BSidesLV 2023 - Summary

Dates: 2023-08-08 - 2023-08-09

Location: The Tuscany, Las Vegas, USA

https://bsideslv.org/

"Yeah, Machine Learning is cool, but have you ever curled up with Logic Programming on a rainy day? Ever watched a baby AI Planner take its first steps? Ever ditched work early on a Friday and roadtripped to Vegas with an Optimization Solver? In this session we’ll take a step back from all the machine learning gigahype and look at the wider world of AI. We’ll explore how NASA drives robots on Mars, how video games create intelligent agents, and how Google interrogates its massive Knowledge Graph. In each case we’ll see how the same AI methods can be adapted to tackle hard security problems, like tool orchestration and attack surface minimization, and we’ll build out small-scale versions of these problems and show how to solve them using open source libraries."

"Mainframe systems continue to drive global economic activity despite the “legacy” label they are often associated with. In fact, mainframes are responsible for business-critical functions across 70 percent of Fortune 500 companies. If you have ever withdrawn cash at an ATM, done your taxes online, or booked a flight for your next holiday, you have likely interacted with a mainframe application. As with all business-critical systems, ensuring they are secure is imperative. This talk is designed for anyone interested in the security of these mainframe applications. We will go over how mainframe systems work, why they are so important, how the applications work, how they are used, and how the researchers were able to exploit a number of vulnerabilities in real world mainframe applications."

"Windows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines, executed successfully and reports back to the cloud. You can probably already see where this is going. In this talk, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services. We will go behind the scenes exploring how this service works, what attack surface it exposes on machine and cloud, and how Microsoft managed to enable it without explicit user consent. We will demonstrate how Office cloud services can be harnessed to act as a C2 server making detection and attribution extremely difficult. Finally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas."

"Azure AD guest accounts are widely used to grant external parties limited access to enterprise resources, with the assumption that these accounts pose little security risk. As you’re about to see, this assumption is dangerously wrong. In this talk, we will show how guests can leverage undocumented APIs to bypass limitations and gain unauthorized access to sensitive business data and capabilities including corporate SQL servers, SharePoint sites, and KeyVault secrets. Furthermore, we will reveal how guests can create and control internal business applications to move laterally within the organization. All capabilities presented in the talk work will be demonstrated with the default Office 365 and Azure AD configuration. Next, we will drop PowerGuest, a powerful tool designed to uncover the true scope of guest access in your tenant. PowerGuest can automate limitation bypass, enumerate and dump all accessible data, and allow for interactive non-read actions by the researcher. Finally, we will make up for shattering the illusion of guests having limited access by sharing concrete steps to harden your Azure AD and Office 365 configurations to prevent such attacks and suggest detection logic to catch them if a change in configuration is not possible."

"Secrets like API keys and other credentials continue to be a persistent vulnerability. This presentation sheds light on the methods used to discover and exploit such secrets in various environments, including public and private git repositories, containers, and compiled mobile applications. Recent research has shown that git repositories are a treasure trove of secrets, with 10 million secrets discovered in public repositories in 2022 on GitHub alone. Private repositories are also an issue as they regularly contain large numbers of secrets in their history. The presentation’s first segment delves into discovering and exploiting secrets in both public and private repositories through various methods such as abusing GitHub’s public API, discovering exposed .git directories on networks, and exploiting misconfigurations in git servers. The second segment of the presentation discusses how attackers can discover secrets inside compiled applications. We review how almost 50% of mobile applications hosted on the Google Play Store and nearly 5% of docker images hosted on DockerHub.com contain at least one plain text secret. This presentation offers valuable insights and information on how to identify and address exposed secrets, one of the most persistent vulnerabilities in application security."

"Often on penetration tests I encounter printers. Lots of printers. The smarter the printer the more likely I’ll gain access to your entire organization by making it do things that will make your IT admins gasp in fear! Come watch as I demonstrate how you too can get your printers to give up all of its secrets."

"Modern malware, such as ransomware, has become synonymous with some of the most devastating cyber attacks of our time.. But it hasn’t always been so. Not too long ago, malware was considered a myth. The first ransomware, for example, was created over 30 years ago as a wild scheme, devised by a man armed with 10,000 floppy disks and a virus. Since then, malware has evolved in many different ways, as technology changes and evolves. Looking back and analyzing this history gives us an unusual perspective- what elements of malware have changed throughout the years, and what has remained consistent? How has this evolved into the most impactful form of cybercrime today, and what can this surprising, untold history teach us about our present and future?"