ShmooCon 2012 FireTalks – Update 7 (Videos from Friday)

Picture of Rebecca BlackLast night we put out a post with the ShmooCon 2012 FireTalks winners so this morning we thought we’d follow up with a quick article on some of the other talks that occurred last weekend. This post is dedicated to the talks on Friday night. Thanks to Bulb Security and IronGeek for recording and processing the videos so fast!

And finally be sure to check back to the master Firetalks post. It provides the core content as well as quick links to all update blog posts.  Well on to the videos…

“Exploiting PKI for Pentesters”

by Thomas Hoffecker

Based upon my hour long talk presented at DerbyCon and HackerCon. This 15 minute version is specifically aimed at pentesters. PKI provides a large source of information to pentesters. Signed and encrypted email establishes a level of trust. Many organizations employ PKI but do not provide much public information about it. Pentesters are already trained to find this information using the recon phase of pentesting. Analysis of public PKI certificates can provide information on the internal infrastructure of the target. While the target may have deployed a split DNS architecture many times only a single PKI system is deployed. If public certificates are be accessed then potential servers and other interesting equipment can be identified since the PKI cert will contain the fully qualified domain name. While phishing success rates remain high, utilizing encrypted or signed email makes an email that much more trust worthy. It also ensures that spam and virus scanners at the mail server cannot read the email contents. Encrypting the email provides assurance that only the targeted subject can open and read the email. User security awareness training teaches users that signed and encrypted email is absolutely safe. Beyond my existing talks’ content I will demonstrate means to find information of specific corporate PKI implementations. Provide examples to obtain PKI email certificates from public sources for those that do not publish or otherwise distribute PKI email certificates. I will also discuss recently publicly revealed attack against smartcards that store PKI certificates, examples of these smart cards include the DoD CAC and the HSPD-12 PIV cards.

“Bending SAP Over & Extracting What You Need!”

by Chris John Riley

At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many “red pen” items on penetration tests and audits alike… but no more! We will no longer accept the cries of “Business critical, out-of-scope”. The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it’s our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It’s time to scrub this SAP system clean with SOAP!

“ROUTERPWN: A Mobile Router Exploitation Framework”

by Pedro Joaquin

Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection.

“Security Is Like An Onion, That’s Why it Makes You Cry”

by Michele Chubirka

Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It’s enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn’t, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet’s name as passwords, etc…. But what if this isn’t because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind’s resistance to change?

“Five Ways We’re Killing Our Own Privacy”

by Michael Schearer

At DEFCON, I talked about how our privacy rights are under attack. Our sea of liberty is drying up due to the ever-encroaching power of the government. A litany of abuses continue to chip away at the historical foundations of privacy: administrative searches as pretexts to avoid search warrants, national security letter, and suffocating public surveillance just to name a few. Yet the government alone is not the only source of our ever-diminishing privacy. In this talk, I turn my attention…to you. Yes, believe it or not, you (and me) and the other 310 million of us in this country are also responsible for our diminished expectation of privacy. Why are we responsible? Who wants our information, and why is it so valuable? Is there anything we can do to stem the tide?

“How Do You Know Your Colo Isn’t ‘Inside’ Your Cabinet, A Simple Alarm Using Teensy”

by David Zendzian

As everyone knows, the security of your equipment starts with securing it physically. To accomplish that many will lease cabinet or cage space within the a commercial colo. However, all colos require access to your equipment (in case of fire, or other emergency). Even withstanding the emergency access I have seen colo’s enter cages and cabinets to run cables or to shorten their walk around a row in the facility. Other than installing a commercial alarm or a motion sensor camera, both of which are expensive solutions, what can be done to monitor access into your cabinet or cage. This talk will show how we have used a Teensy board from PJRC to build a simple alarm system that can be easily integrated into whatever host / network monitoring system already configured for your network.


An interesting thing happened this year … none of the talks on Friday night won. Maybe this gave the Saturday presenters time to pay the judges off. 😉 This post’s featured image is from See ya…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.