Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Category Archives: Conference

My picks for the coming conpocalypse

25C7DBB7FDEE98EB339313F2B55B68D5Yeah, yeah… I know. I’ve been slacking on my blog for the past few months (in-fact I think this post has been sitting in my drafts folder for about 2 months). Still, the wheels of life must go on, and the last post (although tongue firmly in cheek), was a bit depressing. So, with as little fan-fare as possible, I thought I’d give you my picks for the up-coming conpocalypse (AKA #HackerSummerCamp, AKA “That thing in Vegas”).

This year I’m volunteering at BSidesLV so won’t have much time at all to visit Blackhat. This might not be such a bad thing though… I think Blackhat and me need some time apart to see if we miss each other. Times move on, and I’m not sure I feel the same way about Blackhat as it feels about me… it’s not me… it’s you. Sorry Blackhat! Maybe I’ll pop over and see if it feels all funky or not! Who knows…

BSidesLV

This years BSidesLV is looking great… and I’m not just saying that because some of my favourite people in the world are running and helping shape it (you know who you are ;). Alongside all the hallway track stuff that’s much talked about, and working a couple of morning shifts as a room host (still not sure what this means… guess a mix of stand-up comedy routine and crowd control!) I’ve got a couple of talks on my radar to attend!

Tuesday 10:00 – 11:00 Opening Keynote — Beyond Good and Evil: Towards Effective Security

Tuesday 16:00 – 17:00 Anatomy of memory scraping, credit card stealing POS malware

Wednesday 17:00 – 18:00 We Hacked the Gibson! Now what?

Wednesday 18:00 – 18:45 Closing Keynote –> It’s A S3kr37
 

On the Wednesday I’ve booked in to play around in the RFID Hacking workshop… maybe I can finally pot this Proxmark3 I’ve had on my desk for about 3 years to some good use ;)

I was really hoping to attend @HackerHuntress‘ Hacking the Hustle Hands-On, Infosec Resume and Career Strategies workshop… however I’m volunteering at that time. So hopefully she’ll still be around to chat to for the remainder of the conference!

If you’re around at BSidesLV, make sure to pop into the “i am the cavalry” area to see what those crazy kids are up to!

DEF CON

By this time of the week everybody is pretty much dead… along with the inevitable mass of people and agoraphobia kicking in! So consider these as my dream picks if I can get into the room ;)

Don’t forget to check out the DEF CON SkyTalks (https://skytalks.info/) as well… these talks aren’t recorded usually, so it’s be there, or be ²!

Friday 12:00 – 12:30 From root to SPECIAL: Pwning IBM Mainframes

Friday 12:30 – 13:00 The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns

Friday 14:00 – 16:00 DefCon Comedy Jam Part VII, Is This The One With The Whales?

Saturday 10:00 – 11:00 Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter!

Saturday 14:00 – 15:00 NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It

Saturday 15:00 – 16:00 Advanced Red Teaming: All Your Badges Are Belong To Us

Sunday 14:00 – 15:00 Android Hacker Protection Level 0

… that’s a lot, and I don’t expect to hit them all! Hallways con and other events will keep me from that. Still, those are my picks for the Summercon marathon!

Hope to see you there… below photos can be used to identify me throughout the conference (depending on the day)

Easy Identification pictures…

8bit_startDay 1 8bit_mediumDay 2 – 3 8bit_endDay 4+

DEF CON 21 Video – Defense by numbers: Making problems for script kiddies

For those that didn’t manage to wake up for the crack of dawn DEF CON Sundays slot, the fine folks over at DC have released the videos of most (if not all) presentations –> https://www.youtube.com/user/DEFCONConference/

My presentation, for those interested, can be found below.

http://www.youtube.com/watch?v=H9Kxas65f7A

Links:

#DEFCON Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys

dc-21-logo-smWell, I finally popped my DEF CON cherry and did a presentation at the largest hacker conference in the world… and no I’m not talking about RSA!

Despite my fears of freezing on stage and beginning to drool like a moron, I think the presentation went well. Excluding of course the point where Powerpoint decided it would die in a fire rather than show my next slide. Still, in typical DEF CON fashion there were goons on hand to deliver shots _just_ at the right time to cover the problem. This will forever be known to me now as JITAD (Just In Time Alcohol Delivery).

Hopefully the attendees took something from the presentation that they can use to make their systems a little more secure, or at least the lives of script kiddies a little harder (this is a dream for us right?).

The slides for the presentation are now online (see below), and the video will be uploaded as soon as DEF CON make the release possible.

As always, feedback on the talk, the idea and anything else is gratefully received…

Links:

  • Slideshare –> HERE

BSidesLV: Android Backup [un]packer release

bsideslvlogoAs part of my “Mobile Fail: Cracking open “secure” android containers” talk at BSidesLV I’ve released a couple of scripts I wrote to automate some of the legwork involved in backing up Android applications and automatically unpacking their data and settings. The accompanying script takes the data and settings structure and re-packs it into a working Android Backup file for restoration.

These scripts were used as part of my research to view settings used by applications and in some cases alter the configuration to deactivate secure features or allow access. In some cases it’s also possible to alter configuration files to gain elevated functionality (unpaid… but nobody would ever do that… right!).

The process isn’t new and can be done manually, however automated solutions are always easier…

packer unpacker

Requirements:

  • openssl with zlib support
  • star (apt-get install star)

Simple Python scripts to perform:

  • an adb backup of a specific application and uncompress it to a directory structure
  • recompress a directory structure back into a valid adb restore file

Example usage:

./ab_unpacker.py -p com.app.android -b app.ab

  • Creates an adb backup of com.app.android called app.ab and uncompresses it into ./com.app.android

./ab_packer.py -d ./com.app.android -b app_edit.ab -o app.ab -r

  • Repacks the contents of ./com.app.android into app_new.ab and attempts to restore it via adb

dropbox

Links:

Follow

Get every new post delivered to your Inbox.

Join 122 other followers