ScheduleHours are given in local time (UTC+1).
(Keynote) Failure is not an Option* - Philippe Biondi
A journey through software bugs.
I am a research engineer and computer security senior expert at Airbus Group Innovations. I am the author of Scapy, Shellforge and several other tools.
(Invited talk) LOGJAM: TLS and the difficulty of discret logarithm - Emmanuel Thomé
DescriptionNous étudions la sécurité de l'échange de clés de Diffie-Hellman tel qu'il est utilisé dans les protocoles répandus sur Internet. Nous concluons que le niveau de sécurité atteint n'est pas à la hauteur des espérances. Pour calculer un logarithme discret dans un corps fini, l'algorithme du crible algébrique est plus difficile que sa version pour factoriser des modules RSA de la même taille. Cependant, un attaquant qui mène un précalcul conséquent pour un nombre premier p peut ensuite amortir ce précalcul pour obtenir de nombreux logarithmes discrets modulo ce nombre premier, pour un coût individuel faible. Ce fait est bien connu dans le domaine de la théorie algorithmique des nombres, mais l'est moins dans la mise en pratique de solutions cryptographiques. Sur la base de ces observations, nous implémentons une nouvelle attaque de type man-in-the-middle sur TLS, dans laquelle un intrus parvient à dégrader la connection pour forcer l'emploi de clés de 512 bits, qui sont particulièrement faibles. Dans le cas de clés de 1024 bits, nous donnons des estimations sur le coût du précalcul nécessaire pour obtenir des logarithmes discrets. Un tel précalcul semble être à la portée de moyens étatiques. Un examen des documents de la NSA fuités récemment indique que les attaques de la NSA contre les VPN pourraient correspondre au fait qu'un tel précalcul ait été réalisé.
Travail commun avec David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, Paul Zimmermann.
(Invited talk) Draw me a Local Kernel Debugger - Samuel Chevet and Clément Rouault
Local Kernel Debugging is the ability to perform kernel-mode debugging
on a single computer.
In other words, the debugger runs on the same computer that is being debugged.
Windows offers this functionality through windbg and kd binaries which allow to
read/write the kernel memory, perform in/out and access MSRs.
This presentation will explain how dbgengine (core of windbg) works: which APIs are exposed and what it requires to work properly. We will show how to abuse it to be able to perform Local Kernel Debugging in Python. Finally, we demonstrate its interest through use cases.
Samuel Chevet is a security researcher currently working at Sogeti ESEC R&D.
His interests mainly lies in reverse engineering, vulnerability
research and windows internals.
Clement Rouault is a security researcher currently working at Sogeti ESEC R&D.
Fervent user of Python he is interested in use, abuse and
implementation of this language.
His research interests include reverse engineering and exploitation.
Industrial Control Systems Dynamic Code Injection
Since the day of the virus Stuxnet, the world has discovered the importance of securing Industrial Control Systems, more commonly known as SCADA, and their potential impacts on Critical Infrastructure Protection (CIP). The Stuxnet Malware uses a specific exploit (CVE-2012-3015) which consists of Step 7 Insecure Library Loading. In this paper, we propose to demonstrate how easy it is to make a dynamic Code Injection in a S7-300 PLC without shutting down or restarting the equipment. We developped a program in C language, using Snap7 library, to push a new Organisation Bloc (OB) inside the CPU. We developped a small HMI to illustrate the dynamic modification on the execution flow.
Corrupted GOOSE Detectors: Anomaly Detection in Power Utility Real-Time Ethernet Communications
GOOSE protocol is used for critical protection operations in the power grid, as standardized by IEC61850. It thus has strong real-time constraints that make very hard to implement any security means for integrity and confidentiality such as encryption or signature. Our answer to this lack of dedicated cybersecurity measures is to check legitimacy of every GOOSE messages flowing over the managed network. When detectors issue an alert, the SCADA informs field devices to discard GOOSE communication and run an alternative protection strategy. This article focuses on the GOOSE attack detectors we developed: one dedicated to Ethernet storm and the other one to fraudulent GOOSE frames. The paper first introduces main GOOSE protocol mechanisms and gives a brief state of the art regarding GOOSE attack management before presenting our architecture and the detectors.
Similarities and anomalies analysis of network mapping results
Due to new capabilities in network scanning, for states, companies and individuals, there are more and more results to digg in. Analysing them manually is a very time consumming and prone to error task. In this article we introduce an approach which relies on machine learning and "Big Data" algorithms and, to the best of our knowledge, is a new one. Our method leads to scan results clustering (grouping web servers, printers, ...) and highlights low hanging fruits (potential targets).
New Results for the PTB-PTS Attack on Tunnelling Gateways
This work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PTB-PTS) Internet Control Message Protocol (ICMP) based attack against tunneling gateways. It is a follow up of a prior work  that detailed how to launch the PTB-PTS attack against IPsec gate- ways (for secure tunnels) and their consequences, ranging from major performance impacts (additional delays at session establishment and/or packet fragmentation) to Denial of Services (DoS). In the present work we examine a much wider range of configurations: we now consider the two IP protocol versions (previous work was lim- ited to IPv4, we add IPv6), two operating systems (previous work was limited to Linux Debian, we add a recent Ubuntu distribution as well as Windows 7), and two tunnelling protocols (previous work was limited to IPsec, we add IPIP). This work highlights the complexity of the situation as different behav- iors will be observed depending on the exact configuration. It also high- lights Microsoft’s strategy when approaching the ”minimum maximum packet size” (i.e., minimum MTU) any link technology should support: if Windows 7 mitigates the attack in IPv4 (there is no DoS), however the performance impact is present and the technique is inapplicable to IPv6. Finally, it highlights a fundamental problem: the impossibility to identify illegitimate ICMP error packets coming from the untrusted network.
Linnea: Detecting blacklist-evading malware with SQL rules
We present a system for detecting malware that uses domain generation algorithms (DGAs) to evade blacklisting. We use SQL rules that identify patterns specific to the malware family in the non-resolving domains queried by infected clients. We have designed a language to describe these rules more easily, which can be compiled to SQL. Using this approach we detected ten DGA families in a day's data from a large enterprise.
Hacking a Sega Whitestar Pinball: Focussing on the audio board
A reverse engineering of a BSMT2000 DSP used on the audio circuit of an old-school pinball. An overview of the electronic design of this uncommon and discontinued machine will be presented before focussing on the peculiar conception of its sound board.