Privacy Enhancing Technologies
Lucie Hoffmann
How scip AG enjoyed the Area41 and its talks
At the entry we already received the first swag of the day. The badge of this year holds many different surprises. Some of the surprises were resolved after the conference, others still remain a mystery.
In the following section are the impressions and summaries of the talks that left a lasting impression on the scip team.
The Area41 2024 talks opened with the keynote speech Hacker’s Perspective on New Risks: Revising the cybersecurity priorities for 2024 by Paula Januszkiewicz. In her keynote speech, Paula presented AI as a new threat in the IT sector and also discussed the fact that classic attacks continue to work. On one hand, AI threats are focussed on social engineering, while on the other hand they also involve the development of malicious tools with the help of AI. It was impressive, how she was able to include technical demos in her keynote to answer the question she posed, “Is hacking easy?”; spoiler alert according to Paula, the answer is yes. Summarising, she recommends the following six points as particularly relevant for IT security in 2024:
In his talk Switching 400,000 Volts with a TCP packet, Cyrill Brunschwiler explained to the community the basics of the Swiss power grid, key components, protocols such as IEC 61850 and IEC 60870-5-104 and what penetration testing looks like in this environment. Cyrill looked back at past incidents such as the 2015 attack on the Ukrainian power grid attributed to the Sandworm group. He also referred to the current IT attacks in the Ukraine war and concluded by reflecting that in war, missile attacks on the power infrastructure cause much more damage and lead to longer outages.
Tommaso Gagliardoni presented the encryption software shufflecake in his talk Shufflecake, AKA Truecrypt on Steroids for Linux. Sufflecake can create multiple hidden volumes under Linux and makes it very difficult to prove the existence of such volumes. Shufflecake is a kind of successor to Truecrypt/Veracrypt, but is a significant improvement as it runs natively on Linux, supports different file systems and multiple nested volumes. Tommaso presented a complex topic in a simple and clear way that entertained and informed newcomers and Truecrypt veterans alike.
In the early afternoon, Gian Demarmels presented his journey into the automated creation of configurable malware and implants through his own framework in the talk Automating Malware Development: A Red Teamer’s Journey. He went through the various stages of development and revealed brief insights into his framework, Darth-Evader, which for obvious reasons has not been published. Among other things, he revealed that he uses the template engine Jinja to create the source code for the sake of modularity, more efficient development and a better end result.
New stories of money – Crypto, DeFi, Hacks & Attacks by Marco Preuss was a very insightful talk about all the different types of attacks and scams in the crypto-realm. He covered not only attacks targeting the blockchain itself, but also other targets like computer takeover to mine crypto, crypto-scams, crypto-theft, and more. Marco discussed various aspects, including Bitcoin and other coins, business scams, DeFi, and NFTs. He didn’t just deliver the general idea of these attacks or scams but also shared some intriguing stories and examples of these cases. While pointing out these attacks and scams, he also talked about some of the basics of crypto and its potential along the way. It was fascinating to see all the facets of the crypto security world.
In her talk The CTF to Career Pipeline by Jam (Vie) Polintan showcased how to get into cybersecurity and make it big by starting with CTFs. With her team Maple Mallard Magistrates, she was able to win the Def Con CTF. Her story of her artistic background, to studying game design and math at the University of British Columbia and starting out with CTFs with the UBC CTF Team Maple Bacon, was inspiring. Now she is working in the industry with Google. It was inspiring how she showcased leveraging abstractions of techniques learned in some area of living or information security to innovate and apply them in a completely different environment.
Michael presented an exciting command injection in email addresses handled by the spam filter appliance MailCleaner, leading to a reverse shell.
The attack shows how difficult email addresses are to handle due to their great flexibility in allowed characters. After some research on data sources and sinks in the code of the open source MailCleaner spam filter appliance, they found that a cron job regularly executes a system call using the recipient email address of a spam as input. Using email sub-addressing to have a valid recipient and shell parameter expansion to get missing characters necessary for RCE, they made their way through setting a valid recipient email containing a command to trigger a reverse shell on the system running MailCleaner. The talk ended on a clean and very satisfying demo, successfully opening a shell as root.
The talk Phishing the Phishing Resistant – Phishing for Primary Refresh Tokens in Microsoft Entra by Dirk-jan Mollema was about the Microsoft Entra ID OAuth tokens. Dirk-jan’s blog article Phishing for Primary Refresh Tokens and Windows Hello keys provided the basis for the talk. He demonstrated that by exploiting OAuth flows with attacks such as Credential Phishing and Device Code Phishing, it is possible to obtain Primary Refresh Tokens (PRT) and, if MFA was used during authentication, it is also possible to store Windows Hello For Business (WHFB) credentials to gain persistence on a device. As a countermeasure, Dirk-jan suggested enforcing managed devices through Mobile Device Management (MDM) using a conditional access policy and monitoring device code flow logs.
The emphasis in the presentation of the talk Technical Deep Dive into the XZ backdoor by Timo Schmid was on the word technical and Timo delivered perfectly. He presented his findings from investigating the XZ backdoor and showed the complexity with which the backdoor was developed and how it was concealed using various obfuscation techniques. However, he also pointed out that it was probably the sum of the obfuscation techniques that was responsible for the backdoor being discovered, as the performance of a system was significantly affected for a short time as a result.
I had a fantastic time with this activity. A few months ago, I purchased a lockpicking kit, but due to a busy schedule, I hadn’t been able to use it much. So, I was thrilled to finally learn some lockpicking techniques and how to open handcuffs on the first day. I enjoyed it so much that I signed up for the lockpicking competition. I returned on the second day to practice more and to understand the intricacies of lockpicking better. It was truly enjoyable.
The competition took place on the second day on the main stage. It followed a 1v1 duel format in a bracket system. The challenge involved escaping from handcuffs, picking a lock on a container with a toy gun inside, and then using the toy gun to shoot your opponent. The first person to shoot their opponent advanced to the next round.
When it was my turn, I struggled with the handcuffs and wasn’t quick enough. I saw my opponent free himself very quickly. Although I managed to get my handcuffs off and was a bit faster at picking the lock, he had more time. Unfortunately, I was shot while trying to retrieve the toy gun from the container and lost in the first round. However, my opponent went on to win second place. Despite the loss, I had a great time competing and believe I have found a new hobby.
As with every Area41 event, we thought it was a great success. Compared to last time, the catering was even better and more readily available. The weather was wonderful for the barbecue and we were able to enjoy it on the terrace of Komplex457. As always, we learnt a lot and were able to expand our networks over these two days. We say thank you very much to the organisation team!
Our experts will get in contact with you!
Lucie Hoffmann
Yann Santschi
Andrea Hauser
Ralph Meier
Our experts will get in contact with you!