0.5 ringzer0-bootstrap25-austin 2025-03-18 2025-03-22 5 00:05 https://cfp.ringzer0.training https://cfp.ringzer0.training/media/ringzer0-bootstrap25-austin/img/b25_text_only_LN3M2Et.svg US/Central TCC📍Room 1.124 Hands-On Workshop 2025-03-21T09:00:00-05:00 09:00 08:00 Blackhoodie is a free, women only reverse engineering workshop and community. This FREE 1 day class introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler. ringzer0-bootstrap25-austin-66308-free-blackhoodie-1-day-training-compiler-internals-for-security-engineers Marion Marschalek en #### Topic: We will set up an environment with which we can analyze source code through different compilation stages and by the end of the day students will be able to inject code to a given compiler stage. Students will gain understanding how compiler mitigations are placed into applications, and understand the security relevancy of a build chain. #### Prerequisites: Bring a laptop on which you have permissions to install software. Basic coding skills and Linux command line skills required, knowing basics of assembly language is helpful but not required, #### When March 21 9am-5pm Central Time #### Where Thompson Conference Center, Austin TX false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/7CYWDF/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/7CYWDF/feedback/ San Jac Saloon Talk 2025-03-21T19:00:00-05:00 19:00 00:45 Phishing has evolved to bypass MFA using reverse proxies, while traditional defenses like blocklists are aging and evaded. This talk introduces Cloned Site Canarytoken, which alerts you to phishing attempts before credentials are entered, with real-world attack insights and response strategies. ringzer0-bootstrap25-austin-66304-from-0-to-millions-protecting-against-aitm-phishing-at-scale Jacob Torrey en Phishing has evolved both in the TTPs of attackers, and their targets. From simple clones of a website trying to get a username/password to reverse-proxying systems that steal sessions even with MFA, the target landscape has changed. Many of the defenses against phishing are started to show their age, between block-lists for domains that appear to be illegitimate, SMS/push MFA, and broken functionality cues that may alert someone to the site not being correct. Modern phishing tools, like EvilGinx, Modlishka, and more handle all of these by hiding the phishing content behind a unique "lure" to avoid domain blocking, supporting SMS/push MFA, and seamlessly allowing for login and hand-over once the session has been stolen. This talk is focused on a Canarytoken type that lets you protect a shared-responsibility platforms that are difficult to gain insight into. These include Azure Entra ID, LogTo, and custom sites. The Cloned Site Canarytoken lets you quickly get alerted if someone is mirroring or reverse-proxying a sensitive login page that has any of your users trying to login--you can get alerted about the phishing site's URL before the user has even entered their password! After a view of the landscape of modern phishing techniques, defenses, we'll dive into our novel defenses, and look at the data of token alerts from millions of logins every day to build a view of real-world phishing attacks and their TTPs. We'll finish off with how to respond to alerts, and some attacks against our Canarytoken. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DXWGRM/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DXWGRM/feedback/ San Jac Saloon Talk 2025-03-21T20:00:00-05:00 20:00 00:45 This talk examines EVSE security through an analysis of 8 EV chargers and findings from Pwn2Own Automotive 2024 and 2025. It covers typical charger design, common attack surfaces, and the process of researching an EV charger from scratch, including a successfully exploited vulnerability. ringzer0-bootstrap25-austin-66306-design-to-exploit-a-dive-into-ev-charger-security Jonathan Andersson, Connor Ford en The electric vehicle space is fast moving with many companies scrambling to capitalize on the Electric Vehicle Supply Equipment (EVSE) market. Naturally, a diverse set of EV chargers has arose from this, each of which presents its own cybersecurity risks. We will discuss the current state of EVSE security through an analysis of 8 EV chargers and the findings from Pwn2Own Automotive 2024 and 2025. The design of a typical EV charger will be reviewed along with common attack surfaces. Further we will present the journey of researching an EV charger from scratch and include detail about a vulnerability that was successfully exploited as part of Pwn2Own Automotive. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/Q7VGLN/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/Q7VGLN/feedback/ TCC📍Auditorium 1.110 Talk 2025-03-22T09:15:00-05:00 09:15 00:45 It has been a decade and a half since [FX](https://x.com/41414141) famously quipped that by quality level, ["we’d be better off defending our networks with Microsoft Word than a Checkpoint firewall."](https://youtu.be/an_bnXUIP0Y?t=2360&ref=ringzer0.training) Security products are still pretty terrible - but why? From usability to vulnerability counts - we still fare pretty poorly. This keynote examines why this keeps happening and plots a path to a different world. ringzer0-bootstrap25-austin-66299-keynote-security-products-don-t-have-to-suck Haroon Meer en It has been a decade and a half since [FX](https://x.com/41414141) famously quipped that by quality level, ["we’d be better off defending our networks with Microsoft Word than a Checkpoint firewall."](https://youtu.be/an_bnXUIP0Y?t=2360&ref=ringzer0.training) Security products are still pretty terrible - but why? From usability to vulnerability counts - we still fare pretty poorly. This keynote examines why this keeps happening and plots a path to a different world. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/QCQFAK/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/QCQFAK/feedback/ TCC📍Auditorium 1.110 Talk 2025-03-22T10:00:00-05:00 10:00 00:45 The Linux Kernel underpins billions of modern computers and devices ranging across almost every industry. Arguably, its ubiquity places it firmly into the category of critical infrastructure. But, is it secure? In this presentation, Josh will explore this question in detail. He compares and contrasts the security investments being made within the Linux Kernel developer ecosystem with a typical software development life cycle used in a professional development organization. Additionally, he will share a case study of a public and widely exposed security issue that remains unfixed. Finally, he will make recommendations that can reduce the risk posed by running the Linux Kernel. ringzer0-bootstrap25-austin-64798-musings-from-decades-of-linux-kernel-security-research Joshua J. Drake en The Linux Kernel underpins billions of modern computers and devices ranging across almost every industry. Arguably, its ubiquity places it firmly into the category of critical infrastructure. But, is it secure? In this presentation, Josh will explore this question in detail. He compares and contrasts the security investments being made within the Linux Kernel developer ecosystem with a typical software development life cycle used in a professional development organization. Additionally, he will share a case study of a public and widely exposed security issue that remains unfixed. Finally, he will make recommendations that can reduce the risk posed by running the Linux Kernel. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/UJPQYU/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/UJPQYU/feedback/ TCC📍Room 1.124 Hands-On Workshop 2025-03-22T11:00:00-05:00 11:00 01:30 In this workshop, we will provide an introduction to state-of-the-art approaches for modern binary (de)obfuscation. After a brief lecture on the fundamental ideas, we will walk through practical examples. We will use symbolic execution to retrieve the obfuscated expression from the compiled binary and attempt to simplify it, and finally, we will leverage program synthesis to reason about and successfully recover the semantics of the obfuscated code. ringzer0-bootstrap25-austin-59866-workshop-hands-on-binary-de-obfuscation Arnau Gàmez i Montolio en In this workshop, we will provide an introduction to state-of-the-art approaches for modern binary (de)obfuscation. After a brief lecture on the fundamental ideas, we will walk through practical examples. We will use symbolic execution to retrieve the obfuscated expression from the compiled binary and attempt to simplify it, and finally, we will leverage program synthesis to reason about and successfully recover the semantics of the obfuscated code. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/NN3HRH/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/NN3HRH/feedback/ TCC📍Room 1.124 Hands-On Workshop 2025-03-22T13:15:00-05:00 13:15 01:30 In this workshop we will cover the basics of reverse engineering automotive firmware. An ECU firmware can consist of millions of lines of code which would take a long time to fully reverse engineer. Tips and tricks will be taught to quickly identify parts of the firmware that are of interest. ringzer0-bootstrap25-austin-64445-workshop-introduction-to-automotive-firmware-reverse-engineering Willem Melching en The following subjects will be covered during the workshop: - Common processor architectures used in Automotive - Diagnostic protocols used for reflashing ECUs - Obtaining firmware files - Typical firmware layout - Loading firmware into Ghidra - Identify common patterns, such as diagnostic handlers, CAN parsing, etc What to bring: - A laptop with the latest version of Ghidra installed - Experience with reverse engineering recommended for the hands-on part of the workshop false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DGKUNB/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/DGKUNB/feedback/ TCC📍Room 1.124 Hands-On Workshop 2025-03-22T15:15:00-05:00 15:15 01:30 Unlock the power of automated reverse engineering with Ghidra’s command line tools in this hands-on workshop. Designed for developers and security analysts, this session will guide you through the process of setting up a productive development environment using the Ghidra Python VSCode Devcontainer Skeleton. You’ll learn how to automate tasks, script analyses, and integrate Ghidra’s powerful decompilation and disassembly features into your workflow, all from the command line. ringzer0-bootstrap25-austin-50424-workshop-offensive-security-tool-development-with-ghidra John McIntosh en **Workshop Outline:** **I. Introduction ** - Overview of Ghidra and its capabilities - Importance of command line tools in reverse engineering - Introduction to the Ghidra Python VSCode Devcontainer Skeleton **II. Setting Up the Environment ** - Cloning the repository and exploring its structure - Setting up VSCode and the devcontainer for Ghidra scripting - Understanding the Ghidra headless analyzer **III. Basic Ghidra Command Line Operations ** - Navigating Ghidra’s command line interface - Importing and analyzing a binary - Learning the various ways to script Ghidra in Python - Learning the best way **IV. Scripting with Ghidra ** - Writing basic scripts to automate tasks in Ghidra - Utilizing the Ghidra API for advanced scripting - Debugging and optimizing scripts - Hands-on challenge: Write a script to automate a call graph analysis **V. Advanced Techniques ** - Integrating external tools and libraries with Ghidra scripts - Customizing the devcontainer for specific use cases **VI. Q&A and Practical Session** - Open floor for participant questions false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/XJHDRQ/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/XJHDRQ/feedback/ TCC📍Room 1.126 Hands-On Workshop 2025-03-22T11:00:00-05:00 11:00 01:30 At this very moment you are enveloped in the warm glowing warming glow of dozens to hundreds of Bluetooth devices. Aren’t you curious what all those little critters are?! In this workshop we’ll use the Blue2thprinting tools to poke at these apparitions and get a sense of what they are and what they want from us! Note: this workshop will require you to run a prepared Linux VMware VM, and plug in USB Bluetooth dongles for sending and receiving packets. Come with VMware installed, and a machine you're willing to plug USB devices into. ringzer0-bootstrap25-austin-64448-workshop-blue2thprinting-identifying-the-form-and-function-of-the-bluetooth-devices Xeno Kovah en [Blue2thprinting](http://darkmentor.com/publication/2023-11-hardweario/) is Bluetooth-toothprinting - the act of creating a toothprint (2thprint) to identify distinct features of a Bluetooth device. These 2thprints help us determine information such as what type of Bluetooth chip it uses, what company makes it, what model it is, etc. Over the past year I have focused on Blue2thprinting as a way to approach vulnerability assessment of Bluetooth devices. Specifically, whether they are vulnerable to the over-the-air Bluetooth chip vulnerabilities found by Veronica Kovah and presented at BlackHat USA 2020. This workshop serves as a preview of the 1-day Blue2thprinting class being developed for OpenSecurityTraining2 (ost2.fyi) by Xeno Kovah. This brief workshop will give you a basic introduction to what the built-in Linux tools do and don't give you, and how that information is combined with and supplemented by the customized Blue2thprinting tools, and wrapped into more human-understandable formatting. The first 20 attendees who arrive will be provided with a preconfigured Linux VM where both the collection and analysis components are already set up, and the two USB dongles necessary to demonstrate improved capture capabilities. (Attendees after 20 can get the VM but will need to look over the shoulder of someone with the hardware.) The VM will also be pre-seeded with some real Bluetooth data from past security conferences I've attended (DEF CON, Hardwear.io, RingZer0 2022, etc), that can be explored at your leisure. You'll also get a chance to try out the brand new "BTIDALPOOL" crowdsourcing infrastructure, which lets folks submit or retrieve shared Bluetooth information from a central server. In this workshop you’ll learn about and play around with the following: Linux Bluetooth default tools: - hciconfig - bluetoothctl - btmon Linux non-default tools: - Wireshark - gatttool - sdptool Blue2thprinting software: - central_app_launcher2.py for coordinating active 2thprinting components - Sniffle for sniffing BLE or sending arbitrary BT Low Energy packets - Analysis scripts for post-processing log files and placing data into MySQL database - TellMeEverything.py to provide a nicer interface to the data in the local or remote BTIDALPOOL database At the end of the workshop you’ll be cordially invited to join the BlueCrew, and be introduced into the wide world of open research questions that exist in the Bluetooth space, awaiting your collaboration. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/TKJP3F/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/TKJP3F/feedback/ TCC📍Room 1.126 Hands-On Workshop 2025-03-22T13:15:00-05:00 13:15 01:30 This workshop introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler. We will use a pre-setup environment with which we can analyze source code through different compilation stages and by the end of the workshop students will be able to inject code at an early compiler stage. Students will gain understanding of the security relevancy of a build chain. ringzer0-bootstrap25-austin-66542-workshop-compiler-internals-for-security-engineers Marion Marschalek en This workshop introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler. We will use a pre-setup environment with which we can analyze source code through different compilation stages and by the end of the workshop students will be able to inject code at an early compiler stage. Students will gain understanding of the security relevancy of a build chain. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/AHQBXY/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/AHQBXY/feedback/ TCC📍Room 1.126 Hands-On Workshop 2025-03-22T15:15:00-05:00 15:15 01:30 Fuzz testing is a powerful technique for uncovering vulnerabilities, but applying it to deeply embedded, bare-metal, or real-time operating system (RTOS) firmware presents unique challenges compared to traditional Linux-based systems. This hands-on, 90-minute workshop will guide participants through the process of analyzing and fuzz testing deeply embedded firmware using a modern technique called firmware rehosting. ringzer0-bootstrap25-austin-64704-workshop-fuzz-testing-bare-metal-and-rtos-firmware Tobias Scharnowski, Marius Muench en Fuzz testing is a powerful technique for uncovering vulnerabilities, but applying it to deeply embedded, bare-metal, or real-time operating system (RTOS) firmware presents unique challenges compared to traditional Linux-based systems. This hands-on, 90-minute workshop will guide participants through the process of fuzz testing and analyzing deeply embedded firmware using a modern technique called firmware rehosting. Attendees will gain practical experience in: 1. **Understanding the Landscape**: We will explore the differences between deeply embedded firmware and Linux-based firmware. 2. **Firmware Analysis with Ghidra**: Participants will learn how to load and start analyzing deeply embedded firmware in Ghidra. 3. **Fuzz Testing with Fuzzware**: We will introduce Fuzzware, a rehosting-based fuzzing framework for deeply embedded systems, and demonstrate how to set up and execute fuzz tests to uncover security issues. This workshop is ideal for security researchers, embedded developers, and anyone interested in securing low-level firmware. No prior experience is required. Attendees will leave with the knowledge and practical skills needed to start integrating fuzz testing into their embedded security workflows. false https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/EY3KQZ/ https://cfp.ringzer0.training/ringzer0-bootstrap25-austin/talk/EY3KQZ/feedback/