Defcon 17 is in the books, and Gabrielle and I had another fantastic time. Props go out to all of the Defcon staff. The Locksport International team and TOOOL put another fantastic lockpicking village together. Coffee Wars pulled a record turnout of thirty-six brews, and we met some great people there. (We lost badly.) And thanks to the hard working goons we met.
We arrived on Thursday, but with the new Defcon 101 tracks, we were practically late. The lines weren’t much worse than usual but there was a badge shortage right away thanks to the fine people at Chinese Customs. Gabrielle and I ended up with paper badges at first, but Gabrielle social engineered us into two actual badges soon thereafter.
The badge, as usual, is fantastic. Kingpin did an over-the-top job of building a sleek, simple badge that still has lots of hacking potential and out-of-the-box functionality. It uses the 32 pin MC56F8002 processor, with a microphone and an RGB LED to produce visual effects from aural input. Wired Magazine actually published the open source firmware. I am not a hardware hacker, but I have been working on getting it to produce different visual output based on pitch rather than volume.
I didn’t get his name, but one of the engineering team from Freescale (the company that made the microprocessor on the badge) came to the con. He just set up shop in the Hardware Hacking Village and helped people program the board. It was one of the coolest things I have seen at any con. As some of you probably know, my hardware experience is circa 1979. He effortlessly moved between helping me with the most basic soldering questions to the most advanced programming questions. I was blown. Get me his address, someone. I want to send him a bottle of Scotch.
It seemed like the traffic flow was worse at first compared to Defcon 15, but it soon leveled out. Part of the problem was the need to clean out the rooms fully and then count them coming back in due to the fire code. The marshals were around, and very visible, throughout the con.
There is a lot of talk about the Riv being too small. I happen to disagree – I think that DT just needs to find a logistics volunteer that will orchestrate the talks in such a way to control the crowds. I have seen Gabrielle do it. It is possible. (You hear that Jeff? She will work for Absolut.) The people at the Riv work their collective asses off to make it a good con and you just can’t replace that. Let’s change the logistics instead.
Oh wait, there was technical content too! Who knew?
The most significant thing I learned is that for all of the protections for CAS in the .NET Framework, there is a mind blowing flaw. The framework assemblies are just called by name. If you replace an assembly, EVERY .NET program on that machine will use the altered DLL to run the program. Does that mean if you replace the encryption protocol to email the keys to China, that all programs will send that key to China?
Yes.
Discuss.
Props to Erez Metula.
There was a great talk on using iMacro to do screen scraping for AJAX sites, and I plan on getting some new PoCs for that up in the future. It wasn’t rocket science, but it was a really good implementation of a simple idea that I sure as hell didn’t come with. I mean, if it was easy, everyone would be doing it, right? Screen scraping is a massively underused art. There is a LOT of information out there and the web browser just sucks for really making use of it.
So much net development was done on Metasploit in the last 12 months that they got an entire track dedicated to it. The biggest piece is undoubtedly the Oracle module, which really puts all of the disparate Oracle attacks into one place for ease in testing. I can’t recommend its use enough if you are a pen tester or in charge of db security
The civil liberties content was significant compared to 15. Nearly one whole track for three days was filled with lawyers telling us how not to go to jail when we fly to Italy on vacation with some music of questionable origin on our laptop. I just popped in and out of these, but every time I did I learned something.
Did you know that if you are asked to give up your password in the states you can say “come back with a warrant” but if you are flying overseas, they can just take the machine without your permission, copy the whole hard drive, and say “Thanks for the warez, d00d.” Lesson learned? Carry an empty laptop overseas and download your data set from a secure channel once you get there. When done, upload results and clear the machine again. Microsoft doesn’t even LET you carry a machine overseas.
Speaking of privacy (weren’t we, really?) social networking was a huge topic this year. Tom Eston and Kevin Johnson gave a great talk on some proof of concept work they did on social networks and trust. For instance, set up a parody account of a ‘B’ celebrity, and gain trust of followers. Then send out a link for a fun quiz with an XSS attack. Gain twitter cookie, get password, rinse and repeat. Social Butterfly is another of their tools, which manages the creation of apps in social networking sites like Facebook. It collects user accounts to be used for research purposes. Check it out. It’s not just that picture of the Christmas party last year that will get you in trouble on Facebook.
Locksport village was very informative, very well attended, and very well stocked. I picked up some new equipment and finally met both Schuler Towne and Doug Farre in the flesh. Doug and I are going to make some moves toward getting the Locksport International organization a little more, well, organized, and get things up and running there.
Gringo Warrior was a hoot. I supplied the live guard with a cigar (which he really needed!) and watched. Deviant had a whole boatload full of people, and I hadn’t practiced enough, so I didn’t do it this year. Maybe next year. The ah-ha moment for that was watching a very accomplished picker run the whole gamut in three minutes, and then spend ANOTHER three minutes trying to open the car door. After that, Deviant stood by the auto locks and yelled “Everyone look!!” Took out his auto jigglers. “Easy lock,” pop. “Medium lock’” pop. “Hard lock,” pop. “GET some jigglers people! They aren’t that expensive!” I got some jigglers.
My Defcon moment had to be standing in the elevator lobby waiting for a ride down from my floor, when thmping bass – LOUD thumping bass – became clearly audible. I thought “that’s one hell of a boom box.” Wait. Aren’t those lights?
The door opens, and there is a full mobile DJ station in the elevator. I kid you not. There was a mini-rave going on right there in the elevator with a DJ and dancing babes and the obligatory big white guy who can’t dance just bobbing his head and looking cool. It had to have been the coolest thing I have ever seen in an elevator, bar none.
Can’t wait for next year, folks. This one was fantastic. Till then, see you at PhreakNIC!