Area41 2024 - A Recap

Area41 2024

A Recap

Michael Schneider
Michael Schneider
Ralph Meier
Ralph Meier
Andrea Hauser
Andrea Hauser
Yann Santschi
Yann Santschi
Lucie Hoffmann
Lucie Hoffmann
on July 04, 2024
time to read: 16 minutes

Keypoints

How scip AG enjoyed the Area41 and its talks

  • The Area41 again took place at the Komplex457 in Zurich and scip AG was there
  • It's a conference organised by the community for the community
  • Offering many different talks, challenges and networking opportunities
  • The introduction keynote was held by Paula Januszkiewicz on the topic "Hackers Perspective on New Risks"
  • Followed by insights into attacks on critical infrastructures such as power grids, the Shufflecake encryption software, the automation of malware, crypto and many more

The Area41 is a technical information security conference in Switzerland organised by the local DEFCON group chapter DC4131. It was originally established in 2010 under the original name Hash Days (#days). This years conference was held (again) in the Komplex457 in Zurich. Our scip team was present and we want to share some of our experiences.

Introduction

At the entry we already received the first swag of the day. The badge of this year holds many different surprises. Some of the surprises were resolved after the conference, others still remain a mystery.

Photo of the badge of the Area41 2024

Talk Summaries

In the following section are the impressions and summaries of the talks that left a lasting impression on the scip team.

Paula Januszkiewicz: Keynote

The Area41 2024 talks opened with the keynote speech Hacker’s Perspective on New Risks: Revising the cybersecurity priorities for 2024 by Paula Januszkiewicz. In her keynote speech, Paula presented AI as a new threat in the IT sector and also discussed the fact that classic attacks continue to work. On one hand, AI threats are focussed on social engineering, while on the other hand they also involve the development of malicious tools with the help of AI. It was impressive, how she was able to include technical demos in her keynote to answer the question she posed, “Is hacking easy?”; spoiler alert according to Paula, the answer is yes. Summarising, she recommends the following six points as particularly relevant for IT security in 2024:

Cyrill Brunschwiler: Switching 400’000 Volts with a TCP packet

In his talk Switching 400,000 Volts with a TCP packet, Cyrill Brunschwiler explained to the community the basics of the Swiss power grid, key components, protocols such as IEC 61850 and IEC 60870-5-104 and what penetration testing looks like in this environment. Cyrill looked back at past incidents such as the 2015 attack on the Ukrainian power grid attributed to the Sandworm group. He also referred to the current IT attacks in the Ukraine war and concluded by reflecting that in war, missile attacks on the power infrastructure cause much more damage and lead to longer outages.

Tommaso Gagliardoni: Shufflecake, AKA Truecrypt on Steroids for Linux

Tommaso Gagliardoni presented the encryption software shufflecake in his talk Shufflecake, AKA Truecrypt on Steroids for Linux. Sufflecake can create multiple hidden volumes under Linux and makes it very difficult to prove the existence of such volumes. Shufflecake is a kind of successor to Truecrypt/Veracrypt, but is a significant improvement as it runs natively on Linux, supports different file systems and multiple nested volumes. Tommaso presented a complex topic in a simple and clear way that entertained and informed newcomers and Truecrypt veterans alike.

Gian Demarmels: Automating Malware Development: A Red Teamer’s Journey

In the early afternoon, Gian Demarmels presented his journey into the automated creation of configurable malware and implants through his own framework in the talk Automating Malware Development: A Red Teamer’s Journey. He went through the various stages of development and revealed brief insights into his framework, Darth-Evader, which for obvious reasons has not been published. Among other things, he revealed that he uses the template engine Jinja to create the source code for the sake of modularity, more efficient development and a better end result.

Marco Preuss: New stories of money – Crypto, DeFi, Hacks & Attacks

New stories of money – Crypto, DeFi, Hacks & Attacks by Marco Preuss was a very insightful talk about all the different types of attacks and scams in the crypto-realm. He covered not only attacks targeting the blockchain itself, but also other targets like computer takeover to mine crypto, crypto-scams, crypto-theft, and more. Marco discussed various aspects, including Bitcoin and other coins, business scams, DeFi, and NFTs. He didn’t just deliver the general idea of these attacks or scams but also shared some intriguing stories and examples of these cases. While pointing out these attacks and scams, he also talked about some of the basics of crypto and its potential along the way. It was fascinating to see all the facets of the crypto security world.

Jam (Vie) Polintan: The CTF to Career Pipeline

In her talk The CTF to Career Pipeline by Jam (Vie) Polintan showcased how to get into cybersecurity and make it big by starting with CTFs. With her team Maple Mallard Magistrates, she was able to win the Def Con CTF. Her story of her artistic background, to studying game design and math at the University of British Columbia and starting out with CTFs with the UBC CTF Team Maple Bacon, was inspiring. Now she is working in the industry with Google. It was inspiring how she showcased leveraging abstractions of techniques learned in some area of living or information security to innovate and apply them in a completely different environment.

Michael Imfeld: Shells at Midnight – Turning a Spam Filter Against Itself

Michael presented an exciting command injection in email addresses handled by the spam filter appliance MailCleaner, leading to a reverse shell.

The attack shows how difficult email addresses are to handle due to their great flexibility in allowed characters. After some research on data sources and sinks in the code of the open source MailCleaner spam filter appliance, they found that a cron job regularly executes a system call using the recipient email address of a spam as input. Using email sub-addressing to have a valid recipient and shell parameter expansion to get missing characters necessary for RCE, they made their way through setting a valid recipient email containing a command to trigger a reverse shell on the system running MailCleaner. The talk ended on a clean and very satisfying demo, successfully opening a shell as root.

Dirk-jan Mollema: Phishing the Phishing Resistant – Phishing for Primary Refresh Tokens in Microsoft Entra

The talk Phishing the Phishing Resistant – Phishing for Primary Refresh Tokens in Microsoft Entra by Dirk-jan Mollema was about the Microsoft Entra ID OAuth tokens. Dirk-jan’s blog article Phishing for Primary Refresh Tokens and Windows Hello keys provided the basis for the talk. He demonstrated that by exploiting OAuth flows with attacks such as Credential Phishing and Device Code Phishing, it is possible to obtain Primary Refresh Tokens (PRT) and, if MFA was used during authentication, it is also possible to store Windows Hello For Business (WHFB) credentials to gain persistence on a device. As a countermeasure, Dirk-jan suggested enforcing managed devices through Mobile Device Management (MDM) using a conditional access policy and monitoring device code flow logs.

Timo Schmid: Technical Deep Dive into the XZ backdoor

The emphasis in the presentation of the talk Technical Deep Dive into the XZ backdoor by Timo Schmid was on the word technical and Timo delivered perfectly. He presented his findings from investigating the XZ backdoor and showed the complexity with which the backdoor was developed and how it was concealed using various obfuscation techniques. However, he also pointed out that it was probably the sum of the obfuscation techniques that was responsible for the backdoor being discovered, as the performance of a system was significantly affected for a short time as a result.

The Lockpicking Competition (Personal Impressions by Yann)

I had a fantastic time with this activity. A few months ago, I purchased a lockpicking kit, but due to a busy schedule, I hadn’t been able to use it much. So, I was thrilled to finally learn some lockpicking techniques and how to open handcuffs on the first day. I enjoyed it so much that I signed up for the lockpicking competition. I returned on the second day to practice more and to understand the intricacies of lockpicking better. It was truly enjoyable.

The competition took place on the second day on the main stage. It followed a 1v1 duel format in a bracket system. The challenge involved escaping from handcuffs, picking a lock on a container with a toy gun inside, and then using the toy gun to shoot your opponent. The first person to shoot their opponent advanced to the next round.

When it was my turn, I struggled with the handcuffs and wasn’t quick enough. I saw my opponent free himself very quickly. Although I managed to get my handcuffs off and was a bit faster at picking the lock, he had more time. Unfortunately, I was shot while trying to retrieve the toy gun from the container and lost in the first round. However, my opponent went on to win second place. Despite the loss, I had a great time competing and believe I have found a new hobby.

Concluding remarks

As with every Area41 event, we thought it was a great success. Compared to last time, the catering was even better and more readily available. The weather was wonderful for the barbecue and we were able to enjoy it on the terrace of Komplex457. As always, we learnt a lot and were able to expand our networks over these two days. We say thank you very much to the organisation team!

About the Authors

Michael Schneider

Michael Schneider has been in IT since 2000. Since 2010 he is focused on information security. He is an expert at penetration testing, hardening and the detection of vulnerabilities in operating systems. He is well-known for a variety of tools written in PowerShell to find, exploit, and mitigate weaknesses. (ORCID 0000-0003-0772-9761)

Ralph Meier

Ralph Meier completed an apprenticeship as an application developer, with a focus on web development with Java, at a major Swiss bank and then completed a Bachelor of Science in Computer Science UAS Zurich at the ZHAW School of Engineering. His primary task is doing security-related analysis of web applications and services. (ORCID 0000-0002-3997-8482)

Andrea Hauser

Andrea Hauser graduated with a Bachelor of Science FHO in information technology at the University of Applied Sciences Rapperswil. She is focusing her offensive work on web application security testing and the realization of social engineering campaigns. Her research focus is creating and analyzing deepfakes. (ORCID 0000-0002-5161-8658)

Yann Santschi

Yann Santschi completed an apprenticeship as a systems engineer at the Swiss Stock Exchange and then worked as a cyber security consultant at one of the Big Four consulting firms. He is currently pursuing his Bachelor’s degree in Information and Cyber Security with a major in Attack Specialist and Penetration Testing at HSLU. His focus is on web applications, network security, and social engineering.

Lucie Hoffmann

Lucie Hoffmann completed a Bachelor in Information and Communication Systems at EPFL followed by a Master in Cybersecurity joint between EPFL and ETH. She was able to collect working experience on the new network architecture SCION during her master thesis. Her focus is web application security.

Links

You want to evaluate or develop an AI?

Our experts will get in contact with you!

×
Privacy Enhancing Technologies

Privacy Enhancing Technologies

Lucie Hoffmann

How I started my InfoSec Journey

How I started my InfoSec Journey

Yann Santschi

Prompt Injection

Prompt Injection

Andrea Hauser

Dynamic Analysis of Android Apps

Dynamic Analysis of Android Apps

Ralph Meier

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here