Another year observing DEFCON remotely. Maybe next year, if I get lucky, or the year after that.
The schedule is here. If I were going, what would I go to? What gets me excited? What do I think you should look for if you are lucky enough to go?
(As a side note, one of my cow-orkers was lucky enough to get a company paid trip to Black Hat this year. I’m hoping he’ll let me make archival copies of the handouts.)
Thursday, as usual, looks to be a pretty quiet day. Sean Metcalf‘s “Beyond the MCSE: Red Teaming Active Directory” could be interesting. Master Chen’s “Weaponize Your Feature Codes” is one that I’m a little more excited by, though it looks like that requires an Asterisk setup. (Not that there’s anything wrong with that, other than I don’t have one, and getting an Asterisk setup is way down on the priority list at the moment.)
The presentation I’m most excited about is actually on Thursday, oddly enough: “Realtime Bluetooth Device Detection with Blue Hydra” by Zero_Chaos and Granolocks.
We are releasing a new tool for discovering bluetooth devices and automatically probing them for information. Effectively we have created a new tool with an airodump-ng like display for nearby bluetooth and bluetooth low energy devices…
Blue Hydra will discover and track bluetooth and bluetooth low energy devices in the area, regardless of being in discoverable mode [Emphasis added – DB], and tracks data (bluetooth version, services, etc) as well as meta-data (signal strength, timestamps) over time.
I’ve messed around a little with earlier Bluetooth detection tools, but if Blue Hydra runs and does half of what they claim…Hail Hydra!
After that, it’s a toss-up. Do I go to “Hacker Fundamentals and Cutting Through Abstraction”, or take the rest of the afternoon off and go book shopping?
Friday: I like Joe Grand, and I went to the original BSODomizer talk, so I pretty much have to pick “BSODomizer HD: A Mischievous FPGA and HDMI Platform for the (M)asses”. There’s nothing that leaps out at me between 11:00 and 13:00, though I might spend the first hour in the dealer’s room and the second one at the Vidal and Noelscher “CAN i haz car secret plz?” and the Six_Volts/Haystack“Cheap Tools for Hacking Heavy Trucks”.
13:00 is a toss-up: “How to Make Your Own DEF CON Black Badge” sounds like fun, but Tom Kopchak‘s “Sentient Storage – Do SSDs Have a Mind of Their Own?” sounds more practical. At 14:00, int0x80‘s “Anti-Forensics AF” might be interesting.
15:00: “How to Remote Control an Airliner: Security FLaws in Avionics”, just because I want to see proof. “Eavesdropping on the Machines” wouldn’t be a bad fallback if that one’s full. I like “Side-channel attacks on high-security electronic safe locks” at 16:00, but I also have to tip my hat to the FitzPatrick and Grand “101 Ways to Brick your Hardware”. I’d be more interested in an Apple Pay attack, but the Salvador Mendoza talk “Samsung Pay: Tokenized Numbers, Flaws and Issues” does have my curiosity.
At 17:00, “Hacking Next-Gen ATM’s From Capture to Cashout”, because. (Speaking of ATMs, has everyone seen this?) Then, dinner.
Saturday! Saturday! Saturday! We’ll sell you the whole seat, but you’ll only need THE EDGE!
Sorry. Where was I? Oh, yes: Zack Fasel and Erin Jacobs‘s “I Fight For The Users, Episode I – Attacks Against Top Consumer Products” is the first morning panel that has me excited, followed by “Picking Bluetooth Low Energy Locks from a Quarter Mile Away” (because Bluetooth, plus “we introduce a new open source war-walking tool compatible with both Bluetooth Classic and BLE”).
I’m not overwhelmingly enthused by anything between 12:00 and 14:00. Depending on my mood, I might hit Marc Newlin‘s “MouseJack: Injecting Keystrokes into Wireless Mice” and either “Universal Serial aBUSe: Remote Physical Access Attacks” or “SITCH – Inexpensive, Coordinated GSM Anomaly Detection” (the latter because I’m wondering if this will detect Stingray).
At 15:00, the Jay Beale and Larry Pesce talk “Phishing without Failure and Frustration” is relevant to my current professional interests, and they deserve kudos for referencing Layer 8 of the OSI model. But I also like the sound of “Forcing a Targeted LTE Cellphone into Unsafe Network” and “Exploiting and Attacking Seismological Networks… Remotely”. (“We found several seismographs in production connected to the public internet providing graphs and data to anyone who connects to the embed web server running at port 80.”)
Another conflict at 16:00 hours: would I go to Patrick Wardle‘s “I’ve got 99 Problems, but Little Snitch ain’t one” (because OS X kernal and security fail) or Max Bazaliy‘s “A Journey Through Exploit Mitigation Techniques in iOS” (because IOS and security !Fail)? Fred Bret-Mounet‘s “All Your Solar Panels are Belong to Me” might be interesting (depending on the definition of “celebrity”) but I might also decide to skip out at this time, since nothing interests me for the rest of the evening.
And so into Sunday. “Hacking Hotel Keys and Point of Sale Systems: Attacking Systems Using Magnetic Secure Transmission” would be my first choice: this is from the same guy who is doing the ATM talk, and hits one of my areas of interest. If I couldn’t get into that, I think I’d hit “How to get good seats in the security theater? Hacking boarding passes for fun and profit”: but, as the author notes, “The fact that boarding pass security is broken has been proven many times…”
I’m intrigued by “Discovering and Triangulating Rogue Cell Towers” because Stingray, but I really wonder how practical it is. “With a handful of these detectors working together, you can identify when a rogue cell tower enters your airspace, as well as identify the signal strength relative to each detector. This makes it possible to triangulate the source of the new rogue cell tower.” Am I going to carry a handful of these detectors with me when I’m driving around?
12:00 gives us another embarrassment of riches: “Attacking BaseStations – an Odyssey through a Telco’s Network” (“..having our own Macro BaseStation (an eNodeB) on the desk, we will demonstrate practical approaches to and attacks on real life devices”), HeadlessZeke‘s “Let’s Get Physical: Network Attacks Against Physical Security Systems” (this would be my first choice), and Anch‘s “So You Think You Want To Be a Penetration Tester”.
Nothing tickles me at 13:00. At 14:00, “VLAN hopping, ARP Poisoning and Man-In-The-Middle Attacks in Virtualized Environments” appeals to my professional side, but Tamas Szakaly‘s “Help, I’ve got ANTs!!!” (about the ANT protocol for various sports devices, including bike computers) appeals to my fun side. And that pretty much wraps things up: nothing I’m interested in at 15:00, and closing ceremonies at 16:00.
A few things I’ve noticed:
- Charlie Miller and Chris Valasek are speaking at Black Hat, but not DEFCON.
- Dan Kaminsky is also speaking at Black Hat, but not DEFCON. And this sounds like a pretty good presentation.
- Ars Technica on HEIST, the latest HTTPS attack. Abstract. The talk was today, so I’m hoping the presentation will be up soon.
- No “Hippie, please!” talk this year.
Anything you see on the schedule that you’d like me to look into? Are you a presenter who thinks I gave you short shrift? Or are you a presenter who wants to send me a link to their presentation? Or do you have other thoughts? Please let me know in comments. This weekend isn’t shaping up to be as busy as last weekend or next weekend, so I’m hoping I can provide updates as they become available.
I do note that if you had attended ““Cheap Tools for Hacking Heavy Trucks,” then you could have done a sequel to Shake Hands With Danger.
Yeah, me too