Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was...
-
Upload
matteo-raw -
Category
Documents
-
view
216 -
download
0
Transcript of Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was...
DEF CON 20 Run DownKyle Slosek
DEF CON Documentary
DEF CON History
Created by Hacker Jeff Moss in 1992
Started as a party for a hacker friend who was leaving the country
DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone
What is DEF CON?
A place for hackers, security professionals and government agents to gather and discuss security
A conference for those of us who cant afford Black Hat
A Party
What Can You Expect?
There will be black hat, white hat, grey hat hackers, security researchers, script kiddies & Federal, State and Local Law enforcement
There will be attempts to socially engineer sensitive information from you
If you do not properly protect your devices you will get hacked
DEF CON Safety Tips
1. Turn off Bluetooth on your phones
2. Do not connect to the public WiFi
3. Do not use an ATM at the Rio Convention Center
4. Do not take pictures of people’s faces (unless they give you permission)
What Will You Gain?
Several talks are given by prominent members of the Cyber Security Community Dan Kaminsky Bruce Schneier General Keith Alexander
(USCYBERCOM)
A better understanding of the hacking community
Bruce Schneier Dan
Kaminsky
General Keith
Alexander
Interesting DEF CON Facts
Reporter Michelle Madigan from Dateline NBC was outed in 2007 for trying to secretly record hackers admitting to crimes
MIT Students were sued in 2008 for their presentation entitled “The anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems”
Anti-Forensics and Anti-Anti-Forensics
Michael Perklin – Forensics Investigator
Techniques that make a Forensics Investigator’s job harder
Anti-Anti-Forensics – What investigators can do to mitigate these techniques
The goal is to increase the amount of $ for an investigation and hopefully drop suit or settle
Anti-Forensics and Anti-Anti-Forensics
Technique 1 – Keep a lot of media
Investigators need to image all media to keep a backup copy
If you have an inordinate amount of media, the possibility of them missing something increases
It also makes it more difficult to sift through the data
Anti-Forensics and Anti-Anti-Forensics
Technique 2 – Use Non-Standard RAID
RAID uses common settings such as stripe size, stripe order & block size
This means that the investigator will have a harder time re-building the RAID
Network Anti-Reconnaissance
Messing with Nmap Through Smoke and Mirrors – Dan Petro
Anti-Reconnaissance adds to Defense-in-Depth Reconnaissance is usually done with
Nmap Reconnaissance phase of attack is
sometimes ignored by network defense teams
Network Anti-Reconnaissance Demoed a tool called
Nova
Uses a tool called Honeyd to creates thousands of virtual machines on a network acting as Honeypots
These VM’s do act like traditional VM’s (i.e. no hard drive or OS)
Network Anti-Reconnaissance
The idea is to make it harder for attackers to find real nodes
The software uses machine learning language to discover attackers performing Reconnaissance
Auto-Config mode will scan your network and create a honeypot to augment it
Dan Kaminsky – Black Ops In 2008 found a flaw in
the DNS Protocol that allowed for easy cache poisoning
Talk to define fundamental issues in the development of secure code
One piece of the talk defined issues with being able to properly generate random numbers
Dan Kaminsky – Black Ops
2 of every 1000 Certificates generated with the RSA algorithm contain no security
Crypto of a majority of certificates was found to only be 99.8% effective
The fundamental issue is not the RSA algorithm it’s the ability to generate random numbers
Dan Kaminsky – Black Ops 4 sources of randomness:
Keyboard Mouse Disk Rotations Hardware Random Number Generator
The solution: TrueRand Computer with 2 clocks has a random
number generator Dan released DakaRand (i.e. TrueRand 1.0)
DEF CON & Black Hat Presentations
Can Be purchased on DVD after the conference https://www.sok-media.com/store/produc
ts.php?event=2012-DEFCON
Most presentations are released for download several months after the conference
Speaker Videos
Keynote by General Keith Alexander – Shared Values, Shared Responsibility
FX and Greg – Hacking [Redacted] Routers
Zack Fasel – Owned in 60 Seconds
Closing Ceremonies
Capture the Flag
20 teams competed for all 4 days 10 teams qualified, 9 were invited by winning other
CTF events and one bought their spot on ebay
Teams are given points for stealing keys from their opponents and submitting to the scoring server
Points are also given for defacing a service by overwriting unique team keys on others services
DEF CON Badges
Types: Human, Goon, Press, Vendor, Speaker, Artist
Uber badge given to contest winners
Crypto puzzle built in to the badge software
Goon badges are designed to affect all other badges
Other Cons in the area
Schmoo Con – Feb 15 – 17 (Washington DC)
Takedown Con (May)
Black Hat (July 27 – August 1)
Conference
Price # Days
Schmoo Con
$150 3
Black Hat $2500 6
Takedown Con
$600 2
DEF CON $200 4
Get Involved
DC-Groups (DCGs) Meet regularly to discuss technology and security topics
https://www.defcon.org/html/defcon-groups/dc-groups.html
Group
Location POC Contact Email
DC202
Washington, DC
R0d3nt
DC410
Baltimore, MD
Bmore Adam
DC804
Richmond, VA J0c3phu5 [email protected]
DEF CON Resources
DEFCON 20 Program: https://media.defcon.org/dc-20/defcon-20-program.pdf
Media: http://www.defcon.org/html/links/dc-archives/dc-20-archive.html
Purchase Extra Human Badges: http://hackerstickers.com/product/hardware-dc20-humanbadge/
Questions?
Kyle Slosek – [email protected]