Well… even though Defcon was two months ago doesn’t mean I can’t blog about it! =)
There was some digital gold that many people overlooked at this year’s Defcon, but thanks to Darkoz I, unlike other bloggers (heh), can provide the audio for these presentations!! I listened to almost all this years Defcon talks and although some say the quality of the con degraded i thought these presentations were awesome. Take some time and listen to them, you wont regret the fun, ingenious, and awesome ideas they all bring =)
For AUDIO click the link that has /wait at the end, that will bring you to the page with the mp3 link on it
1) BackTrack Foo – From bug to 0day
Mati Aharoni Owner, Offensive Security.
As pentesters and hackers we often find the need to create our exploits on the fly. Doing this always presents a challenge. But one challenge took us to a new limit and a new level. We want to share the method with you. From Bug to 0Day will show the audience the process of fuzzing, locating the bug, using egghunters then figuring out to build a pure alphanumeric shellcode to exploit it.
This will truly be the most mind bending 60 mins you will spend in exploit development.
Mati is a network security professional, currently working with various Military and Government agencies as well as private sector businesses. His day to day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing.
Mati is most know for his role in creating the award winning, internationally acclaimed linux pentesting distro, BackTrack. As well as his lead role in creating the hottest security training school in the international market today, “Offensive Security”. This focused, intense school hones the skills for security professionals by teaching them the tools and methodologies popular in the market. Mati has been training security and hacking courses for over 10 years and is actively involved in the security arena.
2) Owning the Users with The Middler
Our new tool, The Middler, automates these attacks to make exploiting every active user on your computer’s network brain-dead easy and scalable. It has an interactive mode, but also has a fire-and-forget mode that can perform these attacks automatically without interaction. Written in Ruby, this tool is easy to both extend and add into other tools.
3) Grendel-Scan: A new web application scanning tool
David Byrne Security Consultant, Trustwave, Eric Duprey Senior Security Engineer, Dish Network. While commercial web application scanners have been available for quite a while, the selection of open source tools has been limited. Grendel-Scan is a new tool that aims to provide in-depth application assessment. Written entirely in Java and featuring an easy to use GUI, the tool is intended to be useful to a wide variety of technical backgrounds: from IT security managers, to experienced penetration testers.
Grendel-Scan can test for authentication and authorization bypass, SQL injection (blind and error-based), XSS, CRLF injection / response splitting, session key strength, session fixation, file/directory/backup enumeration, directory indexing, web server mis-configuration, and other vulnerabilities. Exploration of the web application can be accomplished through an embedded proxy server, via automated spidering, or search engine reconnaissance.
The presentation will feature an overview of the application’s design, results of comparative analysis against similar tools, and a live demonstration of the tool using a real application (not an intentionally vulnerable app).
4)Nmap: Scanning the Internet
Fyodor Hacker, Insecure.Org. The Nmap Security Scanner was built to efficiently scan large networks, but Nmap’s author Fyodor has taken this to a new level by scanning millions of Internet hosts as part of the Worldscan proje
ct. He will present the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. Additional topics include detecting and subverting firewall and intrusion detection systems, dealing with quirky network configurations, and advanced host discovery and port scanning techniques. A quick overview of new Nmap features will also be provided.
5) Career Mythbusters: Separating Fact from Fiction in your Information Security Career
Lee Kushner President, LJ Kushner and Associates, LLC, Mike Murray Director of Neohapsis Labs. How long should my resume be? Do I really need to be a Manager? Do I need to attend business school? What certifications do I need? Does my title matter? Should I go after money or a cool job? What are the hot skills du jour? How do I use LinkedIn and Facebook? All of these questions are asked continually by Information Security professionals as they assess their current positions and determine which future opportunities align with their aspirations. Mike Murray and Lee Kushner return to the DefCon stage to answer these questions and dispel the prevailing myths that permeate the information security industry. Participants should leave the presentation with a better way to map out their own career and separate fact from fiction as they make decisions on how to pursue their ultimate career goals.
6) Password Cracking on a Budget
Matt Weir Security Researcher, Sudhir Aggarwal Security Researcher. Not every bad guy writes down passwords on sticky note by their monitor. Not every system administrator fully documents everything before they leave. There are a lot of legitimate reasons why you might need to crack a password. The problem is most people don’t have a supercomputer sitting in their basement or the money to go out and buy a rack of FPGAs. This talk deals with getting the most out of the computing resources you do have when cracking passwords.
Our group at Florida State University is currently working on password cracking research to aid in forensics analysis. We’ve analyzed disclosed password lists to try and figure out how real people actually create passwords. Not all of these lists have been in plain text so we’ve had to go through the pain of cracking passwords ourselves. Just like you, we are still waiting on funding for that supercomputer as well. In this talk, we’ll go over some of the tools and techniques we’ve used to crack these password lists using only a couple of PCs, such as custom wordlist generation and choosing the right word mangling rules. We’ll also talk about some of the lessons we’ve learned and the mistakes we’ve made along the way.
7) Stealing The Internet – A Routed, Wide-area, Man in the Middle Attack
Anton Kapela Security Researcher, Alex Pilosov Security Researcher. In this presentation we’re going to show Defcon how broken the Internet is, how helpless its users are without provider intervention, and how much apathy there is towards routing security.
With the method described in this talk, an attacker is able to gain full control and visibility of all IP packets heading towards an arbitrary destination prefix on the Internet. From the perspective of the victims network, every inbound packet they receive will have first taken the ‘scenic route’ through the attackers network before getting reaching the true destination.
The presentation will show attendees how (roughly) BGP works on the Internet, how and what providers do (or don’t do) when interconnecting their networks, concluding with a discussion of the hijacking method and a live demo of ‘man in the middled’ traffic, in-flight, to an undisclosed destination, including countermeasures employed to further obscure the interception and ensure nearly perfect network transparency. Ettercap and others please stand aside – routed Internet hijacking has come of age!
8) Dan Kaminsky DNS Exploiting – Black Ops 2008
Dan Kaminsky, a penetration tester with IOActive, shows a flaw in the Domain Name System that would allow attackers to easily impersonate any website — banking sites, Google, Gmail and other web mail websites — to attack unsuspecting users.
Kaminsky announced the vulnerability after working quietly for months with a number of vendors that make DNS software to create a fix for the flaw and patch their software. On July 8, Kaminsky held a press conference announcing a massive multivendor patch among those vendors, and urged everyone who owns a DNS server to update their software.
9) Identification Card Security: Past, Present, Future
*note, this is a former research field of mine. although Doug had a great presentation, there was much lacking on the topic. I will be doing some new research on multispectrum holograms, etc soon! =)
Doug Farre Administrative Director, Locksport International . Come learn how identification cards have taken over our lives, how they can be manufactured at home, and how you can start a legal ID making business. Come learn all the tips and tricks about amateur id manufacturing and pickup the first ever Complete Amateur ID Making Guide. Also, come test your ability to spot a fake, vs. a real, and check out the newest in ID technology. Polycarbonate laminates, biometrics, Teslin, and RFID. Lastly, see how corporations are affecting the identification card fiasco in the U.S. What’s in your wallet?
10) Bringing Sexy Back: Breaking in with Style
David Maynor CTO, Errata Security, Robert Graham CTO, Errata Security. Security is getting better; there is no doubt about that. High value targets are increasing their security while buying into the buzzword hype with phrases like “defense in depth”. Firewalls, IPS, AV, NAC, and a host of other technologies have done a lot to give the pointy hair bosses of the world the ability to sleep easy…or has it. While those PHB sleep easy in their bed the ability to compromise a site at will continues to grow.
Remember the good old days of planting Trojans in microcontrollers of your enemy’s hardware or shipping packages with system updates that contain backdoors? What happened to those days? What if I told you that breaking into a site is as easy as sending a package via some third party carrier or throwing up a website. This talk will cover penetration techniques that at first glance appear to be Hollywood fiction but are easy and reliable methods of intrusion.
Miss this talk and you may never know why you have a package in your shipping department addressed to “U R Owned, INC.”.