Choosing which session to attend is hard enough with eight different tracks going on at this year’s Black Hat USA, so here are our top picks for the first day.
Ruby for Pentesters (1000-1100)
Getting up to speed quickly on projects where you’re down deep reversing protocols or applications can be challenging at best and catastrophic at worst. In this talk we highlight our use of Ruby to solve the problems we’re faced with every day. We use Ruby because it’s easy to leverage its flexibility and power for everything from reverse engineering network protocols to fuzzing to static and dynamic analysis, all the way to attacking exotic proprietary enterprise network applications. Having a great set of tools available to meet your needs might be the difference between a successful result for your customer and updating your resume with the details of your former employer.
If you’re not familiar with Ruby, we’ll lead off by illustrating why Ruby is so powerful, making a case for rapidly prototyping everything from reversing tools to hacked up network clients using our not-so-patented “bag-o-tricks” approach. Then we dive into our real-world experiences using Ruby to quickly get up and running on a wide range of tasks. Real discussion of real problem solving on topics like:
* Ripping apart static binaries and bending them to your will
* Getting up close and personal with proprietary file formats
* Becoming the puppet-master of both native and Java applications at runtime
* Exposing the most intimate parts of exotic network services like JRMI and Web services
* Trimming the time you spend decoding proprietary protocols and cutting directly to fuzzing them
As if all that wasn’t enough, we’ll show you how to make Ruby mash-ups of the stuff you already love. Make the tools you already rely on new again by getting them to work together, harder and smarter. When you’re asked to get twice as much done in half the time, smile confidently knowing you have a secret weapon and the job will get done.
Fighting Russian Cybercrime Mobsters: Report from the Trenches (1115-1230)
A Supervisory Special Agent from the FBI and a native Russian security researcher join forces to present an in-depth insider view of the most prominent cases against Russian and other Eastern European-based online crime syndicates of the past decade. Learn about their experiences gained from being in the middle of major international cybercrime investigations by US law enforcement. The talk will include an in-depth discussion of the investigation into the DarkMarket carding forum, the biggest cybercrime operation by the FBI of 2008, by the agent who has spent 2 years undercover working to identify and shutdown the leading criminals in the organization.
More Tricks For Defeating SSL (1345-1500)
This talk aims to pick up where SSL stripping left off. While sslstrip ultimately remains quite deadly in practice, this talk will demonstrate some new tricks for defeating SSL/TLS in places where sslstrip does not reach. Cautious users, for example, have been advised to explicitly visit https URLs or to use bookmarks in order to protect themselves from sslstrip, while other SSL/TLS based protocols such as imaps, pop3s, smtps, ssl/irc, and SSL-based VPNs never present an opportunity for stripping.
This talk will outline some new tools and tricks aimed at these points of communication, ultimately providing highly effective attacks on SSL/TLS connections themselves.
State of the Art Post Exploitation in Hardened PHP Environments (1515 – 1630)
When an attacker manages to execute arbitrary PHP code in a web application he nowadays often ends up in hardened PHP environments that not only make use of PHP’s internal protections like safemode, openbasedir or disable_functions but also make use of Suhosin and operating system, filesystem or libc level security mechanisms like ASLR, NX, hardened memory managers or unix file permissions. In such a situation taking over the server becomes a challenge and requires PHP shellcode that is able to use local PHP exploits to get around these protections.
This talk will show the problems arising from the different protection mechanisms for PHP shellcode, will give an insight into the internal memory structures of PHP that are required to write stable local exploits and will demonstrate how a special class of vulnerabilities in PHP that also exists in standard functions enables PHP shellcode to get around most of these protections.
Computer Crime Year In Review: MySpace, MBTA, Boston College and More (1645 – 1800)
Its been a booming year for computer crime cases as cops and civil litigants have pushed the envelope to go after people using fake names on social networking sites (the MySpace suicide case), researchers giving talks at DEFCON (MBTA v. Anderson), and students sending email to other students (the Calixte/Boston College case). The Electronic Frontier Foundation has been front and center in these cases, either filing amicus briefs or directly representing the coders and speakers under attack. At this presentation, Jennifer Granick and other EFF lawyers fresh from the courtroom will share war stories about these cases, thereby informing attendees about the latest developments in computer security law and giving pointers about how to protect yourselves from overbroad legal challenges.