Search results for carolinacon (5)

CarolinaCon 8

2
12 years
by in geeky stuff, security on 2012-05-11

Once again, it’s time for a weekend of frivolity and technology that we call “CarolinaCon”. While I was sure that doing so would put me on some secret list of persons-to-watch, I made plans to attend.

As usual, the Con spanned the weekend, from Friday evening until Sunday evening. Here’s my impressions.

FRIDAY EVENING

  • 7:00pm – Identifying Cyber Warriors (Tom Holt / Professor Farnsworth)
    The professor always does such a good job of easing the crowd out of reality and into the “Con-zone”. His presentations are academic, but touch on hacker culture. This year, he gave questionnaires to college students to determine correlations between their attitudes on protesting and hactivism across two dimensions: domestic-vs-foreign and physical-vs-virtual.
  • 8:00pm – Bypassing Android Permissions (Georgia Weidman)
    Georgia explained how Android phone apps implement “intents” or services, and then how to inspect an Android app to see its contents. Using these two pieces, she was able to write unprivileged apps that use another app’s higher-priviledge services.
  • 9:00pm – Intro to Hacking Bluetooth (ronin)
    Ronin has assembled a wide array of open source Bluetooth tools into a Linux distribution that he calls “Blubuntu”. He showed the basic usage of some of these tools, with some good background info on how the protocols work. A good overview talk!
  • 10:00pm – F-ing the Friendly Skies (Deviant Ollam)
    The original plan was to end the Friday night session with a round of Hacker Trivia, but the schedule was abruptly changed to include this entertaining talk from Deviant Ollam, whose talks usually center on lock picking and air travel (and they usually include alcohol). This year’s presentation did not disappoint — the topic was the “Mile High Club”, with a complete survey of logistics, opportunity, and suggestions for flight timings and choice of aircraft.

SATURDAY

  • 10:00am – DevHack: Pre-Product Exploitation (Snide)
    Once they cranked up the volume on Snide’s mic, he walked us through several ideas for planting malware into a software development environment, implanting your payload at the source.
  • 11:00am – Malware Retooled (Big-O)
    This talk discussed how we can watch what malware DOES rather than trying to match against signatures. Big-O showed some nice visualization tools, like thread graphs.
  • lunch break
  • 1:00pm – Inside Jobs: Stealing Sensitive Data and Intellectual Property (Vic Vandal and emwav)
    Vic and emwav enumerated several ways that companies and employees can escalate the arms race… employees can steal proprietary information, and employers can make it difficult. The bottom line for me was that this arms race is stacked in favor of the attacker.
  • 2:00pm – Project Byzantium: Improvisable Ad-Hoc Wireless Mesh Networking for Disaster Zones (Sitwon The Pirate and The Doctor)
    Apparently, someone told this group that CarolinaCon was a costume party. The pirate and the doctor win the prize for best costumes. But pay closer attention. These guys are smart — they have scoured the internet for cool mesh networking tools, and they have packaged them into a LiveCD distro called “Byzantium”. Imagine a disaster or political unrest scenario, where you would like to mesh together a group of users and share an internet connection. Keep an eye on this fledgling project.
  • 3:00pm – Hacking as an Act of War (G. Mark Hardy)
    Gmark has been keeping his eye on the geopolitical landscape and how different nations approach info security. He has insights into the capabilities and motivations of the different players, and he observes recent cyber-attacks that have shaped the new balance of powers. Where do we draw the line between hacking and warfare?
  • 4:00pm – Big Bang Theory: The Evolution of Pentesting High Security Environments (Joe McCray)
    Joe warns corporate America that we should stop focusing on the vulnerabilities, stop patting ourselves on the back when we’ve checked all of the patch check boxes, and instead focus on why an attacker would be interested in their companies to begin with, and prioritize based on the value of the assets (illustrated with a colorful analogy about driving through the ‘hood).
  • Dinner Break
  • 7:00pm – Spyometrics: New World of Biometric Surveillance (Dr. Noah Schiffman, aka Lo-Res)
    This talk had a lot of promise, because the subject matter is wide open for thought-provoking stories. But I felt like this talk left more loose ends than tied-up ones.
  • 8:00pm – Dr. Tran goes to Switzerland (Dr. Tran)
    One of the best talks of the show, and it was not even about security! Dr Tran recently moved to Zurich, and he recorded his impressions and shared them with the Con attendees.
  • 9:00pm – Hacker Trivia
    Much like hacker trivia in previous years, but I noticed three differences. The game was more lightly attended than at previous cons. Many of the questions went unanswered (meaning Vic had to take a drink). And most disappointing, Al did not emcee.

SUNDAY

  • 10:00am – Attacking CAPTCHAs (Gursev Singh Kalra)
    This talk was canceled. Instead, we heard from some UNC-Charlotte students on the accomplishments of their hacking competition team.
  • 11:00am – Patch to Pwned: Exploiting Firmware Patching to Compromise MFP Devices (Deral Heiland)
    Deral Heiland has made a career out of keeping printer manufacturers on their toes. This time, he decomposes a firmware update package for Xerox printers, and he creates his own update that includes his “modifications”.
  • Lunch Break
  • 1:00pm – Hacking your Mind and Emotions (Branson Matheson)
    Branson shows how easily we can be socially engineered. It happens every day, from advertisers, authority figures and administrators. He shows us how to recognize when we’re being manipulated, and he encourages us to know our rights and responsibilities so we can limit our exposure.
  • 2:00pm – It’s 2012 and My Network Got Hacked (Omar Santos)
    Case studies of real-life compromises, in spite of the sophisticated defenses employed. Omar discussed the challenges that are encountered by large organizations with wide networks and hundreds of assets to manage.
  • 3:00pm – Declarative Web Security: DEP for the Web (Steve Pinkham)
    Modern browsers are starting to include advanced policy engines that allow web sites to declare rules, such as “only run javascript from this host”, in an attempt to restrict what potential malware can do.
  • 4:00pm – Raspberry Pi’s Impact on Hacking (DJ Palombo)
    OK, the RaspPi is a cheap small computer. We get that. DJ Palombo seems to think that the revolutionary concept is that its low profile and disposability make it a good “bug” or or hidden node for hacking.

Thanks to the organizers and presenters for another memorable Con!

The Pirate and the Doctor

The Pirate and the Doctor discuss Byzantium

CarolinaCon 7

0
13 years
by in geeky stuff, security on 2011-05-01

CarolinaCon 7

For the fourth year in a row, I treated myself to a weekend of security training and adolescent tom-foolery called “CarolinaCon”. The event was sponsored by the local chapter of 2600. While the presentations covered a range of topics that would interest any security professional, the tone was that of a college party. It’s fun.

The tagline for this year’s event was “A weekend of brainstorming (and by brainstorming, we mean drinking)”.

The Con started on Friday after work, and it continued until supper time on Sunday. While the speakers were giving their presentations in the main room, there were side events going on, too: a “lock pick village”, a weekend-long game of capture-the-flag, and a crypto challenge. It was hard to decide what to do, but I stuck with the presentations.

Here’s my thoughts on the various presentations.

FRIDAY EVENING

  • 7pm – Tales from the Crypto (G. Mark Hardy)
    Security conferences are known for having puzzle challenges in their admission badges, and Gmark is the twisted mind behind several of them. He gave us an overview of classical (pen-and-paper) cryptography techniques, and showed how these tricks were incorporated into past Con badges. Finally, he issued a challenge to crack the code buried in the CarolinaCon 7 badge.
  • 8pm – How to Own and Protect Your Office Space (Dr. Tran)
    Dr Tran, from the ToooL team (of lock-pickers) showed common weaknesses in office physical security.
  • 9pm – Serial Killers: USB as an Attack Vector (Nick Fury)
    Nick likes to build stuff, and this time he built a small USB device that claims to be a keyboard, or a mouse, or both.  And it can type stuff and click on stuff, just like a real mouse.
  • 10pm – Hacker Trivia (wxs, Vic Vandal, AlStrowger)
    Hacker Trivia is CarolinaCon’s version of Jeopardy, where the questions are about hacker topics, and the answers will win you prizes (or crap).  I won a lock pick set and a “vintage” (1990) T-shirt that says “Cray Ada 3.0”.

SATURDAY

  • 10am – Music and Audio Production with FOSS (Adam Drew)
    Some of the audience members partied a little hard last night, so Adam woke them up with some noise/music that he produced using 100% free and open source software.  This was my favorite talk of the Con… but it had nothing to do with security.
  • 11am – PIG: Finding Truffles Without Leaving A Trace (Ryan Linn)
    Ryan has given talks before about using metasploit to find vulnerabilities in a network.  This time, he showed a plug-in that he calls “PIG”, which does Passive Information Gathering… just listening to what everyone else is willfully broadcasting.
  • LUNCH BREAK
  • 1pm – If You Own a Multi-Function Printer than I Own You (Deral Heiland)
    Every year, Deral brings some new way to crack an egg. This time, it was office printers with shoddy security. It’s as if the printer companies got their embedded software guys to do the web interfaces, too! [This, of course, describes MY day job pretty well – I should take notes.]
  • 2pm – Yara and Python: The Malware Detection Dynamic Duo (mjg = Michael Goffin)
    Yara is a tool that can generate a “signature” to help classify malware. I sort of faded out during this one. Hey, it was just after lunch.
  • 3pm – There’s An App For That: Pentesting Moble (Joe McCray)
    We always enjoy seeing Joe Mac, and so we were happy to learn that he could fill a last-minute vacancy with his talk on installing your favorite hacking tools on a mobile phone platform.
  • 4pm – Fun with SSH Honeypotting (Chris Teodorski)
    Best security talk of the Con, starting with a simple tool that looks like a vulnerable SSH shell account, but is really just a frustrating maze that records an intruder’s every move.  But not stopping there, Chris went on to profile his intruders by analyzing the rootkit they used, and then by chatting them up in their IRC forum.
  • DINNER BREAK
  • 7pm – Why Your Password Policy Sucks (purehate = Martin Bos)
    Using statistics from databases of passwords that have previously been compromised, Martin narrows down the search space significantly, speeding up the time to guess new passwords. For example, a large percentage of passwords are in the form “(some word) + (one number digit)”.  Password policies that force you to use a digit only encourage users to choose one that follows this same template.
  • 8pm – Mackerel: A Progressive School of Cryptographic Thought (Justin Troutman)
    There’s a dud at every Con, and this one was it. At first, it looked as though Justin had promise, with his good-ole-boy charm and his trippy slides (done with prezi). But in the end, it was an hour of techno-babble with over-animated slide transitions and no practical substance, a rehash of an academic paper, and a marketing pitch for his consulting business. Boo! [1]
  • 9pm – TTL of a Penetration (Branson Matheson)
    Branson argues that it is more important to react quickly to the inevitable attack than to try to thwart attacks in the first place. Spoken like a real Windows user.
  • 10pm – Hacker Trivia (Vic Vandal, wxs, AlStrowger)
    The Saturday night episode of Hacker Trivia was a little harder-edged than Friday night’s game. The staff spent much more of their time enforcing (and changing) the rules, and generally arguing with each other. Al (the MC) commented that this was like a game of “CalvinBall”. The cheezy prizes were replaced by unique “CarolinaCon 7” shot glasses, awarded (full) to the correct answerers.

SUNDAY

  • 10am – logstash: Open Source Log and Event Management (Jordan Sissel)
    Most of us just print logs to a file. Jordan Sissel manages logs like Sorcerer Mickey manages his broom minions. His open source tools consolidate, format and distribute log messages in a very flexible way. And he even has stickers with cartoon logs and beavers to boot!
  • 11am – Dissecting the Hack: Malware Analysis 101 (Gerry Brunelle)
    When a machine is hacked, many people want to just wipe it clean and reinstall the OS. Gerry tells us not to… save that image and study what the malware is doing. He showed several techniques for learning what a piece of malware is doing. This was primarily a Windows-based talk, and much of the work was done using debuggers that disassembled the object code.
  • LUNCH BREAK
  • 1pm – Security Lessons from Cracking Enigma (Lisa Lorenzin)
    Lisa walked us through the history of the German Enigma machine, and the extraordinary tale of how the code was broken by the British and the Allies.
  • 2pm – Hack from a Library with Katana (JP “ronin” Dunning)
    A pretty straightforward talk about a toolkit that can be installed on a USB flash drive, and about the many places where one might find an unattended PC (McDonald’s drive-thru??).
  • 3pm – The Art of (Cyber) War (wxs = Wes Shields)
    It’s time to put on our tin foil hats… Wes is about to tell us about the next generation of bad guys. While the media warns us of APT’s (Advanced Persistent Threats), Wes prefers to call them DHA’s (Determined Human Adversaries). They are organized, focused, funded, and take a long-term view of their attack. So determine what their motivation is, and how to counter them. Apologies for numerous Sun Tsu quotes.
  • 4pm – Pwning Capture the Flag: Step by Step (David Burt)
    David Burt set up the playing field for the weekend-long capture-the-flag game, and so as the Con came to a close, he spilled the beans.  Five machines were set up on a private network, two Linux machines and three Windows. Each had vulnerabilities and “flag files” hidden on them. Find the files, and cut-and-paste their contents into the scoreboard web page, and you pwn this game.

All in all, it was a very fun, but exhausting, weekend.  I learned a lot… some of it security-related, and some… well… Thanks to the organizers for another fun weekend.  I am glad that they only hold this thing once per year.

[1] I am also willing to accept an alternative explanation – that I am too dumb to understand what Justin was talking about.

 

CarolinaCon – Day 3

1
14 years
by in geeky stuff, security on 2010-03-21

After Hacker Trivia last night, it was pretty hard to wind down and get to sleep. So 10am arrived quickly.

The Art of Software Destruction – Joshua Morin and Terron Williams

I missed this talk due to Daylight Saving Time… yeah, that’s it.

Apparenly, the topic was fuzzing, or throwing unexpected data at a system’s inputs to see how it handles them.

Why Linux is Bad For Business – Wesley Shields

Wes tried to raise the hackles of the Linux users in the audience with his provocative title and his confrontational style. However, his point was driven home very well. Many companies flock to Linux when they want to build on a base of a community-supported project. However, there are other alternatives that might be a much better fit to their development and deployment plans. FreeBSD has a very business-friendly license, which does not require re-contribution of a company’s changes (which may be their special sauce).

Wes makes a very compelling argument. While I appreciate his conclusion, I disagree with one of his premises: that anyone who is building an appliance will probably be making their changes to the kernel, and not in user space. That was true for him, since he was building a “networking appliance”, and the best place for fast networking logic is in kernel space. However, I have also developed a Linux-based “appliance“. But our secret sauce was in the application, and not in the networking or driver layers. So for us, the underlying kernel and support packages were just commodities.

Nits aside, Wesley’s talk was more thought-provoking than just provoking. And your author will certainly consider FreeBSD on his next project that requires an open source base.

Sorry, Wes. If you were trying to come across as a jerk, you failed. Great talk!

The Evolution of Social Engineering – Chris Silvers and Dawn Perry

These guys have entirely too much fun at their jobs. They are security consultants who specialize in penetration testing in the physical realm. That is, they break into office buildings. Well, that’s not really true. People let them in — they con their way into office buildings.

Chris and Dawn shared lots of stories about the many jobs they have been on, explaining along the way the rules of engagement, how they are hired by management, what they are trying to prove, and how far they’ll go to exploit the helpfulness of others.

One hour was simply not enough for these guys!

Metasploit – Ryan Linn

Man, I should have taped this talk.

Ryan gave us a very fast-paced hands-on demonstration of Metaspoit (as run from the Backtrack 4 Live CD), and the many ways that a target box can be probed and PWNED. He covered the msfconsole, meterpreter, automation of exploits, and generating malicious payloads.

This talk wins the “most informative” award from me. Very good stuff.

How the Droid Was Rooted – Michael Goffin

Michael shared his experience working with team that rooted the Motorola Droid phone (hint for developers, putting the phrase “this could be exploited” in the comments of your open-source code sort of acts like a neon sign that says “HACKERS WELCOME”).

There was a lot of good technical content, explaining how the Droid software is packaged and upgraded. But just as interesting was his account of the team dynamics. When one member decided to take the entire team’s marbles and go home, it really did not slow them down, because they were using a distributed source code control system (Mercurial). That meant that every team member had a complete copy of the source code repository. Lesson learned.

At the end of this talk, I wondered how long it would be before you could buy smart phones directly from the carrier that had root access, straight out of the box (after all, I have root access to my PC’s and PDA’s). Having worked for a cellular phone manufacturer, I would guess that we may never see that day. So, give a big thanks to Michael and his team for their hard work!

Protecting Systems Through Log Management and System Integrity – David Burt

This talk was, by far, the worst of the show.

David did not seem to have a core message… instead, he had hastily thrown together 86 slides worth of screen shots and raw data about logging tools. On the stage, he struggled to speed-read his way through the slides, speeding up even more when he hit the 5 minute warning. 75 minutes into his one-hour talk, though, David’s message started to shine through. He knows a lot about logging — and he is available for consulting work.

Wrap-up

We wrapped up with some prize give-aways… youngest attendee, oldest attendee, drunkest attendee, winner of a rock-scissors-paper showdown, that guy who looks like some other famous guy, and anyone else who will take this junk.

And that’s it, the show is over.

Mad props to the CarolinaCon Group, organizers, sponsors and volunteers. I had a great time, and I learned a lot. And it looked like most of the other 176 attendees did as well.

Now let’s see how much trouble we can get into between now and CarolinaCon 7!

CarolinaCon – Day 2

0
14 years
by in geeky stuff, security on 2010-03-20

The second day of CarolinaCon was packed from sunup to sundown — who am I kidding… hackers seldom rise before noon.  The festivities started at 10am.

Hacking with the iPhone – snide

No, not hacking the iPhone… but using the iPhone as a hacking tool. This talk was a good slide into the morning, a chance to let the coffee sink in. It could probably summarized with two main points:

  • Since the iPhone OS is a distant cousin of BSD Unix, many open source (Linux) networking tools can easily be ported to run on it, so a jailbroken iPhone makes a decent platform for network sniffing and the like.
  • A jailbroken iPhone provides a behind-the-scenes look at the user interface, and many things that are set on the main GUI can be changed by directly manipulating the underlying settings files.

Neither of these ideas is too surprising, and so this talk was nothing new. Still, for me, having never played with a jailbroken iPhone (honest), it was an eye-opening experience. Or maybe that was just the coffee kicking in.

We Don’t Need No Stinking Badges – Shawn Merdinger

Shawn has spent some time evaluating campus-oriented badge reader door locks from a company called S2 Security. He showed how they work, and how they are advertised to work — not necessarily the same thing. An interesting glimpse into the world of distributed security systems, with several take-home lessons about what not to do.

It’s a Feature, Not a Vulnerability – Deral Heiland

This is the third time that I have seen Deral present at CarolinaCon. In 2009, he showed us what a mistake it can be to “web-enable” your products, and in 2008, he showed us how he made friends at Symantec with “Format String Vulnerabilities 101”.

This time, he continued his endorsement of Symantec’s products by demonstrating how their AMS product conveniently allows very easy access to a machine’s resources. In fact, all it takes is a single packet to tell AMS to run any command on a target Windows box. That’s convenient! (PWNED)

Smart People, Stupid Emails – Margaret McDonald

Margaret came here all the way from Denver to tell us what we already knew… that otherwise intelligent people send the stupidest things in email. This was a lively discussion that we could all relate to… yet I have this sinking feeling that our inboxes will still be filled with garbage when we get back to work on Monday.

Mitigating Attacks with Existing Network Infrastructure – Omar Santos

Omar was cursed with the dreaded 3:00 time slot… just in time for the after-lunch sleepies. It did not help that his presentation was JAM-PACKED with very technical networking information. So, for the most part, I sort of zoned out during this very informative presentation.

I tried hard to stay awake by asking a question (about “bogons” — in this case, the newly-allocated and unfortunately-numbered 1.0.0.0/8 address space). But it did not help.

Omar plans to give this same talk at “Hack in the Box” in Dubai later this year. So if I start feeling regrets that I missed something, I guess I can always book a flight.

OMG, The World Has Come To An End! – Felonious Fish

Hackers are usually prepared for anything… or are they? FF led a discussion on survival, what is needed when the rest of our infrastructure is gone. We might have food and water and shelter, but when my iPhone battery dies, it’s game over!

You Spent All That Money and You Still Got Owned – Joe McCray

Joe’s talk was one of the highlights of the Con… even Stevie Wonder could see that it was awesome. Joe told us his secret to success — he goes into companies, totally pwns them in short order, tells them how they suck, and then they pay him.

Apparently, corporate America makes Joe’s job very easy by following the worst practices. And on the odd chance that they have their operational act together, he can always solicit a security slip-up by sending them a carefully-crafted email (pwn), or if that fails, by leaving a CD with provocative title for some nosy employee to find (serious PWN).

What a life Joe leads — that “education” he got in prison has really paid off.

Locks: Past, Picking and Future – squ33k

The lovely and talented squ33k — 5th grade teacher by day, lock hacker by night — educated us on all things lock-related. With assistance from the TOOOL crew, she taught us how modern pin tumbler locks work, and how they can be picked. But being a full-time teacher, she made sure to frame her talk with some interesting background info on locks from as far back as 4000 years ago, and a glimpse into what locks may be like in the future.

I am so proud that our youngsters are learning their skills and attitudes from this woman. She’s a girl geek role model!

Hacker Trivia

What’s that? Al was spotted in parking lot? Someone allowed him back into the country? I thought that call to the TSA would be enough to keep him detained in the airport until the Con was over. I guess not. HE’S BACK!

Once again, Al Strowger took the stage and led us in a game of Hacker Trivia. Loosely based on Jeopardy!, this game quizzed the inebriated audience on the topics of: Movie Quotes, x86 instructions, other (hacker) conferences, math, 2009 tech, and ccTLD’s. John “Math for 400” Davis took home first prize, an iTunes gift card. Many other contestants won spot-prizes: hacking books, some new geek toys, donated “vintage” equipment, Vic Vandal’s old CarolinaCon 3 t-shirt, and lots of cupcakes.

Good night everybody. Sleep well, we’ll see you at 10am tomorrow morning!

CarolinaCon – Day 1

0
14 years
by in geeky stuff, security on 2010-03-19

It’s that time of year again… time for the annual CarolinaCon security conference. This year promises to be bigger and better than last year — it has expanded from 1.5 days to 2.5 days, and it has moved from the somewhat undistinguished Holiday Inn in Chapel Hill to the somewhat less undistinguished Holiday Inn in Raleigh.

Notably missing was the “Master” of masters of ceremonies, Al Strowger. But Vic Vandal and his cohorts seemed to have the show in order. Personally, I can’t imagine a Con without the provocative charms of Al. But we’ll see how they do.

As usual, the Con started with a short after-work session on Friday night. There were three presentations to get the crowd warmed up.

Cybercrime and the Law Enforcement Response – Thomas Holt, a.k.a. Professor Farnsworth

The good professor never disappoints, and he really had a challenge this time, to warm up an otherwise un-primed crowd. He dove right in, with the not-so-statistically-significant results of a survey of state and local law enforcement officers, asking about their experience with computer crime. It was not surprising to find that most LEO’s were not very well versed in the specifics of computer-based crime, but they had a pretty good appreciation for the concepts. Thank you, CSI. Many trends and prejudices were revealed, and Dr Holt and members of the audience supposed several reasons why these might be so.

The Search for the Ultimate Handcuff Key – Deviant Ollam

If the crowd was not warmed up before Deviant Ollam took the stage, they certainly were after. He and the TOOOL team showed how handcuffs work, and how they can be defeated, sometimes with simple items like a piece of notebook paper!

But just as important as the actual material they presented, was the chosen format of their presentation. In true CarolinaCon fashion, they began by mixing a pitcher of their beverage of choice… tonight’s choice was a “Stone Fence” (one part Apple Jack, three parts hard apple cider, and a splash of bitters). Every time something in their presentation went unexpectedly, they would take a drink — this rule was strictly enforced by the audience.

In case that was not interesting enough, each live demonstration of handcuff picking techniques was accompanied by background music from a famous X-rated movie from the 1970’s and 80’s. In many cases, an audience member was able to “name that movie” before the lock-picker had freed himself, thus winning a prize.

Now this is the CarolinaCon that I came to see.

Microcontrollers 101 – Nick Fury

Finally, Nick showed the audience how to think small… he introduced the AVR microprocessor and the “Arduino” board and tools. Then he showed a few demos of what a small board like that can do. Certainly a tool that many hackers can add to their toolbox.

With these three presentations, the Con begins. We’re looking forward to Day 2, which brings a full day of hacking.  See you at 10am.

Go to Top