Nytro

[h=1]22C3: Covert channels in TCP/IP: attack and defense[/h]Speaker: Steven J. Murdoch Creation and detection of IP steganography for covert channels and device fingerprinting This talk will show how idiosyncrasies in TCP/IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]22C3: Attacking the IPv6 Protocol Suite[/h]Speaker: van Hauser After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit, which includes all IPv6 attacks as well as a low level packet library for easy crafting packets. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]22C3: A discussion about modern disk encryption systems[/h]Speaker: Jacob Appelbaum Jacob Appelbaum will discuss different disk encryption systems in their current implementation, the users rights in their given country (ie: the USA, Germany and the UK), issues with the implementations, commentary on the community surrounding each featured implementation, threats posed by legal systems, requirements for users, as well as ideas for working around the letter of the law. For more information visit: 22C3: Private Investigations To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]27c3: Recent advances in IPv6 insecurities[/h]Speaker: vanHauser New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6 Five years have past since my initial talk on IPv6 insecurities at the CCC Congress. New protocol features have been proposed and implemented since then and ISPs are now slowly starting to deploy IPv6. Few changes have led to a better security of the protocol, several increase the risk instead. This talk starts with a brief summary of the issues presented 5 years ago, and then expands on the new risks especially in multicast scenarios. As an add-on, discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Lets hope patches are out until the conference, if not - they had enough time. All accompanied with GPL'ed tools to and a library: the new thc-ipv6 package. rewritten, expanded, enhanced. For more information visit:http://bit.ly/27c3_information To download the video visit: Index of /CCC/27C3/

[h=1]22C3: Lawful Interception in VoIP networks[/h]Speaker: Hendrik Scholz Old Laws and New Technology the German Way Lawful Interception (aka voice and signalling sniffing) equipment has been deployed and is in use for both traditional PSTN networks and internet connections. With the advent of Voice over IP applications the governments step-by-step adopted laws to extend PSTN interception to VoIP. The talk gives an introduction to the applying laws, rules of conduct and the basic PSTN setup. Sample VoIP setups show drawbacks and the resulting development and intermediate steps of the german Law Enforcement Agency (LEA) named Bundesnetzagentur that eventually aim to gain as much information as possible while still allowing companies to run a lucrative business. An outlook to possible countermeasures and detection methods will be given. For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]22C3: Advanced Buffer Overflow Methods [or] Smack the Stack[/h]Speaker: Izik Cracking the VA-Patch A quick review of the standard buffer overflow exploit structure VA Patch, What it is and what it does to prevent buffer overflows. For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]22C3: Finding and Preventing Buffer Overflows[/h]Speaker: Martin Johns An overview of static and dynamic approaches A talk that will present academic tools, which are designed to find or disarm security problems in C code For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]22C3: Understanding buffer overflow exploitation[/h]Speaker: Christiane Ruetten The fascinating interplay of CPU, stack, C-compiler and shellcode in a nutshell Everything started with Aleph One's paper "Smashing the Stack for Fun and Profit". These techniques are still the basis for modern exploitation of buffer, heap and format string vulnerabilities. We will give a swift overview about C functions, stack usage, assembler, gcc, gdb and how these few tools can be used to understand and write shell-code to turn simple buffer overflows into backdoors that open whole systems to potential attackers. Sure you want to know how to defend against that. We also will tell you about that! For more information visit: http://bit.ly/22c3_information To download the video visit: 22C3 Video Recordings - Chaosradio Podcast Network

[h=1]25c3: TCP Denial of Service Vulnerabilities[/h]Speaker: Fabian Yamaguchi Accepting the Partial Disclosure Challenge The Transmission Control Protocol (TCP) is one of the fundamental protocols used in today's communication networks. Recently, there has been an increased discussion on possible Denial of Service attacks against TCP-based services, which has largely been triggered by the partial disclosure of several vulnerabilities by the security company Outpost24. This talk will present several TCP vulnerabilities in an attempt to find out just what they found. This year, vulnerabilities have been identified in the specifications of various core network protocols. This included BGP, DNS and TCP. Accompanying these wide-ranging discoveries, a new form of vulnerability disclosure named "partial disclosure" has been introduced. In practice, this means that the public knows that there is something wrong, yet, it is uninformed about the details. This, of course, can be understood as a challenge to find out just what could be wrong, which is what we at Recurity Labs did after the Denial of Service vulnerabilities in TCP had been announced. This talk will present known vulnerabilities in the protocol, which have been receiving rather sparse media-attention, as well as some attacks we have been working on during our research. Additionally, we hope to provide sufficient background information on the protocol's fundamental weaknesses to motivate further research on the subject. We argue that certain assumptions made by the protocol engineers almost 30 years ago do not hold in today's networks and that most possible Denial of Service attacks against TCP can be derived from these assumptions. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: http://bit.ly/25c3_program Source: http://bit.ly/25c3_videos

[h=1]25c3: Wikileaks[/h]Wikileaks vs. the World Wikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts. We will talk about experiences that have been made within the first year of its operation, the impact activities on Wikileaks had in various parts of the globe, technical, political and legal challenges faced as well as give an overview of the state of classic and internet media today. We will also talk about conclusions we can derive from these experiences and will present strategies on how investigative journalism, and therefore the fourth estate as the only truly independent control over the state and our future might be resurrected. Lastly we will address why your involvement and that of the technical community is inherently important to ensuring free and uncensored access to information in the future. During the year of operation we have been able to make many different observations on the state of free information on the internet, the media, governments, military and corporations. We have observed how material that is published is being picked up, sued for, digested, hyped or ignored, and these observations, whether legal, behavioral or qualitative, lead to insights and conclusions that we would like to present and discuss. Especially we have found the 4th estate as 'the' supposedly independent control over the state, inherently important to any society and its development, is clinically dead, bankrupt and headed in a dangerous direction. While the number of reportage is increasing with bloggers and other new media, the number of genuine reportage, let alone investigative journalism, is rapidly decreasing. This today goes in hand with censorship even in the free world and its media becoming daily routine and increasingly easy. Wikileaks has developed mechanisms that can actively help to address this problem and as has been proven from experience, lead to change and reform. We have found these mechanisms and others in their effectiveness only depend on the awareness and involvement of the public, on our all 'making use of them'. We want to present these findings in an effort to further this awareness and involvement, especially in the technical community that possesses a lot of the power to shape these important facets of our technologically-driven society, and so in some respect might carry a certain responsibility towards the future of our world. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: http://bit.ly/25c3_program

[h=1]DEFCON 19: Kernel Exploitation Via Uninitialized Stack[/h]Speaker: Kees Cook Ubuntu Security Engineer, Canonical Ltd Leveraging uninitialized stack memory into a full-blown root escalation is easier than it sounds. See how to find these vulnerabilities, avoid the pitfalls of priming the stack, and turn your "memory corruption" into full root privileges.

[h=1]DEFCON 19: Steganography and Cryptography 101[/h]Speaker: eskimo There are a lot of great ways to hide your data from prying eyes this talk will give a crash course in the technology and some tools that can be used to secure your data. Will also discuss hiding your files in plain site so an intruder will have no idea that hidden files even exist. These same techniques can also be employed by somebody wishing to transmit messages.

[h=1]DEFCON 19: From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing[/h]Speaker: Deral Heiland Senior Security Engineer, Foofus.net In this presentation we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems. By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including usernames, email addresses, and authentication information including SMB, Email, LDAP passwords. Leveraging this information we have successful gained administrative access into core systems including email servers, file servers and Active directory domains on multiple occasions. We will also explore MFP device vulnerabilities including authentication bypass, information leakage flaws. Tying this altogether we will discuss the development of an automated process for harvesting the information from MFP devices with the updated release of our tool 'PRAEDA'.

[h=1]DEFCON 19: Virtualization under attack: Breaking out of KVM[/h]Speaker: Nelson Elhage KVM, the Linux Kernel Virtual Machine, seems destined to become the dominant open-source virtualization solution on Linux. Virtually every major Linux distribution has adopted it as their standard virtualization technology for the future. And yet, to date, remarkably little work has been done on exploiting vulnerabilities to break out of KVM. We're here to fix that. We'll take a high-level look at KVM's architecture, comparing and contrasting with other virtualization systems and describing attack surfaces and possible weaknesses. Using the development of a fully-functioning exploit for a recent KVM vulnerability, we'll describe some of the difficulties involved with breaking out of a VM, as well as some features of KVM that are helpful to an exploit author. Once we've explored the exploit in detail, we'll finish off with a demonstration against a live KVM instance.

[h=1]DEFCON 19: Network Application Firewalls: Exploits and Defense[/h]Speaker: Brad Woodberg Security Product Line Engineer, Juniper Networks In the last few years, a so called whole new generation of firewalls have been released by various vendors, most notably Network Application Firewalling. While this technology has gained a lot of market attention, little is actually known by the general public about how it actually works, what limitations it has, and what you really need to do to ensure that you're not exposing yourself. This presentation will examine/demystify the technology, the implementation, demonstrate some of the technology and implementation specific vulnerabilities, exploits, what it can and can't do for you, and how to defend yourself against potential weaknesses.

[h=1]DEFCON 19: Hacking MMORPGs for Fun and Mostly Profit[/h]Speaker: Josh Phillips Senior Malware Researcher Online games, such as MMORPG's, are the most complex multi-user applications ever created. The security problems that plague these games are universal to all distributed software systems. Online virtual worlds are eventually going to replace the web as the dominant social space on the 'Net, as Facebook apps have shown, and this is big business. MMORPG game security is something that is very important to game studios and players, yet bots and exploits continue to infest all major MMORPG's, the creators and maintainers of the next generation of MMORPG's will need to understand software security from the ground up or face failure. The problem extends from software bugs such as item or money duplication, to mechanical exploitation such as botting, which leads to economic forces and digital identity theft. There is upwards of a billion dollars at stake, for both game hackers and game operators. Both Josh and Kuba have explored game hacking from both sides, and this talk presents a pragmatic view of both threats and defenses.

[h=1]DEFCON 19: The Art of Trolling[/h]Speaker: Matt 'openfly' Joyce Trolling is something that today has a very negative connotation on the Internet and in the common usage of the word outside of it. However, for better or worse trolling has long enjoyed a close relationship with hacking be it in the area of information security, or simply in technology development. I intend to delve into the definition of a troll, the history of trolling in human culture ( as well as its contributions ), and the techniques that are generally exploited by trolls to realize their intended goals. There will be several past projects that I classify as successful trolls that I will use as object lessons in the practical application of the discussed techniques. Trolls span the gaps between hardware and software projects and at times can carry a variety of "payloads". For more information visit: DEF CON

[h=1]DEFCON 19: Hacking Google Chrome OS[/h]Speakers: Kyle 'Kos' Osborn Application Security Specialist, WhiteHat Security | Matt Johanson Application Security Specialist, WhiteHat Security Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company is getting ready to market them to businesses as well as consumers. What's different about Chrome OS and Chromebooks, other than the entire user-experience taking place exclusively in a Web browser (Google Chrome), is everything takes place in the cloud. Email, document writing, calendaring, social networking - everything. From a security perspective this means that all website and Web browser attack techniques, such as like Cross-Site Scripting, Cross-Site Request, and Clickjacking, have the potential of circumventing Chrome OS's security protections and exposing all the users data. Two members of the WhiteHat Security's Threat Research Center, Matt Johansen and Kyle Osborn, have spent months hacking away on Google's Cr-48 prototype laptops. They discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by: • Exposing of all user email, contacts, and saved documents. • Conduct high speed scans their intranet work and revealing active host IP addresses. • Spoofing messaging in their Google Voice account. • Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains. While Chrome OS and Chromebooks has some impressive and unique security features, they are not all encompassing. Google was informed of the findings, some vulnerabilities were addressed, bounties generously awarded, but many of the underlying weaknesses yet remain -- including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot. With the cloud and web-based operating systems poised to make an impact on our computing future, Matt and Kyle ready to share all their never-before-seen research through a series of on-stage demonstrations.

[h=1]DEFCON 19: The Dark Side of Crime-fighting, Security, and Professional Intelligence[/h]Speaker: Richard Thieme ThiemeWorks Nothing is harder to see than things we believe so deeply we don't even see them. This is certainly true in the "security space," in which our narratives are self-referential, bounded by mutual self-interest, and characterized by a heavy dose of group-think. That narrative serves as insulation to filter out the most critical truths we know about our work. An analysis of deeper political and economic structures reveals the usual statements made in the "security space" in a new context, one which illuminates our mixed motivations and the interpenetration of overworlds and underworlds in our global society. Crime and legitimacy, that is, are the yin/yang of society, security, and our lives. You can't have one without the other. And nobody should know this better than hackers. This presentation will make you think twice before uncritically using the buzzwords and jargon of the profession — words like "security," "defense," and "cyberwar." By the end of this presentation, simplistic distinctions between foreign and domestic, natural and artificial, and us and them will go liquid and the complexities of information security will remain ... and permeate future discussions of this difficult domain. As a result, we will hopefully think more clearly and realistically about our work and lives in the context of the political and economic realities of the security profession, professional intelligence, and global corporate structures.

[h=1]DEFCON 19: Anonymous Cyber War[/h]Speakers: Hubris Strategic Operations, Backtrace Security | a5h3r4h Director of Psychological Operations This talk will educate listeners on best practices for safety and privacy on the Internet.It aims to demonstrate the improbability of staying anonymous while engaging in group or social activities on the internet, and especially while engaging in criminal activities as a group. This talk will reveal how Hubris, A5h3r4h, and Backtrace security staged a cyber war against anonymous, using Anonymous' own methods, and how key operatives in anonymous were exposed, scattered and neutralized. In short, how a handful of bored social engineers with no material resources used trolling, social engineering, and the magic of Google to derail an army of out of control btards with a dose of virtual Ritalin. We will also provide an explanation of how different organizations (and even non-organizations) have their own "signature" beliefs and behaviors and how they can be used against them.

[h=1]DEFCON 19: Port Scanning Without Sending Packets[/h]Speaker: Gregory Pickett Penetration Tester, Hellfire Security With auto-configuration protocols now being added to operating systems and implemented by default in your network devices, hosts are now actively advertising their available attack surfaces to anyone listening on the network. By collecting background traffic on the network, and analyzing it, we can perform a host discovery, a port scan, and a host profile which even includes configuration information; all without sending any packets. This means that threats both inside and outside your network can assess and target your network hosts silently without leaving a trail. In this session, we'll start out by covering what makes this all possible, then examine typical network traffic to see what is made available to us, end up using several brand new tools that I have developed to utilize this information in an actual attack against a vulnerable network host, and finally finish our time discussing what you can as a network defender do about it.

[h=1]DEFCON 19: Sneaky PDF[/h]Speaker: Mahmud Ab Rahman Specialist, CyberSecurity Malaysia Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is in danger of becoming the main target for client-side attack. With estimation of more than 1.5 million line of code and loaded with huge functionalities, this powerful document format is suffered with several high impact vulnerabilities, allowing attackers to exploit and use it as malware spreading vector. Until now, there are thousands of malicious PDF file spreads with little chances of getting detected. The challenges are obfuscation techniques used by the attackers to hide their malicious activities, hence minimizing detection rate. In order to sustain the survival of malicious PDF file on the Internet, attackers circumvent the analysis process through diverse obfuscation techniques. Obfuscation methods used usually ranges from PDF syntax obfuscation, PDF filtering mechanism, JavaScript obfuscation, and variant from both methods. Because of rapid changes in methods of obfuscation, most antivirus software as well as security tools failed to detect malicious content inside PDF file, thus increasing the number of victims of malicious PDF mischief. In this paper, we study in the obfuscation techniques used inside in-the-wild malicious PDF, how to make it more stealthy and how we can improve analysis on malicious PDF.

[h=1]DEFCON 19: IP4 TRUTH: The IPocalypse is a LIE[/h]Speakers: Sterling Archer Field Agent, ISIS | Freaksworth Professor, Mars University There is a long tradition of researchers presenting at security conferences on topics that are embarrassing to a large company or government agency: ATM hacking, router vulnerabilities, Massachusetts toll road RFIDs, etc. Many of these brave researchers risk lawsuits or career ruin to reveal the truth. THIS is the first talk that puts the presenters' very lives in peril. Much has been made of the so-called "IPv4 address exhaustion" problem, also known as the IPocalypse. Industry analysts, networking vendors, regulatory groups, think-tanks, and so on have insisted that migration to IPv6 is the only solution. However, a small group of dissenters insist that threat is exaggerated and, more importantly, that the "migration plan" is merely a scheme to increase revenue for the network equipment manufactures and overpriced consultants. The full truth is that IPv6 is the result of an international cabal on the verge of controlling the world. For centuries, mystics have prophesied that this "migration" would be the cabal's turning point. Incontrovertible evidence will be presented to convince all in attendance. Numerological analysis, ancient texts, and intercepted communiqués are just a few examples. Due to threats against their families, the presenters have been forced to take on assumed identities and appear only in disguise.

[h=1]DEFCON 19: The Art and Science of Security Research[/h]Speaker: Greg Conti West Point Research is a tricky thing, full of pitfalls, blind alleys, and rich rewards for the individual and humanity. This talk studies the art and science of conducting security research, from the genesis of your idea through experimentation and refinement to publication and beyond. In this talk you will learn how to generate and select powerful ideas, build upon the work of others, conduct groundbreaking work, and share your results for maximum desired effect. Whether you are a lone researcher or part of a large cabal you will take away ideas and techniques for maximizing the impact of your work, lest it lay dormant or have someone else rediscover your idea several years later.

[h=1]DEFCON 19: Panel: Network Security Podcast[/h] For more information visit: DEF CON