Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Category Archives: Security

My picks for the coming conpocalypse

25C7DBB7FDEE98EB339313F2B55B68D5Yeah, yeah… I know. I’ve been slacking on my blog for the past few months (in-fact I think this post has been sitting in my drafts folder for about 2 months). Still, the wheels of life must go on, and the last post (although tongue firmly in cheek), was a bit depressing. So, with as little fan-fare as possible, I thought I’d give you my picks for the up-coming conpocalypse (AKA #HackerSummerCamp, AKA “That thing in Vegas”).

This year I’m volunteering at BSidesLV so won’t have much time at all to visit Blackhat. This might not be such a bad thing though… I think Blackhat and me need some time apart to see if we miss each other. Times move on, and I’m not sure I feel the same way about Blackhat as it feels about me… it’s not me… it’s you. Sorry Blackhat! Maybe I’ll pop over and see if it feels all funky or not! Who knows…

BSidesLV

This years BSidesLV is looking great… and I’m not just saying that because some of my favourite people in the world are running and helping shape it (you know who you are ;). Alongside all the hallway track stuff that’s much talked about, and working a couple of morning shifts as a room host (still not sure what this means… guess a mix of stand-up comedy routine and crowd control!) I’ve got a couple of talks on my radar to attend!

Tuesday 10:00 – 11:00 Opening Keynote — Beyond Good and Evil: Towards Effective Security

Tuesday 16:00 – 17:00 Anatomy of memory scraping, credit card stealing POS malware

Wednesday 17:00 – 18:00 We Hacked the Gibson! Now what?

Wednesday 18:00 – 18:45 Closing Keynote –> It’s A S3kr37
 

On the Wednesday I’ve booked in to play around in the RFID Hacking workshop… maybe I can finally pot this Proxmark3 I’ve had on my desk for about 3 years to some good use ;)

I was really hoping to attend @HackerHuntress‘ Hacking the Hustle Hands-On, Infosec Resume and Career Strategies workshop… however I’m volunteering at that time. So hopefully she’ll still be around to chat to for the remainder of the conference!

If you’re around at BSidesLV, make sure to pop into the “i am the cavalry” area to see what those crazy kids are up to!

DEF CON

By this time of the week everybody is pretty much dead… along with the inevitable mass of people and agoraphobia kicking in! So consider these as my dream picks if I can get into the room ;)

Don’t forget to check out the DEF CON SkyTalks (https://skytalks.info/) as well… these talks aren’t recorded usually, so it’s be there, or be ²!

Friday 12:00 – 12:30 From root to SPECIAL: Pwning IBM Mainframes

Friday 12:30 – 13:00 The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns

Friday 14:00 – 16:00 DefCon Comedy Jam Part VII, Is This The One With The Whales?

Saturday 10:00 – 11:00 Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter!

Saturday 14:00 – 15:00 NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It

Saturday 15:00 – 16:00 Advanced Red Teaming: All Your Badges Are Belong To Us

Sunday 14:00 – 15:00 Android Hacker Protection Level 0

… that’s a lot, and I don’t expect to hit them all! Hallways con and other events will keep me from that. Still, those are my picks for the Summercon marathon!

Hope to see you there… below photos can be used to identify me throughout the conference (depending on the day)

Easy Identification pictures…

8bit_startDay 1 8bit_mediumDay 2 – 3 8bit_endDay 4+

{quick post} PySC Project

Back at the beginning of 2012 I played around with some Python ctypes as part of a project I was working on in the background. At the time I released a few code snippets that used ctypes to do a few fun things, but never really got around to releasing the main project I was working on.

Python ctypes posts from 2012:

PySC_ascii_art

The main project I was working on was a simple Python script that injects shellcode into a running process using CreateRemoteThread (nothing brand new here). The interesting part of the project (for me anyway) was the ability for the Python script to request the shellcode to inject using DNS TXT requests, ICMP request/responses or simple HTTP(S) request (using SSPI if required). I demo’d the code at the BSides London conference in 2012 at the underground / lightning talks an had some positive feedback, however the time just hasn’t been there to finish things off since then.

As a result of the lack of time to finish things off, I’ve put up the latest modular version of PySC (version 0.8) on Github for people to use, tear apart , and generally laugh at as you see fit. As the project is still in prototype your mileage may vary.

PySC was designed to be configured using the config.py file present in /config directory, and run headless on a Windows system after being packed into an executable using something like PyInstaller. However you can run it using command line options as well by running it with -h to see the various options.

The /optional directory also includes some example server-side implementations for Metasploit and a Python Scapy ICMP listener for delivering Shellcode to the PySC client.

Check the source-code for details…

https://github.com/ChrisJohnRiley/PySC

PySC 0.8 (prototype release – 26 December 2013)

PySC expands on the numerous available tools and scripts to inject into a process on a
running system.

Aims of this project:

- Remove shellcode from the script to help avoid detection by AV and HIPS systems
– Offer a flexible command line based script
– Also provide the ability to run fully automated, as an EXE (by using pyinstaller)

To this end this prototype script offers the ability to download shellcode from a
remote DNS server (using TXT records) or through Internet Explorer (using SSPI to
utilize system-wide proxy settings and authorization tokens) and injects it into a
specified process. If injection into the specified process is not possible, the script
falls back to injecting into the current process.

Module dependancies: none

Notes:

PySC will by default run silent (no user feedback) to enable user
feedback (error/status messages) please use debug mode (-d/–debug
at command-line, or set debug = True in the script itself)

Any command-line options passed to PySC at runtime override the
hard-coded values within the script.

To use PySC as a stand-alone executable, set the desired parameters
in the script itself, and use pyinstaller to create an .exe

{Book Review} Offensive Countermeasures: The Art of Active Defense

A few months back at Blackhat, John and Paul were nice enough to give me a copy of their book “Offensive Countermeasures: The Art of Active Defense” to read. It’s been a whirlwind few months since then, but the quiet of Christmas has given me a chance to really sit down and soak up the contents.

offensive_countermeasures

Active Defense has been getting a bit of a bashing after all the “hack back” bullsh*t that people have been throwing around. John and Paul make a good effort to put some of this to rest by really discussing the things that an enterprise really can achieve without getting into the revenge of hacking the hackers business. Some of people’s main concerns in active defense have been the lack of information on what you can and can’t do in the eyes of the law. The first section of the book puts a spotlight on a few court cases that deal with differing degrees of hacking back or active defense… and not all successful ones. This section helps to put the books content in focus and aims to really explain the whys and whatfors to come in the sections that follow.

The main section of the book is split up into the 3 A’s. Annoyance, Attribution and Attack. Each section goes into depth on some of the options enterprises have to more actively defend their networks. Each section has a number of example tools, mostly focused around the ADHD distribution, that people can use to perform some of the actions discussed.

I found it particular interesting that the book finished off with a section dedicated to core concepts. Far too many companies think they can jump from 0 straight to 100 without building a secure base to build from. Active defense isn’t for everyone, and if you don’t have your basics all in-hand, then anything you do is more likely to backfire than help.

The book itself is compact, but is a good starting point for meaningful discussions about active defense that don’t devolve into legal arguments from moment one. Because of the compact size of the book, there are a few things that aren’t really discussed although they fall into the active defense category. These omissions where a little disappointing, but keeping true to the core of active defense makes sense for what has to be seen at the first introductory text on the subject. Here’s hoping that future revisions expand on the base and start covering fun things like honeytokens. Overall the information that is presented is useful for people looking for a quick schooling in how they can use active defense to improve their overall level of security, and as an education for people who jump straight to hacking back without considering any other options.

If this book is anything to go by, the discussion on what really is possible in defending your networks intelligently from attackers should be a very interesting one to follow. The time for standing still and just taking punch after punch is over. Time to duck and dodge, and make it harder for attackers!

Links:

DEF CON 21 Video – Defense by numbers: Making problems for script kiddies

For those that didn’t manage to wake up for the crack of dawn DEF CON Sundays slot, the fine folks over at DC have released the videos of most (if not all) presentations –> https://www.youtube.com/user/DEFCONConference/

My presentation, for those interested, can be found below.

http://www.youtube.com/watch?v=H9Kxas65f7A

Links:

Follow

Get every new post delivered to your Inbox.

Join 120 other followers