Lista prezentărilor RSTCon:

Joi, 17 martie 2022

10:00 – 11:00 – RST Con – Introducere

Ionut Popescu

Deschiderea conferintei ce va include detalii despre organizare, concursul CTF si desfasurarea evenimentului. De asemenea, veti afla mai multe despre comunitatea Romanian Security Team.

11:00 – 12:00 – Let’s build a ransomware!

Daniel Tomescu

Let me tell you a story about the time I’ve built a deadly ransomware virus in our secret hacking labs. Of course, the virus got lost into the wild and terrorized the world into a global ransomware epidemy, so that now every computer needs to stay at least 2 switches apart when communicating. Computers are now forced to wear a firewall each time a port is opened. Some say it’s all a conspiracy by Bill Gates to force us to install Windows Defender, others say the Internet will never be the same again…

12:00 – 13:00 – Pauza

13:00 – 14:00 – Blockchain Security and Smart Contract Vulnerabilities

Vrajitoru Vlad

1.Why Blockchain Security?
2.Blockchain Elements That Need Securing
3.What is a “Smart Contract”?
4.Understanding Smart Contracts and their Architecture
5.Smart Contract Platforms
6.Applications that integrate with blockchain
7.Smart Contract Code and vulnerabilities.
8.Demo: Live Exploit (Maybe).

14:00 – 15:00 – Automated Incident Response in the Cloud: An Environment Agnostic Solution in AWS

Antonio-Dan Macovei si Rareș Brătean

Recently, Amazon Web Services (AWS) cloud environment has reached more than 200 services, which presents both possibilities of business expansion and new concerns, such as an uncontrolled cloud environment, known as cloud sprawl. The more difficult it is to defend a network, the more likely it is that security incidents will occur. Moreover, the current security tools are either expensive or require large amounts of configuration. This research aims to find an automated IR solution that requires minimal configuration and can be used in any AWS environment. The solution is mapped against the first two steps of the NIST IR Life Cycle, namely Preparation and Detection & Analysis. It analyses the feasibility of two potential tools using Python, Lambda and AWS CLI, in a test environment with the ten most common services. Furthermore, AWS services for security logging and alerting are investigated, both premium and non-premium, with the goal to see what data can be extracted from them. The results indicate that the non-premium environment offers extensive data, while the premium ones provide alerts and additional logs that can easily pinpoint malicious activity. Based on the given performance, AWS CLI was considered to be the best alternative. Unlike AWS Lambda, it has no constraints (such as execution times and memory limits) and adds minimal overhead to the environment.

15:00 – 16:00 – Introducere in Android Pentesting (Hacking Android Applications)

Ionut Morosan

Voi prezenta cate date introductive despre modelul de securitate al SO Android, cateva tipuri de framework-uri pentru dezvoltarea de aplicatii de Android. Voi prezenta cateva tool-uri care sa ajute: MobSF, Frida, Objection, RMS, ADB, Drozer. Dupa care voi prezenta diferite atacuri precum XSS, SQLI, Arbitrary URL Opening, Sensitive data stored Unencrypted, DeepLinking, Bypass Root & SSL Pinning, Dynamic instrumentation to obtain precious data.

16:00 – 17:00 – Windows Internals

Ionut Popescu

O detaliere orientata catre incepatori referitoare la modul de functionare intern al sistemului de operare Windows. Vom trece prin arhitectura acestuia, vom vedea componentele, cum interactioneaza intre ele si care este rolul fiecareia.

Vineri, 18 martie 2022

10:00 – 11:00 – Evaluarea Sistemelor din Cloud

Cosmin Radu

În ziua de azi, când tot mai multe firme aleg sa isi tina infrastructura în diversele clouduri publice, ar trebui sa putem arunca o privire asupra posibilelor probleme care pot apărea. Vom avea o privire de ansamblu a baseline-ului de securitate în clouduri, diverse tooluri de evaluare a securitatii, apoi vom continua cu o privire spre Lambda și Kubernetes.

11:00 – 12:00 – CVE-2022-21882 Windows LPE: tehnici de analiza si detectie

Stefan Nicula si Marian Gusatu

Acest studiu se concentreaza pe analizarea unui exploit recent publicat in luna Ianuarie 2022 ce afecteaza componenta de sistem win32k din Windows kernel si rezulta intr-o vulnerabilitate de tipul elevare de privilegii. Analiza exploiturilor de tipul 1day ne poate ajuta atat pe plan defensiv, prin crearea de detectii relevante asupra celor mai noi tehnicilor de exploatare, cat si in identificare si prevenirea unor noi vulnerabilitati similare in aceleasi componente. Totodata, cercetarea acestui CVE reprezinta un bun exemplu in care patch-urile aplicate initial nu mitigheaza in profunzime problema. In cadrul prezentarii, vom discuta despre notiuni de Windows internals, atacuri de tip data-only, WinDbg kernel debugging si indicatori de detectie, cu un focus principal pe analiza defensiva si intelegerea procesului de exploatare.

12:00 – 13:00 – Pauza

13:00 – 14:00 – BadUSB 101

Cristian Cornea

Pe parcursul prezentarii, vom aborda o tema ce se invarte mai mult in jurul Red Teaming-ului, ci anume – BadUSB. Ce este, cum il putem folosi, cateva real-life use case-uri, payload development, si bypass-uri cu acesta (UAC, CLM, AMSI, etc.).

14:00 – 15:00 – Security – a whac-a-mole game

Ovejan Anamaria-Margaret

O sa exploram impreuna viata unui blue-teamer. O sa vedem exemple despre cum nimic nu e niciodata sigur, despre cursa de-a soarecele si pisica intre blue-team si atackatori dar si despre cum userii gasesc mereu cate ceva nou si interesant care strica planurile de securitate ale unei firme.

15:00 – 16:00 – Hack the hackers: Leaking data over SSL/TLS

Ionut Cernica

Have you considered that in certain situations the way hackers exploit vulnerabilities over the network can be predictable? Anyone with access to encrypted traffic can reverse the logic behind the exploit and thus obtain the same data as the exploit.
Various automated tools have been analyzed and it has been found that these tools operate in an unsafe way. Various exploit databases were analyzed and we learned that some of these are written in an insecure (predictable) way.
This presentation will showcase the results of the research, including examples of exploits that once executed can be harmful. The data we obtain after exploitation can be accessible to other entities without the need of decrypting the traffic. The SSL/TLS specs will not change. There is a clear reason for that and in this presentation I will argue this, but what will change for sure is the way hackers will write some of the exploits.

16:00 – 17:00 – Introducere in securitate IT si incheiere RST Con

Ionut Popescu

De-a lungul timpului am observat foarte des intrebarea: “Cum sa incep cu domeniul security?”. Exista atat persoane la inceput de drum care isi doresc o cariera pe aceasta cale cat si persoane cu experienta in domeniul IT dornice sa inteleaga ce presupune acest domeniu. Voi incerca sa raspund acestei intrebari din perspectiva personala, oferind sugestii celor care nu stiu cu ce sa inceapa si cum sa porneasca pe acest drum.