DEF CON 18 Program - Up

RESENTATIONSSHODAN for Penetration TestersMichael “theprez98” Schearer Security ResearcherSHODAN is a computer search engine. But it is unlike anyother search engine. While other search engines scour theweb for content, SHODAN scans for information about thesites themselves. The result is a search engine that aggregatesbanners from well-known services. This presentation will focuson the applications of SHODAN to penetration testers, and inparticular will detail a number of case studies demonstratingpassive vulnerability analysis including default passwords,descriptive banners, and complete pwnage. For penetrationtesters, SHODAN is a game-changer, and a goldmine of potentialvulnerabilities.Gaming in the Glass Safe -Games DRM & PrivacyFerdinand Schober Security Researcher“DRM is the new form of slavery - but it also spies on you.”– conversation with a gamerAfter years of perceived-rampant piracy on the PC, gamepublishers are beginning to shackle gamers with increasinglyintrusive DRM systems. However, recent game news headlinesare brimming with failures of these measures. Cracks either getreleased weeks prior to street dates, or systems fail and prohibitlegitimate buyers from running their games. Even worse, thesesystems can easily be used to siphon the personal information ofgamers and potentially cause them major pain.This presentation will show an overview of what is out there inthe game DRM space and dive into specific issues. These issuesdetail how game platforms and their DRM systems create agoldmine of personal data and can be easily used to mess withlegitimate gamers.You’re Stealing It Wrong! 30 Yearsof Inter-Pirate BattlesJason Scott www.textfiles.comHistorian Jason Scott walks through the many-years story ofsoftware piracy and touches on the tired debates before goinginto a completely different direction - the interesting, informative,hilarious and occasionally obscene world of inter-pirate-groupbattles. A multi-media extravaganza of threats, CSI-levelaccusations and evidence trails, decades of insider lingo, anddemonstrations of how the more things change, the more theystill have to keep their ratios up.DC 18 Movie Night — GET LAMPJason Scott www.textfiles.comAt the dawn of the era of home computing, an unusual type ofgame was the most popular to play. With just a screen of text anda prompt, you’d be asked the simple question: WHAT DO YOUWANT TO DO NEXT?As you typed in commands and sentences, the games wouldtell you a story, a story fraught with danger, excitement, puzzlesand hours of exploration. They were called text adventures,adventure games and interactive fiction. They dominated thesales charts and introduced millions to the power and flexibility ofhome computers. No other type of computer game could comeclose. And then they were gone forever... or maybe they neveractually left.GET LAMP tells the story from a cave in Kentucky to the modernera of what some call a brand new form of literature. DirectorJason Scott will be on hand for the showing, as well as a Q&Aafterwards.SMART Project: Applying ReliabilityMetrics to Security VulnerabilitiesBlake Self Researcher, S2ERC Security and SoftwareEngineering Research CenterWayne Zage Professor, Computer Science, Ball State UniversityDolores Zage Computer Science, Ball State UniversityBattlefield operations depend heavily on network-centriccomputing systems. Such complex and widely dispersedoperations expose network-based systems to unprecedentedlevels of reliability and security risks. Computer systems andnetwork security are often limited by the reliability of the softwarerunning on constituent machines. Faults in the software exposevulnerabilities, pointing to the fact hat a critical aspect of thecomputer security problem resides in software. This presentationwill be covering the latest results of the Software EngineeringResearch Center’s (SERC) SMART Project. SMART stands forSecurity Measurement and Assuring Reliability through metricsTechnology. SMART is the result of a collaboration betweenSERC and the US Army Research Laboratory (ARL). Throughour previous award winning reliability research and our currentfocus of analyzing large open-source systems, promising resultswere obtained to support the accurate prediction of the reliabilityand security of individual and interdependent components ina network-centric environment. Open-source systems beinganalyzed include Apache, OpenSSH, OpenSolaris, and Firefox.An analysis of our current methods and results of those methodswill be given.Hacking DOCSIS For Fun and ProfitBlake Self Researcher, S2ERC http://www.serc.netBitemytaco ResearcherAt DEF CON 16 we showed various modifications and techniquesto gain free and anonymous cable modem internet access.During our last talk, the DOCSIS hacking scene was behindthe cable companies. Thanks to the efforts of SBHacker andothers, we our now ahead of the cable companies. This talk willanalyze and discuss the tools, techniques, and technology behindhacking DOCIS 3.0. We will also cover new areas like hackingPacketCable and discuss all of the DOCSIS related arrests sinceour last speech. We will be releasing the Haxomatic USB JTAG/SPI programmer by Rajkosto & SBHacker and updated DOCSIS3.0 hacked firmware for TI puma5-based cable modems atthis talk.Rip Your Browser for x06 daysJames Shewmaker Bluenotch CorporationAll significant modern applications are ported to the web. Evenwith custom applications, there is at least one web-basedcomponent. Web applications are partially dependent on webclients and are continuously part of the security equation.These issues manifest in ways that make the user vulnerable.For example, privacy vulnerabilities are demonstrated with theEFF’s Panopticlick browser fingerprinting project. Whetherthe weakness is privacy exposure, a client exploit, or a serverexploit,—an empowered browser can provide a reasonabledefense.This presentation will review three typical vulnerability classesand selected defenses: Privacy, Client-Side, and Server-side.The goal of this new tool is to shorten the vulnerability windowto six days. The talk finale will demonstrate how to poison yourbrowser’s DOM for anonymity.Hacking Oracle From Web AppsSumit “sid” Siddharth Principal Security Consultant, 7safeThis talk will focus on exploiting SQL injections in webapplications with oracle back-end and will discuss all old/newtechniques. The talk will target Oracle 9i,10g and 11g (R1 andR2) It is widely considered that the impact of SQL Injection inweb apps with Oracle back-end is limited to extraction of datawith the privileges of user mentioned in connection string. Oracledatabase does not offer hacker friendly functionalities such asopenrowset or xp_cmdshell for privilege escalation and O.S codeexecution. Further, as Oracle by design do not support executionof multiple query in single SQL statement, the exploitation isfurther restricted. The Talk will highlight attack vector to achieveprivilege escalation (from Scott to SYS) and O.S code execution,all by exploiting Oracle SQL injections from web applications.Further, as a number of organizations move to compliances likePCI ensuring that the Card data is always stored encrypted withthe private key never stored inside the database. The talk willfocus on what hackers are doing in the wild to bypass these andto obtain clear text card data when its only stored encrypted oreven when its never stored.Weaponizing Lady GaGa, Psychosonic AttacksBrad Smith Director, Computer Institute of the RockiesThis session introduces and demonstrates the emerging attackvector of psychosonics. Attend and you’ll understand how to turnANY MP3 into a weapon, a study aid, a hidden calming sessionor helping you experience that Ah-Ha moment of discoverysimply by injecting an alternate data stream attack made up ofpsychosonic frequenciesYou’ll learn how different mental states can be created usingfrequencies that interact with the brain, how the military is usingthis attack vector, how Vegas uses these same techniques oncustomers, which open source software creates these frequencygenerated psychic states and sites so you can continue youradventures in psychosonics. Multiple new attacks based onpsychosonics will be demonstrated and fully explained to you caneasily integrated these into you attack tools.This is an “attack the audience” session where you’ll actuallyexperience these psychosonic attacks so you can judge theireffectiveness for yourself. Better yet, you’ll understand how toincorporate this attack vector into your future attack surface.Hey, psychosonics is much better than the flame thrower brashe already has!A New Approach to Forensic Methodology– !!BUSTED!! case studies TOOLDavid C. Smith Georgetown University and HCP Forensic ServicesSamuel Petreski Georgetown University and Remote IT ConsultingImagine the following experiment, a unique case is given tothree digital forensic analysts and each is given the opportunityto engage the requester in order to develop the informationneeded to process the case. Based on the information gathered,each of the three analysts is asked to provide an estimate tocomplete the investigation and can proceed with up to 20 hoursto process the case. The analysts are then measured based onthe total findings, the time required to process the case, theinitial information gathered, and the estimated time to processthe case. The expected result is to be varied based on experienceand individual characteristics, such as organization, discipline,46 47