ZACon 2015

Saturday, October 3, 2015 4 years ago ,

MWR will be presenting two exciting new talks at ZACon and another at ZACon Nights next month.

MWR is pleased to announce that Travis Ford, Kyle Riley and Matthew Marx have been selected to give a talk at ZACon. This will take place on Saturday 3rd October 2015 at the University of Johannesburg, South Africa.

ZACon is a South African information security conference run by hackers for hackers, with the explicit aim of growing the South African information security scene. New speakers, as well as veterans are encouraged, with local-research in nearly any security-relevant topic preferred.

Talks presented by MWR

Topic: Hacking the Node

Speaker: Kyle Riley

Abstract As the local market for Video on Demand services booms, multiple South African vendors are developing innovative products to quench the ever growing needs of consumers. One such product is Altech’s set-top box solution, the Node, offering features such as streaming of HD content over satellite, the ability to integrate with smart home devices, and an Android Virtual Machine.

The Altech Node was analyzed by a team at MWR Labs, which led to a number of security vulnerabilities being identified. The talk discusses the security measures implemented, as well as the strategy employed to uncover security flaws that ultimately led to code execution and reaching a privileged context on the device.

Topic: How My AI Broke Your 20 Character Password

Speaker: Travis Ford and Matthew Marx

Abstract: The presentation will focus on research around cracking passwords automatically using artificial intelligence. In particular, the research will discuss the use of rules in password cracking and the effectiveness of developing efficient, intelligent rulesets to use with wordlists to crack passwords. In this presentation, MWR will present a novel technique that creates highly intelligent rules without any involvement on the part of the user. This is achieved using an genetic algorithm that uses evolutionary principles to prune and breed rules that crack increasingly complex passwords over time.

You can register for tickets to ZACon here

ZaCon Nights is a social event that will happen on the Friday 2nd October the day before ZACon. This night will be filled with hacker fun and adventure. There will also be different challenges like Hacker Jeopardy, CTF, Lockpick Barfridge and you can build your very own ZACon branded Wi-Fi antenna. MWR’s very own Managing Consultant, Tyrone Erasmus will also be giving a talk that night.

Talks presented by MWR

Topic: In Loving Memory: A Journey Through Password Extraction Techniques

Speaker: Tyrone Erasmus

This talk will provide a history on the evolution of post exploitation techniques used to extract user passwords after compromising a computer. It will compare how these techniques have evolved on Windows and Linux over the years and what defenders have done to make this harder. It will then present a new way to extract user passwords from a Linux system without the need for cracking hashes. A newly-developed tool will be demonstrated and the trials and tribulations of performing these techniques on modern Linux systems will be discussed.

In addition to this – Tyrone is also doing a talk at RSA in Abu Dhabi on the 4th – 5th November 2015.

You can register for tickets to ZACon Nights here



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.