• PH-Neutral, My First and Last One – blog.rootshell.be
  What differentiate  PH-Neutral from the other conferences? It’s different that’s all! Don’t try to find something equivalent on earth! It’s a mix of party, drinks, talks (yes, there was and good ones!) and social networking. Honestly I never saw so many top-notch hackers per square meter at the same place.

Resources

• Beyond r57 slideshow – slideshare.net
• CMSC 838G, Spring 2011 Syllabus – cs.umd.edu
  OS-level and hardware protection cannot solve the security problem alone.  We need ways to establish the trustworthiness of software, to augment or even replace these mechanisms.  For example, OS-level mechanisms fail to protect against SQL injections, cross-site scripting, stack smashing, and other attacks.
• Stefan Esser Reveals His process For Security Research - resources.infosecinstitute.com
  Stefan Esser is best known as the PHP security guy…Part of his research has been the development of an ASLR implementation for a jailbroken iPhone that he demonstrated at the end of 2010, several months before Apple added this feature to the stock iOS. In 2011 he provided an iOS kernel exploit that is the key ingredient in all current iPhone jailbreaks.
• Formal Social Engineering Methodology Released – kgb.to
  Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent.  I also intend for it to be the best way to teach novices about social engineering concepts.
• Brendan O’Connor’s Vulnerabilities In Not-So Embedded Systems – kgb.to
  If you are looking for Brendan O’Connor’s Black Hat 2006 Presentation Vulnerabilities in Not-So Embedded Systems you have come to the right place.

Tools

• Introducing Faceniff
  FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks. It’s kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
  • Faceniff app – faceniff.ponury.net
  • FaceNiff makes Facebook hacking a portable, one-tap afair – engadget.com

• Using Kon-Boot From A USB Flash Drive – piotrbania.com
  Kon-Boot is sort of a boot loader that let’s you bypass having to use valid credentials when the OS finishes booting. Unfortunately, CDs are hard to put in your pocket, and many machines don’t have floppies any more.
• Microsoft Releases free AV software that boots from CD or USB – connect.microsoft.com
  Microsoft has published a beta of its Standalone System Sweeper software, a bootable recovery tool that can be used to identify and remove rootkits, as well as other advanced malware.

Techniques

• Remote DLL injection with Meterpreter – room362.com
  Recently Didier Stevens wrote ‘Suspender.dll’ which is a DLL that will suspend a process and all of it’s child processes after a delay. 60 seconds is it’s default but you can rename the DLL to add a number (as such ‘Suspender10.dll’ for 10 seconds) to make the delay whatever you wish.
• JSON Hijacking – thespanner.co.uk
  There isn’t a lot of information about JSON hijacking out there at the minute, I will aim to provide a “news update” on the state of publicly known techniques. First off I will give a quick overview of how JSON data can be stolen and explain how JavaScript reads JSON.
• NMAP/Metasploit/MSSQL – zonbi.org
  Recently I’ve been playing around with nmap/metasploit and Microsoft SQL server (2005/2008). Not really on the exploitation side of things but certainly not boring at all. I thought I’d share some of this here (mostly so I don’t forget it in the future).
• Using O2 To Exploit HacmeBank – diniscruz.blogspot.com
  On HacmeBank have you seen the O2 Scripts that automate a number of its exploits?
• Bruteforcing a Windows Password Using A Graphic Card – mytechencounters.wordpress.com
  GPGPU computing is getting lots of attention these days. GPGPU computing simply means doing general calculations on graphic cards (GPUs) rather than CPUs. Traditionally, GPUs were used only for getting graphical output, rendering frames in games and other purposes related to graphics.
• Anatomy of a PDF Hack – readwriteweb.com
  PDFs are widely used business file format, which makes them a common target for malware attacks. Because PDFs have so many “features,” hackers have learned how to hide attacks deep under the surface. By using a number of utilities, we are able to reverse engineer the techniques in malicious PDFs, providing insight that we can ultimately use to better protect our systems. We’ll take you through the process that a hacker uses to insert a piece of malware into a sample PDF.
• Using Nmap to audit your MySQL database – cqure.net
  I’ve been working on a Nmap script for auditing MySQL databases against the CIS 1.0.2 benchmark for a while. I haven’t committed it to subversion yet, but it’s available to download for anyone who feels up to testing it. While it isn’t perfect nor does it contain all CIS controls, it provides Nmap users with the possibility to quickly scan a database to see whether it complies with the CIS recommendations or not.

Vendor/Software Patches

• Wireshark 1.4.7 and 1.2.17 Released – wireshark.org
  Wireshark 1.4.7 and 1.2.17 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

Vulnerabilities

• Automated Vulnerability Disclosure With UpSploit – tmacuk.co.uk
  The aim of the upSploit service is to provide a platform for vulnerability researchers — and other people who come across a vulnerability out of the blue — to be able to alert the vendor to the problem in the most ethical way possible while also automating the process.
• Bank of America allows you to bypass their multi-factor safe pass authentication card by using their mobile page - reddit.com
  Like any security professional I use two-factor authentication as much as possible in my personal life. So when Bank Of America released their safepass card I signed up immediately. Recently I accessed the site via their mobile URL (Linked above) and instead of being asked for my safepass code I was asked my challenge questions (Which are composed of questions that can be determined via public records or have a limited set of answers) instead of for my safepass code.

Other News

• The Great Chinese Gmail Hack
  Hundreds of Gmail accounts have been recently hacked, including the accounts of senior government and military personnel in the U.S. Additionally, officials and activists in South Korea and China were affected in the security breach.
  • Chinese Hacker Cracks Hundreds of Gmail Accounts, Including Those of U.S. Officials – gizmodo.com
  • Google: Chinese hackers monitoring Gmail of activists, journalists, officials – arstechnica.com
  • Google email accounts compromised by ‘Chinese hackers’ – bbc.co.uk
  • How to stop your Gmail account from being hacked – nakedsecurity.sophos.com
  • Feds investigate alleged attacks on Gmail accounts – news.cnet.com
  • Spotting Web-based Email Attacks - krebsonsecurity.com
  • Ensuring Your Information Is Safe Online – googleblog.blogspot.com
  • The Man-In-The-Mailbox – paloaltonetworks.com

• Reverse Engineered Skype Protocol
  Now Microsoft own the most popular VoIP service out there, and surely plans to make it an integral part of their operations and products going forward. At the same time, one researcher has decided he wants to make Skype open source by reverse engineering the protocol the service uses.
  • The Skype protocol has been reverse engineered – geek.com
  • Skype protocol reverse engineered, source available for download – thepiratebay.org
  • Skype protocol being reverse engineered – update - h-online.com
• The Latest Sony Attack
  The same hackers who recently attacked PBS.org have turned their attention back to Sony by releasing the latest dump of information stolen from Sony’s websites. While the information disclosed includes approximately 150,000 records, the hackers claim the databases exposed contain over 4.5 million records, at least a million of which include user information.
  • Sony Pictures attacked again, 4.5 million records exposed - nakedsecurity.sophos.com
  • Sony Hit Yet Again, Consumer Passwords Exposed – wired.com
  • What Lockheed Martin, EMC, and SOny have taught us about security – blogs.mcafee.com
• Hardware vendor Offers Backdoor With Every Product – threatpost.com
  IT administrators know there’s nothing more frustrating than losing administrative access to your network equipment. But Allied Telesis, a Japan-based maker of switches, routers and other networking devices, has a fix: guaranteed backdoors for every product.
• Hack of PBS.org: 0Day Or Patch Forensics? – threatpost.com
  A high-profile attack on PBS, the U.S. Public Broadcasting System, was made possible by a previously unknown hole in the MoveableType content management software, according to the hacking group that claimed responsibility for the hack. However, security experts say that the hole may have been derived from studying a recent MoveableType patch.
• It’s Time To Start Sharing Attack Details – threatpost.com
  With not even half of the year gone, 2011 is becoming perhaps the ugliest year on record for major attacks, breaches and incidents. Lockheed Martin, one of the larger suppliers of technology and weapons systems to the federal government, has become the latest high-profile target of a serious attack, and while such incidents are bad news indeed for the victims, they may serve a vital purpose in forcing companies to disclose more data about breaches and attacks.
• Stolen Data Is Tracked To Hacking In Lockheed – nytimes.com
  Lockheed Martin said Friday that it had proof that hackers breached its network two weeks ago partly by using data stolen from a vendor that supplies coded security tokens to tens of millions of computer users.

The Heart of America, Kansas City. If you like great music or want a taste of that special KC barbeque, this is the town to be in. Another reason to visit are the great security pros that call this city home. Here are some local professional groups you can mingle with while in KC.

• OWASP Kansas City Local Chapter – With the next meet still a ways off (October 2010), you can still make it to attend or even present. Attendance is free after all. You can read their mailing list or click through the link above for details on past meetings.
• ISSA – Kansas City – Another premier security group, ISSA hold regular trainings, meetings and networking events. You can check out their past events or read the latest newsletter. Next meeting is on Sept. 23.
• Kansas City Chapter of ISACA – The upcoming meeting at September 9th is a great way to meet other ISACA members in the area. Catch up through their newsletter or glance at the schedule of upcoming events.
• InfraGard Midwest – An FBI-supported group, InfraGard is out to protect the homeland’s infrastructure through a private-public relationship.

Interested in a less formal atmosphere? Here are some local meetings for ya.

• DC816 – A DefCon group headed by Subz$r%. Not much info here, you might want to mail him using the link we gave for more details.
• Greater Kansas City 2600 – Meetings for this group are usually held on the first Friday of the month at the Oak Park food court.

There’s also a very creative group of people hosting a hackerspace in KC.

• The Cowtown Computer Congress – It’s one great bunch and they even had a Mini-Maker Faire and an OMGWTFBBQ a while back. Recent projects include a homemade cotton candy machine and marshmallow shooter kits. Check out their mailing list here.
• KC2600 – Your regional hacking and information security resource for the local Kansas City area

Finally, there are some security events you can watch out for.

• Cyber RAID-0 – KC’s first cyber warfare event will be held on September 16th. So get those fingers cracking and see if you have what it takes to beat the system.
• BSides KC – BSides is there to handle your post Cyber-RAID trauma (or victory, as the case may be). You’ll get talks, discussions and more.

Ax0n, a guy I met at Black Hat USA runs HiR Information Report, and he often covers the local Kansas City security events. He also maintains the KC Tech Events google shared calendar.

Events Related:

• BlackHat / DefCon 18 related posts
  • Highlights from Black Hat and Defcon – readwriteweb.com
    Here’s our round-up of highlights from the two security events from around the web.
  • Black Hat & DEFCON Observations – bobbydominguez.com
    Both cons have their own distinct culture and participants, but you’ll see Black Hat attendees stay for the Defcon forums.
  • Corey’s 2010 Las Vegas BlackHat DefCon summary – intrepidusgroup.com
    The IG gang spent last week out in Vegas for the annual BlackHat and DefCon trips. While I missed a handful of high profile talks.
  • higB’s 2010 Las Vegas BlackHat DefCon summary – intrepidusgroup.com
    Amanda did a great job making sure we were in the Palace tower (not the stinky Forum tower).
  • Max’s 2010 Las Vegas BH/DC Summary – intrepidusgroup.com
    The WiMAX Hacking (https://groups.google.com/group/wimax-hacking) talk, from Pierce, Goldy, and aSmig feat. sanitybit was great.
  • Zach’s 2010 BlackHat/DEFCON/B-Sides Las Vegas summary – intrepidusgroup.com
    I was aiming not to be the last contributor to this series, given that I’ve already received my proper lashings for slagging on posts as is.
  • Black Hat 2010 – appsecinc.com
    What used to be a couple of booths at the side of the hallway is now a dedicated hall with almost every security vendor showing a presence.
  • BlackHat 2010 Recap – midnightresearch.com
    Overall it was a good conference and similar to last year.
  • Digital Forensics Case Leads Aug 5, 2010: Defcon 18 and more – sans.org
    We have news and coverage from a forensic and incident response viewpoint, including news about the Wikileaks incident you might not have seen elsewhere.
  • Hacker Wonderland: DefCon 18 in Photos – wired.com
    Photostream of badges, underwear, locks and other stuff you only see at Defcon
  • DefCon Talks: – securepla.net
    I complied some of the talks that I found interesting during DefCon this year.
  • DefCon 18 Day 2 – it.toolbox.com
    Lots of angry, sweaty nerds lamenting decisions to attend talks.
  • The hackers life – my weekend at Defcon - nationalgeographicassignmentblog.com
    As we get closer to the hall where Paget is presenting, I can hear someone yelling, “if you have a GSM cell phone, your call may be intercepted.
• Korelogic competition, Team hashcat – korelogic.com
  When the initial list of hashes was received from KoreLogic it was split into text files which each contained a specific hash type.

Resources:

Summaries:

• DefCon 18 Day 1 – it.toolbox.com
• DefCom 18 Day 2 – it.toolbox.com

Badges:

Slides:

• DefCon 18: WAS JSP – darkmist.net
  Slides and other WebSphere paraphernalia

Canada’s premier conference is starting tomorrow, March 24! CanSecWest is the most comprehensive and advanced applied digital security event in North America. With cutting-edge speakers delving into a host of highly-informative and highly-technical sessions, this is one security conference you would not want to miss.

Unlike most events, CanSecWest features a single track of presentations, distilling all the latest, emergent infosec knowledge and techniques into a single focused series of talks. Here is the schedule for this event:

Wednesday March 24

10:30 – 13:00 Registration

13:00 – 14:00 Internet Nails – Marcus Ranum, Tenable

14:00 – 15:00 Under the Kimono of Office Security Engineering – Tom Gallagher & David Conger, Microsoft

15:00 – 15:30 Break

15:30 – 16:30 Automated SQL Ownage Techniques – Fernando Federico Russ, Core

16:30 – 17:30 Can you still trust your network card? – Yves-Alexis Perez & Loïc Duflot

Thursday March 25

08:30 – 09:00 Registration & Breakfast

09:00 – 10:00 SEH overwrite and its exploitability – Shuichiro Suzuki, Fourteenforty

10:00 – 10:30 Second Breakfast

10:30 – 11:30 There’s a party at ring0, and you’re invited. – Julien Tinnes & Tavis Ormandy, Google

11:30 – 12:30 Babysitting an army of monkeys: an analysis of fuzzing 4 products with 5 lines of Python – Charlie Miller, Independent Security Evaluators

12:30 – 13:30 Lunch

13:30 – 14:30 ShareREing is Caring – Halvar Flake and Sebastian Porst, zynamics GmbH

14:30 – 15:30 Cisco IOS Exploitation with IODIDE – Andy Davis, KPMG

15:30 – 16:00 Break

16:00 – 17:00 Random tales from a mobile phone hacker – Collin Mulliner

17:00 – 18:00 Legal Perspectives of Hardware Hacking – Jennifer Granick, EFF

18:00 – 19:00 Lightning Talks – Various

20:00 – 1:00 Party – Venue TBA

Friday March 26

08:30 – 09:00 Breakfast

09:00 – 10:00 Stuff we don’t want on our Phones: On mobile spyware and PUPs – Jimmy Shah, McAfee, Inc

10:00 – 10:30 Second Breakfast

10:30 – 11:30 Practical Exploitation of Modern Wireless Devices – Thorsten Schroeder and (contributing) Max Moser, Dreamlab Technologies

11:30 – 12:30 RFID Hacking at Home – Dr. Melanie Rieback, Vrije Universiteit Amsterdam

12:30 – 13:30 Lunch

13:30 – 14:30 Advanced Mac OS X Physical Memory Analysis – Matthieu Suiche

14:30 – 15:30 Full Process Analysis and Reconstitution of a Virtual Machine from the Native Host – James Butler, MANDIANT

15:30 – 16:00 Break

16:00 – 17:00 Through the Looking Glass: An Investigation of Malware Trends and Response Activity – Jeff Williams, Microsoft

17:00 – 18:00 The Jedi Packet Trick takes over the Deathstar: taking NIC backdoors to the next level – Arrigo Triulzi, Independent Security and Networking Consultant

18:00 – 19:00 C8H10N4O2 and C2H6O (and teardown)

• RSA related posts
  • Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack) – rationalsurvivability.com
  • RSA Interview (c/o Tripwire) On the State Of Information Security In Virtualized/Cloud Environments. – rationalsurvivability.com
  • RSAC2010: ISC2 – mckeay.net
  • Pics from the RSA Codebreakers Bash – tripwire.com
  • Videos from the RSA Codebreakers Bash – Spinning and Hoops – tripwire.com
  • RSA Conference 2010 Recap (Round 1): – visiblerisk.com
  • RSA 2010/Security BSides Recap – Day 02 – infosecramblings.com
  • RSA Conference Wrapup – ha.ckers.org

Resources:

• Security BSides Slides – slideshare.net/BSides
  The slides from the recent unconference.

Tuesday Map:

Wednesday Map:

Tuesday, August 5th

• Qualys
• Fortify

Wednesday, August 6th

• Arbor Networks
• MANDIANT
• WASC / OWASP

Thursday, August 7th

• Accuvant
• Core Security
• iSEC Partners
• Microsoft

Saturday, August 9th

• IOActive / StillSecure

Know of any other parties that aren’t on the list? Post a comment or send us an email and we can share the joy.

Here is a video clip of the opening:

And here is a list of people (in no particular order) that I talked to.

• Joshua Morin – Br0kenHalo
• Adam O’Donnell – NP-Incomplete
• Augusto Quadros Paes de Barros – Security Balance
• Techdulla
• Daniel Miessler
• Mike Davies – Online Identity and Trust in EMEA
• Matt Flynn – Identity Management
• Kristen Romonovich – Go CSI
• Andreas Antonopoulos
• Shrikant Raman – Security Coin
• Mike Rothman – Security Incite
• Rich Mogull – Securosis
• Jeff Jones
• George Ou
• Jennifer Leggio – Mediaphyter
• Stacy Thayer
• Alan Shimel – StillSecure, After All These Years
• Martin McKeay – Network Security Blog
• Mike Murray – Episteme
• Deb Radcliff – Online Crime Bytes

Also, Martin McKeay did some live interviews for the Network Security Podcast. I had a very short interview because Dan Kaminsky was next in line, and Rich wanted to get him before he left. Maybe next time I will get a longer spot.

Update: Anurag Agarwal, and Jeremiah Grossman also blogged about the event.