OWASP Israel June 2015

Our second meeting in 2015 for the Israel chapter of OWASP will take place on June 16, at 17:00, in Microsoft's Herzeliya office, 13 Shenkar St., Building Gev-Yam 5.

Attendance is free, but registration is required: https://owasp-israel-june-2015.eventbrite.com.

This time, OWASP Israel is joining forces with the Israel chapter of CSA! This will be a joint meeting, with both chapters hosting. This will give us an opportunity to expand our horizons, hear different relevant topics, and network with slightly different group of people.

Agenda:
 17:00 – 17:30    Gathering, food, and drinks (KOSHER)

 17:30 – 17:45    Opening note 

 17:45 – 18:25      One Key to Rule Them All: Detecting the Skeleton Key Malware   Itai Grady & Tal Be’ery, Microsoft 

Identity is one of the cornerstones of application security. On Windows domains, identity is managed through Active Directory (AD) Domain service on the Domain Controller (DC), and many applications are integrated with AD. Therefore, it should come as no surprise that attackers are actively targeting the DC in order to gain rogue access to applications and servers.

Earlier this year, Dell Secureworks had shared a report on an advanced attack campaign utilizing a dedicated DC malware, named “Skeleton Key” Malware. The Skeleton Key malware modifies the DC behavior to accept authentications specifying a secret ”Skeleton key” (i.e. “master key”) password, thus enabling the attackers to login to any application as any domain user without installing any additional malware while keeping the original users’ authentication behavior.

In this talk, we will explore the unique interaction between such malware functionality and the Kerberos authentication protocol; We will put a special emphasis on its manifestation over the network traffic. We will also share a script that implements the remote detection of the skeleton key malware functionality.

 18:30 – 19:10      Software Defined Networks are emerging  – How it affects security 

 Almog Ohayon, Javelin Networks 

TBA

19:10 – 19:30     Coffee break

19:30 – 20:10      Outsmarting researchers: Fraudsters and their security practices 

 Julia Karpin, F5 Networks 

TBA