
Maintenance tasks/scripts
Continuous recon
Nuclei
How to use it
What are templates?
Creating your own template
Dalfox
Installation and usage
Scanning the world for XSS
Payload gathering
Axiom (distributed BBH)
Installation
Examples of use
Scaling your game
Burp Suite
Installation
Community vs Professional edition
How to perform simple tasks
Setting the scope
Repeater
Intruder
How to find bugs using Burp
Live, passive and active scans
Pump your Burp with plugins
xssValidator (XSS)
Logger++ (Debug)
Authorize (IDORs)
Collaborator Everywhere
Upload Scanner
Reporting (15 mins)
Writing decent reports
Automated reports
My fav reporting tool: StackEdit
Learning and become a millionaire (10 mins)
My favourite sources of info
Reports (Telegram, Twitter)
#bugbountytips
Intigriti emails
Where to train
h1 CTF
Pentester labs
HTB
Philippe Delteil
2021-09-03T10:00:00+03:00
10:00
08:00
HashHash
nnc2021-162-hash-cracking-competition-day-2
https://cfp.nonamecon.org/nnc2021/talk/JEDZNA/
false
Hash Cracking Competition - Day 2
Social Event
en
Take part in digital forensics and hash cracking competition during the conference!
Check out https://nonamecon.org/hashhash after the conference opening for more details!