This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Netherlands May 14, 2013"
m (added information about botnets) |
|||
| (17 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | ;[[Netherlands | OWASP Netherland Wiki]] | ||
| + | ;[[Netherlands_Previous_Events_2013 | All OWASP NL Events 2013]] | ||
= May 14, 2013 = | = May 14, 2013 = | ||
| − | "In this Chapter meeting | + | "In this Chapter meeting you will learn how to protect your password storage and how to take down bots in a peer to peer network" |
| − | |||
==Programme== | ==Programme== | ||
:18:30 - 19:15 Registration & Pizza | :18:30 - 19:15 Registration & Pizza | ||
| − | :19:15 - 20:00 | + | :19:15 - 20:00 Securing Password Storage - Tiago Teles |
:20:00 - 20:15 Break | :20:00 - 20:15 Break | ||
| − | :20:15 - 21:00 | + | :20:15 - 21:00 Neutralizing Peer-to-Peer Botnets - Dennis Andriesse |
:21:00 - 21:30 Networking | :21:00 - 21:30 Networking | ||
| + | :[[Media:OWASP Netherlands Chapter Meeting 2013-04-10.pdf | Chapter meeting flyer (pdf)]] | ||
| + | |||
==Presentations== | ==Presentations== | ||
| − | === | + | ===Securing Password Storage - Increasing Resistance to Brute Force Attacks=== |
| − | + | By Tiago Teles. | |
| − | |||
| − | |||
In this talk Tiago Teles takes apart password protection scheme analyzing the attack | In this talk Tiago Teles takes apart password protection scheme analyzing the attack | ||
resistance of hashes, hmacs, adaptive hashes (such as script), and encryption | resistance of hashes, hmacs, adaptive hashes (such as script), and encryption | ||
| Line 24: | Line 25: | ||
will include key techniques for hardening PSM learned through years of delivering | will include key techniques for hardening PSM learned through years of delivering | ||
production JavaEE code to customers... | production JavaEE code to customers... | ||
| + | :[https://github.com/jsteven/psm/tree/master/presentations The presentation (with notes or without notes) can be found here] | ||
| + | :[https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet The cheat sheet associated with this is here] | ||
| + | :[http://en.wikipedia.org/wiki/Rainbow_table Wiki page about Rainbow Table] | ||
| + | :[http://people.csail.mit.edu/rivest/pubs/JR13.pdf Paper "Honeywords: Making Password-Cracking Detectable" (PDF)] | ||
===Neutralizing Peer-to-Peer Botnets=== | ===Neutralizing Peer-to-Peer Botnets=== | ||
| − | This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets. Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts. | + | By Dennis Andriesse. |
| + | |||
| + | This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets. | ||
| + | Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts. | ||
| + | :[[Media:Owaspnl_zeus-owasp-2013.pdf | Download the presentation as PDF]] | ||
| + | :[http://www.few.vu.nl/~da.andriesse/papers/security-and-privacy-2013.pdf Paper about resilience of peer-to-peer botnets (PDF)] | ||
| + | :[http://www.few.vu.nl/~da.andriesse/papers/zeus-tech-report-2013.pdf Technical rapport about Zeus (PDF)regular updated] | ||
| + | |||
==Speakers== | ==Speakers== | ||
| − | |||
| − | |||
| − | |||
===Tiago Teles=== | ===Tiago Teles=== | ||
Tiago Teles is a Technical Consultant with 7 years of experience in clients across | Tiago Teles is a Technical Consultant with 7 years of experience in clients across | ||
| Line 37: | Line 46: | ||
and commercial organizations in a variety of roles, Development, Business | and commercial organizations in a variety of roles, Development, Business | ||
Intelligence, Quality Assurance and Delivering Training. | Intelligence, Quality Assurance and Delivering Training. | ||
| + | |||
| + | ===Dennis Andriesse=== | ||
| + | Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets. | ||
==Venue== | ==Venue== | ||
| Line 43: | Line 55: | ||
Onderwijsboulevard 215 | Onderwijsboulevard 215 | ||
5223 DE 's-Hertogenbosch | 5223 DE 's-Hertogenbosch | ||
| + | |||
| + | ==Sponsor== | ||
Latest revision as of 08:09, 16 May 2013
May 14, 2013
"In this Chapter meeting you will learn how to protect your password storage and how to take down bots in a peer to peer network"
Programme
- 18:30 - 19:15 Registration & Pizza
- 19:15 - 20:00 Securing Password Storage - Tiago Teles
- 20:00 - 20:15 Break
- 20:15 - 21:00 Neutralizing Peer-to-Peer Botnets - Dennis Andriesse
- 21:00 - 21:30 Networking
- Chapter meeting flyer (pdf)
Presentations
Securing Password Storage - Increasing Resistance to Brute Force Attacks
By Tiago Teles.
In this talk Tiago Teles takes apart password protection scheme analyzing the attack resistance of hashes, hmacs, adaptive hashes (such as script), and encryption schemes. First, we present a threat model for password storage. Then audience members will learn the construction, performance, and protective properties of these primitives. Discussion of the primitives will be from a critical perspective modeled as an iterative secure design session. Ultimately, this session presents the solution and code donated as part of the on- going OWASP PSM (password storage module) project. Discussion of this solution will include key techniques for hardening PSM learned through years of delivering production JavaEE code to customers...
- The presentation (with notes or without notes) can be found here
- The cheat sheet associated with this is here
- Wiki page about Rainbow Table
- Paper "Honeywords: Making Password-Cracking Detectable" (PDF)
Neutralizing Peer-to-Peer Botnets
By Dennis Andriesse.
This presentation is a case study on our takedown efforts against state-of-the-art peer-to-peer botnets. Unlike conventional botnets, peer-to-peer botnets are decentralized, and thus cannot be disabled by neutralizing centralized control facilities. Takedowns against peer-to-peer botnets require a highly decentralized approach targeting the infected drones themselves. We describe the technical and ethical challenges we faced in our own takedown attempts.
- Download the presentation as PDF
- Paper about resilience of peer-to-peer botnets (PDF)
- Technical rapport about Zeus (PDF)regular updated
Speakers
Tiago Teles
Tiago Teles is a Technical Consultant with 7 years of experience in clients across different sectors and countries, including banking, insurance, telecommunications and commercial organizations in a variety of roles, Development, Business Intelligence, Quality Assurance and Delivering Training.
Dennis Andriesse
Dennis Andriesse is a Ph.D. candidate in the System and Network Security Group at VU University Amsterdam. His research focuses on binary code (de)obfuscation and reverse engineering techniques. Next to that, he is also interested in advanced malware, particularly in the resilience of peer-to-peer botnets.
Venue
Avans Hogeschool Room: OB007 Onderwijsboulevard 215 5223 DE 's-Hertogenbosch
