I was recently contacted by Don from The Ethical Hacker Network (EH-Net) and asked if I was interested in attending the Black Hat USA 2014 Briefings as the winner of a monthly giveaway contest on his site. I had never been to either Black Hat or DEFCON, so I jumped at the chance to see what the fuss was all about. This is a short write-up on my conference experiences to help give future first-timers an idea of what to expect.
Before getting to my experiences as a BH/DC Virgin, let me share a little about myself. I’ve been performing digital forensics for five years and started studying hacking and pen testing about two and a half years ago. I originally started my studies to improve my forensics skills but it soon became my favorite hobby. I feel that it’s important to include this information, as there is a huge variety of ages, experiences and personalities of the attendees. What you bring as well as what you expect to do can drastically affect your own experience of these two events. Therefore, your mileage will most certainly vary.
Backdoors are once again thrust into the forefront with this week’s breaking news that the NSA allegedly hacked Chinese router company Huawei’s servers. Back in October 2012 the House Intelligence Committee accused Huawei, which claims to interconnect one third of the Internet, of embedding backdoors into routers and “posing a national security threat.” And thanks to another Edward Snowden bombshell, we now know that the NSA took their own measures to ensure perpetual access to Huawei routers.
Government espionage is nothing new. Although both sides in the example above dismiss the claims, these recent developments confirm that the location of the battlefield is forever changed. Instead of bullets and bombs, the new intelligence war is being fought with almost imperceptible bursts of electricity. Reminds me of the classic AC/DC song “Dirty Deeds Done Dirty Cheap,” where they poetically proclaim that, “For a fee I’m happy to be your backdoor man.”
By Todd Kendall
It seems pertinent during this time of year, as I finish off the last batch of left over Christmas cookies, some peppermint bark, and a large glass of eggnog, to talk about a phenomenon known as the sugar high. I’m talking about the high one gets after consuming large amounts of sugar, also called a “sugar rush.” Sugar highs cause twitchiness, spasms, and hyper excitability. Sugar highs do not last very long and leave a person feeling drained afterwards.1
As an IT Security Consultant I have had the opportunity to work with a variety of organizations over the years, often on multiple occasions and on multiple projects that stem from Security Policy Development, Gap Analysis, Penetration Testing, and in some cases Incident Response and Forensics. When you work with organizations in this capacity it is difficult not to develop personal relationships over time, and, as any good consultant will tell you, you want to gain a “trusted” relationship not only from an ethical point of view but also from a capitalist point of view. Let’s face it, more trust, means more business.
Like any relationship, you may find yourself in a position at some point where you simply have to tell the other party that they simply aren’t listening. Despite all of the times you have had the same conversation, and they swear up and down to take your advice.