Anestis Bechtsoudis » Presentations

WeBaCoo Tool: Keeping your web shell under the mainstream radars

anestisb — Wed, 21 Mar 2012 19:09:29 +0000

The past two weeks I conducted two presentations on the WeBaCoo tool. First one at 3rd unauthorized security meeting (11 March 2012) and the second at Patra’s Linux User Group meetup (20 March 2012).

Presentations did not focus solely on the WeBaCoo tool and its features. Critical topics around web shell implementation and communication techniques were discussed, focusing on how to maintain a stealth behavior. Both events were followed by a custom web hacking challenge for fun and learn.

I had a great time in both events and I would like to thank the organizing committees behind the scenes and people who attended the presentations. It’s pleasant to see that people started to get concern about security issues and actively participate in relevant events.

Presentations can be downloaded from the following links:

Unauthorized (.pdf 1.1MB)

PLUG (.pdf 1.1MB)

A. Bechtsoudis

ICT Security Basics – Demystifying the Sec puzzle

anestisb — Wed, 30 Nov 2011 20:24:32 +0000

At 24 November 2011, I was invited to make an introductory presentation about Information and Network Security at 4th Student Guru Patra’s branch meetup. Τhank to Erikos Alkalai for the invitation and congratulations to all the branch support team for their great work.

Knowing that the audience was mainly consisted of undergraduate students attending their first years at university and with no prior contact with information and computer security issues, the presentation focused on the basic theory and some practical issues that a computer engineer must know. The theoretic part was followed by a half-hour live hacking demo, presenting trivial ways followed by an attacker to compromise a main server system.

The presentation can be downloaded from here:

Presentation (.pdf 480KB)

A. Bechtsoudis

Network Penetration Testing

anestisb — Fri, 25 Nov 2011 23:21:01 +0000

Keynote speaker at Athena Summer School 2011 entitled “Aiming at Higher Network Security Levels through extensive Penetration Testing“. An introductory address highlighting the modern security complexity while focusing on real proactive security policies through penetration tests. The presentation was followed by a live demo hacking Cisco devices in a virtual lab.

The presentation can be downloaded from here:

Presentation (.pdf 1.0MB)

A. Bechtsoudis

Introduction to Side Channel Attacks

anestisb — Thu, 31 Mar 2011 13:12:38 +0000

At 30 March 2011, i made an introductory presentation of Side Channel Attacks to the PLUG community. Most PLUG’s members are software designers and they are not familiar with the science of cryptography. Through my presentation i tried to inform them about the side channel leakage that we have when cryptographic primitives are implemented in physical devices (smart card, dedicated hardware etc). After a short introduction to cryptography & cryptanalysis, i presented the Side Channel Attacks classes and some basic attack scenarios. The most important part that i tried to highlight, is that in order to protect from these kind of attacks, software, hardware & protocol designers must work together in order to achieve the best possible results. That’s way it is important for a software designer to have a basic knowledge for this kind of cryptanalytic attacks.

The presentation includes:

Introduction to IT state-of-the art and cryptography
Cryptanalysis goals and approaches
Side Channel Attack Scenarios
Software & Hardware countermeasures
End up with some conclusions and highlights

The presentation can be downloaded from here:

Presentation (.pdf 643KB)

A. Bechtsoudis

Cache Based Side Channel Attacks

anestisb — Sat, 26 Mar 2011 14:03:27 +0000

During the 2nd semester of 2010, i was attending the course “Advanced Computer Architecture“, under the teaching of Dr. G. Keramidas. For the course requirements, i decided to make a short presentation about Side Channel Attacks in Cache implementations. After the appropriate introduction and theory, i presented two different cache based side channel attacks and how to prevent from them. The prevention techniques proposed by Z. Wang & R. B. Lee in their publication “New Cache Designs for Thwarting Software Cache-based Side Channel Attacks“.

The presentation includes:

Introduction to Cryptography & Modern Cryptanalysis through Side-Channel Attacks
Define the Thread & Attacks Model
Proposed prevention models
Evaluation of the propositions
Conclusions

The presentation can be downloaded from here:

Presentation (.ppt 2,43 MB)

A. Bechtsoudis

Hardware Side of Cryptography

anestisb — Sat, 26 Mar 2011 01:46:15 +0000

In December 2010, on behalf of the undergraduate course of VLSI design (below the teaching of Professor G. Alexiou), i make a presentation about cryptography & hardware. It is a short and basic presentation of the aspects of cryptography that a modern hardware designer should consider when developing a cryptographic module.

The presentation includes:

Introduction: Shifting to embedded devices – need for security
State of the art in cryptography field
Software vs. Hardware Solutions
Reconfigurable Hardware Solutions
Conclusions

The presentation can be downloaded from here:

Presentation (.ppt 1,54 MB)

A. Bechtsoudis