Subscribe to the RSS Feed

Subscribe to the RSS Feed


Boris Sverdlik – You’re HIPAA certified and Bob just killed someone from the parking lot
Daniel Zolnikov – Privacy and Policy, Fighting an Uphill Battle.
Ghostwood – You’ve been DDoSed – it’s not a joke anymore!
Gleep – Reverse Engineering 101
Kevin Dick, Matt Mosley – Bug Bounty Extortion
KRS – Making of the 2014 L1 Badge
Kunal Anand – Beyond the Perimeter: The reality of the new application security landscape
Machinist – 3D Printing Our Way to Skynet
Matthew Hoy, John Stauffacher – Are you a Janitor or a Cleaner?
Robert Rowley – Detecting and Defending Against State-Actor Surveillance
Robert Wood – Next Generation Red Teaming
Sam Bowne – Violent Python & The AV Scam
Schuyler Towne – Lockpicking in Popular Media

You’re HIPAA certified and Bob just killed someone from the parking lot

Boris Sverdlik

My friend Bob is undergoing Chemo and his wife asked him to get a copy of his medical records for a second opinion. Bob being an obedient husband had to jump through hoops to get copies of HIS records thanks to the monotony that we know as HIPAA.So one day while Bob is waiting for his treatment he notices that the facility has several blatant physical security issues which could allow someone of a more shady nature to obtain his health records without jumping through hoops. Follow Bob in his adventures!

Jaded asshole who runs the grumpysec podcast.


Privacy and Policy, Fighting an Uphill Battle.

Daniel Zolnikov

Representative Daniel Zolnikov will discuss the largest opponents to passing privacy legislation, his personal successes and failers with privacy legislation, how to pass it and why now is the time to act to pass such legislation.

Daniel Zolnikov (@DanielZolnikov) is a State Representative for Montana. As a 26 year old Representative, Daniel is one of the few legislators who even remotely understands the threats and concerns of the collection of personal information. He spent his first session working to fill a policy vacuum where privacy and politics meet the road. Daniel sponsored multiple bills, including two pieces of privacy legislation. The first bill would have created the Montana Privacy Act. The second bill, which was signed into law, prevented law enforcement from obtaining cell phone location information without a warrant. For the sake of transparency, he uses his Facebook page to post his votes. Daniel received his undergraduate degree from the University of Montana where he earned 3 business majors in Information Systems, Marketing and Management. As a Montanan, Daniel enjoys the finer things in life including shooting guns, fishing, and fighting tyranny.


You’ve been DDoSed – it’s not a joke anymore!


In the age where DDoS is exceeding 400Gbps the status quo has changed. Even worse this is not the worse that can happen the next generation of attacks using SNMP is just around the corner. We are no longer looking at the same threat as 4-5 years ago, attacks rates have increased exponentially and we need to look at conceptually new methods of defense.This talk focuses on the specifics of NTP reflection and why it is so damaging. In addition to that it will cover what the presenter believes is going to be the next protocol being abuse (SNMP) and also elaborate on the potential damages there. A special focus will be placed on mitigation and what foundations we need to lay now so those attacks are not as damaging. As in previous talks it will cover what other parts of the infrastructure need to be in place and properly sized in order to survive the attack. It will also cover measures that need to be in place so effective traceback, attribution and statistics can be gathered so the source can be determined fast.

In the past G has worked for companies like Cisco, Google and Yahoo in network operations as well as DoS mitigation.


Reverse Engineering 101


This presentation will cover the basic tools and techniques to begin reverse engineering binaries.

Reverse engineering is a highly complex and fascinating topic, but many people do not know where to start learning about it. This talk will cover the tools of the trade, tips and techniques for dealing with packed binaries, anti-debugging techniques, identifying interesting code and recognizing higher level programming language command structures as they appear in assembly language. If we have time, we will reverse engineer a piece of malware and pry its secrets from its cold dead hands.

Gleep is a freelance network engineer and architect, and amateur reverse engineer and malware analyst. He spends most of his copious free time making things with wood, breaking things with code, and playing CTFs.


Bug Bounty Extortion

Kevin Dick, Matt Mosley

In the summer of 2013, a client of ours was being held ransom by a “whitehat” hacker demanding $250,000 within 48 hours or they would reveal the exploit. The hacker had demonstrated an ability to change the password for any account in the company’s web application at will, thus taking control of any account. In this case owning an account gave the direct ability for the attacker to transfer money using the victim’s credit card or bank account. Worse yet, the attack was completely undetected, all logs showed normal activity and none of WAF/IPS/IDS solutions were being triggered.

Unable to track down the issue with no sign of attack in the logs, the client hired MassiveLabs to discover the issue. Although many modes of possible exploitation were considered, including installing key loggers on client workstations, exploitation of vulnerable servers to pivot to the effected app, etc., Four other security firms were working on the same problem, but we at MassiveLabs elected to focus on black box testing of the web applications logic itself.

This route proved successful, with MassiveLabs discovering a vulnerability in the first 12 hours of testing on a sister site which shared the same account store. The vulnerability allowed a password reset to occur if the security question fields were simply omitted from the post request on the forgot password form. The team at MassiveLabs took the findings to the client, who quickly remediated the issue that night, and wrapped up the engagement.

Embarrassing oversight, quick fix, and everyone’s weekend was saved, almost. The next day the hacker responded by changing the account password of the clients account in their application again. MassiveLabs went back to the drawing board and discovered, yet another vulnerability in web logic. This issue, however, proved to be much more difficult to discover, much more esoteric, error in the server side code. The error demonstrated the scope of potential unexpected behavior in web applications and highlights the difficulty of detecting and preventing the introduction of these issues.

Matt is the Manager of Threat Research at Tevora and runs MassiveLabs, a security consulting and research company in Lake Forest, CA. Matt has over 10 years experience in the computer industry, most of them in consulting for large enterprise customers. His main focuses are penetration testing, application security, malware analysis, and security training.

Kevin is a security consultant at Tevora where he consults for both the private and public sectors in large enterprises. His main focuses are penetration testing, application security, and network security.


Making of the 2014 L1 Badge


A behind the scenes look at what it took to bring you this year’s proxmark bagde and all its awesomeness!

Typical valley girl turned hardware hacker and [MFP]. Designed the LayerOne 2011 Speaker/Staff badge. Member of LA’s #1 hackerspace, NullSpace Labs, and honorary member of the LayerOne staff.


Beyond the Perimeter: The reality of the new application security landscape

Kunal Anand

Gartner estimates that 70% of all hacks happened at the application layer in 2013 – becoming the main attack surface for hackers, with the top threats being XSS, SQL injection and cross-site request forgery (CSRF). One of the main reasons for this is the significant change of what constitutes web-facing “applications”: they are dynamic, distributed, make use of web services, RSS feeds and other cloud-based services; they integrate with social and partner applications and Single Sign-On services; they often feature user generated content and are accessed from mobile and other untrusted devices.Yet IT security budgets have not kept up with this change in attack vectors, with less than 1% of the budget spent on application security. This talk will outline why a new approach to application security is required: one that can address the reality of today’s threat landscape where securing the perimeter is simply not enough.

Kunal Anand is the co-founder and CTO of Prevoty, a next-generation application security platform. Prior to that, he was the Director of Technology at the BBC Worldwide,overseeing engineering and operations across the company’s global Digital Entertainment and Gaming initiatives. Kunal also has several years of experience leading security, data and engineering at Gravity, MySpace and NASA’s Jet Propulsion Laboratory. His work has been featured in Wired Magazine and Fast Company. He continues to develop the patented security technologies that power Prevoty’s core products. Kunal received a B.S. from Babson College.


3D Printing Our Way to Skynet


Nearly every day we hear in the news about a 3D printed trinket, but how many of us have actually used one? The technology is rapidly proliferating our lives, and it’s not going away any time soon. Sooner rather than later, Star Trek replicators will be a reality. Today’s technology is only the beginning. 3D printing technology is still limited… but not for long.

The toolchain economics give cause for some thought. The largest barrier to entry for 3D printing has traditionally been 3D modeling. With the software industry shifting toward a SAAS model, we’re going to start seeing wider acceptance of the typically exclusive 3D modeling industry.

“But 3D printers are dangerous because they can print guns!”. Has anyone even seen one in the wild? No, because they simply don’t exist outside of amateur experimentation and wild dreams. I’ll have a functioning, homebuilt machine on display for review, and to explain my experience with conjuring it out of thin air.

Machinist is an aspiring machinery wizard, and one of 23b Shop’s resident madmen. With a flare for metal objects and computers, it was only a matter of time until his path led him to 3D printers and Solidworks.


Are you a Janitor or a Cleaner?

Matthew Hoy, John Stauffacher

Everyday corporations are faced with the increasing likelihood of attack. They spend millions in security software/tools/training/hardware only to neuter it at the behest of other “business” units. This talk aims to show what makes our attackers so nimble ( they don’t have to play by the rules ), and begs the question – how are you handling your incident response? What are you doing with your attack data? Are you just mopping up the mess – or are you armed with the tools to thoroughly “clean” your enemy. This talk is a double shot of the real life experiences handling an active attack and cleaning up after a breach. A primer on new approaches to antiquated techniques and will ultimately shine some light on what makes the attacker so nimble – and ways to up your incident response game. Are you a janitor? Or are you a cleaner?

John Stauffacher (@g33kspeed) is a Senior Security Consultant with the Accuvant Labs Technology Services team where he performs perimeter, network and application security defense projects for clients. As part of the Technology Services team, John’s core function is to provide expert level consultation to clients as well as deliver training and knowledge enrichment. John has held high level technical certifications with major security vendors and is considered an expert in the field of perimeter security. John has also been a lead contributor to open source security projects, as well as an active speaker at conferences and author of a number of titles on the topic of network and perimeter security. John has carried an active CISSP certification since 2004.

Matthew Hoy (@mattrix_) is a Senior Security Consultant with Accuvant Labs Technology Services team. Matthew has worked in the Information Security world for over 15 years in various Information Security roles from Security Analyst, Architect, Incident Response, Consultant and Management. Matt currently holds CISSP and SANS GCIH Certifications. Matt has recently presented at Seattle Toorcon, B-Sides Los Angeles, Toorcon San Diego.


Detecting and Defending Against State-Actor Surveillance

Robert Rowley

Recently released secret documents are leaving a trail of details on how state actors with out of control budgets take on technological spying. This talk is the result of critically thinking on how these alleged bugs would work, and compiling the defences and detection methods.Don your tin-foil hats and join me in this discussion over what to do if you’re targeted by state sponsored spy agencies.

Robert is an active member of the Southern California hacking scene for over the last 10 years. Co-Founder of Irvine underground and recently presenting on many topics including Juice Jacking, Web Application Security and more.. This time, I am presenting on a personal passion, Privacy.


Next Generation Red Teaming

Robert Wood

Too often organizations conduct assessments within a vacuum: physical, social, network, or application-layer. Attackers do not confine themselves similarly and avail themselves of whatever combination of techniques most effectively achieves their desired impact. Red Team assessments aim to simulate these attacks more realistically. In contrast to most application assessments (e.g., penetration testing, dynamic scanning), Red Team assessments target a production environment, providing visibility into composite attack viability. These assessments also gauge the effectiveness of in-place compensating controls measuring prevention, detection, and operations team responsiveness.

Rather than measuring overall enterprise security posture, Red Team assessments generally seek out single instances of low-hanging fruit, identifying point-in-time problems that impact specific assets. This approach does not provide threat intelligence, yet real-world attackers are likely gathering threat intelligence on your organization as you read this. Attacks are not looking for one way in, but for as many ways in as they can find. Performing any type of security assessment activity only once may serve a purpose, but it provides limited long-term value. Approaching Red Teaming as part of an ongoing process, as opposed to as a single point-in-time activity, improves effectiveness from an enterprise perspective.

Advanced Persistent Threat Simulated (APTS) Red Teaming is an ongoing, repeatable assessment process that gathers actionable attack intelligence and drives strategic initiatives across an enterprise. Where typical Red Teaming looks for any single attack path into an enterprise, APST Red Teaming, over time, looks for many attack paths. By using the APTS approach, an organization can target the broader attack surface of their entire application portfolio, more closely mirroring the goals and activities of organized attackers that may be targeting your organization. APTS Red Teaming is both scalable and measurable, producing actionable data in a number of areas, including individual vulnerabilities, attack intelligence, threats, potential attack paths, and composite attack scenarios. This session will provide concrete examples of how an enterprise can apply these data practically as part of a mature software security initiative and identify weaknesses before the attackers do.

Robert Wood is a Senior Security Consultant and the Red Team Practice Director at Cigital. Robert has worked with a number of clients spanning from Fortune 100 financial institutions, hospitals, defense contractors, all the way to gaming companies, providing services at every stage in the SDLC, including developing software security programs. Prior to Cigital, Robert worked for Secure Network Technologies where he developed the mobile forensic investigation practice and focused his penetration testing efforts on a variety of red team assessments.


Violent Python & The AV Scam

Sam Bowne

I’ve been writing attack software in python, inspired by the book “Violent Python”. It’s very easy to write custom scanners, brute forcers, keyloggers, and Remote Access Trojans in python.

The big surprise for me was that even the very simplest malware written in Python is undetectable by antivirus software, even when compiled into a Windows EXE file. Antivirus software is FAR less effective than the vendors claim–a complete novice can make undetectable malware in 30 minutes. I’ll demonstrate how.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, BayThreat, LayerOne, and Toorcon, and lightning talks at HOPE. He has a CISSP and many other certs, and a PhD.


Lockpicking in Popular Media

Schuyler Towne

Rather than just show a bunch of clips of terrible lockpicking, it’ll be much more fun to show a scene, deconstruct what they got right and what they got wrong, and then go a step further and re-imagine the scene done correctly. The variety of mediums and situations will also allow us to explore entry techniques from basic picking to percussive attacks and even wax-pad impressioning.

Schuyler Towne is a Research Scholar at the Ronin Institute studying the history of mechanical security. Presently he is working on a guide for media professionals who want to do a better job portraying realistic lockpicking in print and on screen. He has advised best-selling authors and television shows airing on the History Channel and NatGeo.


For a list of presentations from past years, check out the LayerOne Archives