Presentation: A Closer Look at the Stuxnet Worm

Speaker: Mark Ryan Del Moral Talabis, Dwayne Yuen, and James Ochmann - Secure-DNA Consulting

Topic:  Stuxnet has been described as a guided cyber warhead, a digital missile aimed at taking down the Iranian nuclear program. It is unquestionably the most complex piece of malware ever discovered, setting several historical milestones such as implementing the first programmable logical controller rootkit, exploiting several stolen legitimate digital certificates, or taking advantage of an unprecedented four zero-day Windows vulnerabilities to spread itself in its pursuit of dismantling Iran's uranium enrichment centrifuges. Stuxnet is a look at the future landscape of security and cyber warfare. It is likely that this is only the first of many attacks of its kind.
Through live demonstrations of actual Stuxnet samples and analysis of decompiled code, we will take an inside look at the inner workings of the Stuxnet worm. Our presentation will walk the audience through the attacker's mindset and design methodology, showing the obstacles which needed to be tackled in order to reach its destination from the eyes of Stuxnet's designers.
We will walk through Stuxnet's journey from initial infection through a removable drive, its several innovative worm propagation techniques, and after finally reaching its destination, the deployment of its payload onto its long awaited target - all while remaining hidden and keeping itself up to date.


BIO: Mark Ryan Del Moral Talabis is a Senior Consultant within the Secure DNA Consulting practice. He has over ten years of experience in Information Security, IT Audit, and Applications Development. He has extensive experience in information security risk assessments, vulnerability assessments and penetration testing and has specialized expertise in security data analysis and incident response. He is a (CISSP); (CISA); (CRISC); (GCIH); (GSEC); and a full member of the Honeynet Project.
James Ochmann is a Consulting Intern with Secure DNA Consulting whose first major project was this Stuxnet presentation. He is a member of the Greyhats. He has a lifelong interest in technology and security and is currently doing research on the Tor anonymous routing network for his masters thesis.
Dwayne Yuen is a Consulting Intern with Secure DNA Consulting. He is a member of the UH Manoa's Greyhats. He is currently pursuing his Master's in Electrical Engineering at the University of Hawaii, researching a novel algorithm for solving the maximum common subgraph isomorphism problem for his thesis.


Lunch Menu:
Appetizer: Hale Koa Salad with Tarragon Dressing
Main Course: Grilled Fresh Island Fish
with Ginger Sake Beurre Blanc and Roasted Tomato Oil Server on Lobster Fried Rice and Stir Fried Asian Vegetables
Dessert:  Key Lime Pie