Sort by:  

Conference:  Defcon 31
Authors: Tamas Jos (SkelSec) Principal Security Consultant, Sec-Consult AG

Spooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment.
Conference:  Defcon 31
Authors: Michael Stepankin Security Researcher at GitHub

Although x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return. In this talk, we’ll deep dive into some novel attacks on mTLS authentication. We won’t bother you with heavy crypto stuff, but instead we’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation and information leakages. We present some CVEs we found in popular open-source identity servers and ways to exploit them. Finally, we’ll explain how these vulnerabilities can be spotted in source code and how the safe code looks like.
Conference:  Defcon 31
Authors: Trevor Stevado Founding Partner/Hacker @ Loudmouth Security, Sam Haskins Hacker, Loudmouth Security

Contactless credentials have become increasingly popular for secure authentication and access control systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the potential for long-range relay attacks. During the presentation, we will delve into the history of contactless credential attacks, how manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’ of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON with a card on-stage in Vegas. In addition, we will discuss the response from HID Global following our responsible disclosure against their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.
Conference:  Black Hat Asia 2023
Authors: Chrisando Ryan Pardomuan Siahaan, Andry Chowanda

Have you ever wondered whether screen-sharing could pose a threat to your privacy? Or, perhaps imagine whether it is truly safe to keep your screen-sharing mode active when typing passwords, even if they're masked on-screen? Think about it: during video meetings, we frequently share our screens, giving our audience a real-time view of the characters and symbols as we type them. Some of us don't even bother to stop the screen sharing mode while typing passwords, believing that since the password is masked (hidden) on the screen, there is no potential threat to our privacy. However, while this behavior may not matter to human audiences, a computer vision model observing the screen-sharing session can gain a lot of information. It can determine the precise time a certain character is typed, how often we make mistakes in our typing, and even the delay between one character we type and the next. These metrics, unique to everyone, can be used to identify our generic typing behaviors. This way, an adversary can easily impersonate a victim's typing behavior without the need to install additional software/hardware such as keyloggers. In this presentation, we'll unveil the exploitation algorithms to extract an individual's typing behavior from a recorded screen-sharing video. We'll also demonstrate a staggering 67% chance that an attacker can mimic a victim's typing behavior and deceive a keystroke biometric authentication system to steal the victim's access or identity, just by using a recorded screen-sharing video. Furthermore, we'll demonstrate how an attacker could possibly recover one's typed password by using the mimicked typing pattern. Finally, we'll highlight some recommendations on how to prevent our keystrokes from being mimicked and stolen out, although we believe there isn't yet a silver-bullet approach that could completely annihilate the risks.
Authors: Alex Ilgayev, Elad Pticha

tldr - powered by Generative AI

The presentation discusses the importance of secure authentication in CI/CD pipelines and the potential vulnerabilities of using tokens. The solution proposed is to use OpenID Connect (OIDC) for authentication.
  • CI/CD pipelines require secure authentication with third-party providers
  • Tokens are a popular method of authentication but can be vulnerable to breaches
  • Examples of breaches include CircleCI and Codecov
  • OpenID Connect (OIDC) is a solution that extends the capabilities of OAuth 2.0 and uses JSON web tokens (JWT) for authentication
  • OIDC is standardized and allows for third-party verification of user identity
Authors: Mike Danese, Rita Zhang, David Eads, Jordan Liggitt

SIG Auth is responsible for Kubernetes features that control and protect access to the API and other core components. This includes authentication, authorization, auditing, and some security policy. In this talk, we'll deep dive into projects SIG Auth is currently working on, answer your questions about the SIG and this area of Kubernetes, and share ways you can get involved.
Authors: Christophe Tafani-Dereeper, Diego Comas

tldr - powered by Generative AI

The talk discusses common pitfalls and traps in managed Kubernetes environments and how to bridge the gaps between what runs inside a managed Kubernetes cluster and what is deployed in other services of the cloud provider.
  • Admins in AWS do not necessarily have permissions on their Kubernetes cluster
  • External secrets can be brought into the cluster using different techniques
  • Architecting cloud-native applications can benefit from the full power of cloud services while avoiding complete vendor lock-in
  • Attackers can abuse mechanisms to pivot from exploiting a single containerized workload to compromising full cloud environments
  • A tool is being released to help mitigate and handle some of the pitfalls and problems
Authors: Niclas Kjellin

A little trust goes a long way, or so they say. The fundamentals of any resilient network, be it human or digital, starts with trust, where entities can authenticate themselves and others and communicate securely.Traditionally, a digital network uses the X.509 certificate standard and application-specific solutions to build trust and secure communication. Dime (Data Integrity Message Envelope) is an alternative open data format used to build trust and share data securely within networks of any size and shape. Dime envelopes contain encoded information, including verifiable claims by the sending party and application-specific data. In addition, using digital signatures and end-to-end encryption ensures that data cannot be altered or read by unauthorized parties. Some of the covered topics:- Trust-based networks – public key-based authentication to provide trust between entities- Message wrapping – end-to-end encryption to securely deliver data- Cryptographic linking – link items cryptographically for proof-building- Signature tags – to prove reception, processing, or verification of an itemAlthough there is no need to have deep secure engineering knowledge to get going with Dime, this talk aims to go through the underlying concepts, which will help to avoid common pitfalls and enable you to build more secure applications. The presentation uses real code examples to support and explain each concept further. Human readability and ease of use are at the heart of Dime, drawing on ideas from other formats such as JWT, PASETO, and Branco.As many use cases exist, including IoT, instant messaging, and banking apps, Dime may be crucial to your plans to take over the world (with your subsequent app success). At the very least, it will work through and strengthen your (digital) trust issues.
Conference:  ContainerCon 2022
Authors: Nigel Brown, Leigh Capili

tldr - powered by Generative AI

The presentation discusses the importance of identity and access management in Kubernetes and introduces Pinniped as a solution.
  • Kubernetes lacks a robust identity and access management system
  • Pinniped is a solution that provides a secure and flexible identity and access management system for Kubernetes
  • Pinniped offers a variety of authentication methods, including OAuth 2.0 and OpenID Connect
  • Pinniped is actively seeking input from the community to improve the project
Conference:  CloudOpen 2022
Authors: Andrew Martin

tldr - powered by Generative AI

The presentation discusses the concept of workload identity and its importance in securing cloud native systems. It explores the limitations of traditional authentication mechanisms and proposes the use of dynamic credentials and hardware roots of trust.
  • Historically, identifiers such as IP addresses, passwords, and certificates were used for authentication, but they are no longer effective in dynamic cloud native systems.
  • Workload identity is a way for workloads to prove their identity without the need for a secret.
  • A trusted third party is needed to issue identities, and identity documents should be short-lived and verifiable through cryptography.
  • TPMs, Keylime, and trusted execution environments can provide stronger guarantees of identity and integrity.
  • Spire and Spiffy are useful tools for managing workload identity in more complex environments.