Sebastian Neuner, Bernhard Grill, Dimitris Simos and Martin Schmiedecker will present their work at BSides Vienna. You can find the full schedule here.
BSidesVienna is a community-driven instance of the B Sides movement and will take place right after Deepsec on November 21st.
Steganography in File-system Metadata – Sebastian Neuner
Abstract: I present you a new technique to hide data in file system metadata, in particular using timestamp information. For this approach usable, are all file systems with nano-second granularity, meaning major file systems like NTFS and ext4. Considering the PoC, the amount of hidable data is about 1 megabyte on a typical drive with 160.000 files (initial Windows 8 installation). This embedded data is protected by error correcting codes and strong encryption. Due to the required indistinguishability of encrypted data to random data, the embedded data is also indistinguishable for an adversary.
Combinatorial Security Testing – Bernhard Garn and Dimitris Simos
Abstract: In this talk, we give an overview of “Combinatorial Security Testing (CST)”, a recently established branch of Combinatorial Testing (CT). We show how structure in the test case generation process of software testing can be leveraged to reveal security vulnerabilities. We present two applications of CST: XSS and operating system kernel testing. XSS is among the top ten most critical web application security risks according to OWASP. Applying CST can not only significantly increase the quality of software, but can provide mathematical guarantees of trustworthiness that in particular certain security properties are respected by an implementation. We conclude with some open problems and future directions for research.
Forensics at Scale – Martin Schmiedecker
Abstract: Recently a number of open-source tools have been published that allow the timely acquisition and information extraction across an entire fleet of computers within a company or data center: GRR, MIG and osquery. They allow the remote acquisition of vital information dur- ing security incidents as well as monitoring of important parameters over time. All three are available as open source, are under active develop- ment and can be easily adapted to specific environments and contextual requirements.
This talk will give an overview of these tools, how they scale to hundreds of systems and what their most fitting use cases are within entities con- trolling hundreds or thousands of PC systems. Each has its pros and cons, and depending on whether they are used for digital forensics, incident response or long-term monitoring of systems can make a difference.
Registration is available here.