SecurityXploded Blog

SecTor 2011 – Update from Ground Zero

 

Silent Dream and James here from Toronto, Ontario. Talking with one of SecTor‘s founders, Brian Bourne, we learned, “Sector is by the community and for the community”. Interacting with each speaker after their talks in such a friendly and professional atmosphere was very rewarding. We actually spent an hour after the opening keynote chatting with Joe Grand, former member of L0pht. He has learned that sticking to personal ethics and not doing a 180 in the face of pressure is key to keeping the spirit of a hacker: one who curiously and uniquely does the impossible and shares how. After this great kick-off we enjoyed as many talks as possible throughout the day.

.

.

One of the first talks we went to was Earth v Giant Spider given by the sponsor, Trustwave. They shared several ‘Believe It or Not’ security auditing stories. One involved client-side Javascript validation of the amount a customer paid while ordering fast food online; this compromised a global restaurant chain. Another story involved an insecure tech support voice-mail system where they found a message asking for VPN support; they supplied the support and in the process gained VPN access to the company. In another story involving a very mature company no typical insecurities were present; instead the video surveillance system had vulnerabilities which they used to compromise the cameras, keylogging admins at 10x zoom. As a warning to developers and engineers, it is dangerous to have business logic client side, assume embedded systems like cameras are inherently secure, or leave voice-mail systems open.

.

The next set of talks were neat demos. One focused on Fireshark, a domain relationship graphing tool. The other showed the analysis of a particular sample of malware. This malware has file extension spoofing, and several layers of wrapping to execute a dll that’s purpose is to download the latest update from the C&C server and establish communication for remote commands. The malware regularly changed C&C ip addresses.

.

Another speaker took a risk and talked about graphing Facebook relationships using public data. This is risky because Facebook’s policies clearly state that any automation is illegal. He showed graphs linking people through friends of friends which could be important data during background checks. Malware freakshow was another parallel talk. It demoed malware that had truly evolved to new levels of sophistication. One example is a memory sniffer for a POS system in a bar; if a credit card is swiped, the number stays in RAM for some time, where the sniffer can access it. This sort of sophistication comes from several visible steps of evolution. Malware has begun staying in RAM only, and encrypting itself rather than touching disk. In a VM the speaker also demoed a malicious andoid app that skims transmissions for bank accounts.

.

The last talk of the day for us was Progression of a Hack by SpiderLabs. Ryan Linn talked about how with a single hack, one machine compromise could lead to escalating privileges and control over an entire domain. He used Meterpreter to demo privilege escalation, hashdumping, and other post-exploitation activities. Once inside the machine, it is possible to proxy to other internal systems which previously were inaccessible to the attacker. This highlights the importance of the asymmetric threat and how defenders need to protect everything, while attackers only need one flaw to get inside a network.

.

After the talks ended, we made our way to the Loose Moose bar, where Rapid7 was sponsoring a party. It was great to talk with the employees there and just hang out and have a good time. Day One was finally over, and we couldn’t believe how amazing the experience had been!

.

For more exciting details visit official website of SecTor !

 

See More

SecTor 2011 is Set for the 5th Annual Show !

Leave a Reply