A Day in the Life of a Security Researcher
Ever wonder how to find vulnerabilities? In 2013 and 2014, I averaged 4-6 CVE assignments each month and in this presentation I will go over general tips and tricks I have found most effective at locating unknown vulnerabilities. Vulnerabilities explored will include web vulnerabilities (XS*, command-injection, SQLi, etc) and C/C++ application vulnerabilities (memory corruption, logic errors, etc).
To demonstrate the effectiveness of these techniques, I will provide examples vulnerabilities along with the path, which led me to finding them without the use of commercial analysis tools. I will also discuss some of my experiences working with vendors and developers to harden their products.
Smart Home Invasions
Smart home technology has been a dream for many perhaps inspired by the likes of George Jetson. Unfortunately, the technology is in its infancy still and the question remains as to whether vendors can demonstrate the ability to make our homes smarter without simultaneously introducing new risks to personal safety and privacy. In an effort to answer this question, Tripwire VERT conducted a security assessment of the three top-selling ‘Smart Home Hub' products available on Amazon. The research revealed 0-day flaws in each product, allowing an attacker to control smart home functionality.
This presentation will reveal some of the findings from this study, including vulnerabilities that have not been publicly discussed. If not addressed, smart home flaws can give rise to a new type of ‘smart criminal' able to case victims without being seen. Once a target is chosen, it is possible to unlock doors and disable security monitoring.
An Introduction to Industrial IoT
A transformative event is occurring where countless industrial devices, both old and new, are being interfaced with Internet Protocol (IP) communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The IIoT is at the very core of disruptive visions such as Industry 4.0 and other advanced manufacturing initiatives, and it promises to bring countless new value creation opportunities across all market sectors. However, cybersecurity and data privacy issues present major hurdles and roadblocks for adopters of IIoT technologies, and if these issues are not appropriately addressed, the true potential of the IIoT might not be met.
In this presentation, we hope to shed some light on this emerging technology and spread awareness of its benefits and risks. Securing IIoT environments poses unique challenges as compared to traditional IT, and the presentation will discuss these unique cybersecurity characteristics.
Good Home Security Hygiene
We're a long way from the days of the shared family computer – the one monopolized by your video game loving sibling until someone had homework due. Today's connected life means more devices, more connections, and more attack vectors. I sat down to think about the devices on my network and realized that I really didn't know what was connected. My router was no help; listing only MAC Addresses from vendors I wasn't aware existed. I decided it was time to inventory my network and identify how many connected devices exist in the "average" home.