Empire Hacking Turns One

In the year since we started this bi-monthly meetup, we’ve been thrilled by the community that it has attracted. We’ve had some excellent presentations on pragmatic security research, shared our aspirations and annoyances with our work, and made some new friends. It’s a wonderful foundation for an even better year two!

To mark the group’s ‘birthday,’ we took a moment to reflect on all that has happened.

By the numbers:

• 312 – Number of members on meetup.com
• 75 – Largest turnout for a single event
• 46 – Times Jay said “there’s a Python module for that”
• 785 – Beers served
• 14 – Superb presentations given
• 154 – Members on Empire Slacking, a Slack organization for our members

Presentations

June 2015

Offense at Scale

• Chris Rohlf from Yahoo discussed the effects of scale on vulnerability research, fuzzing and real attack campaigns.

Automatically proving program termination (and more!)

• Dr. Byron Cook, Professor of Computer Science at University College London, shared research advances that have led to practical tools for automatically proving program termination and related properties.

Cellular Baseband Exploitation

• Nick DePetrillo, one of our security engineers, explored the challenges of reliable, large-scale cellular baseband exploitation.

August 2015

Exploiting the Nintendo 3DS

• Luke Arntson, a hobbyist security researcher, reverse engineer, and hardware hacker, highlighted the origins of the Nintendo DS Profile exploit, the obfuscated Gateway browser exploit, and the payloads used by both.

Trail of Bits Cyber Grand Challenge (CGC) Demo

• Ryan Stortz, one of our security engineers, described the high-level architecture of the system we built to fight and destroy insecure software as part of a DARPA competition, how well it worked, and difficulties we overcame during the development process.

OS X Malware

• Jay Little, another of our security engineers, gave a code review of Hacking Team’s OS X kernel rootkit in just 10 minutes.

October 2015

The PointsTo Use-After-Free Detector

• Peter Goodman, our very own dynamic binary translator, presented the design of PointsTo, an LLVM-based static analysis system that automatically finds use-after-free vulnerabilities in large codebases.

Protecting Virtual Function Calls in COTS C++ Binaries

• Aravind Prakash, an assistant professor in the Dept. of Computer Science at Binghamton University, showed how vfGuard protects virtual function calls in C++ from control subversion attacks.

December 2015

Exploiting Out-of-Order Execution for Covert Cross-VM Communication

• Sophia D’Antoine, one of our security engineers, demonstrated a novel side channel that exploits out-of-order execution to enable cross-VM communication.

Experiments building and visualizing hypergraphs of security data

• Richard Lethin, President of Reservoir Labs, discussed data structures and algorithms that enable the representation and analysis of big data (such as security logs) as hypergraphs.

February 2016

Reversing Engineering the Tytera MD380 2-way Radio

• Travis Goodspeed, a neighbor, explained how the handheld digital radio was jailbroken to allow for patching and firmware extraction, as well as the tricks used to patch the firmware for new features, such as promiscuous mode and a secondary application.

The Mobile Application Security Toolkit (MAST)

• Sophia D’Antoine addressed the design of the Mobile Application Security Toolkit (MAST) which ties together jailbreak detection, anti-debugging, and anti-reversing in LLVM to address these risks.

April 2016

Putting the Hype in Hypervisor

• Brandon Falk, a software security researcher, operating system developer, and fuzzing enthusiast, presented various ways of gathering code coverage information without binary modification and how to use code coverage to direct fuzzing.

Crypto Challenges and Fails

• Ben Agre, a computer security consultant, distinguished successful crypto challenges from failures through the lens of challenges offered by RSA, Telegram, and several smaller examples.

Join us on Empire Slacking

Last September, we created a Slack organization for our members. That’s where we discuss meetups, the latest security news, and our open-source projects. Everyone is welcome. Join through our auto-inviter, and feel free to share the link: https://empireslacking.herokuapp.com/­

Big thanks to our event partners

WeWork hosted all but one of our meetups. The April 2016 meetup took place at Digital Ocean. We are very grateful for their hosting.

We would also like to thank the New York C++ Developers Group for co-hosting our October 2015 meetup.

https://twitter.com/amidvidy/status/643566480643227648

With all that momentum, we’re excited for the year ahead.

Speaking of the future…

Next Meetup: June 7 at 6pm

Marcin Wielgoszewski will be speaking about Doorman, an osquery fleet manager. Doorman makes it easy for network administrators to monitor the security of thousands of devices with osquery. Doorman is open-source and under active development.

Following Marcin, Nick Esposito of Trail of Bits will discuss the design of Tidas, a solution for password-free authentication for iOS software developers. Tidas takes advantage of our unique capability to generate and store ECC keys inside the Secure Enclave. Hear all about how we built Tidas at the next Empire Hacking.

Our June event is hosted at Spotify. Beverages and light food will be provided. Space is limited, so please RSVP on the meetup page.

Don’t miss it!

Next:

• Join our Slack community
• Apply to join our meetup.com group
• Follow Empire Hacking on Twitter