ShmooCon 2010 Firetalks – Update 5 (aka – the Wrap-Up)

So I’m finally getting around to getting this post out… I just wanted to close this whole series by announcing the winners and again thanking everyone for helping make it a success.

As you can see below, I’ve only gotten links to a few presentations. If you still need to post your presentation, please let me know via Contact Us or mention @grecs on Twitter and I’ll update this post as I get them.

Presentation Summaries

First, I like to put up some short synopses of the talks written by Justin Monroe and Chris Wheeler. They were a tremendous help both nights paying attention to the actual content while I coordinated everything.

Social Engineering Toolkit v0.4 Overview (David “ReL1K” Kennedy)

ReL1K released the newest version of his “Social Engineer’s Toolkit.” Version 4, codenamed “Pink Pirate” was released Saturday in the BackTrack4 repository as well as his website, secmaniac.com. The framework is a python driven open source suite which makes use of Metasploit Framework’s client-side attacks (PDF, Aurora, etc), and has the ability to auto-target a client operating system. It also integrates with G-Mail and sendmail to streamline sending phishing e-mails to targets.

SHODAN for Penetration Testers (Michael “theprez98″ Schearer)

SHODAN, a meta-data search engine for application banners was presented by theprez98, who showed several demonstrations of its usefulness. The engine stores OS version, country, open ports (currently only 21, 22 and 80), and makes the data easily searchable. As the engine stores banners from each service, it is not uncommon to find default configuration information in the header (such as a default password), as well as the version information of the service. At the time of the presentation, there were apparently 136 machines still running Windows NT 3.9. (slides)

Influencing Security (Marcus J. Carey)

In a presentation about influencing security, Marcus J. Carey took a philosophic approach to solving security issues. Likening the decrease in HIV infections in Thailand by means of peer pressure, he suggested that security professionals persistently teach users about information security, instead of doing training once a year. He also stressed a non-adversarial role with the people the policy is designed to protect, and instead of treating them poorly when the policy was broken.

Funnypots and Skiddy Baiting (Adrian “IronGeek” Crenshaw)

IronGeek presented some of his endeavors in “Funny Pots and Skiddy Baiting,” loosely defined as “messing with the people trying to break into your machines.” He suggested mapping loopback addresses (127/8) to a subdomain on your network, and then encouraging them to break into the machine at that hostname. If they manage to get in, they may own their own machine. Other fun endeavors included mapping your hostname to that of another website (say, 12.120.54.169), “lemon” wiping a drive with an arbitrary pattern of data for forensic investigators to find (coined from the “lemon party” shock site). He also demonstrated a robots.txt redirect, where snooping users would get redirected to shock sites when they visited the “Disallow” directories. His final and perhaps most humorous website involved using php-ids to detect attacks against a website and have Clippy pop up to help with their failed attempts. (slides)

Browser Fingerprinting Using a Stopwatch (Nicholas “aricon” Berthaume)

Aricon demonstrated how to more accurately fingerprint browsers based on more than the user-agent, HTTP headers, and Javascript. WebApp scanners often spoof headers, making it useless to fingerprint an attack. The timing and download order of images can be used to accurately fingerprint a browser using some custom mod_security rules. Differences start to show with basic HTML, but adding images and more content gives a much more accurate result. He did mention that plugins such as Greasemonkey, AdBlock Plus, and NoScript skew the results, as do VPNs, SSH tunnels and other proxies. He plans to release the mod_security ruleset and his fingerprinting scripts on his website. (slides)

Pentoo (Zero Chaos)

Zero Chaos, a Pentoo developer, was met with a barrage of Shmoo balls at the start of his presentation. Pentoo is a lightweight penetration testing distro based on Gentoo. It can be run from a Live CD and uses only 200MB of RAM. Pentoo is updated with the latest utilities and kernel configurations. Pentoo also has 13 users worldwide ( 🙂 ), and began development before BackTrack.

Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie (Benny “security4all” ???)

@Security4All gave a presentation on “sleep hacking,” discussing human sleep cycles and how to get more energy out of sleep. Although monophasic, humans are better suited to a polyphasic sleep cycle. Biphasic sleep involves getting 6-7 hours of sleep per night, and a nap at noon. Spain has institutionalized this cycle through siestas. For those who wish to get more out of their day, the everyman cycle provides 4 thirty minute naps, and a 2-3 hour block of sleep at night. Those looking to gain a sickening about of extra time in their day can try the uberman, characterized by 6 twenty minute naps per day, and separated by a four hour period of being awake. Also, for those who need the extra kick, drinking coffee before taking a nap increases the nap’s effectiveness, so long as the nap is kept to twenty minutes. There are also sleep cycle apps in the iTunes store to help adjust to the different sleep cycles. (slides)

Payment Application – Don’t Secure Sh!t (PA-DSS) (Christian “cmlh” Heinrich)

Christian Heinrich gave a presentation entitled “Payment Application – Don’t Secure Sh!t.” The presentation characterized the differences between the PA-DSS, PCI-DSS and PCI-PTS standards, focusing primarily on the strengths and weaknesses of PA-DSS. Visa has mandated compliance of all machines with this standard by 12 July 2012. The PA-DSS standard also depends on the PCI-DSS standard, as there is no sense in reinventing the wheel. It does contain a sunset clause for securing wireless data with WEP, as the newest revision mandates WPA, as well as mandates secure remote software updates through a system like SSL, although the most recent attacks on SSL have not been considered. (slides)

Wow, excellent summaries from Justin and Chris. Thanks again guys! Additionally, every one of the speakers should have gotten a parting gift sponsored by Trusted Signal. And if you want to relive the excitement of the Firetalks, be sure to check out IronGeek’s FireTalks from Shmoocon 2010 page. One of the things you may notice in the videos is the beautiful fireplace that helped cozy up this event. Mrs. Rybolov was kind enough to make this piece from scratch … and speaking of Rybolov, he himself provided a tremendous amount of coordination throughout both nights. Before moving on to announcing the winners, I’d also like to thank the ShmooCon team (go Heidi & Bruce and the rest of The Shmoo Group!) for allowing us to host this event in conjunction with ShmooCon and providing space, a projector, and audio!

Prize Winners

Now on to the prize winners …

3: Sleephacking 101 – How to Stay Awake for 20 Hours a Day without Turning into a Zombie

security4all won at $75 Think Geek Gift Certificate from nVisium Security.

2: Social Engineering Toolkit v0.4 Overview

ReL1K received a 32GB Kanguru e-Flash brought to you by nVisium Security.

1: SHODAN for Penetration Testers

thePrez98 won the grand prize of a Acer Aspire One D250 Netbook provided by Hurricane Labs.

Congrats to everybody!

///

For all information regarding this year’s Firetalks and links to related posts, see the ShmooCon 2010 Firetalks master post. On a personal note I had a lot of fun pulling this whole thing together and it was great to meet so many awesome people that I’ve only previously chatted with on mailing lists, Twitter, etc. I look forward to trying to keep up with everyone throughout the year and maybe (if  I get lucky in the ShmooCon ticket lottery :)) next year at ShmooCon. See ya!

2 comments for “ShmooCon 2010 Firetalks – Update 5 (aka – the Wrap-Up)

  1. February 24, 2010 at 10:26 pm

    @grecs

    My slides are available from http://www.slideshare.net/cmlh/padss

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.