DEFCON 14: [Video] Speeches from the hacker conventions

Abstract: Trusted computing is not inherently evil. It sounds scary, but it's true. While the public perception of trusted computing is that content providers will use trusted computing to enforce their digital rights and take away our civil liberties (whew! a mouthful), the reality is that there is a lot of good to be done by trusted computing. For more than thirty years, computer scientists have been trying to find ways to make trusted computing a reality. Unfortunately the technology simply wasn't there, and info sec folk and hackers alike have spent their time chasing an impossible dream. Now we finally have the ability to have trusted hardware in general purpose devices and we need to figure out what to do with it. Everything we know about security changes with trusted computing...firewalls, SSL transactions, and even SMS have very different concerns with trusted computing than they do now. This talk will attempt to dispel some of the myths of trusted computing, discuss the current state of trusted hardware, and examine how software will change due to the TPM. Heck, we'll even have some tools for you to play with on your TPM-enabled hardware. Bio: Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has coauthored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.

Abstract: The proliferation of malware is a serious problem, which grows in sophistication and complexity every day, but with this growth, comes a price. The price that malware pays for advanced features and sophistication is increased vulnerability to attack. Malware is a system, just like an OS or application. Systems employ security mechanisms to defend themselves and also suffer from vulnerabilities which can be exploited. Malware is no different. Malware authors are employing constantly evolving techniques including binary obfuscation, anti-debugging and anti-analysis, and built in attacks against protection systems such as anti-virus software and firewalls. This presentation will dig into these techniques and explain the basics. The idea of an open source malware analysis and research community will be explored. All the things the Anti-Virus vendors don't want you to know will be discussed. Methods for bypassing malware's security systems will be presented. These methods include detecting and defeating packers/encoders, hiding the debugger from the malware, and protecting analysis virtual machines. We will hack the malware. Bio: Valsmith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on problems for both the government and private sectors. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. Valsmith is a member of the Cult of the Dead Cow NSF. He also works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Offensive Computing, a public, open source malware research project. Danny Quist (Chamuco) is a computer security professional who has been interested in malware and hacking ever since the Michelangelo computer virus was released many years ago. He has written several defensive systems to mitigate virus attacks on networks and developed a generic network quarantine technology. He consults both with both private and public sectors on system and network security projects. His interests include malware defense, reverse engineering, exploitation methods, virtual machines, and automatic classification systems.

Abstract: Smart phones are the new favorite target of many attackers. Also most current attacks are harmless, since these mostly rely on user mistake or lack of better knowledge. Current attacks are mostly based on logic errors rather then code inject and often are only found by accident. The talk will show some real attacks against smart phones and the kind of vulnerability analysis which lead to their discovery. Bio: Collin Mulliner is a computer science student/researcher and a member of the trifinite.group. Collin's main interest are mobile devices, their security and pretty much everything that is somehow related. Collin started poking PalmOS-based PDAs in 1997, and by now has laid his hands on pretty much every existing type of portable device. In recent years Collin was mainly messing around with Bluetooth and created the first Bluetooth port-scan

Abstract: Security competitions have been of interest to many individuals for a number of years. The popularity of the annual DEFCON competition demonstrates the level of interest in these events. This talk will discuss the creation of the National Collegiate Cyber Defense Competition which was held in April 2006. A brief history covering the development of this competition will be covered as well as a discussion of the event itself. The results of the competition will be presented as well as the lessons learned from it and the plans to hold similar future events. A description of the hardware and software used as well as the network configuration and red team composition and activity will also be addressed. Bio: Dr. Gregory White has been involved in computer and network security since 1986. He spent 19 years on active duty with the Air Force and is currently in the Air Force Reserves assigned to the Pentagon. He obtained his Ph.D. in Computer Science from Texas A&M University in 1995. His dissertation topic was in the area of Computer Network Intrusion Detection and he continues to conduct research in this area. He is currently the Director for the Center for Infrastructure Assurance and Security and is an Associate Professor of Computer Science at The University of Texas at San Antonio (UTSA). Dr. White has been involved in security instruction for a number of years. He taught at the U.S. Air Force Academy for seven years where he developed and taught two courses on Computer Security and Information Warfare. For the last two years, he has been heavily involved in developing and promoting the idea of conducting an annual collegiate cyber security competition. In 2002, Dr. White was chosen to direct the Dark Screen cyber terrorist exercise conducted in San Antonio, Texas. This exercise, the first of its kind, brought together over 225 individuals from the military, various levels of government, industry and academia to examine the ability of San Antonio, Bexar County and surrounding region to react to a cyber attack on the area?s critical infrastructures. The event, which also had representatives from state and federal agencies, received national attention and expanded its scope to an even larger exercise in 2003. Since then he has been in charge of other sector-based and community exercises around the country. Dr. White has written and presented numerous articles and conference papers on security. He is also the co-author for six textbooks on computer and network security and has written chapters included in two other security books.

Abstract: Every hard drive will die a quick and sudden death sooner rather than later. What happens after that death can be very important to your data and become the deciding factor in its survival. We will display the inner workings of a hard drive in a beautiful animation and discuss the successes and failures in rebuilding a hard drive. We will teach you what to look for and how to accomplish this task on your own. We will delve into the platters and heads to show you when there is a good probability of success. Have you ever wondered how data recovery houses can rebuild your drive and put your data back together? The animated presentations will make it clear how rebuilding a hard drive can save your data and your money. Bio: Scott Moulton was the first person arrested for Port Scanning in January of 2000. During the defence, Scott found he had to train his lawyers on the technical aspects of computers in order to defend himself. This began his forensic computer career with a speciality in rebuilding hard drives for investigation purposes. Many times working on a case, Mr. Moulton will be given hard drives that had already failed in an effort to ?blame? the opposition or to slow down the work and cost the opposing forces more money. To combat the ?blame? scenario, Mr. Moulton developed a skill at rebuilding hard drives and recovering data. In the five years since its inception, Mr. Moulton has handled many complex cases that include homicide, embezzlement, theft, divorce, child pornography and corporate fraud and continues to combat dead hard drives to this day.

bstract: It's been a year since Major Mal gave his talk on hotel IR systems, and things haven't got any better...In fact, they've got worse. No, wait a minute...that's not right...They've *stayed* worse!! Having plumbed the depths of the IR in his room, and finding himself with little else to do, Major turned his attention to another piece of technology easily to hand: his magstripe room key...Now these have been around since Mary checked into her stable, and every hotel on the planet is using them, so they *must* be secure, right? Right??? OMFG, wrong! So wrong it'll make your head spin... In this talk Major Malfunction will expose not only how easy it is to bypass security mechanisms built into various magstripe technologies such as hotel doorkeys, train tickets, credit cards etc., but will also take a sideways look at how they might be leveraged to provide attack vectors on other in-house systems, such as passenger ticketing systems, bank clearing houses, hotel billing... OK, OK, enough already! We can fix this! All we need is some new technology, like, errr...RFID! That's it! That'll do the trick! Right? Right???? Bio: Major Malfunction lives in a fantasy world. He believes he works by day in the security industry, advises corporate, government, police and military, has a base in a secret underground nuclear bunker, and a network of colaborators all over the world involved in dark mysterious missions. He legally indulges his love of firearms in a country that prohibits them, swaps souvenirs with TLAs from all over the world, and generally swans about the UK like he owns the place...If you look closely, the man is obviously James Bond... No, not that closely...Back a bit and squint so you can't see his paunch...That's it! There, you see? What's that bulge under his armpit? James Bond, definitely.

Abstract: DEFCON began in 1993 as an "orgy of information exchange, viewpoints, speeches, education, enlightenment...and most of all sheer, unchecked PARTYING."(DEFCON 1 Announcement, 1993). Fourteen years later, the convention is one of the most established hacker conventions, and is defined as "the largest underground hacking convention in the world." However, significant social and technological changes have occurred during this period. The growth of the Internet, the increased need for computer security and the increasing significance of computer crime may have critically affected the shape and scope of the convention over time. This talk will critically examine the DEFCON convention over the past 14 years to understand the ways the con has changed, using previous convention materials, including programs, panels, and websites. The content, nature, and scope of the convention will be considered, including the number and types of presentations, as well as the presenters? credentials. This information will be assessed to consider what this says about the nature of the convention and the underground after 14 years. Audience participation is welcomed to inform this discussion and provide first hand insight into the past, present, and future of DEFCON. Bio: Dr. Thomas J. Holt is an Assistant Professor in the Department of Criminal Justice at the University of North Carolina at Charlotte specializing in computer crime and technology. His research interests include a variety of topics in computer and cybercrime, especially hackers and hacking. Over the past few years, Dr. Holt has examined the elements that compose hacker subculture, as well as hacker social organization through multiple data sources. His primary goal is to understand various social aspects of hacking and the computer underground from the hacker?s perspective. Dr. Holt has also given a number of different talks on computer crime issues and published on computer crime victimization around the globe.

Abstract: In this day and age, forensics evidence lurks everywhere. The task presented to modern forensics investigators is a daunting one. During this talk, you'll slip into the shoes of an uber-agent hot on the trail of the illustrious Knuth from the Stealing the Network series. Haven't read the latest installation? You should. How would YOU catch a guy that MELTED his hard drive platters and sanded down all his CDs? Where's the evidence? That's the question of the hour. Answer it correctly and you could win any number of cool prizes. Now that the talk description you can show you boss is out of the way, what's this really about? Think of it as the hacker's version of "Where's Waldo." You'll laugh. You'll learn. You'll cry when you realize the answer was staring you right in the face. You'll scream when you're caught in the mosh pit of the full-on frenzy of the bonus prize rounds. Forget Waldo. This is HALO 2 meets hacking. Get your game on. Got no coordination, no reflexes, no skillz, and no eye for detail? Come anyway. Come have some fun, and learn how the feds put the smack down on even the most paranoid among us. Bio: Johnny Long is a "clean-living" family guy who just so happens to like hacking stuff. A college dropout, Johnny overcompensates by writing books, speaking at conferences and hanging around with really smart people. Johnny is currently working on the final third of the coveted "Hacker Pirate Ninja" title, which has thus far evaded even the most erudite of academics. Johnny can be reached through his website at http://johnny.ihackstuff.com

ExpressPay is a stored-value cash card system which utilizes the Infineon SLE4442 chip; it was developed by enTrac Technologies of Toronto, Ontario, and its largest application is as the pre-paid cash card system in use at FedEx Kinko's. Analysis of a few dozen cards reveals that the data stored on the card is unencrypted and poorly protected against fraud, and a simple attack can be used to obtain the security code necessary to alter the data on the card. This talk will step the audience through the analysis, research, attack, and subsequent tests performed on the ExpressPay system, and conclude with recommendations on how to implement a more secure stored-value card system. Bio: Strom Carlson is a hardware security researcher at Secure Science Corporation, the organizer of the Los Angeles area Defcon Groups chapter (DC213), and the co-host of Binary Revolution Radio. He enjoys tinkering with technology, playing with telephones, and having a good time with whatever he happens to be involved in.

Abstract: This presentation looks at computer network defense and the legal cases of the last year that affect internet and computer security. This presentation clearly and simply explains (in non-legal terms) the legal foundations available to users and service providers to defend their networks. Quickly tracing the legal origins from early property common-law doctrine into today?s statutes and then moving into recent court cases and battles. We will look at the past criminal prosecutions and precedents, both civil and criminal, since we last met a year ago. As always, this presentation will quickly become an open forum for questions and debate. Bio: Major Robert Clark is the Command Judge Advocate for the Army? 1st Information Operations Command. As the sole legal advisor, his primary duty is to advise the Army?s Computer Network Operations Division on all aspect of computer operations and security. This role has him consulting with the DoD Office of General Counsel, NSA, and DoJ Computer Crime and Intellectual Property Section. He lectures at the Army?s Intelligence Law Conference and at the DoD?s Cybercrimes Conference.

Abstract: Jack Grove tries to stop his racing heart as he slips into a dark dingy alley. His paranoia is getting the best of him as he looks behind him. No one is following him, but he senses they are coming. He is afraid. The hack hadn't gone down as planned. Damn it, he was supposed to have taken everything into account, he got sloppy. He knew his only saving grace was no one would be able to recover his laptop. Not after what he did to it. Jack pulls out his cell phone to make what will soon be his last phone call. He looks around anxiously to make sure that he is alone before making the most important call of his life. He notices a man digging through a trash can. He decides not to risk the man overhearing him and chooses to send a text message instead. With his palms starting to sweat he texts: "net hax. Hidn. Dngr. Plan?" Just as the send button is pushed the alley is swarming with agents. Jack is thrown up against a wall. Agents begin to frisk him and take the remains of his hack from him. His cell phone, PDA, and iPod are all that is left of his digital task. He watches and wonders will they find anything to tie him to what has just happened as he is taken away into custody. Back at the crime lab, the agency's uber geek lab babes Amber and Tyler are under the gun to get this case solved. Someone on top thinks it is personal and wants Jack Grove. The two ladies are used to the pressure, but know they are tops in the crime lab when it comes to the bizarre bits and bytes of devices. They start their examination on the three items from the scene the cell phone, PDA and an iPod. Can these two super sleuths use digital forensics on the few devices recovered to figure out what Jack Grove was up to, who his accomplices were, and find the evidence needed to prosecute? By using this scenario, Amber and Tyler will bring the audience into the crime lab with them. Taking the devices from seizure to analysis showing where Jack Grove has left his digital fingerprints. Once the fingerprints are gathered the audience will work with these two examiners to piece together the case and solve the crime and prove Jack's innocence or guilt. The audience will gain an overall understanding of digital forensic handling and procedure. Details to what is gained on some of the unique digital storage devices will be demonstrated.

Abstract: Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation?s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as NSA wiretapping, cellphone tracking by the government, bloggers? rights and online journalism, the Sony rootkit scandal, Hollywood?s latest attempts to control technology development, and more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.

Abstract: In 2004, the Department of Homeland Security began the deployment of US-VISIT?a system for tracking visitors to the United States. Since that time, the capabilities of US-VISIT have increased dramatically; US-VISIT now incorporates a number of controversial technologies which violate the privacy, anonymity, and overall security of visitors to the USA in significant ways. In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered. If you are a foreign national visiting the USA, a US citizen who is concerned about what DHS has in store for you, or just curious about what US-VISIT does and how it works, this is the talk for you. Bio: Chris Paget is the Director of Research and Development for IOActive Inc, based in Seattle. Recently, Chris has been working on the "biggest independent security audit in history"?the Final Security Review of Windows Vista. Chris is an expert on Windows architecture and security, a privacy advocate, a British expatriate, a helicopter pilot, and a Code Red junkie.

Abstract: Security analysis is severely complicated by the size and abundance of executable code. Existing concepts and code can be combined, obfuscated, packed, and hidden toward the ends of evading detection and frustrating analysis. Is that patch fixing the problem it claims to fix? Have you seen that malicious code before? Have you seen these particular motifs/style before? All very interesting questions, some of which can be addressed using existing tools/techniques. This talk looks at a new tool, inspired by a scored string match used for genetic analysis: the Basic Local Alignment Search Tool (BLAST). Can this tool identify motifs common to UPX? Can this tool identify code generated by different versions of GCC? Does this tool provide similar Malware classifications to other tools? The talk will include an overview of the technique, demonstration of the use of the new tool set (binBLAST), and its performance. Bio: Scott Miller has recently graduated from the New Mexico Institute of Mining and Technology, the technique of this presentation developed in his Master's Thesis "A Bioinformatics Approach to the Security Analysis of Binary Executables". While pursuing his master's degree, he also considered a number of topics including human infection/immunity, natural language steganography, self-sustaining high-availability intrusion prevention systems, and secure compiler construction. Bridging the Gap Between Static and Dynamic Reversing Luis Miras, Vulnerability Researcher, Intrusion Inc. Abstract: Reverse engineering continues to evolve, or rather REvolve. The reverse engineering toolset primarily consists of disconnected disassemblers and debuggers. Without symbol information or data acquired from disassembly, the use of a debugger can be blind and tedious. Reverse engineering has fueled the need to enable these tools to work together. When disassemblers and debuggers are used in conjunction, the resulting union is greater than sum of the disparate parts. To bridge the gap between disassemblers and debuggers, I will be releasing two IDA Pro plugins. * pdbgen-Generates custom pdb files from the IDA Pro da

Phishing, it starts with 'Ph' for a reason. Some best practices to detect and prevent for some new point of attack methods. When banks and other financial institutions tell their customers to only give personal information (e.g.: Credit Card, Social Security Number, ETC) via the telephone, because of online attacks from phishers, that's when phishers get creative and go back to what the root of phishing has been and blend it with some new technologies. Bio: Teli Brown has done Security consulting for major telecommunications companies, aiding in tracking terrorist and malicious telephone users. He has also done massive amounts of testing with number delivery in SS7, and was able to identify and backtrace the flaw in SS7 that allowed people the ability to change their "Charge Number". Now spends his time consulting for small businesses for voice services.