Post Sun Feb 15, 2009 2:11 pm

Rdy for DC 17? check out the best of last year, Defcon 16 top ten

I posted this a WHILE ago, but seems like a lot of the speakers will be revisiting other cons with these talks, or have updated them and are continuing dev on them. Slides and audio are provided for all of them.

Original Post, Defcon 16 - Top ten with audio for all! - late update:

1) BackTrack Foo - From bug to 0day

Mati Aharoni Owner, Offensive Security.
As pentesters and hackers we often find the need to create our exploits on the fly. Doing this always presents a challenge. But one challenge took us to a new limit and a new level. We want to share the method with you. From Bug to 0Day will show the audience the process of fuzzing, locating the bug, using egghunters then figuring out to build a pure alphanumeric shellcode to exploit it.

This will truly be the most mind bending 60 mins you will spend in exploit development.

Mati is a network security professional, currently working with various Military and Government agencies as well as private sector businesses. His day to day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing.
Mati is most know for his role in creating the award winning, internationally acclaimed linux pentesting distro, BackTrack. As well as his lead role in creating the hottest security training school in the international market today, “Offensive Security”. This focused, intense school hones the skills for security professionals by teaching them the tools and methodologies popular in the market. Mati has been training security and hacking courses for over 10 years and is actively involved in the security arena.

Slides: ... haroni.pdf

Audio: ... c_t415.mp3

2) Owning the Users with The Middler

Jay Beale, Senior Security Consultant and Co-Founder, Intelguardians Network Intelligence, Inc. This talk introduces a new open source, plugin-extensible attack tool for exploiting web applications that use cleartext HTTP, if only to redirect the user to the HTTPS site. We’ll demonstrate attacks on online banking as well as Gmail, LinkedIn, LiveJournal and Facebook. We’ll also compromise computers and an iPhone by subverting their software installation and update process. We’ll inject Javascript into browser sessions and demonstrate CSRF attacks.

Our new tool, The Middler, automates these attacks to make exploiting every active user on your computer’s network brain-dead easy and scalable. It has an interactive mode, but also has a fire-and-forget mode that can perform these attacks automatically without interaction. Written in Ruby, this tool is easy to both extend and add into other tools.

Slides: ... eale-2.pdf

Audio: ... c_t412.mp3

3) Grendel-Scan: A new web application scanning tool

David Byrne Security Consultant, Trustwave, Eric Duprey Senior Security Engineer, Dish Network. While commercial web application scanners have been available for quite a while, the selection of open source tools has been limited. Grendel-Scan is a new tool that aims to provide in-depth application assessment. Written entirely in Java and featuring an easy to use GUI, the tool is intended to be useful to a wide variety of technical backgrounds: from IT security managers, to experienced penetration testers.

Grendel-Scan can test for authentication and authorization bypass, SQL injection (blind and error-based), XSS, CRLF injection / response splitting, session key strength, session fixation, file/directory/backup enumeration, directory indexing, web server mis-configuration, and other vulnerabilities. Exploration of the web application can be accomplished through an embedded proxy server, via automated spidering, or search engine reconnaissance.

The accuracy of the testing is increased by powerful features such as automatic detection and correction of logged out sessions, heuristic file-not-found detection, and an embedded HTML DOM parser and JavaScript engine for full page analysis. Grendel-Scan was architected with extensibility in mind. Powerful libraries offering features such as input/output tracing, session tracking, or HTML DOM comparisons make the development of new test modules much easier.

The presentation will feature an overview of the application’s design, results of comparative analysis against similar tools, and a live demonstration of the tool using a real application (not an intentionally vulnerable app).

Slides: ... -byrne.pdf

Audio: ... c_t417.mp3

4)Nmap: Scanning the Internet

Fyodor Hacker, Insecure.Org. The Nmap Security Scanner was built to efficiently scan large networks, but Nmap’s author Fyodor has taken this to a new level by scanning millions of Internet hosts as part of the Worldscan project. He will present the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. Additional topics include detecting and subverting firewall and intrusion detection systems, dealing with quirky network configurations, and advanced host discovery and port scanning techniques. A quick overview of new Nmap features will also be provided.

Slides: ... dspeed.pdf

Audio: ... c_t208.mp3

5) Career Mythbusters: Separating Fact from Fiction in your Information Security Career

Lee Kushner President, LJ Kushner and Associates, LLC, Mike Murray Director of Neohapsis Labs. How long should my resume be? Do I really need to be a Manager? Do I need to attend business school? What certifications do I need? Does my title matter? Should I go after money or a cool job? What are the hot skills du jour? How do I use LinkedIn and Facebook? All of these questions are asked continually by Information Security professionals as they assess their current positions and determine which future opportunities align with their aspirations. Mike Murray and Lee Kushner return to the DefCon stage to answer these questions and dispel the prevailing myths that permeate the information security industry. Participants should leave the presentation with a better way to map out their own career and separate fact from fiction as they make decisions on how to pursue their ultimate career goals.

Slides: ... ushner.pdf

Audio: ... c_t515.mp3

6) Password Cracking on a Budget

Matt Weir Security Researcher, Sudhir Aggarwal Security Researcher. Not every bad guy writes down passwords on sticky note by their monitor. Not every system administrator fully documents everything before they leave. There are a lot of legitimate reasons why you might need to crack a password. The problem is most people don’t have a supercomputer sitting in their basement or the money to go out and buy a rack of FPGAs. This talk deals with getting the most out of the computing resources you do have when cracking passwords.

Our group at Florida State University is currently working on password cracking research to aid in forensics analysis. We’ve analyzed disclosed password lists to try and figure out how real people actually create passwords. Not all of these lists have been in plain text so we’ve had to go through the pain of cracking passwords ourselves. Just like you, we are still waiting on funding for that supercomputer as well. In this talk, we’ll go over some of the tools and techniques we’ve used to crack these password lists using only a couple of PCs, such as custom wordlist generation and choosing the right word mangling rules. We’ll also talk about some of the lessons we’ve learned and the mistakes we’ve made along the way.

Slides: ... 6-weir.pdf

Audio: ... c_t109.mp3

7) Stealing The Internet - A Routed, Wide-area, Man in the Middle Attack

Anton Kapela Security Researcher, Alex Pilosov Security Researcher. In this presentation we’re going to show Defcon how broken the Internet is, how helpless its users are without provider intervention, and how much apathy there is towards routing security.

With the method described in this talk, an attacker is able to gain full control and visibility of all IP packets heading towards an arbitrary destination prefix on the Internet. From the perspective of the victims network, every inbound packet they receive will have first taken the ’scenic route’ through the attackers network before getting reaching the true destination.

The presentation will show attendees how (roughly) BGP works on the Internet, how and what providers do (or don’t do) when interconnecting their networks, concluding with a discussion of the hijacking method and a live demo of ‘man in the middled’ traffic, in-flight, to an undisclosed destination, including countermeasures employed to further obscure the interception and ensure nearly perfect network transparency. Ettercap and others please stand aside - routed Internet hijacking has come of age!

Slides: ... kapela.pdf

Audio: ... c_t424.mp3

8) Dan Kaminsky DNS Exploiting - Black Ops 2008

Dan Kaminsky, a penetration tester with IOActive, shows a flaw in the Domain Name System that would allow attackers to easily impersonate any website — banking sites, Google, Gmail and other web mail websites — to attack unsuspecting users.

Kaminsky announced the vulnerability after working quietly for months with a number of vendors that make DNS software to create a fix for the flaw and patch their software. On July 8, Kaminsky held a press conference announcing a massive multivendor patch among those vendors, and urged everyone who owns a DNS server to update their software.

Slides: ... minsky.pdf

Audio: ... c_t224.mp3

Video: ... _cache.m4v

9) Identification Card Security: Past, Present, Future

*note, this is a former research field of mine. although Doug had a great presentation, there was much lacking on the topic. I will be doing some new research on multispectrum holograms, etc soon! =)

Doug Farre Administrative Director, Locksport International . Come learn how identification cards have taken over our lives, how they can be manufactured at home, and how you can start a legal ID making business. Come learn all the tips and tricks about amateur id manufacturing and pickup the first ever Complete Amateur ID Making Guide. Also, come test your ability to spot a fake, vs. a real, and check out the newest in ID technology. Polycarbonate laminates, biometrics, Teslin, and RFID. Lastly, see how corporations are affecting the identification card fiasco in the U.S. What’s in your wallet?

Slides: ... -farre.pdf

Audio: ... c_t321.mp3

10) Bringing Sexy Back: Breaking in with Style

David Maynor CTO, Errata Security, Robert Graham CTO, Errata Security. Security is getting better; there is no doubt about that. High value targets are increasing their security while buying into the buzzword hype with phrases like “defense in depth”. Firewalls, IPS, AV, NAC, and a host of other technologies have done a lot to give the pointy hair bosses of the world the ability to sleep easy…or has it. While those PHB sleep easy in their bed the ability to compromise a site at will continues to grow.

Remember the good old days of planting Trojans in microcontrollers of your enemy’s hardware or shipping packages with system updates that contain backdoors? What happened to those days? What if I told you that breaking into a site is as easy as sending a package via some third party carrier or throwing up a website. This talk will cover penetration techniques that at first glance appear to be Hollywood fiction but are easy and reliable methods of intrusion.

Miss this talk and you may never know why you have a package in your shipping department addressed to “U R Owned, INC.”.

Slides: ... maynor.pdf

Audio: ... c_t105.mp3