Friday, March 28, 2008

Blackhat Europe Briefings Day 1

These are some of the talks I've been @ :
  • Keynote by the Angel of Doom was on Digital Security and why it will fail. His conclusion is that we are in the right business and that we got job security. He gave ideas about how security solutions that do not take the big picture into perspective are bound to fail. Had a chat with him during lunch, very interesting conversation.
  • The talk from the GNUcitizen people called Client-side security was enjoyable. They were presenting stuff that (i think all) was publicly available either on their site or their friend's site. Most of their exploits seem to have one thing in common - they use multiple technologies to abuse the system.
  • Attacking Anti-virus talk by SoWhat was interesting. It was not flowing but the subject material was good. By making use of fuzzing of filetypes, he gave live demos of AV software crashing. Some of the vulnerabilities seem to be exploitable to run arbitrary code and SoWhat was able to show a few unpatched vulnerabilities as well.
  • The Cisco IOS Forensics talk was very well researched. We learned about how the base OS on IOS works - there is no real kernel, there are no separate processes. If one thing crashes, the whole box goes down. We also learned that some of the issues are warez/illegally downloaded IOS updates which contain 3rd party modifications (i.e. backdoors). TCL backdoors were also mentioned. These are most of the times created by legitimate users for later use and abuse (read getting things done or disgruntled ex-employees). Recurity-labs's new project called CIR would allow us to inspect Cisco crash dumps and identify all this and more. It is available online for free at http://cir.recurity-labs.com/
  • The Multimedia fuzzing talk was ok. They talked about fuzzing codecs and mp3 tags and all that. Also showed a demo of flac123 spawning shellcode exploiting an overflow. The same guys who gave the talk have released 2 tools of interest:
    • Fuzzbox, which allows you to create different fuzzed samples based on a valid media file.
    • RTPInject, which allows one to inject arbitrary audio in a VoIP conversation.
  • Managed to grab the Iron Chef Challenge in the last minute when they were presenting the results. The teams were draw and there was no clear winner. All the flaws identified were theoretical :-(
  • Started watching the 0day patch talk but all the graphs got to my head and I quickly switched to the lockpicking talk. Mr. Ollam gave an excellent talk as usual and updated us with the latest details on the locks and safes.
After that we went to the Microsoft party, which was okey. Met a few interesting chaps from the AV industry and the Pentest business.

3 comments:

Sn0rkY said...

Thanks for your feedback sandro :)

you have assisted to the IOS forensic briefing but did you heard something about the Crackstation ?

sandro said...

unfortunately the crackstation one clashed with the IOS :(

was out for a beer 2 days ago with the crackstation guys.. very cool ppl

mokum von Amsterdam said...

I liked the fact that Nick Breese [crackstation] went up to David Hulton [GMS cracking] after his presentation and started discussing details :P