Tema: Cenário do Risco Digital sob a ótica do atacante e análise de causas
Descrição: Uma visão sistêmica do cenário real de segurança e risco cibernético. Centenas de ataques simulados executados a partir de incursões “Red Team Assessment”, evidenciando os impactos potenciais possíveis, bem como suas probabilidades e os principais vetores utilizados nesses ataques. Identificar o risco é tão importante quanto garantir um processo de mitigação de risco efetivo.
Palestrante: Alexandre Brum
Tema: Como meu cachorro invadiu uma empresa
Descrição: No contexto da era digital, empresas de todos os portes têm a segurança cibernética como uma prioridade. Entretanto, ocasionalmente, ameaças podem surgir de fontes inesperadas. Nesta palestra, é contada uma história sobre como um cachorro aparentemente comum conseguiu obter acesso a informações confidenciais de uma empresa, ressaltando as fragilidades e lacunas na segurança que muitas vezes deixamos passar despercebidas.
Palestrante: Felipe Liatzkowski
Tema: CrowdStrike Bypass
Descrição: This presentation details a specific technique used to bypass Falcon’s endpoint protection. It provides a clear and detailed walkthrough of the bypass method, demonstrating how attackers exploit this vulnerability to avoid the EDR automatic actions. The session covers the exact steps involved in the bypass and offers insights on how to protect systems against this threat. This information is for cybersecurity professionals and tech enthusiasts who aim to stay focused on security challenges.
Palestrante: Samuel Pires
Tema: Hacking a bank without leaving your bedroom
Descrição: Hackear um banco é provavelmente o sonho de todo pentester. Durante um projeto com a Elytron security, eu e mais dois pentesters tivemos esse objetivo. Nesta talk temos a intenção de descrever todos os desafios envolvidos no processo, vetor de entrada, quais as medidas implementadas pelo banco para paralisar o ataque e como evadimos e evitamos novas medidas. É uma talk completa, do zero ao alcance do objetivo.
Palestrante: Matheus Vrech e Arthur Aires
Tema: It’s Not a Feature, It’s a Bug!
Descrição: During a quiet family gathering, I received a new mission: to find suitable management software for our newly opened family clinic. With the responsibility of ensuring the proper management of the clinic and my background in security, I also focused on protecting the sensitive data of patients.
While examining various available options on the market, I noticed that many of these software solutions did not consider potential types of cyberattacks. Determined to find a secure and reliable solution, I began meticulously analyzing the source code of one of the applications.
It was during this investigation that I came across something concerning in one of the systems under review. I found an innocuous feature at first glance, but upon deeper analysis, I saw that it was a critical bug. This allowed me to execute remote code (RCE) and gain unauthorized access to servers and patient data.
In this talk, I will present how I explored this issue, and the rest is history!
Palestrante: Alcyon Junior
Tema: Mac-n-Cheese: How to Cook Up Delicious Electron Techniques for Red Teamers
Descrição: At BRHueCon in Las Vegas, our talk will explore how to exploit Electron applications. We’ll demonstrate methods to access directories protected by the TCC framework and show how to insert backdoors for persistence.
We’ll break down the anatomy of an Electron app, discuss various exploitation scenarios, and highlight case studies of both patched and still-vulnerable apps. Emphasizing the importance of hardening these applications, we’ll present tailored techniques for preventing exploitation.
Additionally, we’ll explore abusing entitlements for camera and audio access.
Palestrante: Roberto “Espreto” Soares
Tema: Meus desControles de Segurança – O que fazer ?
Descrição: A talk cobrirá um tema chave para as organizações que investem em diversos controles\ferramentas de segurança e ainda assim não conseguem responder o quão segura elas estão. Entenda como a Cymulate pode ajudá-los a colocar mais controle e eficácia no dia a dia de sua operação, validando os controles e entregando relatórios que façam sentido.
Palestrante: Daniel Gomes
Tema: Modelagem de Ameaça para Identidades
Descrição: “Identidade é o novo perímetro”. Com seu crescente destaque nos últimos anos, é essencial mudar nossa postura de segurança e avançar além das barreiras tradicionais. Este painel apresentará uma abordagem inovadora de modelagem de ameaça focada em identidades, destinada a identificar e avaliar potenciais ameaças de segurança. O objetivo é entender como um atacante pode comprometer identidades e as possíveis consequências desse comprometimento.
Palestrante: Rafael Lachi
Tema: Navegando o Oceano de Vulnerabilidades: Desafios e dicas de como identificar e priorizar as vulnerabilidades mais críticas para sua organização
Descrição: Em 2023, em média, 79 novas CVEs foram publicadas diariamente, tornando o desafio de times de AppSec cada vez mais difíceis. Mas como identificar e priorizar as ameaças mais críticas para o seu negócio em meio a tanto ruído? Nessa apresentação, embasada em dados de comunidade, entenda a origem dos desafios dos programas de AppSec modernos e aprenda algumas dicas de como navegar o mar de vulnerabilidades e priorizar aquelas que mais fazem sentido para sua organização.
Palestrante: Raphael Bottino
Tema: Offensive on Defensive: Unveiling Endpoint Weaknesses with CVE-2020-26053
Descrição: This presentation is based on my CVE-2020-26053, The purpose of this presentation, it’s to execute several efficiency and detection tests in my endpoint solution, bringing the result of the defensive security analysis with an offensive mindset performed in the execution of some techniques, regarding the test performed, the first objective it was to simulate targeted attacks using invasive techniques such as Dll Injection using Payload created by msfvenom based on Metasploit platform, and using a PowerView, that is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows “net *” commands, which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality, It also implements various useful metafunctions, including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist. See function descriptions for appropriate usage and available options. For detailed output of underlying functionality, pass the -Verbose or -Debug flags. As a Second test the idea it was to use Shell Injection using payloads created via msfvenom based on PowerView as well using the same strategy to the firsts test, this cmdlet can be used to inject a custom shellcode or Metasploit payload into a new or existing process and execute it. And as a Third test, we used a tool that can perform DLL injection using a tool known as Remote DLL Injector from SecurityXploded team which is using the CreateRemoteThread technique and it has the ability to inject DLL into ASLR-enabled processes. The process ID and the path of the DLL are the two parameters that the tool needs using Payload created by msfvenom. And the fourth test was to download a Ransomware directly on the victim’s machine using PowerShell script and execute itself exploring the policy delay and finally the last test consisted in running the stress test using a script python script with daily malware, provide by MalwaresBazaar by request using API access, and the some moment perform the PowerShell to download a Ransomware directly on the victim’s machine
Palestrante: Filipi Pires
Tema: The Oracle Awakens: Demystifying Privilege Escalation in the Cloud
Descrição: In this talk, we explore privilege escalation mechanisms and paths within Oracle Cloud. Privilege escalation, the process by which an attacker gains elevated access and permissions beyond those intended by the cloud administrator, poses a significant threat in cloud environments and can significantly aid an attacker or pentester.
Our discussion will focus on identifying privilege escalation paths, understanding how cloud administrators can misconfigure policies, and the methods attackers can use to exploit these vulnerabilities. Through carefully designed scenarios and real-world examples, attendees will learn to recognize signs of privilege escalation, thereby enhancing their security posture.
Palestrante: Felipe Pr0teus
Tema: Using infostealer information for EASM IR
Descrição: The presentation shows in a simple and quick way how to use compromised corporate credentials (BEC) through infostealer malware, to not only carry out the treatment process correctly, but also to map External attack surface management (EASM).
Palestrante: Thiago Bordini
Tema: When AI Breaks Bad: Navigating the Threatscape of Machine Learning
Descrição: Based on my recent Studies, the objective of this talk is to lean over the most common techniques known in the AI attack field and join this knowledge with the risk perspective for companies since all the actual companies are somehow using or exposed to AIs. Those attacks can be explored even in companies that do not directly develop their proprietary AI system. Now, AI security must be known and mapped as a tangible risk.
The attacks presented during the talk will be divided into four groups: Extraction, Inversion, Poisoning and Evasion. Each of these techniques is a way to confuse the AI system and generate some type of misbehaviour presenting a risk for the user, such as when the AI is the truth source for important decisions such as credit prediction or the company when for example an attacker confuses the AI to extract training data.
When dealing with AI companies and users must have the same caution as the one applied to protect other systems that store sensitive data for example. After all, as with any other system, an AI is a computer program that processes and analyses a large amount of data to be used in decision-making or other critical process. Thus, the talk will also explore mitigation measures to help manage those risks. After all, now that we have passed the point of return, we need to face the best way to deal with this powerful tool we have in our hands.
Palestrante: Larissa Fonseca