This talk will explore scenarios and situations where SMS Phishing (SMiShing), a communication method that is largely unmonitored and trusted, can be successfully utilised by adversaries at multiple stages of the kill chain.

In addition, TapIt will be demonstrated - an internally developed SMiShing framework used to manage phishing campaigns in achieving these nefarious goals. The framework assists in the customization, automation and monitoring of large-scale campaigns.

Samuel is a Security Consultant at MWR InfoSecurity. Samuel’s ability to understand and decompose technical hurdles, and then rapidly prototype solutions, has made him invaluable to the fast-paced of world of adversarial simulations.

Well protected mobile applications employ anti-debugging measures that make traditional dynamic analysis techniques difficult to use or infeasible. In this talk, we take a look at eBPF, a “new” Linux tracing framework, and how reverse engineers can use eBPF to analyze and bypass common anti-debugging techniques

Kerberos delegation enables services to impersonate users to access resources throughout the network, and has been a feature since the era of Windows 2000. This presentation will review the confusing and often misunderstood mechanisms of Kerberos authentication with its various types of delegation, while simultaneously illustrating possible misconfigurations which could result in privilege escalation opportunities. The risks associated with various types of Kerberos delegation will also be detailed, complete with mitigating and detective controls.

Anyone who has operated at scale is aware of the difficulties of transforming a research tool into a reliable production-ready utility they can deploy on their estate, especially given the time pressures our industry frequently finds itself under. In this talk, I will explore how Countercept address this task, showing how we can quickly validate an otherwise difficult-to-validate detection technique before deploying it. I will also go into detail on how we QA a wide variety of tooling – ranging from IR-style forensic tools, persistence techniques used by redteamers, to detection methods used by our Detection and Response team.

The last few years have seen the pendulum swing back slightly toward the Blue Team, as organisations are now employing technologies, previously out of reach because of price and complexity. Whilst technology needs combining with well worked processes and skilled people, this talk will showcase how some of the leading technologies in the industry can be rendered less effective.

It will detail the improvements the Blue Team have benefited from, before demonstrating how higher tier attackers and professional Red Teams have adapted their TTPs to render them almost irrelevant in today’s high value target organisations.

Bio

Harsha Bhat is a security expert with a keen interest in destruction and chaos through offensive security. Harsha has been involved in OT security testing, remediation and implementation and runs the OT security lab in Bangalore. Harsha has been involved in projects across the spectrum from oil and natural gas clients to investment banks (conducting application security testing), banks (ATM Security) and red team assessments in India and abroad. He also loves playing around with frequency radios and vishing people using his own infrastructure. In his free time Harsha loves playing PS4 and riding bikes.

Bio

Anish Mitra is an ardent security researcher by heart and security tester by profession at KPMG India. Anish has been involved in OT security testing from his college days, when he first encountered SCADA systems as a part of his college curriculum. Since then Anish has been playing around with PLCs, RTUs, SCADA and DCS systems. In the recent times, Anish has conducted security tests on ATM machines, red team assessments on banks and security assessments on ships. In his free time Anish loves reading Indian mythology-based fiction and watching football (even playing).

Synopsis

Threat hunting continues to be a growing focus in the cyber security industry. “Top tier threat hunters” are in high demand, but there is no real consensus over what threat hunting even is, much less the skills and techniques that make someone an effective threat hunter. People speak of threat hunting as more of an art than a science, which makes finding a starting point even harder. This talk will provide an approachable, process-oriented view of hunting, and lay out how skills in other areas such as penetration testing and incident response can be leveraged in different ways to start your journey to becoming an effective threat hunter.

Bio

Nathan Hartzell is a Senior Lead Technologist for Booz Allen Singapore with over 15 years of experience in intelligence, analysis, and cyber operations. He is a lead developer of Booz Allen’s Advanced Threat Hunting (ATH) platform and leads Booz Allen’s ATH capability in Singapore.

Prior to working for Booz Allen, Nathan worked in intelligence analysis and cyber operations for the U.S. Army and Department of Defense. During this time, Nathan served as an operator, trainer, analyst, capability lead, and developer for a variety of intelligence and cyber-specific programs.

Domain fronting gave red-teams the best tool they needed to conduct operations and maintain stealth. But with cloud providers removing this access and SSL fingerprinting becoming more prevalent the landscape has changed. This coupled with modern IPS/IDS utilizing network pattern signatures through metadata and machine learning without the need for decryption are starting to have an impact.

We look at novel techniques beyond domain fronting to hide traffic in plain sight and evade network detection from a red-team perspective. The focus on methods to hide and redirect traffic, packet encapsulation and how these techniques can be integrated into existing frameworks.

There has never been a better time to steal money, and at scale! How? Through ATMs of course! The technological security of ATMs is still in the 90s and it is surprising there isn't cash just raining in the streets.

From Jackpotting to ATM skimming, this talk will start with a quick exploration of the various threats to ATMs and as the key control for ATM environments is still security through obscurity, this talk will then attempt to give the audience a peek into a typical ATM environment, thus demystifying and shedding light on what is otherwise, a black box.

We’ll walkthrough an overview by mapping out the various systems that make up an ATM environment and then investigate what an ATM is made up of by breaking down its various components.

We’ll then see how ATM security has not kept up with security controls in the enterprise or even on personal computers by covering the various failures and vulnerabilities that have been identified in production ATM systems due to a lack of, or in some cases, non-existent, controls.

The EmpireMonkey campaign employed malicious Microsoft Word documents in spearphishing emails and the PowerShell Empire toolset to target the financial services sector in Europe between October 2018 and March 2019. Evidence uncovered suggest that this cyber criminal campaign is behind the compromise of a Maltese bank that resulted in the reported theft of €15 million.

This talk will run through the malware analysis of the malicious documents employed in the campaign, showing the evolution of threat actors over several months, the increasing sophistication of their anti-sandboxing techniques and command and control infrastructure.