Black Hat USA 2016 & DEFCON 24 recap

Intro: Black Hat vs DEFCON

Image for post
Image for post

In August I attended the security conferences Black Hat and DEFCON in Las Vegas. The cons are organized back to back, with the Black Hat Briefings on the first two days of the week and then DEFCON from Wednesday till Sunday morning. Even though they are organized by the same core group of people, both conferences have a distinct feeling and culture. Black Hat is the classical well-organized conference with a more corporate culture, while DEFCON is on the other side of the spectrum with attendees really breathing hacker culture. For instance, the “Business Hall” at Black Hat is filled with different corporations with huge booths trying to sell you the latest and greatest in “Cyber” protections.

Image for post
Image for post

At DEFCON there are no Mega Corps with booths, but they have a vendor area where you can buy anything from lock picking tools, pen-testing tools like hardware key loggers and rogue WiFi base stations, or you can talk to the Electronic Frontier Foundation or Hackers for Charity. Another key difference is that the DEFCON ticket can only be bought at the door in cash — no credit cards accepted for obvious reasons.

There are loads of more interesting things about the DEFCON culture, and I can recommend watching the documentary embedded below if you are interested in that:

List of talks

PWNING YOUR JAVA MESSAGING WITH DESERIALIZATION VULNERABILITIES (Black Hat)

In this talk the author introduces the vulnerability type which he found in more than 12 different JMS client implementations, and also the Java Message Exploitation Tool which can be used to find and test for these vulnerabilities.

Slides * White paper * Recording * Tool

ACCESS KEYS WILL KILL YOU BEFORE YOU KILL THE PASSWORD (Black Hat)

This talk is about hardening AWS environments with regards to access keys, passwords, IAM Policies, MFA, etc. The author also introduces some tools for this.

Slides * Recording * Tools: AWS-recipes , Scout2

ACCOUNT JUMPING POST INFECTION PERSISTENCY & LATERAL MOVEMENT IN AWS (Black Hat)

This talk is about how attackers can use (read: abuse) AWS services to gain advanced persistence, even if access keys are revoked.

Slides * White paper * Recording

HARDENING AWS ENVIRONMENTS AND AUTOMATING INCIDENT RESPONSE FOR AWS COMPROMISES (Black Hat)

Yet another AWS related talk, this time about automating incident response.

Slides * White paper * Recording * Tools: AWS IR

Mr. Robot Panel (DEFCON): Recording

A JOURNEY FROM JNDI/LDAP MANIPULATION TO REMOTE CODE EXECUTION DREAM LAND (Black Hat)

Presents a new Java vulnerability called “JNDI Reference Injection”.

Slides * White paper * Recording

Bypassing Captive Portals (DEFCON): Slides

Hacking hotel keys and Point of Sale Systems (DEFCON): Slides, Recording

BEHIND THE SCENES OF IOS SECURITY (Black Hat)

Amazing to hear Apple’s head of Security Engineering explain the cryptographic design and implementation of their system which can move confidential data between devices without exposing the data to Apple while affording the user the ability to recover data in case of device loss.

Slides * Recording

CALL ME: GATHERING THREAT INTELLIGENCE ON TELEPHONY SCAMS TO DETECT FRAUD (Black Hat)

In this talk they present how they were able to detect a phony phone call within seconds by using a large telephone honeypot to collect data about such calls.

Slides * Paper

411: A Framework for Managing Security Alerts (DEFCON): Slides * Framework

DOES DROPPING USB DRIVES IN PARKING LOTS AND OTHER PLACES REALLY WORK? (Black Hat)

Slides * Recording

Toxic Proxies — Bypassing HTTPS & VPNs to pwn your online identity (DEFCON): Slides

MouseJack: Injecting Keystrokes into Wireless Mice (DEFCON): Slides* Paper * Recording

EXPLOITING CURIOSITY AND CONTEXT: HOW TO MAKE PEOPLE CLICK ON A DANGEROUS LINK DESPITE THEIR SECURITY AWARENESS (Black Hat): Slides

SITCH: Inexpensive coordinated gsm anomaly detection (DEFCON)

In this talk the author presents how to build your own device to detect the presence of Man-in-the-Middle capable devices in GSM networks.

Slides * Recording * SITCH

How to overthrow a government (DEFCON): Paper * Recording

WEAPONIZING DATA SCIENCE FOR SOCIAL ENGINEERING: AUTOMATED E2E SPEAR PHISHING ON TWITTER (Black Hat)

In this talk the authors introduced a new way of spear phishing users on Twitter by using a recurrent neural network that learns to generate tweets based on what the target has tweeted about before, so that it is more likely that the target will click on the malicious links.

Slides * Paper * Source code

Discovering and triangulating rouge cell towers (DEFCON): Slides

All Your Solar Panels Are Belong To Me (DEFCON): Slides

IoT / Internet of Things or IdIoT?

A LIGHTBULB WORM? (Black Hat) Slides * Paper * Recording

ADVANCED CAN INJECTION TECHNIQUES FOR VEHICLE NETWORKS? (Black Hat) Recording

Pictures

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Written by

code & infosec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store