Nytro

[h=1]DEFCON 19: Hacking MMORPGs for Fun and Mostly Profit[/h]Speaker: Josh Phillips Senior Malware Researcher Online games, such as MMORPG's, are the most complex multi-user applications ever created. The security problems that plague these games are universal to all distributed software systems. Online virtual worlds are eventually going to replace the web as the dominant social space on the 'Net, as Facebook apps have shown, and this is big business. MMORPG game security is something that is very important to game studios and players, yet bots and exploits continue to infest all major MMORPG's, the creators and maintainers of the next generation of MMORPG's will need to understand software security from the ground up or face failure. The problem extends from software bugs such as item or money duplication, to mechanical exploitation such as botting, which leads to economic forces and digital identity theft. There is upwards of a billion dollars at stake, for both game hackers and game operators. Both Josh and Kuba have explored game hacking from both sides, and this talk presents a pragmatic view of both threats and defenses.

[h=1]DEFCON 19: The Art of Trolling[/h]Speaker: Matt 'openfly' Joyce Trolling is something that today has a very negative connotation on the Internet and in the common usage of the word outside of it. However, for better or worse trolling has long enjoyed a close relationship with hacking be it in the area of information security, or simply in technology development. I intend to delve into the definition of a troll, the history of trolling in human culture ( as well as its contributions ), and the techniques that are generally exploited by trolls to realize their intended goals. There will be several past projects that I classify as successful trolls that I will use as object lessons in the practical application of the discussed techniques. Trolls span the gaps between hardware and software projects and at times can carry a variety of "payloads". For more information visit: DEF CON

[h=1]DEFCON 19: Hacking Google Chrome OS[/h]Speakers: Kyle 'Kos' Osborn Application Security Specialist, WhiteHat Security | Matt Johanson Application Security Specialist, WhiteHat Security Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company is getting ready to market them to businesses as well as consumers. What's different about Chrome OS and Chromebooks, other than the entire user-experience taking place exclusively in a Web browser (Google Chrome), is everything takes place in the cloud. Email, document writing, calendaring, social networking - everything. From a security perspective this means that all website and Web browser attack techniques, such as like Cross-Site Scripting, Cross-Site Request, and Clickjacking, have the potential of circumventing Chrome OS's security protections and exposing all the users data. Two members of the WhiteHat Security's Threat Research Center, Matt Johansen and Kyle Osborn, have spent months hacking away on Google's Cr-48 prototype laptops. They discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by: • Exposing of all user email, contacts, and saved documents. • Conduct high speed scans their intranet work and revealing active host IP addresses. • Spoofing messaging in their Google Voice account. • Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains. While Chrome OS and Chromebooks has some impressive and unique security features, they are not all encompassing. Google was informed of the findings, some vulnerabilities were addressed, bounties generously awarded, but many of the underlying weaknesses yet remain -- including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot. With the cloud and web-based operating systems poised to make an impact on our computing future, Matt and Kyle ready to share all their never-before-seen research through a series of on-stage demonstrations.

[h=1]DEFCON 19: The Dark Side of Crime-fighting, Security, and Professional Intelligence[/h]Speaker: Richard Thieme ThiemeWorks Nothing is harder to see than things we believe so deeply we don't even see them. This is certainly true in the "security space," in which our narratives are self-referential, bounded by mutual self-interest, and characterized by a heavy dose of group-think. That narrative serves as insulation to filter out the most critical truths we know about our work. An analysis of deeper political and economic structures reveals the usual statements made in the "security space" in a new context, one which illuminates our mixed motivations and the interpenetration of overworlds and underworlds in our global society. Crime and legitimacy, that is, are the yin/yang of society, security, and our lives. You can't have one without the other. And nobody should know this better than hackers. This presentation will make you think twice before uncritically using the buzzwords and jargon of the profession — words like "security," "defense," and "cyberwar." By the end of this presentation, simplistic distinctions between foreign and domestic, natural and artificial, and us and them will go liquid and the complexities of information security will remain ... and permeate future discussions of this difficult domain. As a result, we will hopefully think more clearly and realistically about our work and lives in the context of the political and economic realities of the security profession, professional intelligence, and global corporate structures.

[h=1]DEFCON 19: Anonymous Cyber War[/h]Speakers: Hubris Strategic Operations, Backtrace Security | a5h3r4h Director of Psychological Operations This talk will educate listeners on best practices for safety and privacy on the Internet.It aims to demonstrate the improbability of staying anonymous while engaging in group or social activities on the internet, and especially while engaging in criminal activities as a group. This talk will reveal how Hubris, A5h3r4h, and Backtrace security staged a cyber war against anonymous, using Anonymous' own methods, and how key operatives in anonymous were exposed, scattered and neutralized. In short, how a handful of bored social engineers with no material resources used trolling, social engineering, and the magic of Google to derail an army of out of control btards with a dose of virtual Ritalin. We will also provide an explanation of how different organizations (and even non-organizations) have their own "signature" beliefs and behaviors and how they can be used against them.

[h=1]DEFCON 19: Port Scanning Without Sending Packets[/h]Speaker: Gregory Pickett Penetration Tester, Hellfire Security With auto-configuration protocols now being added to operating systems and implemented by default in your network devices, hosts are now actively advertising their available attack surfaces to anyone listening on the network. By collecting background traffic on the network, and analyzing it, we can perform a host discovery, a port scan, and a host profile which even includes configuration information; all without sending any packets. This means that threats both inside and outside your network can assess and target your network hosts silently without leaving a trail. In this session, we'll start out by covering what makes this all possible, then examine typical network traffic to see what is made available to us, end up using several brand new tools that I have developed to utilize this information in an actual attack against a vulnerable network host, and finally finish our time discussing what you can as a network defender do about it.

[h=1]DEFCON 19: Sneaky PDF[/h]Speaker: Mahmud Ab Rahman Specialist, CyberSecurity Malaysia Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is in danger of becoming the main target for client-side attack. With estimation of more than 1.5 million line of code and loaded with huge functionalities, this powerful document format is suffered with several high impact vulnerabilities, allowing attackers to exploit and use it as malware spreading vector. Until now, there are thousands of malicious PDF file spreads with little chances of getting detected. The challenges are obfuscation techniques used by the attackers to hide their malicious activities, hence minimizing detection rate. In order to sustain the survival of malicious PDF file on the Internet, attackers circumvent the analysis process through diverse obfuscation techniques. Obfuscation methods used usually ranges from PDF syntax obfuscation, PDF filtering mechanism, JavaScript obfuscation, and variant from both methods. Because of rapid changes in methods of obfuscation, most antivirus software as well as security tools failed to detect malicious content inside PDF file, thus increasing the number of victims of malicious PDF mischief. In this paper, we study in the obfuscation techniques used inside in-the-wild malicious PDF, how to make it more stealthy and how we can improve analysis on malicious PDF.

[h=1]DEFCON 19: IP4 TRUTH: The IPocalypse is a LIE[/h]Speakers: Sterling Archer Field Agent, ISIS | Freaksworth Professor, Mars University There is a long tradition of researchers presenting at security conferences on topics that are embarrassing to a large company or government agency: ATM hacking, router vulnerabilities, Massachusetts toll road RFIDs, etc. Many of these brave researchers risk lawsuits or career ruin to reveal the truth. THIS is the first talk that puts the presenters' very lives in peril. Much has been made of the so-called "IPv4 address exhaustion" problem, also known as the IPocalypse. Industry analysts, networking vendors, regulatory groups, think-tanks, and so on have insisted that migration to IPv6 is the only solution. However, a small group of dissenters insist that threat is exaggerated and, more importantly, that the "migration plan" is merely a scheme to increase revenue for the network equipment manufactures and overpriced consultants. The full truth is that IPv6 is the result of an international cabal on the verge of controlling the world. For centuries, mystics have prophesied that this "migration" would be the cabal's turning point. Incontrovertible evidence will be presented to convince all in attendance. Numerological analysis, ancient texts, and intercepted communiqués are just a few examples. Due to threats against their families, the presenters have been forced to take on assumed identities and appear only in disguise.

[h=1]DEFCON 19: The Art and Science of Security Research[/h]Speaker: Greg Conti West Point Research is a tricky thing, full of pitfalls, blind alleys, and rich rewards for the individual and humanity. This talk studies the art and science of conducting security research, from the genesis of your idea through experimentation and refinement to publication and beyond. In this talk you will learn how to generate and select powerful ideas, build upon the work of others, conduct groundbreaking work, and share your results for maximum desired effect. Whether you are a lone researcher or part of a large cabal you will take away ideas and techniques for maximizing the impact of your work, lest it lay dormant or have someone else rediscover your idea several years later.

[h=1]DEFCON 19: Panel: Network Security Podcast[/h] For more information visit: DEF CON

[h=1]DEFCON 19: Hacking and Securing DB2 LUW Databases[/h]Speaker: Alexander Kornbrust CEO of Red-Database-Security GmbH DB2 for Linux, Unix and Windows is one of the databases where only little bit information about security problems is available. Nevertheless DB2 LUW is installed in many corporate networks and if not hardened properly could be an easy target for attackers. In many aspects DB2 is different from other databases, starting at the user management (normally no user/passwords in the database) to the privilege concept. With the latest versions, DB2 LUW became more and more similar to Oracle (views, commands, concepts to make more stuff query-able from the database) and allows even to run PLSQL code from Oracle databases. IBM is also cloning the insecure configuration from Oracle by granting a lot of the PLSQL packages to public. This talk will give a quick introduction into the DB2 architecture, differences to other relational database systems and the most common DB2 configuration problems. Showing a lit of available exploits and typical pentester questions (how can I run OS commands, how can I access the network or file system) will also be covered. This talk will also demonstrate SQL injection in stored procedure code inside of the database (SQL/PL and PL/SQL), how to find, exploit and fix it. The last part covers the hardening of DB2 databases. For more information visit: DEF CON

[h=1]DEFCON 19: Owned Over Amateur Radio: Remote Kernel Exploitation in 2011[/h]Speaker: Dan Rosenberg Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass all operating system protection mechanisms and gain instant root access to remote systems. While reviewing prior work in remote kernel exploitation, this talk will go over some of the challenges and limitations associated with developing remote kernel exploits. We will discuss in detail the development of an exploit for a remotely triggerable vulnerability in the Linux kernel's implementation of the ROSE amateur radio protocol. In doing so, a number of new kernel exploitation techniques will be demonstrated. In addition, this talk will present a working example of the installation of a remote kernel backdoor. We will conclude with a demonstration of this exploit against a live system and a discussion of future work in kernel exploitation and mitigation. For more information visit: DEF CON

[h=1]DEFCON 19: Hacking and Forensicating an Oracle Database Server[/h]Speaker: David Litchfield David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of Oracle Forensics, the Oracle Hacker's Handbook, the Database Hacker's Handbook and SQL Server Security and is the co-author of the Shellcoder's Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt f¸r Sicherheit in der Informationstechnik in Germany. For more information visit: DEF CON

[h=1]DEFCON 19: Cellular Privacy: A Forensic Analysis of Android Network Traffic[/h]Speaker: Eric Fulton Director of Research, Lake Missoula Group, LLC People inherently trust their phones, but should they? "Cellular Privacy: A Forensic Analysis of Android Network Traffic" is a presentation of results from forensically analyzing the network traffic of an Android phone. The results paint an interesting picture. Is Google more trustworthy than the application developers? Are legitimate market apps more trustworthy than their rooted counterparts? Perhaps most importantly, should you trust your passwords, location, and data to a device that shares too much? For more information visit: DEF CON

[h=1]DEFCON 19: Building The DEF CON Network, Making A Sandbox For 10,000 Hackers[/h]Speakers: David M. N. Bryan Penetration Tester at Trustwave's Spiderlabs | Luiz Eduardo We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget. How this network evolved, what worked for us, and what didn't work over the last ten years. This network started as an idea, and after acquiring some kick butt hardware, has allowed us to support several thousand users concurrently. In addition I will cover the new WPA2 enterprise deployment, what worked, and what didn't, and how the DEF CON team is has mad the Rio network rock! For more information visit: DEF CON

[h=1]DEFCON 19: Three Generations of DoS Attacks[/h]Speaker: Sam Bowne Instructor, City College San Francisco Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker. I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011). Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable--let's find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor. For more information visit: DEF CON

[h=1]Hacktivity 2010: Hijacking Public Hotspots[/h] Speaker: Zsombor Kovács

[h=1]Hacktivity 2010: Post Exploitation Techniques in Oracle Databases[/h] Speaker: László Tóth

[h=1]Hacktivity 2010: Buffer Overflow step II .- ASLR and DEP Eveasion Techniques[/h] Speaker: András Kabai

[h=1]Hacktivity 2010: Buffer Overflow Workshop[/h] Speakers: Zoltán Pánczél, Ferenc Spala

[h=1]Hacktivity 2010: Router exploitation[/h] Speaker: FX

[h=1]Hacktivity 2010:"Rootkits vs. Anti-Virus Developers[/h] Speaker: András Tevesz

[h=1]Hacktivity 2010: Evolution of Rootkits[/h] Speaker: Robert Lipovsky

[h=1]Hacktivity 2010: Metasploit Workshop[/h] Speaker: Buherátor

[h=1]DEFCON 17: CSRF: Yeah, It Still Works[/h]Speakers: Mike "mckt" Bailey ASS Russ McRee ASS Bad News: CSRF is nasty, it's everywhere, and you can't stop it on the client side. Good News: It can do neat things. CSRF is likely amongst the lamest security bugs available, as far as "cool" bugs go. In essence, the attack forces another user's browser to do something on your behalf. If that user is an authenticated user or an administrator on a website, the attack can be used to escalate privilege. We've identified an endless stream of applications, platforms, critical infrastructure devices, and even wormable hybrid attacks, many of which require little or no Javascript (XSS). The key takeaway is this: a vulnerability that is so easily prevented can lead to absolute mayhem, particularly when bundled with other attacks. Worse still, identifying the attacker is even more difficult as the attack occurs in the context of the authenticated user. The presentation will discuss a variety of attack scenarios, as well as suggested mitigation. For more information visit: DEFCON