DC9723 May 24, 2022 Meeting

When: Tuesday 24 of May, 2022 from 18:30 to 21:30
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:
18:30 – Arrival, Antigen tests, etc.
19:00 – Short opening
19:10 – Nostalgia on a chip: Building 80’s compatible computers on FPGA – Shachar Shemesh, @ShacharShemesh, https://www.youtube.com/c/CompuSAR
20:30 – Short break
20:40 – Total Flaw: hacking flow computers for fun and free gas – Vera Mens, Claroty, @V3rochka

As always, the talks are free and there is no need to register. Come and bring your friends.

This is not an hybrid event…. Be there or miss it 🙂

Logistics:
In order to reduce the risk of a “super spreader” event, we have some limitations.

– Attendees will have to take Antigen tests at the entry. The test kits will be provided by Checkpoint
– Attendees will have to wear mask while in any closed space. This is a community event, for the community by the community. Please dont force us to kick people out for not wearing masks.
– To reduce risk of infection, there will not be pizza available, so take care of eating before arriving to the meetup.
– Please arrive with enough time in advance to perform the rapid test and wait for the results.

– If you are unable, or unwilling to perform a self-test, please do not arrive.

And finally, we can only make the event happen if the infection rate will continue to decline as it is now. If there will be a spike in infections nationally, then this will put the event at risk (both in terms of being responsible to the health of our attendees and in terms that it might not be allowed by MOH)

Also – we are looking for talks for next meeting!

When: Tuesday 24 of May, 2022 from 18:30 to 21:30
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:
18:30 – Arrival, Antigen tests, etc.
19:00 – Short opening
19:10 – Nostalgia on a chip: Building 80’s compatible computers on FPGA – Shachar Shemesh, @ShacharShemesh, https://www.youtube.com/c/CompuSAR
20:30 – Short break
20:40 – Total Flaw: hacking flow computers for fun and free gas – Vera Mens, Claroty, @V3rochka

As always, the talks are free and there is no need to register. Come and bring your friends.

This is not an hybrid event…. Be there or miss it 🙂

Logistics:
In order to reduce the risk of a “super spreader” event, we have some limitations.

– Attendees will have to take Antigen tests at the entry. The test kits will be provided by Checkpoint
– Attendees will have to wear mask while in any closed space. This is a community event, for the community by the community. Please dont force us to kick people out for not wearing masks.
– To reduce risk of infection, there will not be pizza available, so take care of eating before arriving to the meetup.
– Please arrive with enough time in advance to perform the rapid test and wait for the results.

– If you are unable, or unwilling to perform a self-test, please do not arrive.

And finally, we can only make the event happen if the infection rate will continue to decline as it is now. If there will be a spike in infections nationally, then this will put the event at risk (both in terms of being responsible to the health of our attendees and in terms that it might not be allowed by MOH)

Also – we are looking for talks for next meeting!

DC9723 April 26, 2022 Meeting

When: Tuesday 26 of April, 2022 from 18:30 to 21:30
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:
18:30 – Arrival, Antigen tests, etc.
19:00 – Short opening
19:10 – Total Flaw: hacking flow computers for fun and free gas – Vera Mens, Claroty, @V3rochka
20:10 – Short break
20:30 – TBA

As always, the talks are free and there is no need to register. Come and bring your friends.

This is not an hybrid event…. Be there or miss it 🙂

Logistics:
In order to reduce the risk of a “super spreader” event, we have some limitations.

– Attendees will have to take Antigen tests at the entry. The test kits will be provided by Checkpoint
– Attendees will have to wear mask while in any closed space. This is a community event, for the community by the community. Please dont force us to kick people out for not wearing masks.
– To reduce risk of infection, there will not be pizza available, so take care of eating before arriving to the meetup.
– Please arrive with enough time in advance to perform the rapid test and wait for the results.

– If you are unable, or unwilling to perform a self-test, please do not arrive.

And finally, we can only make the event happen if the infection rate will continue to decline as it is now. If there will be a spike in infections nationally, then this will put the event at risk (both in terms of being responsible to the health of our attendees and in terms that it might not be allowed by MOH)

Also – we are looking for talks for next meeting!

DC9723 March 22, 2022 Meeting

When: Tuesday 22 of March, 2022 from 18:30 to 21:30
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:
18:30 – Arrival, Antigen tests, etc.
19:00 – Short opening – Ezra
19:10 – Retrocomputing: Modern hacking of ancient hardware, @inbarraz, Hunters.ai
20:10 – Short break
20:30 – The ContiLeaks CTI Goldmine, @Gal_B1t, PayPal (will not be recorded)

As always, the talks are free and there is no need to register. Come and bring your friends.
The talk will be delivered in Hebrew, and it will be recorded

This is not an hybrid event…. Be there or miss it 🙂

Logistics:
In order to reduce the risk of a “super spreader” event, we have some limitations.

– Attendees will have to take Antigen tests at the entry. The test kits will be provided by Checkpoint
– Attendees will have to wear mask while in any closed space. This is a community event, for the community by the community. Please dont force us to kick people out for not wearing masks.
– To reduce risk of infection, there will not be pizza available, so take care of eating before arriving to the meetup.
– Please arrive with enough time in advance to perform the rapid test and wait for the results.

– If you are unable, or unwilling to perform a self-test, please do not arrive.

And finally, we can only make the event happen if the infection rate will continue to decline as it is now. If there will be a spike in infections nationally, then this will put the event at risk (both in terms of being responsible to the health of our attendees and in terms that it might not be allowed by MOH)

Also – we are looking for talks for next meeting!

DC9723 February 22 Meeting

When: Tuesday 22 of February, 2022 from 18:30 to 21:30
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:
18:30 – Arrival, Antigen tests, etc.
19:00 – Short opening – Ezra
19:10 – MoonBounce: the dark side of UEFI firmware – Mark Lechtik, Kaspersky, @_marklech_
20:10 – Short break
20:30 – All Roads Lead to OpenVPN: Pwn’ing Industrial Remote Access Clients – Sharon Brizinov, Claroty https://linkedin.com/in/sharonbrizinov
21:10 – Lighting talk: Encrypt Everything – Yoav Amit, Block @yoav_amit

As always, the talks are free and there is no need to register. Come and bring your friends.
The talks will be delivered in Hebrew (unless the speaker decides otherwise)
Not all the talks will be recorded (it’s the speaker decision)

This is not an hybrid event…. Be there or miss it 🙂

Logistics:
In order to reduce the risk of a “super spreader” event, we have some limitations.

– Attendees will have to take Antigen tests at the entry. The test kits will be provided by Checkpoint
– Attendees will have to wear mask while in any closed space. This is a community event, for the community by the community. Please dont force us to kick people out for not wearing masks.
– To reduce risk of infection, there will not be pizza available, so take care of eating before arriving to the meetup.
– Please arrive with enough time in advance to perform the rapid test and wait for the results.

And finally, we can only make the event happen if the infection rate will continue to decline as it is now. If there will be a spike in infections nationally, then this will put the event at risk (both in terms of being responsible to the health of our attendees and in terms that it might not be allowed by MOH)

Also – we are looking for talks for next meeting!

DC9723 January 28 2020 Meeting

When: Tuesday 28 of January, 2020 from 18:45 to 21:00
Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:

Brief Introduction and Administrative updates
Crypto Fails – from basics to advanced stuff – Guy Barnhart-Magen (double length talk)

As always, the talks are free and there is no need to register. Come and bring your friends.

DC9723 December 17 Meeting

When: Tuesday 17 of December, 2019 from 18:45 to 21:00

Where: Check Point Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)
Agenda:
Brief Introduction and Administrative updates

Get Off The Kernel If You Can’t Drive – Israeli Edition – Mickey Shkatov

2nd Talk TBA

As always, the talks are free and there is no need to register. Come and bring your friends.

DC9723 May 21 2019 Meeting

DC9723 May 21 2019 Meeting
When: Tuesday 21 of May, 2019 from 18:45 to 22:00
Where: Checkpoint Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)

Agenda:

Brief Introduction
The butterfly effect – actively manipulating VMs through hypervisor introspection – Sofia Belikovetsky
Herding cattle in the desert: How malware actors have adjusted to new security enhancements in MacOS Mojave – Omer Zohar

As always, the talks are free and there is no need to register. Come and bring your friends.
The talks will be uploaded to youtube a week after the meeting.
You can watch the previous talks at https://www.dc9723.org/

*We need more talks, please consider submitting a talk for the next DC9723 meeting. For more details and questions, please contact cfp@dc9723.org

Abstracts:

The butterfly effect – actively manipulating VMs through hypervisor introspection – Sofia Belikovetsky
Imagine your cloud was compromised with malware. Remediating this threat is often complex, since you need to have security solutions installed on each VM (virtual machine). Security solutions for the cloud often use the same security methods as for regular PCs, not tapping into the potential of virtualization. In this talk, we will show a way to break the “security agent per VM” paradigm by leveraging the power of hypervisor introspection against the attackers and their malware. Hypervisor introspection is the ability to analyze and monitor the internal memory of a VM from its host. It is a well-researched area in cyber security that focuses on a passive approach of analyzing the internal kernel structures of the VM in order to detect malicious code execution and anomalies. Traditionally, hypervisor introspection is used to detect security threats in datacenters. We build on the previous work in this field and extend it to utilize a more active approach where we can take remedial actions once a threat is detected and externally influence the behaviour of the VM. Remediation of cyber security threats is one of the most complicated problems in datacenter security, since there is a need to stop and remove the threat without harming the operational aspect of the VMs and the network. Currently there is no standard for solving this problem. However, by leveraging the power of virtualization, we can add remediation capabilities into the hypervisor layer. We can handle various security threats by focusing on suspension of processes and threads, and termination of unwanted network connections, all from outside the VM. One of the biggest advantages of such approach is that the malware running on the VM is completely unaware of either the detection methods that are running from the hypervisor or the remediation methods that modify values in memory. In this case, the malware can neither evade detection nor disable the detection mechanism. We demonstrate the concept of the “butterfly effect” in a virtualized environment, where changing a single value in a kernel struct can influence the behaviour of a VM. We have analyzed crucial linux kernel structures and tested how minor changes in their values can change the flow of the VM. This approach is unique, since we surgically select which values to modify in order to change the behavioural flow of the OS. Thus, a minor change achieves the desired effect, termination of the security threat. This is a technical talk where we will explain how hypervisor introspection works and demonstrate how to externally read and write to the internal memory of the VM. We will deep dive into the internals of the KVM hypervisor and Linux based VMs, show the addition of QMP commands to qemu-kvm and the modification of the memory. For each remediation scenario, we will show the value that was changed and how the flow of the Linux kernel was influenced by this change.

Herding cattle in the desert: How malware actors have adjusted to new security enhancements in MacOS Mojave – Omer Zohar

Malware on the Mac has always been like a unicorn – a creature from folk tales. But in recent years what was thought of as a unicorn, turned out to be a shadow of a horse with a wooden peg on his head: a story being told to give users a (false) sense of security.

Mac malware is on the rise, at an alarming rate. Estimations indicate that over 12% of Macs showed malicious activity in the past year. Most common types are adware, monetizing malware and scareware such as fake cleaners.

In contrast, each new version of macOS introduce improved security mechanisms, supposedly setting a higher bar for successful infection. Mechanisms such as Quarantine, SIP and GateKeeper verify software integrity, and make changes to user and OS settings more difficult, TCC (Transparency, Consent, and Control) requires stricter user consent during app installation, while XProtect and MRT finish off with rules to detect malicious files.

Still, Mac Malware is on the rise, with 12M infected machine identified in 2018 alone, while the YoY growth of infection has been over 100% since 2016. A clear signal that bad guys adapt fast.

In this talk, we’ll deep dive into recent security changes in MacOS Mojave & Safari and examine how these updates impacted actors of highly distributed malware in terms of number of infections, and more importantly – monetization.

We’ll take a look at malware actors currently infecting machines in the wild (Bundlore and Genio to name a few) – and investigate how their tactics evolved after the update: From Vectors of infection that bypass GateKeeper, getting around the new TCC dialogs, hijacking search in a SIP protected Safari, to persistency and reinfection mechanisms that ultimately turn these ‘annoying PUPs’ into a fully fledged backdoored botnet.