Thursday, February 19, 2009

BlackHat Day 1 Writeup


As promised...

The keynote was pretty good, there is lots of buzz about it on the net. BlackHat was nice enough to post the video: https://media.blackhat.com/bh-dc-09/video/Kurtz/blackhat-dc-09-kurtz-keynote-slide.mov

Like usual it seems I picked the wrong talks...at least for my first talk... There is tons of buzz about the SSL talk which I did not attend. But will be watching tomorrow since BH was nice enough to share it as well.

Instead I went to Travis Goodspeed's Reversing and Exploiting Wireless Sensors Travis is amazing at hardware hacking. I didn't take alot of notes on the talk because most of it was over my head but for me the big takeaway is that just because things aren't PC's doesn't mean they aren't on the network and certainly doesn't mean they aren't pwnable. Travis basically demonstrated the various ways to defeat two popular micro controllers which could lead to all kinds of fun things if you have zigbee network in your infrastructure .

I left the Vista Security Internals one, too much Windows code for my brain to handle. The jist was that there were some major changes to LSASS with Vista SP1 that would make stealing password hashes out of memory via dll injection much much harder to do. If someone stayed for the whole thing I'd appreciate a wrap up of what the dealio was and if it has been defeated yet. I went over the OS X talk but he had already talked about whatever it was about and was doing demos.

After lunch I went to the Attacking Intel Trusted Execution Technology talk. very cool stuff. I'll skip my "jist of the talk" you can just watch it for yourself. Bottom line lots of Bios and computers are completely backdoorable and all your trusted computer platform stuff wont even know...very cool stuff.

Michael Sutton's A Wolf in Sheep's Clothing: The Dangers of Persistent Web Browser Storage covered four big issues; HTTP Cookies, Flash Local Shared Objects, Google Gears, and HTML 5.

Most notable was Google Gears, now just Gears, and HTML5 which allows for client side relational databases. Very interesting attack vectors start to come into play where with the client side db all in need is an XSS on any site to read database out of the client side db. The issues with discovering tables names and structure are gone because the attacker would have aready have copy of their own database to discover that, all the attacker would need to do is determine the username for the victim.
https://www.blackhat.com/presentations/bh-dc-09/Sutton/blackhat-dc-09-Sutton-persistent-storage.pdf

Adam Laurie talked about Satellite Hacking for Fun and Profit. I caught the tail end of the talk but it was also very interesting. Rather than butcher a synopsis, you can watch it. But in short, capturing TCP & UDP as well as other fun unlisted channels over your home satellite box.
https://media.blackhat.com/bh-dc-09/video/Laurie/blackhat-dc-09-Laurie-Satellite-Hacking.mov

Also...Media Archives are up: https://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html


CG

No comments: