DEFCON 22: 0 day notes (part 2)

So what’s happening on Friday?

Domain Name Problems and Solutions” intrigues me the most in the first block, since a) it looks like this is going to involve DNS based attacks on spam, and II) Paul Vixie is one of the key figures in the development of DNS.

USB for all!” sounds like an interesting talk: “We will demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.”

I would have to go to “From root to SPECIAL: Pwning IBM Mainframes” just because I have a close friend (and former IBM-er) who speaks IBM mainframe. Plus, I’m curious. But “ShareEnum: We Wrapped Samba So You Don’t Have To” would be a good second choice: “ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.” And “Stolen Data Markets An Economic and Organizational Assessment” could be interesting as well. I’d probably still hit the IBM talk and seek out the slides for the other two.

More than likely I’d take a break at 13:00 and look at the slides for “Bypass firewalls, application white lists, secure remote desktops under 20 seconds” and “Investigating PowerShell Attacks” later. At 14:00, “What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil)“: “…we decode the previously undocumented mesh protocol enough to (1) “tune in” to live feeds from the various cameras positioned across the city, just like we were in police headquarters, and (2) inject arbitrary video into these streams.”

Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance” sounds like the best talk at 15:00. And after that, there’s nothing that really intrigues me on Friday.

Hack All The Things: 20 Devices in 45 Minutes” seems like the best opening panel on Saturday: if you don’t like what you’re seeing, just wait and something else will be along shortly. Plus free hardware!

There’s nothing that leaps out at me until “Secure Random by Default” at 13:00. Because Dan Kaminsky. “PropLANE: Kind of keeping the NSA from watching you pee” would be a good fallback if Kaminsky is too crowded: “…we’ve combined two things every good hacker should have, a Propeller powered DEF CON badge (DC XX in our case) and a somewhat sober brain to turn the DC badge (with some modifications) into an inline network encryption device.” (And hey: I have a DC 20 badge!)

“Secure Random” runs until 15:00, but if I couldn’t get into that, “NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It” would be my second choice in the 14:00 block.

A Survey of Remote Automotive Attack Surfaces” is at 15:00. This is another Charlie Miller and Chris Valasek talk, and is already getting some press: I kind of want to see this, but, again, there’s a conflict with two other talks I’d also like to see: “VoIP Wars: Attack of the Cisco Phones” and “Detecting Bluetooth Surveillance Systems“. This is another case where I’d apologize profusely to Mr. Miller and Mr. Valasek, download a copy of their presentation, and hit one of the other two sessions.

Manna from Heaven: Improving the state of wireless rogue AP attacks” sounds interesting, especially with the promise of “a new rogue access point toolkit”. But I just can’t pass up the promise of “Learn how to control every room at a luxury hotel remotely“.

Attacking the Internet of Things using Time“, which is really about timing attacks, sounds more interesting than the title implies. And “Old Skewl Hacking: Porn Free!” sounds like a great way to wrap up the day.

I don’t know that there’s anything I care that much about Sunday morning, though “Burner Phone DDOS 2 dollars a day : 70 Calls a Minute” and “Optical Surgery; Implanting a DropCam” could be interesting if I was up at that time. “NSA Playset : GSM Sniffing” sounds a bit more interesting: “Introducing TWILIGHTVEGETABLE, our attempt to pull together the past decade of GSM attacks into a single, coherent toolset, and finally make real, practical, GSM sniffing to the masses.”

There’s a gap in stuff I want to see from 13:00 to 15:00. At 15:00, we have “Elevator Hacking – From the Pit to the Penthouse“. I confess to a great deal of curiosity about elevators and how they work. Plus: Deviant Ollam! And that takes us to the closing ceremonies at 16:30.

Tomorrow, I’ll start trying to put up links.

Comments are closed.