Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: #BSidesLV

[Guest Post] A first-timers view of the “Hacker Summer Camp”

Comments Off on [Guest Post] A first-timers view of the “Hacker Summer Camp” Posted by on September 15, 2014

As many people are aware, the big „Hacker Summer Camp“ took again place in Las Vegas this August. This get-together describes the occasion of Black Hat, for the Business sponsored InfoSec employee, BSides Las Vegas, for the techies, and DEF CON, which apparently became object of both type of folks already years ago, and many more little side conventions.

As these types of conferences are usually a big chance to meet all of the friends that you don’t see the rest of the year, attending many talks is never a goal. Especially not, as these days most of the talks are recorded. As for the full lists of recordings, please check the following links:

The DEF CON 22 Talks will be published by the speakers on YouTube, or can be bought, some of the slides are also already available here: https://www.DEF CON.org/html/links/dc-archives/dc-22-archive.html

The Black Hat Talks will show up here: https://www.youtube.com/user/BlackHatOfficialYT

Over the last few weeks already many Blogposts arose that listed personal favorite talks and what the learnings are. For such a reference, check out other European sites like http://www.scip.ch/?labs.20140819 in German or http://blog.csnc.ch/2014/08/blackhat-and-def-con-usa-2014/ in English.

The big topics this year were infections over USB and wireless transmission of signals like the ones that can be read with a HackRF. One topic that isn’t completely over yet, is hacking of Point of Sale devices. Although they are usually very specific by the country the research originates, and therefore can’t be applied to every vendor or product. They are still interesting though and give new hints on what to consider when securing such an infrastructure.

As an outlook we were informed at the Closing Ceremony of DEF CON, that the next year DEF CON will be hold at the Paris and Bally’s. With DEF CON becoming not only bigger in numbers of attendees, but also space, and seeing the changes that just happened to the German Chaos Communication Congress, I personally like the change. More space can give more ways to be creative.

The CCC has become a very colorful but dizzying experience, which makes it hard for new people to find navigation or orientation in. But CCC, early on, started having villages where like minded people and friends have a “public” space where they can be found and present their stuff. The concept becomes very visible at the hacker camps, where usually even more equipment is brought in and spaces are decorated with lots of creativity and love. DEF CON has also started with the villages, by having for example, Hardware, Social Engineering and Wireless villages. This concept of organized interest groups can be quite a help, if an event becomes too big. I personally also wouldn’t mind seeing more talks in villages, which have smaller audiences but also give the speaker more chance to interact and talk, learn and share information. I always feel sorry for speakers who prepare a talk and only get to hold it once. Presenting a talk several times with slight variations, depending on the target audience, might improve the rate of knowledge exchange and therefore be beneficial for both sides. The big talks still should be held in big rooms of course, but information overflow has become such a big topic, that the concept of split, addressed information might help. If there were more spaces like DEF CON SkyTalks, the chance exists that the quality of the presented information would also improve again.

– Des

Conference, Security , ,

BSidesLV: Android Backup [un]packer release

2 Comments Posted by on August 1, 2013

bsideslvlogoAs part of my “Mobile Fail: Cracking open “secure” android containers” talk at BSidesLV I’ve released a couple of scripts I wrote to automate some of the legwork involved in backing up Android applications and automatically unpacking their data and settings. The accompanying script takes the data and settings structure and re-packs it into a working Android Backup file for restoration.

These scripts were used as part of my research to view settings used by applications and in some cases alter the configuration to deactivate secure features or allow access. In some cases it’s also possible to alter configuration files to gain elevated functionality (unpaid… but nobody would ever do that… right!).

The process isn’t new and can be done manually, however automated solutions are always easier…

packer unpacker

Requirements:

  • openssl with zlib support
  • star (apt-get install star)

Simple Python scripts to perform:

  • an adb backup of a specific application and uncompress it to a directory structure
  • recompress a directory structure back into a valid adb restore file

Example usage:

./ab_unpacker.py -p com.app.android -b app.ab

  • Creates an adb backup of com.app.android called app.ab and uncompresses it into ./com.app.android

./ab_packer.py -d ./com.app.android -b app_edit.ab -o app.ab -r

  • Repacks the contents of ./com.app.android into app_new.ab and attempts to restore it via adb

dropbox

Links:

Conference, Security , , , , ,

Vegas Baby!

Comments Off on Vegas Baby! Posted by on July 19, 2012

It’s been an odd year so far… the blog has been quiet, and I’ve stepped back a little due to personal reasons over the past few months. Still, it’s overdue time for the summer cons, and this years trivector of chaos (BSidesLV, Blackhat and Defcon) is looking to be the biggest yet.

This will be my 4th trip to Las Vegas, and one thing I learnt from my first visit was to “throw the plans out the window!”. I spent far too long planning each and every aspect of my trip that first year, and as a result I missed out on a lot of things. Still, live and learn eh!

There will (almost) always be the chance to go back and watch the videos from most presentations (excluding those from Skytalks and the underground track at BSidesLV). So take time to meet people, talk shop and discuss things. One of my big goals this year is to meet new people… so say hi if  you see me. I only bite when provoked 😉

Instead of setting things in stone I wanted to pick a couple of talks I really want to hit when in Vegas. So, without further ado, here’s my top talks to attend… it’s a short list, so don’t take offence if you’re talks not on it. Sorry….

– BSidesLV –

Top Picks:

  • Empirical Exploitation (HD Moore)
  • Burp Suite – Informing the 99% of What the 1%’ers Are Knowingly Taking Advantage Of (James Lester & Joseph Tartaro)
HD always puts on a good show, so I’m interested to see what comes out from his bag of crazy this year. The Burp Suite talk also looks to be interesting. Like many I spend a good deal of my life stuck in Burp Suite, so anything that can be done to expand and improve is a good thing in my book!

Bonus Round:

  • Breaking Microsoft Dynamics Great Plains – An Insider’s Guide (David Keene)

I have a soft spot for Microsoft Dynamics, as my girlfriend is an AX programmer… What can I say 😉

Note:

BSidesLV has an entire track (underground) that won’t be recorded or discussed in the press… if you can, these are probably some of the best talks to see. Unedited, raw, and unapologetic!

– Blackhat –

Due to Blackhat and BSidesLV taking place at the same time I’m not sure how long I’ll have to look around and see talks. Still, if possible I want to swing by and catch at least one talk…

Top Picks:

  • SexyDefense – Maximizing the home-field advantage (Iftach Ian Amit)
  • Confessions of a WAF Developer: Protocol-Level Evasion of Web Application Firewalls (Ivan Ristic)
I’m interested to see where Ian has gone with this since discussions (started?) in Cali last year. Sexy Defense has been talked about a lot, so I hope to see some actionable pointers.

Bonus Round:

  • iOS Security (Dallas De Atley)

How can I not put Apple’s official talk on the list… although I’m not heavy into iOS or mobile, I’m interested to see what Apple talk about, given their historic silence on anything even remotely security related!

– Defcon 20 –

Defcon turns 20… almost old enough to get wasted and wake up in its own vomit! Still, this year looks like it’s going to be fun.

Top Picks:

  • Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface (Charlie Miller)
  • Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol (Martin Gallo)
  • Weaponizing the Windows API with Metasploit’s Railgun (David ‘thelightcosine’ Maloney)

SAP, NFC and Metasploit… what’s not to love!

Bonus Round:

Note:

Skytalks are a side area where unrecorded presentations take place. Last year it was home to some of the best presentations of the con… if you take the time to see just one talk, make it something from Skytalks!

Hope to see you in Vegas!

Conference, Security , , ,

Vegas gone wild

2 Comments Posted by on August 8, 2011

Well another year has come and gone in the infosec world. Just as accountants have their financial year, I think it’s safe to say that the infosec community revolves around the yearly Vegas ritual that is Blackhat and Defcon.

Some of you m ay have noticed that there was a distinct lack of blogging fro me during this years events, and for that I apologize. This year I really wanted to spend more time really talking to people and experiencing the hallway track that so many people miss entirely. You can never attend all the talks, and the best laid plans of mice (and men) amount to nothing once the first good discussion starts! So why fight it. I find that I can get much more out of a 4am discussion with somebody than I can get from even the most well researched presentation. Plus, if you want to see the talks, you can always buy the DVD set, or wait till they’re released! The hallway track and events like the Skytalks are limited to on-site. Be there, or miss out!

So with these things in mind here’s some comments from Vegas…

BSides

This years BSides event prior to Defcon was amazing… There are almost no words to describe the hotel that was selected to house this years event. I can’t think of a better place to hold the event, and I can’t wait to see what they come up with in 2012! BSidesLV is getting big… there’s no two ways around it. From it’s humble beginnings it’s grown to over 600 people attending and a large amount of people blowing off Blackhat entirely just to attend. BSides tickets were the hottest in town with walk-ups being turned away and requests for tickets (mostly through twitter) coming thick and fast.

I commented once that the size of BSidesLV means that it’s lost some of it’s interaction that it originally touted. I know Vegas is always going to be bigger, better, faster, more! but I stand by that comment. I loved the event and had some great discussions. The most memorable being the PTES discussion that started from the “Fuck the PTES” presentation. It was a great and frank exchange of views, knowledge and thoughts, and drives home what I consider to be the real plus behind BSides events!

With that said though, I saw a lot of people just attending… and the manta of BSides was always that there are no attendees. Everyone participates. I didn’t see that this year. Maybe it was too big, maybe it was the fact that there was a topless swimming pool! Who knows for sure. I just think things need to be tweaked in order to bring back that feeling of community sharing for next years event.

Location: 9
Feel: 7
Interaction: 6
Information: 8

Overall: 7.5

Defcon

Thank goodness for the Rio! Yes I said it… the Riviera was too small for Defcon 17, far too small for Defcon 18, and might well have crumbled under the number if they’d held Defcon 19 there. The Rio has a lot to learn when it comes to handling hackers, but they tried, and that’s what counts. The extra space, better flow and just general “not as shitty as the Riv” feeling was a welcome change from the last few years. Sure you still have to line up to get into the popular talks, but that’s to be expected. There was room for all, and enough spare for things that needed to be done. The Rio even catered for the last minute blood drive, which from all accounts went very very well I hear.

The talks this year were varied and interesting. Although I found some to be less than inspiring when it came to the actual presentation itself. Just because you’re a great researcher, penetration tester, or developer, doesn’t automatically mean you’re a great speaker. Still, there’s not much Defcon can do to change that unless they start free classes on how not to use Powerpoint! If you presented and want feedback, ask. People are happy to give it, if you ask in the right way. If you ask “What do you think?”, most people will say “It was good”. Be specific. Ask what people thought of the slides, or the presentation style, of the content. Anyway, I’m getting off topic, sorry.

As always the hallway track and the smaller contests, Skytalks and general banter were much more important to me than the content in most cases. Don’t get me wrong, I went to some talks and saw some great stuff… but taking the time to really chat to the speakers afterwards is where the real content is.

Location: 7
Feel: 7
Interaction: 8
Information: 7

Overall: 7.25

If you take one thing from this blogpost, it’s that interaction is the most important thing at these sort of events. Talk to people, introduce yourself to new people. Make contacts, and take the time to really enjoy yourself!

See you all next year I hope! It’s the start of a new Infosec year…

PS: No, Mr Evans didn’t show up!

Defcon 12,000 : Evans 0

Conference, Security ,

Older posts