Hands-on JTAG for fun and root shells
JTAG may be almost 30 years old with little change, but that doesn't mean most people really understand what it does and how. This workshop will start with a brief introduction to what JTAG really is, then quickly dive into some hands-on practice with finding, wiring, and finally exploiting a system via JTAG.
For this workshop, we'll target a Raspberry Pi with an ARM microprocessor. In order to interact with the system, we'll use a JTAG interface cable from FTDI. We won't do any hardware modifications, but we will hook up wires in weird and wonderful ways to make the Raspberry Pi do things it otherwise shouldn't.
Joe FitzPatrick (@securelyfitz) has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences.
Matt (@syncsrc) is a hardware designer and security researcher who has over a decade of experience designing, securing and exploiting hardware test and debug features on CPUs and SoCs. When not performing pointless hardware tricks Matt tries to help educate integrated circuit designers on the risks posed by hardware debug capabilities.
Don't be a monkey: Do Crypto right!
This workshop has 2 parts:
Part 1) Algorithm specification in Cryptol, followed by:
Part 2) Protocol specification and reasoning with F*
Cryptographic code is notoriously difficult to write and debug. Since performance matters, optimization is important, but that makes it increasingly difficult to make sure that implementations haven't introduced any subtle bugs. Cryptol is an open source, domain-specific language for specifying cryptographic algorithms.
In part 1 of this workshop, we'll teach you how to read and write Cryptol specifications, prove properties about them, and even how to use tools to verify that C or Java implementations match their specification.
The vast majority of deployed security protocols are written by monkeys. That's not to say that those monkeys do not have good intentions about the kinds of correctness and security properties their systems should have, though it is true that they rarely write those properties down (bad monkey!). And surely they know the difference between a hash and a key. But when combining the delicate conceptual ingredients of crypto, concurrency, and distributed systems with the concretized reality of ugly libraries like OpenSSL and low-level primitives like threads & monitors and sockets & packets...? Well, what you get is a honking mess.
This part of our workshop is about how to not look like a monkey, learn about some cool tools, and specify, reason about, and perhaps even synthesize code for your next crypto protocol.
We will focus on Microsoft Research's open source F* tool, but will mention several other hammers and wrenches that should be in your crypto protocol toolbox.
If you want to check out Cryptol ahead of time, visit http://cryptol.net
If you want to check out F*, visit https://fstar-lang.org/"
Dr. Dylan McNamee (@dylanmc) (leading Part 1) is a Principal Investigator at Galois, Inc., where he works on Cryptol and secure embedded operating systems, and builds replicas of 1970's minicomputers.
Dr. Joe Kiniry(@kiniry) (leading Part 2) is a Principal Investigator at Galois, Inc, where he leads the Verifiable Elections research area, does research in software assurance (especially as applied to cryptography), and repairs pinball machines."
UEFI firmware security for Blue Teams
UEFI has replaced BIOS on most Intel/AMD systems, and it also on many AMD systems. Security Researchers have been finding busy attacking it, inventing new ‘bootkits’, ‘firmworms’, and other firmware-level malware. In this 2-hour workshop, we’ll attempt to help show some of the security issues that need to be defended. It'll start with an overview of the UEFI architecture, then cover some NIST/NSA/other firmware security guidance, then focus on the available open source firmware security tools you can use to help detect firmware attacks, and system defects/failures, as well as some ideas how you might integrate firmware security into your long-term defense plans. Tools include: Intel CHIPSEC, UEFITool, UEFI Firmware Parser, and others. Focus is on UEFI-centric technology, not coreboot, U-Boot, or BIOS (though BIOS/UEFI have a big overlap in tool support); emphasis will be on Intel-based systems, not AMD or ARM. Prerequisites: Good with Python, bash/cmd shell, QEMU, basic PC hardware architecture knowledge (BIOS, OpROMs, PCI, USB, etc.)
After the talk, attendees can try to run LUV-live, a liveboot distro that has many of the tests mentioned in the talk, and we can try out some of the tools.
Download Intel's LUV-live image, install onto a USB thumbdrive, and bring an Intel UEFI-based laptop, which has been backed-up at least once.
Lee Fisher is a Seattle-area freelance firmware security researcher and developer, and blogger behind http://FirmwareSecurity.com/feed/.
Electronic Taxidermy: Badger Hacking
Everyone loves conference badges. Electronic conference badgers are even better.
This workshop will walk you through the hardware design of the circuit board, introduce you to the major components and what they do, and finally, help you get set up with the toolchain for developing and programing custom firmware on your Badger.
Bring your laptop, conference badger, and patience.
Michael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days championing product security for a large semiconductor company. Previously, he developed and tested embedded hardware and software, dicked around with strap-on boot roms, mobile apps, office suites, and written some secure software. On nights and weekends he hacks on electronics, writes Bsides CFPs, and contributes to the NSA Playset.
Trust Academy... the future of security training
The info sec community has done an amazing job to date and finding and discovering the newest and latest security vulnerabilities and threats to stay ahead of malicious attackers. That being said we have done a horrible job of training the rest of the world how to defend against it. In particular the developer community. Instead of teaching them how to write secure code we have taught them how to hack. I will be showcasing the latest security training platform. It leverages cutting edge cloud platforms to create, deliver and maintain content as well as an embedded web based IDE to give developers in the browser hands on experience actually correcting and writing secure code. It's not just about the technology but the methodology. This platform uses modern day social and video conferencing tools to enable flip learning. This allows learners to digest the content at their own pace and depth and a smaller number of SME's and instructors to scale to a large audience to provide personalized live or asynchronous guidance.
Kyle has spent 15 yrs in the IT security industry doing everything from penetration testing to system/application and environment architecture and design. Currently he is working on leveraging emerging technologies to revolutionize how subject matter experts teach and people learn. In his spare time he loves riding and wrenching on all kinds of bikes.