25th Chaos Communication Congress (25C3) #2
Second day of congress, yesterday we stand until late and at 4 AM I didn’t feel like writing a long post on the blog about the day, so I’ve posted my first post this evening, sorry for the delay.
Wow! second day! it was cool! Unfortunately the Lightning Talks #1 agenda was empty! :( and I didn’t feel like going to the post-privacy talk, I am more a tech-talk than a social-talk guy :) so I skipped it and went a bit later to the full disk encryption crash course talk by Juergen Pabel. The talk was an introduction to full disk encryption tools as TrueCrypt, just a few ntes about the design of this kind of software but not much internals that was what I expected, so… just a review of products.
Next, attacking rich internet applications. A nice talk about google gears flaws, firefox extensions flaws and several XSS and JS injection tricks. This talk remembered me that I have to read more about all the current status of web development, mainly about all the firefox addons stuff since I’m not up to date of the latest attack techniques of web applications, and nowadays that’s the stuff that is everywhere, web, web, web… as Kaminsky said yesterday, there’s more applications that the web ones! there’s live beyond the web browser! :)
Short break for lunch, and we went straight to the talk about how to audit closed and encrypted PHP code. Stefan Esser talked about how to break encrypted bytecode, which techniques are used to ofuscate the bytecode and how can be reversed, how can this code be analyzed to find exploits without being able of reading the source code. Interesting talk for a person like me that isn’t a PHP coder but that it’s familiar with all that stuff, and it gave me some nice ideas for future challenges of our wargame Geek Puzzle :)
Now, the typical dilemma… which talk must I attend to when you have three interesting talks at the same time? I had to choose between smartphone hardware hacking, security of wireless sensor networks or TCP DoS vulnerabilities. OK, not so hard really… let’s go for the TCP one! :) as a network administrator, IP networks are “my world” so it’s worth to miss the other two, moreover I was really curious about the details of Outpost24 sockstress tool, the new devastating-low-band TCP DoS tactic, I already wrote about it, and it had been really interesting to attend a talk of Jack and/or Robert about their TCP stress tool so I attended the TCP DoS talk by Fabian Yamaguchi, but at the end the talk was a bit simplistic :(
I expected a high technical analysis of the last TCP DoS stuff half-disclosed by the Outpost24 guys but the talk was just a summary of old-school TCP DoS techniques (SYN flood, connect flood, rst attack, ACK messing to alter the RTT and the sending window…). Only one slide for the theoretical sockstress attack based on the size 0 sending window issue… well, I expected more :(
Despite I’m also interested in robotics, and the scalable swarm robotics talk sounds promising, I decided to attend the short attention span security, where Ben Kurtz talked about a lot of security issues that he finds working as a security consultant in Seattle. What a funny talk! He talked about an assorted set of subjects like WEP cracking with a small independent ITX board fully controlled through a web interface for the iPhone, FLEX code injection, EFI rootkits (nice topic this one, uh?)… check it out his site, lots of information about all thos subjects on his site.
Next, the talk banking malware by Thorsten Holz. It was a good summary of how a banking troyan works, which types are, which are the most common ones, and how the security researchers study those pieces of malware using sandboxes, to execute them without risks and know where they connect to and what protocols use to send the stolen data to the control servers. They got access to several central servers where the malware drops the stolen data, so they could generate some interesting statistics about which targets were more attacked, from which countries and how many users, passwords, credit cards numbers and that kind of private stuff were stored on those servers. He gave us some figures of how much money can a malware writer gain if they send all this information to mafias, a lot of money as you can imagine. Check it out the slides for the details, it’s worth it.
A new dilemma… funny pentesting techniques or Nintendo Wii hacking? My hacking side won again :) to finish the day, a funny talk by Francesco Ongaro, titled “tricks that makes you smile” :) well, a thing it’s true, that guy had make us smile :) the talk was funny despite of the Francesco’s “broken english” :) He revisited severa well known old-school tricks like icmp redirections and arp poisoning. Did a demo about extraction of a full database using sql injection tricks, some sudo tricks taking advantage of the password caching feature of sudo and a funny demo about how to hide information in html pages using silly tricks like foreground and background of the same color… it was funny, for sure :)
After that, we’ve dinner in our favorite italian restaurant, with a couple of new friends. Photos will be in flickr, be patient, I forgot my camera cable in $HOME :) We decided to create a mailing list to stay in contact after the con and maybe participate in some proyects.
By the way, I got a tool set from the people of lockpicking.org, more about this in future posts.
The second day is over :( the time here pass so fast, tomorrow is the third day of congress, and there’s a lot of interesting talks scheduled… more info tomorrow.
Happy Hacking!
Comments
2 Responses to “25th Chaos Communication Congress (25C3) #2”
Leave a Reply
[...] 25C3 #2 [...]
Hi! I’ve just published my slides and all the other materials related to the “Tricks: makes you smile” talk:
http://www.ush.it/2009/01/06/25c3-ccc-congress-2008-tricks-makes-you-smile/
Bye and thanks for the review (-;
ascii