This past week, I had the privilege of attending Black Hat, DEF CON, and BSides Las Vegas. I had a great time, met some incredibly talented people, gave a talk, learned a ton, and reconnected with old friends. I’m already looking forward to what next year will bring if I’m fortunate enough to return. For those who weren’t able to join in the mischief, I’d like to break down some highlights.
The general theme for all three conferences was vast but mainly centered around the internet of things, privacy and general disobedience…
There were multiple talks centered around covering our tracks, improving Tor anonymity, enabling the security community, supporting the EFF, and much more. There were some excellent discussions around these topics, and BSidesLV even held an open session with the EFF which was very enlightening.
[[ Hacks ]]
It’s been a while since so many neat hacks emerged during these conferences, in particular It was rather enticing to see Zero Day exploits launched publicly against conference goers and newly released security products alike. Among the standard, packet sniffing, USB dropping, social engineering, and device rooting, there was one attack that really stood out among the rest…
In my opinion, the most prominent attack was launched by a fellow who goes by the Twitter handle @ihuntpineapples. He showed up to DEF CON with a clever Zero Day exploit (as many conference attendees do) that takes advantage of insecure code within the Hak5 WiFi Pineapple and turns the device into a paper-weight. Word on the street says that well over 1,000 pineapples were owned by this exploit during the conference…
‘Pineappled’ at DEF CON
This is a good lesson learned for folks new to the security industry… If you don’t know what you’re doing, have not researched how ‘hacking tools’ work underneath the hood, and are planning to mess with people at the largest hacker convention on the planet, you better be prepared for the consequences of those actions. I am rather familiar with the Pineapple myself and like to demonstrate basic wireless attacks using this tool-set; however I am glad I kept it at home this year and would never consider using this or similar script kiddie technology in this setting.
Hak5 Pineapple Van
note – Hak5 has since released updates to remediate against this vulnerability.
[[ Conferences ]]
The general atmosphere at BSidesLV is reminiscent of the early days of hacker conferences. They provide top-notch content with the advantage of a more personal venue, allowing attendees to approach speakers in a relaxed atmosphere, fostering collaboration and community. It is a free event that is supported by donations, releasing all presentation recordings (with the exception of Underground tracks) to the community following the event.
Pros vs. Joes CTF
I tried to attend a majority of the underground sessions since I wouldn’t be able to watch them later and was very impressed with what I saw. One of my favorite tracks was by Dave Kennedy, who presented on ‘secret pentesting techniques part deux’. This session covered at a high level many of the ways his team gets around most all security tools as the malware they generate never touch the disk, leaving little for Security Analysts to go off of.
A unique aspect of BSidesLV that I personally have never seen at any other conference is the speaker development program, dubbed the Proving Ground track. This is a fascinating opportunity for folks new to speaking publicly (such as myself) to get their work out there, present it to a larger audience, and get better at public speaking in general. Once proving ground speakers are selected, they are paired with a mentor, someone who has spoken at many conferences and has significant experience doing so. They guide their protege and give them advice to help tune their talk and get it ready for the public. I was more than happy to take advantage of this opportunity.
BSidesLV and DEF CON 22 Speaker Parade at theSummit (from hackerphotos.com)
I was paired with Kevin Riggins, an InfoSec pro with a long history of producing and presenting top-notch talks. He helped guide me and tune my talk in preparation for the conference. I think I did all right, but you can be the judge of that.
Following my talk I received this neat Challenge Coin.
Black Hat is a very large and impressive conference that is geared primarily towards security vendors and their customers. If you were there, you probably saw me holding down the booth with my awesome co-workers or wandering the halls in search of the next session.
I sat in on some excellent talks at this conference, and was incredibly impressed by Dan Geer’s Keynote speech. He covered many topics during his talk, but I was most interested in his thoughts on responsibility. More specifically, the responsibility that organizations owe to their customers and the general public in regards to security best practices.
“Either software houses deliver quality and back it up with liability, or allow users to help themselves [...] You’d better do it well, or be responsible if it goes poorly.” – Dan Geer
What a great way to kick off the conference, if you ask me. The statements he made are exactly in line with what the security community needs right now. It is astonishing the number of companies that are not handling the security of their systems and customer data properly; which puts everyone at risk for identity theft or worse. Having someone of Dan Geer’s status drive these points home in a large setting like Black Hat is key for ensuring progress on these fronts.
Keynote Address Preparation
If you didn’t make it out to Black Hat this year, you can watch many of the sessions on the official Black Hat YouTube channel here. If you don’t ever want to trust the devices that you plug into your computer, I highly recommend the BadUSB talk by Karsten Nohl and Jakob Lell. Their research is an absolutely fascinating take on USB attacks that will drastically affect the security industry going forward.
DEF CON, the mother of all Hacker conferences… If you work in the security industry, you owe it to yourself to get to DEF CON at least once. As many folks have been attending the con for years it is constantly gaining in popularity. It’s obvious that it is quickly outgrowing the Rio and there’s a rumor going around that it will be moving to a different venue next year in an attempt to hold the massive crowd that this conference brings to Las Vegas.
Welcome to DEF CON 22
Since I gave a talk at BSidesLV this year, I was invited to theSummit, an annual party which supports the EFF. This was a really neat event as I had the chance to speak with quite a few of the influential people in the industry whom I’ve looked up to over the years.
Vegas 2.0 Summit Badge and EFF Challenge Coin
There were so many great sessions this year, it’s hard to focus on just one that left the biggest impression. As much as I enjoyed the various NSA Playset talks, the discussions around privacy, and the cavalry; the very last talk I attended actually ended up being one of my favorites – Elevator Hacking, by Deviant Ollam and Howard Payne. This was surprisingly informative and very entertaining as they presented a ton of information in a short amount of time and did it very well, complete with embedded videos and entertaining commentary. If you can, you should watch the live talk as the slides simply won’t do it justice.
From the Pit to the Penthouse
What I found most intriguing about this talk is the fact that they discussed using event correlation to trigger on physical activities observed within the environment. This hits home for us at LogRhythm as correlation is what we do.
Lately the Labs team has been focused heavily on physical + cyber event correlation use cases such as this. It’s relatively easy to detect physical events using a SIEM, as most everything is networked these days and everything generates log data; the trick is capturing that data, analyzing it, and triggering on the anomalies. One of the examples they demonstrated was exploiting a service elevator that ‘was not supposed to open from the outside on the service floor.’ They utilized cloned keys and opened the elevator, riding it up to gain access to the secure facility. Had the company been alerted to the outside door lock bypass followed by triggering the elevator they would have been caught prior to gaining entry.
[[ Comunity ]]
If there’s one thing that people should come away from these conferences with it’s a better understanding of the security community.
#303MoshPit – AKA best time I’ve had at a con party in years
The folks at these conferences are some of the most intelligent folks in the IT industry and most are very friendly and open to talking with just about anyone. If you use your time wisely and approach the right people, I guarantee you will learn something new and have a great time in the process. Heck, even John McAfee made guest appearances at BSidesLV and DEF CON this year and stuck around to chat with folks in the audience! Plus, Dual Core, Dale Chase, DJ Jackalope, YTCracker, and many more were not only up on the big stage, but did shows for private parties and hung out with the crowd afterwards.
Dual Core and Dale Chase at theSummit
Just be careful with what technology you decide to bring with you, it will most likely get pwned…