So I missed day one of the con as I was stuck on planes and in airports for damn ages. After a few hours sleep I headed to DC to meet up with Chris and Joe and check out the presentations. Chris filled me in on H1kari's GSM presentation which sounded really cool. Gonna have to check that out.
I got to sit in on Jay Beale's "They're Hacking Our Clients!..." presentation. It was a repeat of the Toorcon talk and did not bring in much new material at all. Jay is a real sharp guy and a great presenter but he really was not talking about anything the folks listening did not already know. The user is the 'new' attack vector. He made good points and mentioned ideas for looking at user-agent strings from browsers, mail client identifiers and using those in conjunction with tools lie Squid to prevent access to mail or the web until the user patches. I believe the term is NAC. All Jay was proposing is a simple form of NAC. Still the method of implementation is not a bad idea but it's trivial to spoof user-agent strings to bypass that. Injecting iframes with mr-t into the user's brower once a day was also suggested. Not a bad way to detect third party plugins but what about when the user is on the road or at home?
I really want to see what happens when IT prevents a user from getting mail until he patches his computer. It seemed to me that the presentation forgot the fact the productivity trumps security every time. If what we do impacts a users ability to do perform their job we have failed at our job.
I'm not even going to comment on "Why are Databases so Hard to Secure" by Sheeri Cabral. She might be sharp and have DB knowledge but she really did not present well on what is an interesting topic. All I can remember is "ACLs are good".
Next up was "VoIP Penetration Testing: Lessons Learned" by John Kindervag and Jason Ostrom. This was an awesome talk. Great presenters and a really interesting topic. VLAN hopping with voiphopper! Damn cool and the did a live demo too! I can see sooo many networks getting owned with this! unplug phone, plug in laptop, own network!
At that point I was fried after no sleep and 24 hours of travel so I blew off the next talks and crashed in the hotel room for a few hours. Drinks and dinner with Chris and then hanging with Joe and talking up a storm. Lots of fun.
Today I got to see valsmiths and danny's talk on Malware Software Armoring Circumvention. All I can say is DAMN! Very, very cool stuff! Follow Chris's link below and check it out. Well worth it if you are into RCE at all.
I was really excited to see Josh Wright's and Brad Antoniewicz's presentation on attacking EAP implementations. I was not disappointed at all. A damn cool talk about a very cool topic. So many of my clients use PEAP, TTLS or another flavor of EAP and so I was really interested to see attacks against 802.1x implementations in action. They show how easy it is to capture credentials, either hashes in the case of ms-chapv1/2 or in plain text PAP credentials, simply using a rogue AP and a patched version of FreeRADIUS. A live demo too!
Chris and I ran into dre and Marcin. It was cool to put a face to the names. After that I had to run to a cab and head back to the train.
All in all it was a good con. It was definitely more about chilling with some friends and meeting new people.