Onsdag og torsdag
09.00 - 17.00 postHackCon#10 (trykk her for mer info)
1) Kurs I - red team
2) Kurs II - blue team


Mandag (kurs dag 1) - Offensive teknikker
08.15
Dørene åpnes
08.15 - 10.00
Registrering HackCon#10
10.00 - 10.15 Administrativ informasjon
Gjennomgang av agenda for HackCon#10 og praktisk informasjon.

10.15 - 11.00 TBA


11.15 - 12.00 TBA


12.00 - 13.00 Lunsj


13.00 - 13.45 TBA


14.00 - 14.45 Golden ticket to permanent domain admin privilege - Hungary
After compromising a Windows domain, an attacker is capable to create a Ticket Granting Ticket (TGT) by using the krbtgt domain user's password hash to impersonate ANY domain user including the Domain Administrator(s). This ticket is valid for arbitrary time and can be renewed for more. This means full control over the domain for unlimited time, a perfect backdoor for the attackers.

The audience can learn about Kerberos infrastructure, tickets and Windows privilege impersonation through this live demo presentation. It includes mitigations as well, how to defend our domain against these kind of attacks.

The presentation will be held by Balazs Bucsay. Balazs is an IT-Security expert and techie geek, who is mainly focusing on penetration testing. Currently he is working as an Ethical Hacking Engineer for the Vodafone Group Plc, helping to secure the network and services. He is also a well-known speaker in Hungary, he had several talks on various advanced topics (PayPass, XSS worms, distributed password cracking) at different conferences and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, GIAC GPEN) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science.

15.00 - 15.45 Managing Risks and Rewards in Stolen Data Markets - USA
Over the last decade, data breaches of major retailers in the US have become common and lead to the loss of millions of pieces of personal information and sensitive financial data. In the last year alone, there have been massive breaches of nationwide chain stores which would potentially place consumers at high risk of economic loss due to on-line fraud.

Evidence increasingly demonstrates that data acquired through breaches are rapidly sold via on-line markets operating in forums and shops to prospective buyers around the world. There is, however, generally little research exploring the ways that actors within these markets operate or the extent to which buyers and sellers profit from the sale and use of data.

As a result, it is unclear how actors utilize risk reduction techniques in order to minimize the likelihood of financial losses and ensure successful transactions. This study attempts to explore these issues using qualitative and quantitative analyses of a sample of threads from 13 Russian and English language forums involved in the sale of stolen data. This talk will consider the various forms of data sold, the pricing and profits accrued by market actors, and the techniques employed in order to facilitate successful exchanges between buyers and sellers.

The policy implications of this study for consumers, law enforcement, and security personnel will be discussed in depth to provide improved mechanisms for the disruption and takedown of stolen data markets globally.

This presentation will be held by Dr. Thomas Holt. Dr. Thomas is an Associate Professor in the School of Criminal Justice at Michigan State University specializing in cybercrime, policing, and policy. He received his Ph. D. in Criminology and Criminal Justice from the University of Missouri-Saint Louis in 2005. He has published extensively on cybercrime and cyberterror with over 35 peer-reviewed articles in outlets such as Crime and Delinquency, Sexual Abuse, the Journal of Criminal Justice, Terrorism and Political Violence, and Deviant Behavior.

He has published multiple edited books, including Corporate Hacking and Technology-Driven Crime with coeditor Bernadette Schell (2011), Crime On-Line: Correlates, Causes and Context, now in its 2nd Edition, and a co-author of Digital Crime and Digital Terror, 2nd edition (2010). He has also received multiple grants from the National Institute of Justice and the National Science Foundation to examine the social and technical drivers of Russian malware writers, data thieves, and hackers using on-line data.

16.00 - 16.45 TBA


17.00 - 17.45 TBA


18.00 - 23.00 Sosialt arrangement
Her har du muligheten til å knytte kontakter og bli kjent med andre. Lett middag og underholdning med mer. Nettverket sørger for middag med mer.
23.00
Dørene låses.

Tirsdag (kurs dag 2) - Defensive teknikker
08.15
Dørene åpnes

09.00 - 09.45 TBA


10.00 - 10.45 Hacking highly secured enterprise environments - Netherlands
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is.

Imagine a scenario, where you have deployed a malware on a user?s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation.

I developed (and will publish) two tools that help you in these situations, for you to understand and secure your system better. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after you can execute code on the server with admin privileges (using a signed kernel driver).

My tools has been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!

The presenttion will be held by Zoltan. Zoltan (@zh4ck) is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing. His main expertise areas are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie browser tool, consisting of POC malicious browser extensions for Firefox, Chrome and Safari. He has been invited to present at information security conferences worldwide. He is a proud member of the gula.sh team, 2nd runner up at global Cyberlympics 2012 hacking competition.

11.00 - 11.45 TBA


11.45 - 12.30 Lunsj


12.30 - 12.50 Loddtrekning med mer


12.50 - 13.35 TBA


13.50 - 14.35 TBA


14.45
HackCon#10 slutt