BSides Toronto 2021

Opening remarks for BSides Toronto 2021

Implementing a password reset function is a very challenging part for every developers. There is no well-defined standard on how to implement a secure password reset functionality in an application. That's why every application has a different way of implementation like sending unique URLs, generating a temporary password, security questions, OTP etc.

Every developer has a different approach of implementing such feature. That's why every time the hacker has to think of a new way to hack. In this talk, I'll be briefly telling some methodologies for achieving Account Takeover via exploiting misconfigured password reset functionality.

Application architecture is a vital area of security which is often overlooked. Despite the usage of single or multi-tier architecture, the majority of the vulnerabilities arise during software development life cycle which needs to be patched in the early stages. Integrating security in the SDLC will help out in discovering the vulnerabilities before nefarious actors leverage them. During the talk, security controls missing during the SDLC which mostly hackers are leveraging should be addressed along with making it more secure than before.

IoT has gotten a lot of traction lately and has found it’s applications widely in areas such as Home Automation, Healthcare, Automobiles and Industrial applications. This has opened up a substantial amount of attack surface when seen from an Attacker’s perspective. For instance, Home Automation sector has grown significantly to this point of time, where almost every device / appliance in our homes can now be SMART. When a device gets “Smart”, it connects to a home network and in turn to the Internet; which enables the consumers to interact with such devices from any part of the world. As convenient as this may sound, this makes Every Connected Device in our home a Potential Entry Point. Even compromising a single IoT device could let the attacker into the home network and control other devices connected to the same network.

This talk is devised to showcase the increase in attack surface with the introduction of IoT as well as various attack scenarios through which an IoT device could be compromised by an attacker.

In this talk we gonna learn what is SEH (Structured Exception Handler), what your function in the system, as well as your famous message "program has encountered a problem and needs to close", and how and why sometimes in exploit development is necessary in memory stack, overwrite the SEH.
We also gonna learn what is the function for exploitation technique called Egg Hunter, and when is necessary to make use of this technique.
For end, we gonna learn create from zero an exploit, to exploit a Buffer Overflow vulnerability utilizing the technique SEH Overwrite with use of Egg Hunter, and we will looking for badchars to avoid errors in our shellcode, all this to get a reverse shell.
Video PoC is included :) of course!

The information security field focuses on preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information. This is accomplished by securing assets and people, using frameworks and methodologies such as the CIS top 18 and NIST. Hacking a Business Process requires hacking these assets or people first, but the business process still needs to be secured. Financial Processes such as Purchase Order processes, or HR processes such as employee termination, pose a great risk to any organization – if the process is sufficiently manipulated, any theft arising from it becomes much harder to identify.

Security requires intense cooperation and coordination between multiple parties. This is not achievable when they cannot agree on how to describe key concepts and keep representing the same things in different, not always compatible standards. Where are we failing in communication and knowledge representation? How can we avoid them becoming roadblocks to our security initiatives?

I regularly have conversations with cybersecurity leaders and experts across a range of industries. Recently on my Cyber Security Effectiveness Podcast, I've spoken with board members from several market-leading companies, in the public and private sectors, to understand their perspectives on cybersecurity.

These conversations demonstrate that board members are paying close attention to their organizations' security programs — their approach and effectiveness and the impact on risk posture. Additionally, board members' influence on the direction of a company's security program has grown. As a result, IT leaders must report regularly that security technology, people, and processes are optimized to protect and defend the organization so that when a breach or attack does take place, it will have minimal impact on the brand and bottom line.

Closing remarks for BSides Toronto 2021