For anyone interested, here is the schedule for what talks I attended today at Black Hat and the ones I plan on going to tomorrow http://sched.blackhat.com/metacortex. I will go ahead and post my thoughts and opinions on the various different talks.
Started out the day like most conference attendees at the Keynote. The keynote was given by some chick from the DHS. Overall opinion, it was pretty lame. She started right off the bat by saying she wasn’t apart of the security community and it became very apparent along with her lack of any technical knowledge. I don’t expect her to be “super uber 1337 h@x0R” but to have some knowledge of what she was talking about. She kept relating everything to the Army and had a fetish for the word “cyber-space” I would not be surprised to see the word “cyber-space” in the transcript more than 30 times. After the disappointment of the Keynote I made my way down to go see “WPA Migration Mode: WEP is back to haunt you…”
I was hoping “WPA Migration Mode: WEP is back to haunt you…” would be some new tech for cracking WPA but didn’t really know what to expect due to the lack of media coverage. As it turns out, Cisco has this migration mode for when you are moving from WEP to WPA that allows both to be used sanctimoniously and then just bridges the two together. The entire premise of the talk was that people forget to turn this mode off after fully migrating and thus still accepting WEP connections. All though it was not a bad talk, it did not deserve a slot at Black Hat as it is only used by people who
A) Use Cisco wireless gear
B) Try to migrate between WEP and WPA softly
C) Are dumb enough to forget to change it.
Now, I do not have any personal look into the market and what organizations are doing with their wireless infrastructure but I would imagine that it would be fairly small. In any case, once you find out that they are still accepting WEP connections, it is just business as usual by cracking WEP. I do have to give them a little more credit though. They wrote a patch for aircrack that allowed it to crack this way as it wouldn’t crack it due to a limitation it has for TKIP.
After the WPA stuff I headed down to “Balancing the Pwn Trade Deficit” by the guys at Attack Research. This talk was all about the Chinese hacker scene. It was a really unique talk as they did not take the position of China bashing like it seems the rest of the industry does and I must say I loved it. They talked the cultural differences as you can very clearly see it in their source code as they name things such as variables and functions with J-Pop lyrics. They spent the majority of the time talking about Chinese malware and exploit generators. Going into the talk, I had some small idea about how sophisticated some pieces of malware are such as the zeus-bot but I I was almost dumbfounded by things such as 24/7 support over phone and QQ (Chinese equivalent to ICQ) as well as having to have active accounts with the creators in order to generate an exploit. In the end, it came down to the fact that the Chinese scene is just like the one here in the States where they have the white/black hat classification as well as similar targets and motivations.
Next up was the talk of the year. Mr. Barnaby Jack with his talk on Jackpotting Automated Teller Machines. Got a nice cozy seat up front due to the Blackhat Jersey. He began out with saying that it is not all about the payoff and it was about the journey to the payoff. He went through with us some of his first attempts at getting access into the ATM’s using JTAG interfaces and having to get explorer.exe to execute on it (as they all run Windows CE). Once this was demonstrated, he showed us the tool he created for exploiting the ATM’s called Dillinger where you simply connect to the ATM on its management port. Once you can connect to it, you have the choice of Testing the Exploit, Upload his Root Kit, resetting to defaults, retrieve Credit Card Track Data, or Jackpotting it (photo here). It was incredibly entertaining to see the money fall out of the ATM while it was playing shitty MIDI song. It was absolutely fantastic and left confirming my opinion that he is just a bad-ass.
Now, I decided to go to one of the most brutal talks I have ever seen. I went and saw “Harder, Better, Faster, Stronger: Semi-Auto Vulnerability Research” by the SourceFire VRT guys. As I am not really good at any type of coding or vulnerability development, a lot of it went way over my head but they did introduce a tool that it looks like would almost revolutionize that space.
Last talk of the day was the other one that got a lot of hype, it was “Getting In Bed With Robin Sage”. The basic premise was that he got this hot chick’s picture and posed as a chick in the security industry. Apparently in the end he was able to get job offers from the likes of Google and Lockheed. This was hands down the worst talk I have ever seen in my entire life. The speaker was so incredibly disorganized that he could not, stick to his own slides and spent most of the time getting into it with Chris Nickerson and browsing his file system taunting people with pictures of incriminating emails but never actually opening them to show people. It was so bad, about half of the people got up and left half way through and one guy had to ask him really what exactly he did as he never explained exactly what happened and what he did. At that point, I had to get up and walk out as well.
All in all, it was a little above average. There were some awesome talks but some really downer talks as well. We will see what happens tomorrow but I am thinking I may have to just do the whole BSides thing next year.