CSAW'19 C2 Security Workshop

NYU Tandon School of Engineering

This workshop brings together industry professionals,  researchers, and students to learn about the latest trends and solutions in security.

Please contact Stef Daley at smd8@nyu.edu to see if there are any seats available.

C2 is organized by student members of the <a href="https://www.osiris.cyber.nyu.edu/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">NYU OSIRIS Lab</a> and generously sponsored by <a href="https://www.baesystems.com/en-us/productfamily/fast-labs--advanced-technology-and-defense-r-d" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">BAE Systems FAST Labs</a>. <h3>Program </h3>10:00 - 10:30 am | Guest Check-in10:30 - 10:45 am | Opening Remarks10:45 - 11:30 am | Brenda So &amp; Trey Keown, <a href="https://www.redballoonsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Red Balloon Security</a><a href="https://www.riverloopsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"></a>, A Year in the Life of an ATM11:45 am - 12:30 pm | Allyson O’Brien,<a href="https://www.baesystems.com/en-us/product/cyber-resilience" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"> BAE Systems</a>, Quantum Cybersecurity 12:30 - 1:45 pm | Lunch break 2:00 - 2:30 pm | <a href="https://www.trailofbits.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"></a>William Woodruff, <a href="https://capsule8.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"></a> <a href="https://www.trailofbits.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Trail of Bits</a>| It&#x27;s coming from inside the house: kernel space fault injection with KRF2:40 - 3:10 pm | Jordan Wiens &amp; Rusty Wagner, <a href="https://vector35.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Vector35</a> | Binary Ninja&#x27;s approach to Reverse Engineering using IRs3:20 - 3:50 pm | Jeff Spielberg, <a href="https://www.riverloopsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">River Loop Security</a> | RF Protocol Vulnerabilities – By Design and Implementation4:00 - 4:30 pm | Brandon Edwards &amp; Nick Gregory, <a href="https://capsule8.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Capsule8</a> | Using the Linux Tracing Subsystem for Security4:30 - 4:45 pm | Closing Remarks 5:00 - 7:00 pm | CSAW Welcome Gathering &amp; Keynote, 5 MTC Pfizer Lobby &amp; Auditorium <h3></h3><h3>Topics &amp; Abstracts </h3>Brenda So &amp; Trey Keown, <a href="https://www.redballoonsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Red Balloon Security</a><a href="https://www.riverloopsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"> </a>| A Year in the Life of an ATMWe all love machines that give you money, especially ones you can find in any New York City bodega. In this talk, we will bring you through a whole year of poking and playing with a real ATM: from hardware teardown to firmware modification, to turning it into a gaming console. Allyson O’Brien,<a href="https://www.baesystems.com/en-us/product/cyber-resilience" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"> BAE Systems </a>| Quantum Cybersecurity Researchers have been working to integrate the unique properties of quantum systems into real-world systems. The resulting capabilities have the potential to outperform even the most advanced non-quantum, or classical, systems. In this brief, we offer a high-level view of how these capabilities will change and/or affect the landscape of cybersecurity. We will discuss threats and opportunities in quantum computing, quantum random number generators (along with other cryptographic primitives), and quantum communications.William Woodruff, <a href="https://capsule8.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer"></a> <a href="https://www.trailofbits.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Trail of Bits</a>| It&#x27;s coming from inside the house: kernel space fault injection with KRFFault injection (FI) has become an increasingly popular software testing method, with major players like Netflix, Microsoft, and Google using automated failures to test the end-to-end resiliency of their (geographically, functionally) distributed services.In this talk, William Woodruff presents a lower-level, vulnerability-first approach: by randomly inducing errors in the system calls made by (targeted) programs, fault injection can be used to discover incorrect and potentially dangerous assumptions. This talk will cover specific classes of dangerous assumptions and their potential for exploitation, all motivated by KRF, a kernelspace fault injector open-sourced by Trail of Bits.Jordan Wiens &amp; Rusty Wagner, <a href="https://vector35.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Vector35</a> | Binary Ninja&#x27;s approach to Reverse Engineering using ILsModern binary analysis, whether for discovering vulnerabilities or analyzing malware, needs automation to deal with the volume of code under inspection. And yet, while Intermediate Languages (ILs) have been used for decades in compiler design and implementation, too few reverse engineers have any experience with them even though many reverse engineering tools (Binary Ninja, Ghidra, IDA) are built on top of ILs. Given that, it&#x27;s time to demystify this space and make it accessible beyond just computer scientists and researchers. There&#x27;s many potentially unfamiliar concepts related to ILs: single-static assignment, value-set analysis, three argument form versus tree-based designs, and others. But what matters is how these ILs can help you build better binary analysis tools. This talk not only gives you an overview of existing ILs used in reverse engineering, but more importantly, shows you how your tooling can benefit from them. From cross-platform analysis (follow a botnet from an x86-64 desktop to a mobile arm, to an embedded MIPS), to leveraging existing data-flow capabilities that brings some of the benefits both dynamic and static analysis together, this talk will demonstrate several examples of plugins that leverage ILs to improve your ability to automatically reason over compiled code.Jeff Spielberg, <a href="https://www.riverloopsecurity.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">River Loop Security</a> | RF Protocol Vulnerabilities – By Design and ImplementationWe will explore some common issues we see in real world deployments of Zigbee and other RF protocols related to their spec/design, as well as common issues in implementation.Brandon Edwards &amp; Nick Gregory, <a href="https://capsule8.com/" target="_blank" data-msys-clicktrack="0" rel="nofollow noopener noreferrer">Capsule8</a> | Using the Linux Tracing Subsystem for SecurityThe tracing subsystem is an often overlooked way to monitor Linux systems, providing detailed information about process behavior, kernel behavior, and overall system performance. In this talk, we’ll discuss at a high level what the tracing subsystem provides, how to use it, and potential applications for security.

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

Ticket sales have ended

CSAW'19 C2 Security Workshop

More events from NYU Tandon School of Engineering

Discover more events from NYU Tandon School of Engineering, from Science & Tech to other experiences you might love.

Still looking for the right event?

Explore all events in Brooklyn and filter by date, category, and more to find the perfect fit.

Ticket sales have ended

CSAW'19 C2 Security Workshop

More events from NYU Tandon School of Engineering

Discover more events from NYU Tandon School of Engineering, from Science & Tech to other experiences you might love.

You might also like...

Browse more events with different dates, prices, and formats to find your next great experience.

Still looking for the right event?

Explore all events in Brooklyn and filter by date, category, and more to find the perfect fit.