DEFCON 23 starts Thursday. Black Hat USA 2015 starts tomorrow.
Once again, it doesn’t look like I’m going to make it out to Vegas. Once again, I’m going to try to cover things from 1,500 miles away. It isn’t completely clear to me that anyone other than me is getting any benefit from this, but I’ve been doing this for long enough that I have a hard time stopping now.
Here’s the schedule. There are several presentations that are already getting media attention:
- “When IoT attacks: hacking a Linux-powered rifle” got a write-up in Wired, and notice from Tam. I’ll admit that I’m interested in this research, as it represents the intersection of two of my interests. But given the current state of TrackingPoint, is this more like “knowing how to hot-wire a Tucker Torpedo” than a Ferrari Enzo?
- “Hacking Smart Safes: On the ‘Brink’ of a Robbery” also got a Wired writeup, and I’m pretty sure I’ve seen coverage elsewhere; I just can’t find it right now.
- And Charlie Miller and Chris Valasek got a lot of press coverage off of their “Remote Exploitation of an Unaltered Passenger Vehicle” paper. Another Wired article (I know, I know, but this one is first-hand.) NYT article on the recall triggered by Valasek and Miller’s research. I have to admit, I’m impressed; usually, only people named “Nader” manage to get 1.4 million cars recalled.
So what would I go see if I was there? What sounds interesting to me?
It’s always nice when Thursday starts with a toss-up. On the one hand, “Introduction to SDR and the Wireless Village” pushes my software defined radio buttons. On the other hand, I don’t know as much as I’d like to about hardware security, and “Hardware and Trust Security: Explain it like I’m 5” pushes my “explain it like I’m a four-year-old” button.
I’d probably hit Brent White’s “Hacking Web Apps” panel at 11:00, and Zack Fasel’s “Seeing through the Fog” (security problems with cloud services) at 12:00.
At 13:00, I like “Alice and Bob are Really Confused”, just because the whole debate about usability and crypto applications has been going on for the better part of 20 years now, and I’d like to see if David Huerta has anything new to add. I’m also a sucker for small computers, especially if they can do useful work (like pen testing), and Dr. Phil Polstra’s past presentations have been good, so “Hacker in the Wires” for me at 14:00.
At 15:00, I’m thinking this will be my first chance to hit the dealer’s room. But I can see “Forensic Artifacts From a Pass the Hash Attack” being interesting if you’re more into Windows administration and forensics than I am.
16:00 brings us another toss-up. I like old school phone phreaking, so Patrick McNeil and “Snide” Owen’s “Sorry, Wrong Number: Mysteries Of The Phone System – Past and Present” is attractive. But so is “Guests N’ Goblins: Exposing Wi-Fi Exfiltration Risks and Mitigation techniques”. Old skool vs. new skool; flip a coin.
Lawrence has told me it’d be useful to have some Git experience on my resume, so “Backdooring Git” at 17:00 is tempting, but I might go back to the dealer’s room and browse for artifacts of pre-revolutionary America instead. Or I might go to the “Dark side of the ELF – leveraging dynamic loading to pwn noobs” talk; it all depends on my mood that close to the end of the day.
I like the sound of “Medical Devices: Pwnage and Honeypots”: “We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented.” Jesus, Joseph, and Mary. But “Secure Messaging for Normal People” pushes the “explain it to me like I’m four” button. Plus, I’m dealing a lot with TLS/SSL related issues at work, so if Justin Engler plans on talking about that, we have an override here.
Friday! Friday! Friday! Kilowatt burning Teslas!
The early morning talks aren’t that interesting to me, though I might go to “Bugged Files: Is Your Document Telling on You“. I don’t care about the panel discussion at 11:00, or Cory Doctorow, but Joshua Drake’s “Stagefright: Scary Code in the Heart of Android” could be fun. “Goodbye Memory Scraping Malware: Hold Out Till ‘Chip And Pin'” might be interesting, too. And I can never get enough crypto, so Eijah’s “Crypto for Hackers” is tempting.
I like Bruce Schneier a lot, but the “Bruce Schneier Q&A” is almost certainly going to be full. So I figure this is going to be a toss-up between Jeremy Dorrough’s “USB Attack to Decrypt Wi-Fi Communications” and “Confessions of a Professional Cyber Stalker”.
13:00 is jammed again: my first choice would be Samy Kamkar’s “Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars”, but the Peter Shipley and Ryan Gooler “Insteon’ False Security And Deceptive Documentation” talk (“More than forty percent of homes with automation installed use Insteon.”) also has my attention. So does Colin O’Flynn’s “Don’t Whisper my Chips: Sidechannel and Glitching for Fun and Profit” (“… this presentation will show you how to perform these attacks for equipment costing $200.”) And Sean Metcalf’s “Red vs. Blue: Modern Active Directory Attacks & Defense” is a close third; again, this is one that’d move up a spot if I were more of a Windows admin.
I think everyone in my circle (none of whom drive Teslas, yet) wants to know about the “How to Hack a Tesla Model S” talk, so I’m obligated to go to that. But I’m actually more interested in the Yuwei Zheng and Haoqi Shan “Build a free cellular traffic capture tool with a vxworks based femoto” talk: “With the inspiration from social engineering, we got a femto-cell base station from a telecom operator. After a series of hacking and modifications, we built it as a powerful SMS, voice and data link inception tool. Furthermore, not like a fake station, it’s a legal base station and authorized to access the operator’s core network.”
At 15:00, I’m thinking either dealer’s room, or AmmonRa’s “How to hack your way out of home detention”, the latter mostly for background material for the mythical novel. At 16:00, do I want to see Robert Graham and David Maynor’s “HamSammich – long distance proxying over radio”, or “LTE Recon and Tracking with RTLSDR” (“If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I’ll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard.”)? Decisions, decisions.
I’m not all that wild about anything at 16:30, but “I Will Kill You” could be another “background for the novel” talk.
The Runa Sandvik and Michael Auger LINUX-powered rifle talk is at 17:00, and that’d be my first choice. If I couldn’t get in, the “Hack the Legacy! IBM i (aka AS/400) Revealed.” talk would be my backup; kicking it old school, mon. I’m not wild about anything at 18:00, though I might hit Craig Young’s “How to Train Your RFID Hacking Tools”. I keep thinking about getting more into RFID. At 19:00, “One Device to Pwn Them All”, because: only thing going on, Polstra, small devices, sequel to a talk from an earlier DEFCON.
On Saturday at 10:00, I’m tempted by Bruce Potter’s “A Hacker’s Guide to Risk”, because this is an area I’d like to have a better understanding of. (Also, I admire the work of the Shmoo Group.) But the Mickey Shkatov and Jesse Michael “Scared Poopless – LTE and *your* laptop” could be fun, too. “In our talk we will demonstrate and discuss the exploitation of an internal LTE modem from Huawei which can be found in a number of devices including laptops by HP.” Huawei. Why does it always have to be Huawei?
At 11:00, I’d have to go see “And That’s How I Lost My Other Eye: Further Explorations In Data Destruction”, another followup to an earlier DEFCON presentation. Credit, though, to Yaniv Balmas and Lior Oppenheim for “Key-Logger, Video, Mouse — How To Turn Your KVM Into a Raging Key-logging Monster”, because “uncharted serial protocols”, “monstrous obfuscation techniques”, and “8051 assembly”.
The Brink’s safe talk is at noon, but Wesley McGrew’s “I Hunt Penetration Testers: More Weaknesses in Tools and Procedures” tempts me, too. At 13:00, I like Colby Moore’s “Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service”: satellite hacking has been little explored and is vastly underrated, in my humble opinion.
And the Miller/Valasek car hacking panel is at 14:00. Second choice if that’s full: Matteo Beccaro and Matteo Collura’s “Extracting the Painful (blue)tooth”, because Bluetooth hacking is another of my areas of interest.
I’m thinking I would go to the Mike Ryan and Richo Healey “Hacking Electric Skateboards: Vehicle Research For Mortals” talk at 15:00, mostly because a good friend of mine recently bought an electric skateboard and might be interested in this.
At 16:00, “I want these * bugs off my * Internet”, because Dan Kaminsky. But this is likely to be full, so my backup would be Cassidy, Leverett, and Lee’s “Switches Get Stitches”. (“This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities.”)
There are three presentations that sound good at 17:00: “Exploring Layer 2 Network Security in Virtualized Environments” (“In this paper, we explore whether Layer 2 network attacks that work on physical switches apply to their virtualized counterparts”), “Security Necromancy: Further Adventures in Mainframe Hacking” (which may be a sequel to a previous DEFCON talk: I can’t tell for sure), and Andres Blanco/Andres Gazzoli “802.11 Massive Monitoring” (“…can we monitor all 802.11 channels?”).
And once again, Richard Thieme walks off with the “Hippie, please!” award. Should I retire this? Or declare Thieme ineligible, as a multiple-time recipient?
I’m not wild about anything at 18:00, but at 19:00, I’m intrigued by LI Jun and YANG Qing’s “I’m A Newbie Yet I Can Hack ZigBee – Take Unauthorized Control Over ZigBee Devices”. (“In this presentation we will introduce a new technique to beat the security of ZigBee…”)
And thus we slide into Sunday. If I couldn’t sleep in, I’d hit the Gorenc/Hariri/Spelman talk on “Abusing Adobe Reader’s JavaScript APIs” at 10:00, and either “Ubiquity Forensics – Your iCloud and You” or the Bathurst/Thomas “Canary: Keeping Your Dick Pics Safe(r)” talks at 11:00. (The latter appears to be more of a general talk on TLS/SSL security, not just dick pics.)
Nothing leaps out at me for 12:00, but “RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID” sounds interesting.
It looks like things start closing down at 14:00, and they’ve broken off the contest part of the closing ceremonies into a separate event. At this time, I’d make one last pass through the dealer’s room, do the closing ceremonies at 16:30, and call it a DEFCON, were I going.
Errors? Omissions? Criticisms? Talks that you’re interested in? Ones you think I neglected? DEFCON presenter who thinks you’re getting short shrift, or would like to provide me with a link to their slides? Comments are open. I will try to link to as many posted presentations as I can, but I’m not sure when over the course of the weekend I’ll be able to have posts up. The quickest way to make sure I get them up is to put links in comments or email to me.
[…] Once again Dwight is on the DefCon beat. […]