Posts Tagged ‘Conference’

CSAW 2013 and Threads

Posted: November 17, 2013 in Forensics, Passwords

This year’s CSAW and Threads events really show why NYU is a strong community for Cyber Security.  I was nothing but the best when it comes to the list of speakers.  Some of the key players expanded on their previous talks earlier in the year from Defcon, while others provided some sound interesting new ways to look at old security problems.  I especially enjoyed Hank Leininger’s password topology talk.

Threads Speakers

CSAW was also very impressive.  I had the privilege of seeing this event from the judges perspective for the High School Forensics (HSF) competition.  All I can say is that some of these contestants were simply impressive.  Not only was their forensic work top notch, but their reporting and quality of work performed was amazing for individuals with no professional experience.  The winners of this contest really do deserve the scholarships they are awarded and I’m sure many of them will continue to be key players in the security scene for years to come.  Congrats to all the teams especially The Cams Nugget and Electric Sheep.

CSAW 2013

CSAW High School Forensics (HSF)

Like any other HackerCon there are good and bad things, so I will jump right into the interesting stuff.  The start of the conference was a little slow taking less of an attacker security approach, which I prefer.  In any event around midafternoon was a talk called “Wipe the Drive!!! Techniques for Malware Persistence”.    Mark Baggett and Jake Williams discussed some amazing techniques used by attackers.  I mean things that even memory forensics don’t catch.  They were discussing persistence tactics like:

  1. You remove malware and later your computer scans for a wireless access point as a part of normal activity and that scan releases the malware again.
  2. Your remove malware and later you plug in a standard clean USB key.  At this point the trigger of the key being plugged in releases the malware and infects the system.

Again their entire suggestion on the talk was to suggest wiping the drive is again the only safe way to possibly remove malware and to think otherwise might be foolish.

Day 2 and More

On the second day I ended up attending a few different sessions.  There was a talk on running a CTF that went through some of the tactics but mostly explained the amount of time it takes to setup and run a CTF.  Several of the other talks I went to were less than technical in my opinion and I felt everything could be Googled in about the same time I was in the presentation.  There was one exception, Carson Zimmerman packed the room (seriously no sitting space) with his talk on “Ten Strategies of World Class Computer Security Incident Response Team”.  I came in late, but what I saw was good.

ShmooganographyOther activities at the Con were always entertaining.  The Lockpick village always provides a good time filler in-between sessions.  I enjoyed spending some time handing out a few Hacker&Agent card decks to  kids.  Also, there was plenty of hacker and security speak in the evenings at the hotel bar.  Otherwise if you like games there were some contests on the Xbox or I would suggest testing your skills by taking a stab at Shmooganography. If you get a chance and get into the 2014 conference its worth at least taking a look.  Below is a preview of the 2013 contest.

Again overall a good Con, but I think some of the talks need to be more technical and in-depth next year.


My first time at Pumpcon and it was quiet educational and fun.  Nothing like being with a small group of smart people drinking and talking about computers.  Considering this is an invite only group I have to thank the speaker that allowed me to come along.  Overall there were two talks that really got my attention.  These were from the two Brads.  There was another presentation also by Travis Goodspeed.

The First Brad

This was an entertaining and informative talk on Blueray hacking.  It appears most new Samsung devices all use the same underlying OS.  This includes the TVs.  Brad went into good detail about how he soldered wires to the different debug connectors on the board to monitor the electricity with a volt meter and logic analyzer.  He took us through his epic adventure of being denied console access through just about every approach.  Eventually all this research had lead him to an approach where he was able to setup a telnet listener and obtain console root access to the device.   I’m sure there will be a blog with more detail on this eventually at Open Security Research.  For now one of the biggest nuggets of information he supplied was to check out SamyGo before doing any Samsung hacking.

 The Second Brad

The BacNet Attack Framework talk was interesting.  This typically goes a little outside of the realm of this blogs core topic of information security, but it’s very important because of the significance around ICS and SCADA equipment.  Brad went through some discussions about BackNet listening and suggested a good portion of the items he is studying all talk on UDP.  Based on my understanding it appears many of the items he is discussing really could be mitigated with unidirectional firewalls or other known protection mechanisms. 

 What Else?

The rest of the Con was spent with drinking and talking about sexual harassment images in presentations.  It was in regards to whether or not certain images should be shown at conferences now since there are more and more women attending.  I think eventually the best response to this was “let’s just end this discussion and talk about computer shit”.

The first annual Brain Tank conference – Small but effective!

There are good and bad things about small Hacker cons.  The good was that you have time to talk and figure things out with other people much more effectively than some of the larger conferences.  The bad is that larger conferences tend to have many items for purchase to help you improve your skills.  These items were not available at the Brain Tank con.  Overall the mix between Hacker/Maker proved interesting and informative for the presentations that I watched.  It was also good for those of us looking to get in more experience in the Lockpick Village hosted by Toool.  However, if you were looking for additional picks or tension wrenches this was not the place.

Overall the event had about 150 people and was a good time helping gain more experience.  This event surely will grow over time and eventually have to relocate to a bigger space than that provided by

Hackers & Agents the card game is in full swing.  The game is continuing to evolve with several add on packs coming out soon.   If you like encryption puzzles there is a new encryption card in the deck with added difficulty.  Check out the Facebook page for any new updates.  Also there are several tutorials and graphics posted to help with normal game play.

On another note I will be hanging out at the Hacker-Maker conference in Rhode Island this weekend doing more locking picking and handing out a few decks.

I ran into a Schalge Everest lock giving me a challenge so if you are into lock picking I think its important to have a tension wrench that enters from the top.  I’m hoping the lockpick village at the Brain tank has some good practice locks.

Hands down Day 1 of Recon the Magic Bus by Travis Goodspeed and Sergey Bratus took the show.  Great informational and entertaining presentation!  I encourage anyone to check out the hardware Travis has developed and his papers if you are into understanding key security issues with the Bus.

Next I found the presentation by Rolf Rolles some of the best work I’ve seen in this field.  The presentation was focused on Syntax and Semantic based methods for reverse engineering.

Syntax Based

Under the Syntax based methods Rolf talked about looking for patterns that can help identify signatures such as packers, FLlRT, etc.  It seems like this could be a good idea for an offshoot tool.  However, it important to note that he said an attacker could possibly avert these patterns when a reverser is using Syntactic methods by recompiling or doing complex obfuscation.  Guess this is another reason we should all be doing obfuscation in the commercial world.

Semantics Based

For this discussion Rolf described scenarios for an automated key generator, automated bug discovery, etc.  Most of the talk was explaining the mathematics behind the analysis which overall appear to very basic in nature.  However the way Rolf has applied the math in the analysis is quiet interesting and very intelligent.

Without going into too much detail he simply replaced concrete semantics (i.e. x,y) with abstract semantics (i.e. +(positive), – (negative)).  Then using truth tables on Bits (standard bit analysis either 0 or 1) (unknown bit analysis using 0,1, ½; ½ represents unknown) he is able to map out patterns.

In general the rest of the day was filled with other speakers who were interesting but just didn’t seem to catch my full attention.  With that said Tarjei Mandt did a good job explaining atoms and string based attacks. 

All and all a pretty good first day especially since Montreal had a music festival running with Dissonant Nation, which made a great evening of entertainment.

Wikipedia truly is amazing.  Check out the list of worldwide security conferences.  This is a great place to look for any professionals wanting to speak or attend high profile conferences.  Definitely a good site to add to my links page.