 |
 |
| A |
Weaknesses in Satellite Television Protection Schemes, or "How I Learned to Love The Dish" This is a beginning to intermediate level talk designed to give the participant a broad overview of satellite technology and where the holes are. I will not be teaching you how to steal service, but I will give you the background and information to understand how it could be done. Topics covered will include different programing you can receive, what kind of hardware you will need, and where to look for more info on the shadier side of things. A has been involved in the local SLC "scene" for almost a decade, and is well read in many topics. He has many years of experience in most (legal) aspects of satellite and related technologies. A is always willing to help out those with a true interest in learning. He is currently working on a bachelor of science degree at Weber State University in Ogden, Utah. Read It! (PPT | PDF | SXI ) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Tony Arcieri PDTP.org |
PDTP – The Peer Distributed Transfer Protocol Despite decades of evolution, Internet file transfer is still plagued with problems to which formalized solutions are either inadequate or nonexistent. Lack of server-side bandwidth often renders high demand content inaccessible (which we affectionately refer to as the Slashdot effect). When the ability of a single server to provide content is exceeded, manual mirror selection is often utilized, providing an unnecessary and often problematic experience for end users. No formalized cryptographic mechanism exists for preventing tampering of files located on a particular server, and consequently malicious individuals have managed to place trojans in the releases of many high profile open source applications. The Peer Distributed Transfer Protocol (PDTP) aims to solve all these problems. PDTP can either function with a network of servers providing content directly to clients, or can provide BitTorrent-like “download swarming” by forcing clients to participate in file transfers. PDTP includes built-in mechanisms to prevent file tampering through the use of the Digital Signature Standard, and is able to automatically verify that a given file has been signed by a DSA key with a complete x.509 certificate check to ensure a given certificate can be trusted. PDTP also provides a UDP-based decentralized search mechanism which, unlike current systems such as FastTrack, Gnutella, or FreeNet, does not consume undue bandwidth or system resources, all while removing legal liability for content indexing from the central services being utilized as entry points to the search system. Tony Arcieri is a system administrator and programmer for the Pielke Research Group and Colorado Climate Center at Colorado State University. He has also contributed to a number of open source projects, including authoring the Ogg Vorbis plugin for XMMS, the cdcd and gdcd X11 CD player applications, and various contributions to other projects such as the Subversion version control system and the FreeBSD operating system. Read It! (PPT) Memo (HTML) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Jay Beale |
Locking Down Apache Apache is the most popular webserver in use by most counts. While it doesn't have IIS's reputation as a worm target, it has still shown itself to be nowhere near invulnerable. Many Apache vulnerabilities can be countered proactively with hardening techniques—this talk will show you how to harden Apache to defeat exploits and worms that haven't yet been developed, or at least released. Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, FreeBSD and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security, where he wrote the Unix host auditing tool in wide use today. Jay is a columnist with Information Security Magazine and has written for SecurityFocus, SecurityPortal and Incidents.org. Jay co-authored the Syngress international best-selling book on Snort, the new Stealing the Network: How to Own a Continent fictional book and serves as the series editor of the Syngress Open Source Security series, where he, HD Moore and Renaud Deraison have just finished edits on a new book on Nessus. Jay makes his living as a security consultant through the MD-based firm Intelguardians, LLC. Read It! (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Adam Bresson IT Manager |
Identification Evasion: Knowledge & Countermeasures Everyday you're right to privacy is being compromised! From security cameras, to illegal searches, to unauthorized monitoring you are being watched. You must protect yourself...and your rights. Using Identification Evasion, you can immediately strengthen your protections. I'll discuss knowledge & countermeasures in the Computer and Real Worlds while presenting many great methods to turn the tables on surveillance. In addition to other in-depth demonstrations and examples, you'll see Identification Evasion in action as I present the video 'Night As Jason Biggs' (for the first time, unedited) where I applied these techniques in Las Vegas. You'll learn some things, enjoy the talk and be entertained! Adam Bresson (adambresson.com) works during the day as an I.T. Manager for a Santa Monica Investment Banking firm. He also hosts a weekly Los Angeles open mic night, independently codes commercial web sites and challenges corrupt authority as often as possible. At DEFCON 8, he spoke on Palm Security. At DEFCON 9, he spoke on PHP, Data Mining & Web Security. At DEFCON 10, he spoke on Consumer Media Protections (CMP) generating considerable industry interest and press. At DEFCON 11, he spoke on Manyonymity: PHP Distributed Encryption releasing a GPL'ed suite of web application tools. Can you recognize him? Read It! (PPT) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Jamie Butler |
VICE - Catch the Hookers! Rootkits are the backbone of software penetrations. They provide stealth and consistent access to a computer system. Rootkits employ technology for covert ex-filtration of data, IDS evasion, and anti-forensics. Rootkit technology is now incorporated into the most deadly of threats, network worms. Serious security professionals must understand rootkit technology in detail. Commercial anti-virus technology is woefully inadequate at dealing with the threat. There is no magic security tool that will protect your system. Rootkits now employ specific methods to evade many security utilities, including host-based intrusion prevention systems (HIPS). This talk focuses on specific rootkit threats and more importantly, how intrusion-prevention software can be designed to detect these threats. Illustrated threats include direct kernel object manipulation (DKOM), hooking, and runtime code patching. We will release a new version of our freeware tool, called 'VICE', that can detect many of these rootkit threats. Jamie Butler is the Director of Engineering at HBGary specializing in rootkits and other subversive technologies. He is the co-author and a teacher of "Aspects of Offensive Root-kit Technologies." Prior to accepting the position at HBGary, he was a senior developer on the Windows Host Sensor at Enterasys Networks, Inc. He holds a MS in Computer Science from the University of Maryland, Baltimore County. Over the past few years his focus has been on Windows servers concentrating in host based intrusion detection and prevention; buffer overflows; and reverse engineering. Jamie is also a contributor at rootkit.com. Read It! (PPT) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Jon Callas CTO, PGP |
How Do We Get The World To Use Message Security The time has come for people to start using email encryption extensively. There is enough threat from attackers as well as ignorant judges that email is not safe. SSL isn't good enough. But how? How do we get people to do this? How do you get people whose VCRs blink 12:00 to use encryption? How do you get people to remember to encrypt? This talk discusses both specific answers as well as open architectures to nudge people down the road of encrypting their email. |
|
|
| Tzi-cker Chiueh Professor, Stony Brook University/Rether Networks Inc. |
Program Semantics—Aware Intrusion Detection One of the most dangerous cybersecurity threats is ``control hijacking'' attacks, which hijack the control of a victim application, and execute arbitrary system calls assuming the identity of the victim program's effective user. These types of attacks are viperous because they do not require any special set-up and because production-mode programs with such vulnerabilities appear to be wide spread. System call monitoring has been touted as an effective defense against control hijacking attacks because it could prevent remote attackers from inflicting damage upon a victim system even if they can successfully compromise certain applications running on the system. However, the Achilles' heel of the system call monitoring approach is the construction of accurate system call behavior model that minimizes false positives and negatives. This presentation describes the design, implementation, and evaluation of a Program semantics-Aware Intrusion Detection system called PAID, which automatically derives an application-specific system call behavior model from the application's source code, and checks the application's run-time system call pattern against this model to thwart any control hijacking attacks. The per-application behavior model is in the form of the sites and ordering of system calls made in the application, as well as its partial control flow. Experiments on a fully working PAID prototype show that PAID can indeed stop attacks that exploit non-standard security holes, such as format string attacks that modify function pointers, and that the run-time latency and throughput penalty of PAID are under 11.66% and 10.44%, respectively, for a set of production-mode network server applications including Apache, Sendmail, Ftp daemon, etc. Dr. Tzi-cker Chiueh is currently an Associate Professor in Computer Science Department of Stony Brook University, and the Chief Scientist of Rether Networks Inc. He received his B.S. in Electrical Engineering from National Taiwan University, M.S. in Computer Science from Stanford University, and Ph.D. in Computer Science from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received an NSF CAREER award in 1995. Dr. Chiueh's research interest is on computer security, network/storage QoS, and wireless networking. Dr. Chiueh's group developed the world's fastest array bound checking compiler that incurs less than 10% run-time overhead than programs without checking under Gcc, and built the world's fastest disk-based logging system, which accomplishes a single-sector disk write operation within 450 micro-seconds. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Ian Clarke |
Freenet: Taming the World's Largest Tamagotchi Since March 2000 the Freenet project has been the very embodiment of the "release early, release often" mantra, gaining invaluable experience of the unpredictable challenges encountered when deploying a P2P architecture on a large scale. This talk will discuss recent developments in the project including our "next generation" routing algorithm, and a sophisticated but elegant new load balancing mechanism called "adaptive rate limiting". Expect the talk to employ lots of real-world data to illustrate how theory translates to practice when looking after the world's largest Tamagotchi. Ian Clarke is the architect and coordinator of The Freenet Project, and the Chief Executive Officer of Cematics Ltd, a company he founded to realize commercial applications for the Freenet technology. Ian is the co-founder and formerly the Chief Technology Officer of Uprizer Inc., which was successful in raising $4 million in A-round venture capital from investors including Intel Capital. In October 2003, Ian was selected as one of the top 100 innovators under the age of 35 by the Massachusetts Institute of Technology's Technology Review magazine. Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland. He has also worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division. He is originally from County Meath, Ireland. |
|
|
| Greg Conti Assistant Professor of Computer Science, US Military Academy |
Network Attack Visualization On even a moderately sized network, activity can easily reach the order of millions, perhaps billions, of packets. Hidden in this sea of data is malicious activity. Current network analysis and monitoring tools primarily use text and simple charting to present information. These methods, while effective in some circumstances, can overwhelm the analyst with too much, or the wrong type of, information. This situation is worsened by today’s algorithmic intrusion detection systems, which, although generally effective, can overwhelm the analyst with unacceptably high false positive and false negative rates. This talk explores the possibilities of visually presenting network traffic in a way that complements existing text-based analysis tools and intrusion detection systems. By graphically presenting information in the right way, we can tap into the high-bandwidth capability and visual recognition power of the human mind. Using the proper visualizations, previously masked anomalous activity can become readily apparent. This talk will be of interest to those who wish to learn about information visualization as it applies to network security. It requires a basic understanding of the OSI model and packet encapsulation. Attendees will leave with an increased understanding of information visualization that they can apply to their own development projects and management of their networks. Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a Masters Degree in Computer Science from Johns Hopkins University and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, interface design and information warfare. Greg has worked at a variety of military intelligence assignments specializing in Signals Intelligence. Currently he is on a Department of Defense Fellowship and is working on his PhD in Computer Science at Georgia Tech. He is conducting research into Denial of Information Attacks. Read It! (PDF) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| CrimethInc Revolutionary Hacker Anarchist, CrimethInc Black Hat Hacker's Bloc |
Electronic Civil Disobedience and the Republican National Convention An introduction to the theory of hacktivism and the usage of hacking skills as a means of fighting for social justice by pressuring corporations and government to adopt progressive changes. Explores the history of electronic civil disobedience, tips on how to wage your own ECD campaigns, and how to participate in the upcoming actions to coincide with the protests against the Republican National Convention in late August. CrimetheInc is an Anarchist hacker revolutionary having led successful electronic civil disobedience campaigns against a variety of government and corporate targets. Experienced political activist, having helped organize dozens of large protests against the war in Iraq, global capitalism and neo-liberal free trade agreements. Is currently organizing a multi-pronged hacktivist campaign against the Republican National Convention to coincide with the massive demonstrations to take place in New York City. Specific history about the speaker is not available due to the nature of this project. |
|
|
| Gene Cronk, CISSP, NSA-IAM North American IPv6 Task Force |
IPv6 Primer The IPv6 Primer will encompass the basics of IPv6, including some of its roots, the transitioning mechanisms available, and some security concerns early adopters should be aware of in several different environments. This presentation is meant for anyone who has heard about IPv6, but would like to know the basics of the protocol and its implementation. Gene Cronk, CISSP, NSA-IAM, resides in Jacksonville, FL and is currently providing system administration services to an advertising and marketing firm. He has 10 years of experience in electronics, system administration, networking and system security. Gene is best known for his work on the North American IPv6 Task Force, and his work on When not totally absorbed by system security related issues, Gene can be found wardriving, actively participating as Vice President of the JaxLUG, and building a successful and dynamic 2600 Read It! (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Michael Davis |
The Open-Source Security Myth—and How to Make It A Reality Open Source software is frequently described as more “secure” than closed source software for two reasons: the number of people available to correct a problem is potentially larger; and anyone can review the source code for vulnerabilities or malicious code. Unfortunately, the current state of design documentation does not support a cost-effective security review. In addition to compromising the confidence in the software, the lack of documentation also sets an unnecessarily high “bar” for new members to join an Open Source projects. This unintended consequence directly reduces the number of people available to correct vulnerabilities or otherwise improve the software. The presentation provides a rationale for creating development documentation and identifies available tools. Michael Davis oversees the Security Engineering services provided by Dynamic Security Concepts, Incorporated (DSCI). During recent efforts to encourage his customers to use Open Source solutions; he oversaw the security review of a number of Open Source security tools. He possesses a broad security background and has been a featured speaker for select audiences on the subject of intrusion detection and evaluating security solutions in general. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Dead Addict |
Hacking the Media, and Avoiding Being Hacked by the Media Hackers have been demonized and romantisized in the media. Some hackers interactions with the media have caused their eventual incarseration, while others seem to pimp the media to promote their careers. Dead Addict will provide a framework for manipulating the media and avoid being the victim of the media. While this talk will be relavent to hackers, it is applicable to all that consume or are consumed by media. Dead Addict will also discuss methods to improve the quality of reporting and influence the media without appearing in it. Read It! (RTF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Dario D. Diaz |
DMCA, Then and Now A look at the Digital Millenium Copyright Act (DMCA), what it was originally meant to do, what it's done, and how it's been used and abused. The highly misunderstood statute was hastily enacted and has been put to the test. While most in the hacker community might agree that the DMCA has been a failure, the actual legal results might actually provide some interesting insight. The lecture will involve an analysis of the statute, the legislative history, case law (both criminal and civil), and a perspective of the DMCA's future. Dario D. Diaz was born in Tampa, Florida, on June 26, 1967. His father immigrated from Cuba as a political exile first seeking asylum in Venezuela. His mother was the child of Spanish immigrants and a lifelong resident of Tampa. Diaz graduated from Tampa‚s Jefferson High School and enrolled at the University of Florida. Shortly after joining the firm Diaz immersed himself in high profile litigation assisting partner Ralph Fernandez. In 1997 Fernandez and Diaz assumed the representation of three alleged Cuban skyjackers, Adel Regalado, Jose Bello Puente and Leonardo Reyes, on the night before testimony began in United States District Court. At the conclusion of trial the three defendants were acquitted of air piracy. Immediately the Immigration Service proceeded with detention and removal proceedings. In a highly publicized case in 1998 the Immigration Court ruled in favor of the three men granting them political asylum and withholding of removal. The government appealed to the Board of Immigration Appeal. A massive appellate process was undertaken. In October of 2002 the BIA affirmed the decision of the lower court. Fernandez and Diaz also assumed the representation of Jose Dionisio Suarez Esquival, implicated by the United States in the assassination of former Chilean Ambassador Orlando Letelier in Washington D.C. in 1976. During the process Suarez became entangled in the extradition proceedings of General Augusto Pinochet by the Kingdom of Spain and the ancillary investigation by the Republic of Chile. In August 15, 2001, Suarez was freed after nearly a decade of detention. Diaz walked Suarez Esquival out of jail. The photo grabbed headline news around the world. Diaz later directed the successful defense in State of Florida v. Noe Ramirez, at one time identified as the individual that tossed a boulder off the I-75 overpass in Bradenton, Florida, tragically killing a well known and respected University of Alabama In August of 2000, Diaz was asked to speak at DEFCON, the largest conference for computer security, cryptography and hacking held in the United States. His lecture dealt with the Digital Millennium Copyright Act (DMCA) and the legal aspects of the law. A Russian programmer and citizen, Dmitri Sklyarov, who was also a conference lecturer, was arrested by federal authorities for criminal charges stemming from the DMCA. In news stories the national media identified Diaz as the leading expert in the area. Diaz'‚ trial practice involves civil, criminal, and family law cases. He has tried cases in criminal, personal injury, negligence, and select family law matters. Diaz is married to his high school sweetheart, Lisa. They have three children. Read It! (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Roger Dingledine The Free Haven Project |
Tor: An Anonymizing Overlay Network for TCP Tor (second-generation Onion Routing) is a distributed overlay network that anonymizes TCP-based applications like web browsing, secure shell, and instant messaging. We have a deployed network of 30 nodes in the US and Europe, and the code is released unencumbered as free software. Tor's rendezvous point design enables location-hidden services—users can run a standard webserver or other service without revealing its IP. I'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and how user applications interface to it. I'll show a working Tor network, and invite the audience to connect to it and use it. Roger Dingledine is a security and privacy researcher. While at MIT he developed Free Haven, one of the early peer-to-peer systems that emphasized resource management while retaining anonymity for its users. Currently he consults for the US Navy to design and develop systems for anonymity and traffic analysis resistance. Recent work includes anonymous publishing and communication systems, traffic analysis resistance, censorship resistance, attack resistance for decentralized networks, and reputation. Read It! (PDF) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Maximillian Dornseif |
Far More Than You Ever Wanted To Tell - Hidden Data In Document Formats Applications usually put all kinds of information besides the ones which you intend to into saved documents. This can lead to embarrassing revelations. We will take a look into different types of application data and what can be hidden in there. This allows us to "scrub" our own documents to avoid unwanted information in there but also to look for information in documents which the authors didn't want to hand out. Go grasp the scope of the problem we will present a large scale study of hidden information in Documents on the Internet. Maximillian Dornseif has studied laws and computer science at the University of Bonn, Germany where he wrote his PhD Thesis about the "Phenomenology of Cybercrime". He has been doing security consulting since the mid nineties. His clients included the industry but also government. At the moment he works on a third party founded research project about measurement of security and security breaches taking place at the Laboratory for Dependable Distributed Systems, RWTH Aachen University. He also oversees several other projects in the area of detection and documentation of security incidents. Dornseif has published in the legal and computer science fields on a wide range of topics. Read It! (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Robert "hackajar" Imhoff-Dousharm Credit Card Compliancy & Fraud Analyst Jonathan "ripshy" Duncan |
Credit Card Networks Revisted: Penitration in Real-Time Credit card authorization is the core to all major businesses, both on and off the Internet. Yet an alarming number of businesses are not taking the right steps to insure that your credit cards are secure against fraud and theft. In bringing this to light (Credit Card Networks 101, July 31 2003 - DC 11), you were awed at the posibility, but were not provided with any real proof. This year we, that's you and I, will walk through the process of identifying credit card traffic on a network, decyfering packets and propagated rouge credit card data to a host comeputer. You will be provided access to a private Wi-Fi network. This networks will have credit card data streamming across it for you to sniff. With your help, we will discover information about credit cards packets, and how to design our own packet to be sent. Want to partcipate?
NOTE: You will have opportunity to sign-up for account during demonstration Robert "hackajar" Imhoff-Dousharm—In the last 2 years, Robert has worked for Shift4, a Credit Transaction Gateway. As an Analyst he insures best fraud practices, compliceny and security are meet at all clients sites He has worked with government agency's during fraud investigations. He also works with new and potential clients to implement best practice in software design of credit card intigration software Robert has spoken at DefCon 11 (Credit Card Networks 101) about the potential risks currenly impeading on credit card networs. He will demonstrate those risks this year with "Credit Card Networks Revisted: Penitration in Real-Time". Read It! (PPT) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Elonka Dunin |
Kryptos and the Cracking of the Cyrillic Projector Cipher In a courtyard at CIA Headquarters stands an encrypted sculpture called Kryptos. Its thousands of characters contain encoded messages, three of which have been solved. The fourth part, 97 or 98 characters at the very bottom, have withstood cryptanalysis for over a decade. The artist who created Kryptos, James Sanborn, has also created other encrypted sculptures such as the decade-old Cyrillic Projector, which was cracked last September by an international team led by Elonka Dunin. This talk is intended for a general audience with beginning to intermediate cryptographic experience. Elonka will go over how the code was cracked, and the current state of knowledge about the Kryptos sculpture, its own encrypted messages, and its mysterious CIA surroundings. Elonka Dunin is a professional game developer, working at Simutronics (play.net), a provider of massively multiplayer online games. Also an amateur cryptographer, Elonka led the international team that cracked the decade-old KGB Cyrillic Projector Code in September 2003. Elonka was born in Los Angeles, studied Astronomy at UCLA, and then joined the United States Air Force, where she worked on the SR-71 and U-2 reconnaissance aircraft. Elonka is a world-traveler who speaks multiple languages, and has visited scores of countries around the world, and every continent (yes, including Antarctica). She has won awards for cracking various codes, such as when she cracked the PhreakNIC v3.0 Code, an up-until-Elonka unsolved puzzle created by se2600. Since September 11th, Elonka has also been helping out with the war on terrorism by teaching government agents about cryptography and what types of codes that Al Qaeda may be using. She is co-founder of the Kryptos Group, an online group of cryptographers and interested hobbyists trying to crack the last part of the code on the famous Kryptos sculpture at CIA Headquarters. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Charles Edge aka krypted Senior Systems Engineer, Three18 |
Hacking/Security Mac OSX Server aka Wussy Panther Panther Server, the highly touted new OS by Apple has some glaring security flaws, although Apple typically gets away easy because not a lot of people hack it. See what's being done against OSX Server and what can be done to guard against it. During the talk, I will show exploits I've been working on since Panther was released and give honorable mention to the tools I've been using to help me out along the way. Remember when BackOffice came out and there were a bunch of exploits against it? Well, imagine another server with web-based email, a full web development platform, SQL, and File Sharing over a proprietary protocol. No Apple knowledge is required of the listener, only a working knowledge in UNIX. Charles Edge has been setting up and maintaining hybrid networks for the entertainment Read It! (PPT) Resources (Edge) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| D. Egan Senior Web Applications Developer, ICS MT |
MySQL Passwords— Password Strength and Cracking This talk will cover best practices for choosing MySQL passwords as well as the tools available to "crack" a MySQL password hash. It will NOT cover how to obtain a password hash, however. During the talk I will be introducing a new dictionary-based auditing tool, named "phpMyAudit". The tool is written in PHP and allows a user to run the application as a shell-based script, yet it also includes a web-based front end. This talk is primarily aimed at persons interested in choosing secure MySQL passwords, and persons who would like to "audit" an existing MySQL password hash. D. Egan is a recent college graduate who has been a professional web-application developer for over 5 years. He currently works and lives in beautiful Missoula, Montana. This will be his 5th year attending Defcon, and his first Defcon speech. Read It! (PPT) Resources (GZ) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Rakan El-Khalil |
Information Hiding in Executable Binaries Information Hiding techniques are much researched in the context of watermarking or fingerprinting images and sound files, mainly as a means of copyright protection and piracy prevention/detection. Those mediums offer a significant amount of redundancy, thus lending themselves to the implementation of robust IH systems. Executables however do not offer such amounts of redundancy, and have thus far proven to be a difficult and rarely used medium for steganographic and other IH purposes. The aim of this talk is to be an introduction to IH, with a thorough coverage of state of the art techniques for embedding into binaries. Hydan, a tool for performing such embeddings in machine code, will be presented. In addition to typical IH uses [steganography, watermarking], the tool and techniques shown can be used in anti-reverse engineering, trusted application execution, frustrate some buffer overflow attacks, and as an engine for metamorphic viruses. An interesting effect of the tool is that the executable remains the same size before and after embedding, while of course remaining functionally equivalent. Rakan El-Khalil is currently on sabbatical in France. He is a recent MS CS graduate from Columbia University. While he was there he worked on a variety of projects at the CS Research Lab, such as an IDS that uses machine-learned models to detect network threats, and a syscall based permission system on OpenBSD [predating systrace]. He was also responsible for the short-lived official KaZaA Linux client `kza'. Currently he is involved with The Bastard, a powerful linux disassembler, and has been researching steganography and information hiding in machine code. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| FX Phenoelit Halvar Flake |
"We Can Take It From Here" Sick of watching other people working their magic and still wondering how to get 0day? Write your own! This session is about the state of mind for finding and exploiting bugs. From web applications to client-server systems and multi-tier platforms down to routers, switches and wrist watches - everything has bugs and everything can be exploited one way or another. But of course, a state of mind alone doesn't get you 0day. Now you need to find a crack in the armor that you can pry open and drive your truck through. The session will try to guide you through how to find a bug, how to combine several of them or how to circumvent things that would ruin your plan, starting from how to do educated guesses down to diff and patch review. Don't be scared, have no phear. Found a bug but you have no idea what to do with it? A strange CPU, a never-seen-before platform or an unknown protocol should not prevent you from getting r00t anyway. This last part deals with guidelines on shell and non-shell codes, binary or not, and with handling complicated platforms. The goal is that you walk out with your own 0day already developing in your mind. FX of Phenoelit is the leader of the German Phenoelit group. His and the group's primary interests are in security implementations and implications of standards or less-known protocols, as shown on past DefCon conventions. FX has a fairly special relationship with shops like Cisco Systems and HP as well as SAP. Currently, he works as a Security Solution Consultant at n.runs GmbH. Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection, he moved more and more towards network security after realizing the potential for reverse engineering as a tool for vulnerability analysis. He spends most of his screen time in a disassembler (or developing extensions for the disassembler), likes to read source code diff's with his breakfast and enjoys giving talks about his research interests. He drinks tea but does not smoke camels. |
|
|
| Peter D. Feaver Professor, Duke University Kenneth Geers |
The First International Cyber War: Computer Networks as a Battleground in the Middle East and Beyond This briefing addresses the world's first global Internet war: the cyber skirmishes associated with the Palestinian intifadah. What started out as a localized conflict spread to battles around the globe as forces sympathetic to either the Israelis or the Palestinians joined the fray. With the Middle East cyber war as a backdrop, this presentation will cover the ways in which people can try to affect the course of world history through coordinated action in cyberspace. The authors first describe the globalized and asymmetric nature of modern warfare, the asymmetry of computer hacking, and the psychology of subcultures. They outline the legal issues surrounding cyber warfare, from the perspective of a lone hacker to a massive government intelligence service, and discuss the problems inherent in cyber retaliation and in the prosecution of hackers. On the technical side, this briefing discusses the targeting of Internet sites for attack, and the strategies used by hackers to bring them down or merely leverage them in more subtle ways to support their cause. The primary focus is the means used by cyber commanders to accomplish political and/or social goals, in particular the creation of Web portals through which their foot soldiers are able to unite and rain network packets down upon their enemies. Finally, this briefing examines the difference between the perception and the reality of cyber attacks. We address the strategies that national governments are employing to combat the threat, the potential impact of cyber attacks on military operations, and the vexing problem of Denial of Service attacks, Web defacements, and free speech. The authors assess the threat and the limits of the more powerful weapons in the cyber arsenal, and consider who might be the biggest target of cyber attacks in the coming years. Peter D. Feaver (Ph.D., Harvard, 1990) is Professor of Political Science and Public Policy at Duke University and Director of the Triangle Institute for Security Studies (TISS). Feaver is co-directing (with Bruce Jentleson) a major research project funded by the Carnegie Corporation, "Wielding American Power: Managing Interventions after September 11." Feaver is author most recently of Armed Servants: Agency, Oversight, and Civil-Military Relations (Harvard Press, 2003),and co-author, with Christopher Gelpi, of Choosing Your Battles: American Civil-Military Relations and the Use of Force ( Princeton University Press, 2004). He is co-editor, with Richard H. Kohn, of Soldiers and Civilians: The Civil-Military Gap and American National Security (MIT Press, 2001); and author of Guarding the Guardians: Civilian Control of Nuclear Weapons in the United States (Cornell University Press, 1992). He has published several other monographs and over thirty articles and book chapters on American foreign policy, nuclear proliferation, civil-military relations, information warfare, and U.S. national security. He won the Duke Alumni Distinguished Undergraduate Teaching Award in 2001 and the Trinity College Distinguished Teaching Award in 1994-95. In 1993-94, Feaver served as Director for Defense Policy and Arms Control on the National Security Council at the White House where his responsibilities included counterproliferation policy, regional nuclear arms control, the national security strategy review, and other defense policy issues. He is a Lieutenant Commander in the U.S. Naval Reserve (IRR). He is married to Karen Feaver, and they have three children, two sons and a daughter. Kenneth Geers (M.A., University of Washington, 1997) is a Computer Investigations & Operations analyst with the Naval Criminal Investigative Service (NCIS). His career at the Department of Defense also includes work at the National Security Agency, the Defense Intelligence Agency, an SAIC nuclear arms control support team, the John F. Kennedy Assassination Review Board, and the U.S. embassy in Brussels, Belgium. He is an expert in French and Russian, who finished first in a class of seventy at the Defense Language Institute at the Presidio of Monterey. Mr. Geers is the author of training and testing software to prepare U.S. Army Major Commands for Russian strategic arms inspections, and he has designed multiple U.S. Army Space and Missile Defense Command websites devoted to arms control. These days, he spends his time analyzing computer and network logs of all types. In his free time, he plays chess and serves as a SANS mentor in the Washington D.C. area. Over the years, he has taken the opportunity to see the world, stopping long enough to wait tables in Luxembourg, harvest grapes in the Middle East, climb Mount Kilimanjaro, and set his alarm clock for 3 AM in a strict Trappist monastery. He loves his wife Jeanne, and daughters Isabelle and Sophie. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Seth Fogie VP, Airscanner |
Attacking Windows Mobile PDA’s Microsoft’s Pocket PC (AKA Windows Mobile) has remained relatively free of all the nasty attacks that have bombarded its PC based cousins. Does this mean this OS is any more secure or safe from attack? Ironically, this is as far from the truth as one can get. Using reverse-engineering techniques, this presentation will demonstrate just how easy it is to gain full remote unauthorized access to a PPC device. In addition, we will also provide an example of a remote buffer overflow attack against the PDA and the tricks needed to place working code on the proverbial stack. This talk will be technical. However, if you want to gain a better understanding of the ARM processor, hacking Pocket PC programs, or just want to see how buffer overflow attacks work on the PDA, you will not be disappointed. Seth Fogie is the VP of Dallas-based Airscanner Corporation where he oversees the development of security software for the Window Mobile (Pocket PC) platform. He has co-authored four technical books on information security, including the top selling "Maximum Wireless Security" from SAMS, and the recently released "Security Warrior" from O'Reilly. Mr. Fogie frequently speaks at IT and security conferences, including Defcon (10 & 11), CSI, and Dallascon. In addition, Seth is acting Site Host for Security at Pearson Education's "InformIT.com" website where he writes articles and reviews/manages weekly information security related books and articles. Read It! (PDF) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Foofus |
Old Tricks In September of 2003, a noted security consultant was terminated from his job over controversy surrounding a document that he co-authored. One key focus of the document was the risk associated with operating system monocultures. This idea was nothing new. In fact, in 1989, the following passages appeared in a book that spent over four months on the New York Times best seller list:
The point of this citation is not to cast any disrespect on the authors of "CyberInsecurity: The Cost of Monopoly" (on the contrary, in fact). Rather, we wish merely to note that the risk of monocultures was identified at least fourteen years ago, and was widely published. Why fuss if someone repeats it? Foofus.net wants in on this kind of action. In that spirit, we've looked high and low for a bunch of other old ideas so that we can breathe new life into them, and (in the famous words of a respected security research team), make "the theoretical practical," in an effort to tax the patience of those who would rather we kept our heads in the sand about ideas that are right there in the open, but inconvenient to demonstrate. Until now. Come to this presentation, and savor some exquisite fun. We will demonstrate our tools and techniques, and we think you will find that they are interesting and useful. But not new. We promise that we have not invented a damn thing here; the basic concepts are 100% recycled, but we hope they will encourage people to get serious about areas where they've been coasting for too long. The focus of the talk is Windows: tools will be presented for identifying potential trust relationships between disparate hosts, tinkering with friendly wireless interfaces, easy access to network shares without bothering to crack password hashes, and (if our luck holds) maybe even alittle more. It'll be really fun, and stuff. Foofus leads a team of security engineers at a midsize technology consulting firm in the midwest, where he has worked for the past seven years. He has spoken at a variety of events and conferences including Toorcon and LISA. His chief technical interest is software security, and in his spare time he enjoys playing guitar, cooking, and attending the symphony. Read It! (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Scott Fullam |
Introduction to Hardware Hacking Interested in hardware hacking but were not sure where to start? This presentation is for you. I will show you how to get started with modifying equipment for fun and useful purposes. I will show you the best ways for opening the enclosures for electronic equipment without destroying it, how to identify electronic components, how to solder together circuits, where to get parts, and will do a walk through of several hacks i have completed. the talk is intended for beginners, but all experience levels will get a kick out of it. Scott Fullam is the author of the O'Reilly book "Hardware Hacking Projects for Geeks" published in February 2004. Scott Fullam has been hacking hardware since he was 10 years old with his first RadioShack 100-in-1 electronic kit. He built an intruder alarm to keep his sister out of his room. Scott attended MIT earning Bachelors and Masters degrees in Electrical Engineering and Computer Science. While and undergraduate he built a shower detection system so that he could see if the community shower was in use to allow him to sleep in a few extra minutes in the morning if it was occupied. After graduating from MIT Scott designed children's toys and built close to 50 prototypes in 2 years. He then went to work at Apple Computer in the Advanced Technology Group designing digital still cameras. In 1995, Fullam co-founded PocketScience, which develops revolutionary mobile e-mail communications products and services. As the Chief Technology Officer (CTO), Fullam personally developed all of the algorithms for the company's products. He also led the team that developed PocketScience's products and reference hardware. Scott now works as an independent consultant assisting consumer electronic companies design high quality products and manufacture them in the Far East. Scott holds 15 US patents. Never satisfied with how the consumer electronics products he own work, he often takes them apart and enhances their capabilities. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
|
Geoffrey Mark Farver |
This Space Intentionally Left Blank "This Space Intentionally Left Blank" covers work done to safely allow the transfer of unclassified data onto a sensitive (read highly classified) network for comingling with other data collects and Geoffrey has been a facility and network security officer and ComSec Manager in the Intelligence Community for fourteen years. His duties include shoring up network security at both contractor and government facilities. He is also available for childrens' parties. Mark Farver has served 5 years as trampled network engineer and code monkey. He has spent the past two years as network administrator and ComSec manager for sensitive networks. He knows little of value and sometimes gets cranky without a nap. Read It! (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Sarah Gordon |
What Do You Mean, Privacy? Privacy doesnt mean the same thing to everyone... Since you're interacting in a global space, you need to understand what people outside your immediate frame of reference are thinking when they talk about privacy—because what they think will influence ttheir expectations and their actions. This talk will give you the opportunity to examine some other views of privacy, explore your own thinking, and compare it with others—both from the global information security community and the audience. Finally, we'll look at how well those thoughts match up with behaviors related to various aspects of what we call "privacy". Sarah Gordon has spoken at DEFCON on topics from the security of PGP, women of #hack, and the impact of legislation on virus writing, and done lots of security related stuff for lots of different groups. Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Joe Grand, aka Kingpin Electrical Engineer, Grand Idea Studio |
Advanced Hardware Hacking: Designs and Attacks of Secure Hardware This presentation looks at advanced hardware hacking and reverse engineering techniques. We'll look at the steps taken by designers to incorporate security into their hardware products and then examine ways to attack them. Learning from history is important, so successful hardware hacks against security products will be discussed and copious references to other existing material will be provided. Joe Grand (also known as Kingpin) is an electrical engineer at Grand Idea Studio, Inc., a product development and intellectual property licensing firm. He is a former member of the legendary hacker collective L0pht Heavy Industries (yes, which turned into @stake, but don't ask him about that) and specializes in embedded system design, computer security research, and inventing new concepts and technologies. Oh, Joe is also the author of the Syngress book "Hardware Hacking: Have Fun While Voiding Your Warranty" published in January 2004 and contributor to a bunch of other books. Read It! (PPT) Resources (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Rachel Greenstadt Harvard University |
Tools for Censorship Resistance What censorship resistance technique is right for me? (And should my Chinese dissident friends use the same one?) Nearly everyone in the world is affected by censorship to some degree. Whether from annoying corporate firewalls, nervous ISPs, or oppressive governments, the result is often the same; individuals and organizations are unable to obtain information they want, say the things they'd like, or communicate with others. A number of technologies are helpful in circumventing these restrictions, including covert channels, steganography, and peer-to-peer systems. This presentation will survey the field of censorship resistance and discuss the maturity and promise of various techniques, as well as their promise and limitations from a theoretical perspective. I will present a range of capabilities and threat models and discuss which approach is best suited to each situation. Rachel Greenstadt is a researcher at Harvard University and a DHS fellow. She studies how information is leaked, collected, and controlled. She has done research on privacy, steganography, covert channels, and peer-to-peer security. Rachel is a contributor to the forthcoming book, The Economics of Information Security. She attends small, academic conferences compulsively, takes ballet classes, and reads science fiction in her spare time. Read It! (PDF) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Grifter Russ Rogers Tierra |
Project Prometheus The goal of Prometheus is to create an Open Source project that takes into account the inherent flaws in the Microsoft implementation of Alternate Data Streams (ADS) and uses those attributes to create a tool for increased security. The concept is similar to making lemonade from lemons. We're taking an insecure component of the NTFS file system and creating a tool that will provide increased security. Russ and Grifter will be explaining and demonstrating the use of Alternate Data Streams and then discussing an Open Source project which they have currently begun development on. Grifter has been involved in the scene for over a decade and currently runs 2600SLC, the Salt Lake City 2600 meeting, and DC801 the Utah Defcon meeting; where he often lectures on a range of security related topics. He has been published in numerous online and print publications and has previously been a speaker at several Defcons. He has also been the subject of interviews for various online, print, and television pieces regarding different areas of the hacker culture over the years. He is a Defcon Goon and primary organizer of the Defcon Scavenger Hunt and Defcon Movie Channel. Russ Rogers is the CEO and CTO of Security Horizon, a Colorado Springs based information security professional services firm and is a technology veteran with over 12 years of technology and information security experience. He has served in multiple technical and management information security positions that include Manager of Professional Services, Manager Security Support, Senior Security Consultant and Unix Systems Administrator. Mr. Rogers is a United States Air Force Veteran and has supported the National Security Agency and the Defense Information Systems Agency in both a military and contractor role. Russ is also an Arabic Linguist. He is a certified instructor for the National Security Agency's INFOSEC Assessment Methodology (IAM). Tierra, while still somewhat new to the scene, has been manipulating bits since the 7th grade, and is currently working on his Computer Science degree at the University of Utah. He has been attending 2600 meetings for more than 3 years now in Salt Lake City, and has been helping run the Defcon Scavenger Hunt since Defcon 10 (you'll find him at the Scavenger Hunt table again this year). While working with the DC801 crew on projects such as this, he spends his time mastering his PHP and SQL skills on various personal projects such as TIMAP found on SourceForge. |
|
|
|
Lukas Grunwald |
RF-ID and Smart-Labes: Myth, Technology and Attacks
This talk provides an overview of the RF-ID Smart-Labes, small labels on products with an embedded microchip and an antenna. Smart-Labes store product and serial-number, expiration date etc. and can be read from a distance. The Industry is planning to put these labels with an international product code on every product within the next decade, effectively replacing the old bar-code system. Some stores already use Smart-Labes, for example certain pharmacies in the US, and in Europe the Metro Group in their Future Store. At the end of this talk there is a practical demonstration of RF-DUMP, my tool to read and write Smart-Labes, check their meta-data and manipulate it. Mr. Lukas Grunwald is CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany)—a globally acting consulting office working mainly in the field of security and internet/eCommerce solutions for enterprises. Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, Forensic Analysis, Audits and Active Networking. Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively in conferences such as Hackers at Large, Hacking in Progress, Network World, Internet World, Linux World (USA/Europe), Linux Day Luxembourg, Linux Tag, CeBIT Conference. Read It! (PDF) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Nathan Hamiel (Ichabod Ver7) |
Down with the RIAA, Musicians against the Recording Industry Down with the RIAA is a look at the current state of the music business and where it is headed. The presentation uses statistics and facts to map out where the industry currently is and details the problems with the current model. After the problems with the current model are shown then the groundwork for the future of the music business is laid out showing how the recording industry is no longer needed. Included in the presentation is information on how artists can produce their own music cutting out the recording business. The recent increase in quality and decrease in price of recording equipment has made it very feasible for artists to make very high quality recordings on their own. This is the way of the future, and the processes are detailed by an independent music producer with experience in the field. Most people do not know it is possible to make quality recordings that rival commercial ones from your apartment, without even disturbing your neighbors. People are screaming for a change in the music industry. With all of the problems that the RIAA is creating for the music consumer, consumers will begin to be open to a new model where the hassles of the RIAA will no longer be an issue. The future of the music business will also afford more opportunity to artists leveling the playing field and decreasing competition between artists. Nathan Hamiel (Ichabod Ver7) is an independent artist and producer living in Jacksonville, FL. As an artist he has shared the stage with acts such as The Union Underground, Fuel, Scrape, 8Stops7, Phoenix TX, The Crux Shadows, and many more. Using his skills gained as a recording engineer he Read It! (PPT) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
Seth Hardy |
Subliminal Channels In Digital Signatures -or- Why it's VERY Important To Verify Trustworthiness of Encryption Programs A number of papers about a subliminal channel in the Digital Signature Algorithm were published more than ten years ago, allowing for communication through digital signatures in an undetectable manner. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in a undetectable way to anyone who knows what to look for. I will present on how this subliminal channel works, and demonstrate using a patched version of the GNU Privacy Guard how to use it for both benign and malicious reasons, both of which have little to no prior implementation in encryption programs. Seth Hardy is involved in both research and implementation in the field of cryptology, both as part of a university research group and independently. His primary interest is the mathematics side of crypto, so he's been involved in a number of projects which involve translating new and better concepts from math into a working implementation in code. Seth has presented his work at a number of conferences, usually with his good friend Jose. |
|
|
|
Bev Harris |
Black Box Voting |
|
|
| Deral Heiland |
The Insecure Workstation The insecure workstation. A creative look at the windows group policies as a security solution in today’s workplace and how easily they are circumvented. This talk will discuss the Were, What and Why on policies and also demonstrate simple tricks to bypass policies and exploiting poor policy implementation. Deral Heiland has been in the IT field since 1994 working in the following industries; Newspaper media, System Integrator, Manufacturing. Held the following position Network Administrator, Financial systems manager, Network field engineer and Network Security Analyst. He presently holds the following certifications SSCP, CCNA, CCWS, CNE5 and CWSE. Read It! (PPT) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
h1kari |
Smart Card Security: From GSM to Parking Meters Smart Cards are used all over the place in every day life. The unfortunate (or fortunate) side of Smart Cards is that most widely deployed systems don't use any real security and rely mostly on obscurity. This presentation will discuss the different types of Smart Cards, exactly how to reverse engineer the protocols they use, and how to exploit their security weaknesses. For demonstration, we will look at GSM SIM Cards and San Diego Parking Meter Debit Cards and show how their security can be defeated. h1kari has been in the security field for the past 5 years and currently specializes in 802.11b Wireless Security, Smart Card, and GSM development specifically to exploit its various inherent design weeknesses. He is the main developer of the bsd-airtools project, a complete 802.11b penetration testing and auditing toolset, that implements all of the current methods of detecting access points as well as breaking wep on them and doing basic protocol analysis and injection. David has spoken at numerous international conferences on Wireless Security, has published multiple whitepapers, and is regularly interviewed by the media on computer security subjects. h1kari is also the founder of Nightfall Security Solutions, LLC and one of the founding members of Dachb0den Research Labs, a non-profit southern california based security research think-tank. He's also currently the chairman of ToorCon Information Security Conference and has helped start many of the security and unix oriented meetings in San Diego, CA. |
|
|
| Thorsten Holz Laboratory for Dependable Distributed Systems (RWTH Aachen University) Dipl.-Jur. Maximillian Dornseif Christian Klein |
NoSEBrEaK—Defeating Honeynets Honeynets are one of the more recent toys in the white-hat arsenal. They are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. Sometimes it is even suggested that deploying honenets is a way to incerase security. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place. We show how to detect honeynets, circumvent logging on a honeynet and finally 0wn a honeynet hard disabling all of a honeypots security features and present the tools to do so. While being fairly technical the a basic knowledge how shellcode and the like works should be enough to follow the talk. Thorsten Holz is a research student at the laboratory for dependable distributed systems at RWTH Aachen University where he is trying to bring a solid scientific foundation to Honeynet research. Maximillian Dornseif and Christian N. Klein have studied computer science at the University of Bonn, Germany; Dornseif also holds a degree in laws. Both are involved in computer security and the German computer underground, namely the Chaos Computer Club, for a long time and are doing security consulting together since the late nineties. Their clients include the industry like Deutsche Telekom and T-Mobile but also government. Read It! (PDF) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Cameron “nummish” Hotchkies 0x90.org |
Blind SQL Injection Automation Techniques Due to improper software design and implementation practices, the number of web-based applications vulnerable to SQL injection is still alarmingly high. Yet the actual steps used to exploit these applications remain very tedious and repetitive. This presentation will focus on methods available to automate the task of exploiting blind sql injection holes. It will also feature a new tool, "SQueaL" and explain some of the research, used in the creation of this tool as well as ideas for expansion on the tool or other uses of the core libraries developed. Cameron Hotchkies, aka nummish, is a member of the 0x90.org digital think-tank and head developer of the new blind injection tool, SQueaL. In his non-free time, he works as a web-application developer and has witnessed (and had to repair) great atrocities in web application design. This has left him a bitter and frail shell of his former self. Some people have suggested he get out more. He is currently struggling to write code to teach him how to properly pronounce the word "about". This will be his first time speaking at DEFCON. Read It! (PPT) Resources (ZIP) See It! (RealVideo) Hear it! (RealAudio) |
|
|
|
IcE tRe |
Virus, Worms and Trojans: Where are we going? It seems that the major target of most online bugs is actually quite the same. Over and over again the uninspired, pop the box, seems to be what most writers are after. In this talk I will explore a bit of virus history in relation to goals, starting with older viral intentions, moving to what appears to be the intentions today and what possibly could be the intentions tomorrow. This talk will be fairly abstract and I will setup the examples that I use so no previous knowledge will be needed other than a basic idea of how viruses work and what damage they can cause. This information, most people already have from the coverage gleaned from your average newscast, if not other places. This talk in particular, should appeal to the broadest audience. IcE tRe, Like many of the people attending DefCon has been involved with networking/internet/'new media' since the early 90's. Working with 2 major unnamed ISP over the years has helped these companies weather the storm of the past 10 years of viruses, ddos attacks and various other security problems. Read It! (PowerPoint) See It! (RealVideo) Hear it! (RealAudio) |
|
|
| Dan Kaminsky Senior Security Consultant, Avaya Enterprise Security Practice |
Black Ops of TCP/IP 2004 Continuing the research done in previous years on advanced protocol manipulation and the high speed evaluation of large network characteristics, this year's Black Ops of TCP/IP goes into new territory with a deep analysis of the Domain Name System. A core element of the TCP/IP application suite, it is everywhere—and there is unexpected power contained within.
Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems, and he is best known for his work on the ultra-fast port scanner scanrand, part of the "Paketto Keiretsu", a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. He authored the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. Dan is based in Silicon Valley. |