Conference:  Defcon 31

Authors: Dr. Bramwell Brizendine Assistant Professor at University of Alabama in Huntsville, Jake Hince, Max 'Libra' Kersten

2023-08-01

Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode. SHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs. Encoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler. IDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra plugin, so SHAREM's enhanced disassembly can enhance what is in GHidra. Only SHAREM identifies APIs in disassembly, and this also can be brought to Ghidra. We will also see how SHAREM can be used by aspiring shellcode authors to enhance their own work, and we will examine advanced shellcode specimens in SHAREM. | Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.

Conference:  Black Hat Asia 2023

Authors: Neil Wyler, Bart Stump

2023-05-12

Back with another year of soul-crushing statistics, the Black Hat NOC team will be sharing all of the data that keeps us equally puzzled, and entertained, year after year. We'll let you know all the tools and techniques we're using to set up, stabilize, and secure the network, and what changes we've made over the past year to try and keep doing things better. Of course, we'll be sharing some of the more humorous network activity and what it helps us learn about the way security professionals conduct themselves on an open WiFi network.

Conference:  Global AppSec Dublin 2023

Authors: Spyros Gasteratos

2023-02-15

The presentation introduces a free and open source Application Security Toolchain Framework that unifies multiple security tools and allows for per-team configuration, conditional tool execution, and automated reporting. The framework is low to no code, platform-agnostic, and community-driven.

• Automated security testing has brought an abundance of signal about codebases and infrastructure without much manual effort, but managing findings and triaging false positives is time-consuming and results in hiring more security experts.
• The Application Security Toolchain Framework unifies multiple security tools and allows for per-team configuration, conditional tool execution, and automated reporting to different sinks based on code ownership.
• The framework is low to no code, platform-agnostic, and community-driven, with integrations for several scanners both under the OWASP umbrella and not.
• The framework allows for scheduling tool execution against both code and infrastructure, aggregating results from different tools, enriching them using several processors, and consuming them with a multitude of visualization platforms.
• The framework is demonstrated through a tool called Dracon, which unifies security tool execution and results management.
• The community-driven aspect of the framework allows for integration with a wide range of security tools and provides an idea of which tools are more popular based on their integrations.

Conference:  Global AppSec San Francisco 2022

Authors: Joshua Bregler, Corbin Moyer

2022-11-18

Make no mistake, secure development relies on automation. In a DevSecOps culture, having scalable, reliable tools and processes are the only way to make DevSecOps a reality. Creativity and technical chops are lauded for their ability to bring magic from the machines. However, is anyone in charge of making sure that your organization is automating the right things? How much attention is being paid towards supporting that automation across an Enterprise? The security is baked in, right? It may just be possible to focus so heavily on automation and tools that disparate teams lose sight of the bigger picture.This talk discusses the pitfall that many organizations trip into all too readily. By focusing forcefully or narrowly on automation, an organization can find itself creating technical debt, waste, and classically unsupportable support systems. We utilize two real-world case studies to clearly demonstrate classic automation problems and propose functional solutions. Audiences will come away with data-driven DevSecOps security management techniques as well as how to recognize and accept the trade-offs in a secure DevSecOps culture. This includes how to avoid creating new, unintended, invisible stove-pipe problems, drawing from our 25+ years of experience in the military and commercial spaces. Finally, we explore methods to find these opportunities, track meaningful metrics, and recognize when you’ve fallen over the edge.

Conference:  Global AppSec San Francisco 2022

Authors: John DiLeo

2022-11-17

The Open Web Application Security Project (OWASP) boasts around 130 active Projects, whose volunteers have developed tools and resources covering nearly every aspect of application security and software assurance. The challenge lies in knowing what they are, where to find them, and how they can help.I will present a brief overview of an array of interesting and useful OWASP Projects, including the current Flagship Projects, and provide insights into how each can be used to build and improve your AppSec program.