Arthur Paixao and Diego Mariano
GithubA Novel Red Team and Blue Team Methodology for Healthcare Hacking
Bio: Arthur Paixão: Cyber Security Manager at Hospital Israelita Albert Einstein
Resumo: This paper presents a novel methodology that combines red team and blue team exercises to enhance cybersecurity resilience in the Brazilian healthcare sector. The methodology is designed to go beyond the traditional roles of red teams and blue teams. It incorporates threat injection exercises with a newly created prioritization method, training the Red Team to assist the CSIRT in responding to incidents and creating a new role for the Red Team. Additionally, a new technique called Offensive Intel monitors the threat landscape of competitors and provides insights on how to protect our own landscape. The methodology also incorporates techniques to deal with VIP patient data and policies to control staff curiosity. Some real-life use cases are presented to showcase the effectiveness of the methodology in identifying vulnerabilities and enhancing cybersecurity resilience. One such use case involved an almost successful attempt to destroy medical equipment during a penetration testing exercise and how to not do it again. Another one presents vulnerabilities identified in air conditioning controllers, EMR systems, and exam results systems that are used in the entire country. And two incidents that were successfully contained with the help of threat injection and offensive intel. The methodology’s effectiveness also led to the inference of the Brazilian TOP 10 Vulnerabilities in the Healthcare Sector, based on findings across systems used throughout the country. The list provides insights into the most critical vulnerabilities facing healthcare institutions in Brazil and will be presented at the conference. The vulnerabilities were categorized by the degree of harm they can inflict on patients and the impact on healthcare services. The methodology’s results led to the development of a tool that assists other cybersecurity teams in conducting safe red and blue team exercises in the healthcare sector. The tool augments cybersecurity resilience by improving the capabilities of CSIRT and threat intel teams and is valuable to other cybersecurity professionals in the industry. In conclusion, the novel methodology provides a unique approach to enhancing cybersecurity resilience in the Brazilian healthcare sector. The incorporation of threat injection exercises, Offensive Intel, and a new role for the Red Team offers a comprehensive and effective approach that goes beyond traditional red team exercises. The methodology and tool can be replicated in other sectors beyond healthcare to enhance cybersecurity resilience. The approach’s effectiveness has been demonstrated through real-life use cases and the creation of the TOP 10 Vulnerabilities in the Healthcare Sector in Brazil. By adopting this methodology, healthcare institutions in Brazil and around the world can better protect patient data and improve cybersecurity resilience.
Tópico geral: Healthcare, Red Team, Blue Team
Andriel Biagioni aka Dril
GithubEchoes of the past: Review of ancient Samsung flaw in modern Android
Bio: Security Researcher
Resumo: The talk consists of explaining in depth and technically the public vulnerability (CVE-2019-16253) in the SamsungTTS application - available on all Samsung cell phones. In addition, the talk will bring a little-known way to exploit the vulnerability in current Samsung devices. This approach can be extended to all Android devices as well. This study was motivated by the news through this link: https://www.xda-developers.com/tts-samsung-exploit-how-it-works/
Tópico geral: Exploitation, Samsung, Android, Mobile
Elbert Cirino aka tuxtrack
GithubAbusing Azure Attack Paths: The imitation game
Bio: Security researcher with over 12 years of experience in the Security field. Previously worked as a Red Teamer for a financial industry company and as a penetration tester for a security consultant company. NullByte Security Conference Co-Founder.
Resumo:In this presentation, we will explore how attackers can abuse Azure attack paths by leveraging Graph API permissions. We will start by examining the different types of Graph API permissions and how they can be used to gain access to sensitive information and resources on Azure. We will also look at real-world attack scenarios that exploit these permissions, such as token theft, privilege escalation, and data exfiltration. Next, we will demonstrate how attackers can use the Graph API to perform reconnaissance on Azure environments, including identifying vulnerable endpoints and potential targets.
Tópico geral: Azure, Graph API, Data Leak, Exploitation
Fabricio Gimenes aka FgP
GithubThe windows is our friend!!! Windows Event Log Persistence
Bio: 10 years of experience in Offensive Security. I love privilege escalation techinics like “Domain Admin” and some other types of Bypass like EDR and Windows Defender especially and have some security certifications like OSCP and OSWE.
Resumo: A ideia dessa talk e mostrar algumas Fases/Técnicas que podemos utilizar durante um exercício Redteam ou ate mesmo em um Pentest em ambiente Windows. O foco principal é mostrar técnicas de bypass e persistência utilizando o próprio Windows como nosso aliado. Todos as PoCs aqui foram feitas em um ambiente de Laboratório controlado, onde foi construido alguns mecanismos de proteção como “ Constrained Language, elevação de privilégio utilizamos AlwaysInstallElevated e persistência utilizando Windows EventLog” Durante todos teste busquei utilizar técnicas diferentes das existentes trazendo assim uma nova abordagem. Bypass CLM “PowerShell Constrained Language Mode” Elevação de Privilegio Utilizando WIX File para obter acesso como NT/AUTHORITY Persistência Utilizando o Windows EventLog
Tópico geral: Windows, Event Log, RedTeam, Powershell, Exploitation
Jesse Neto
GithubPurple Team - Identifying common Microsoft Active Directory misconfigurations through assessments
Bio: Information Security Analyst at Hakai
Resumo:A proposta é falar sobre como se dá um assessment no Active Directory, o que precisa ser levado em conta, quais são as considerações que precisam ser consideradas. Além disto, o entendimento de como funciona o protocolo Kerberos é fundamental.
Tópico geral: Purple Team, Active Directory, Kerberos
Tiago Peixoto
GithubAbusing Trusted DLLs With RWX Sections to Bypass EDR’s Userland Hooks
Senior Threat Researcher at Security Joes, with 8 years of experience in reverse engineering and vulnerability research. I have spoken at events such as H2HC and NullByte Security Conference. Currently, my focus is on research related to bypassing EDRs and antivirus software.
Resumo:Our research presents a method for injecting and executing code in memory that circumvents the need for memory pages with execution permissions. Instead, we leverage specific sections within trusted software DLLs, which offer memory sections with read, write, and execute (RWX) permissions. By exploiting these sections, we have developed a technique that allows us to bypass user land EDR (Endpoint Detection and Response) hooks. This innovation opens up new avenues for evading detection and enhancing the stealth of code execution, significantly impacting the field of cybersecurity.
Tópico geral: EDR Bypass, RedTeam, Exploitation
Otavio Silva
GithubGaspar(Zinho) a native Android argumentation framework
Bio: Doutorando em Ciência da Computação pela Unicamp. Participou como pesquisador do 2º Testes Públicos de Segurança do Sistema Eletrônico de Votação Brasileiro, ao obter local kernel access . Seus principais interesses de pesquisas incluem segurança em kernel, com enfase na exploração dos mecanismos de detecção e prevenção de ataques, kernel rootkits, reverse engineering e game cheating :)
Resumo: Relying on LSPosed SDK, Gaspar proposes an evasive reliable and fast argumentation framework directly on Android Run Time (ART) hooking and interposition abstraction
Tópico geral: Android, Mobile, Exploitation
"Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike."
Patrocinadores:
