Here are some random thoughts from DefCon-14 that I attended on Aug. 4-6, 2006 in Las Vegas.

General notes:

 I attended DefCon-14 (www.defcon.org) in Las Vegas during August 4-6, 2006. There were several reasons why I went there. Neither one is because I’m a hacker. First, my (hopefully last) semester at USC starts in two weeks, and I wanted to have a nice weekend outside of my apartment before I plunge into studies. Second, I wanted to hear the presentations, because it’s an interesting stuff and somewhat related to my daily job. And third is because the first two are a killer combination of the right time and place.

 

 Friday, August 4, 2006:

 I arrived in the morning, rented a flashy yellow Ford Focus,  and drove directly to Riviera hotel. In addition to DefCon, there were two more conferences at Riviera: American Darters Association (www.adadarters.com), and National Association of Postal Supervisors (www.naps.org). Kind of odd mix of people next to each other: hackers, darters, and postal supervisors.

 Here are the darters:

I enjoyed watching Las Vegas weather forecast on a local TV. They said that the weather was nice, and the temperature was way below average for that time of a year. Whereas the actual temperature outside was “only” 103° F or 40° C. Go figure what the nice is.

 Also, the most annoying thing is smoke smell everywhere. A lot of people smoke anywhere that want to, and the rest don't seem to mind. That's so different from the Bay Area, where smoking, especially in a public place, became almost a crime. 

  Presentation started at 12, after being delayed by 2 hours due to safety checks that hotel did (not) do.

Here is the crowd ready to get into the first presentation:

 

Here is another one:

 

Here are few pics from the outside:

 

 

There were over 6000 people in DefCon-14.

 

I attended the following presentations, hopping between three parallel tracks. Here is the summary:

   

 Presentation 1: Hardware hacking by Joe Grand. Basically he talked about DefCon electronic badge schematics and its development process. He announced a contest – most creative badge hack. They made Microchip dev kit available to be used. Jumping ahead, the winner was a guy that hooked the badge to his audio system and managed to generate some *noises*. Another one blinked LED with DefCon-14 morse code.  

 

   

Here are the pics from the contest area:

"Wall of Sheep"

 

Pneumatic gun that automatically shoots the targets. 

 

A guy with a solder gun.

 

One of the DefCon t-shirts.

 

 

 Presentation 2: Googling by Greg Conti. The presenter is a professor in the West Point Military Academy. Basic idea of the presentation is to increase awareness that for every search – google or other - users made, search companies also collect and analyze user’s search requests. Hypothetically, search companies can connect users into groups, and associate with them all kinds of information, even pinpoint a person.

 He released a Perl script that parses Firefox cache file – formhistory.dat – and extracts all kinds of useful info. I run it on my machine, and it found all kinds of stuff over the last few years: from passwords to credit cards.

 

This is the track-1 presentation hall, filled to the brim.

 

 

 

 Presentation 3: Joshua Wright presented coWPAtty tool - Brute-force dictionary attack against WPA-PSK. The basic idea is to maintain a large database of known real passwords to get 802.11 SSID brute force. He mentioned about 4 million available real passwords are currently available.  In addition, another guy demonstrated FPGA-accelerated way of doing this.

 

 He also rose the question what happens if the firmware in a wireless access point is a malware. Hardware doesn’t do any checks what firmware it is running. So, theoretically there is no way for user to know if he is talking to an infected access point. Worse than that, the malware can download itself wirelessly to other access points, and quickly spread.

 

 

 

 

Presentation 4: Rebuilding hard drives for data recovery by Scott Moulton. (http://web.forensicspeak.com)

 Nice overview of a hard drive physical structure. He mentioned that 85% of failures are SW errors, and 15% HW. Hard drive date uniquely identifies all the components: PCB, FW versions, etc.

Try different OSs to try to mount the faulty drive. Knoppix seem to be the best.

 

 

Presentation 5: Investigation clues-death by 1000 cuts by Johnny Long. Lame presentation, bunch of odd USB drives, including real thumb (johnny.ihackstuff.com)

 

 

I’m totally exhausted at this point, since I woke up at 5am to catch an early plane to Las Vegas. Going to hotel to sleep.

 

 

 

 

Saturday, August 5, 2006:

 

Presentation 1: Visual Log analysis by Raffael Marty (www.raffy.ch). He wrote and released bunch of Perl scripts to do log parsing and graph presentation based on source/destination address pares, and other combinations. Also can easily do clusters and assign colors. Another tool is java-based tree view (like in smartmoney.com) called Afterglow. It shows rectangles of size proportional to the amount of traffic. Neat tool: allows to zoom-in, and other stuff. He mentioned that because graphics libraries he used were buggy, he hadn’t ported Perl scripts to Java yet. 

 

 

 Presentation 2: Zulu – command line 802.11 generation tool by Damon McCoy. Nothing revolutionary to be shown at DefCon. He emphasized that the design goals were simplicity, but comprehensive: modify all frame fields, not too many parameters, no need for driver modification, etc. The idea is that it’s easy to generate any malformed frames and crash the device.

 

 

Presentation 3: The Art of Fuzzing by Jared DeMott. If I got the idea right, fuzzing is like a grey-box testing: a mix of white and black box. He mention about research of how much fuzzing testing is required derived statistically.

 

 

Presentation 4: Static and dynamic reversing by Luis Miras. The main idea is to bridge disassembler and debugger together to do accelerate windows binaries reverse engineering. He released pdbgen and redress tools.

 

 

 Presentation 5: VOIP Linksys wrt54 router by Arias Hung. Duh, presenter had lost his entire presentation except one slide, so I moved to another presentation.

 

 

 Presentation 6: Automatic exploit detection in binaries by Matt Hargett. This is a sourceforge project, interesting to try. The presenter kid really used foul language, disgusting.

 

 

Sunday, August 6, 2006:

 

Presentation 1. Corporate spying network by Andrew Whitaker (trainingcamp.com). Nice demo on how to get computer access: hijack a web site, add Trojans to executable, modify the installation, put executable on a hijacked web site; when the installation downloaded, Trojan is installed, and it starts listening to some port. Attacker connects and monitors traffic. Rather simple demo with a lot of assumptions, but fun. He presented a bunch of useful tools, worth trying out.

 

 

 

Presentation 2. Phishing tips by Peter Gutmann. The guy is a professor at Auckland University in New Zealand. Nice presentation, although I new most of the tips already.

   

 

Presentation 3: Census bureau by Steve Dunker. The guy is a cop turned a lawyer. The presentation punch line was that his sister refused to provide census information, and was arrested. She asked him to represent her. So he started researching all the Census laws and found some interesting stuff.

 

 

 DefCon Award ceremony hosted by Dark Tangent: to be honest, it was too long and quite boring with some exceptions. Competing teams were presented with awards, etc. They mentioned little problems with law & order in this DefCon comparing to the previous ones.

 

 

 

   

 Pay attention to the net traffic statistics: AP impersonation events, Rogue Access Points, DoS Attacks, MiTm Attacks. Cool.

 

Next year DefCon-15 ? 

Maybe. Who knows.

   

Back