attends Defcon 2011
High-Tech Bridge’s team, headed by Mr. Frederic Bourla, enjoyed most security conferences and expresses his opinion about the Defcon 19 event, which took place in Las Vegas from 4th to 7th August 2011:
Despite an uneven quality level of the conferences and a wait of 2 hours and a half for the initial check-in, the Defcon 19 remained a privileged event for the Hackers community.
Some conferences did not require technical skills but were still interesting, such as “Three Generation of DoS Attacks”, by Sam Bowne, or “Deceptive Hacking”, by Bruce Barnett. The first one dealt with classical layer 4 and 7 DoS attacks before presenting Link-Local DoS which relies on IPv6 and potentially permits a single attacker to take down a whole network, whereas the second one drew a parallel between magicians and hackers. In the same way, the “Key Impressioning” conference by Jos Weyers presented an old but efficient method of creating a working key without picking or disassembly, through a negative-image approach in a soft blank key.
Some security conferences went deeper into the technical side, such as “Runtime Process Insemination”, by Shawn Web, or “UPnP Mapping”, by Daniel Garcia. The latter dealt with the Umap Python script and rose interest in Socks proxy mode, internal LAN scanning and manual port mapping, whereas the first conference focused on Shared Objects injection through Libhijack. In the same manner, the “Linux Thread Injection Kit” conference by Jugaad also shown a stealthier way to inject Linux code than through Injectso, thanks to simple debugging functionalities provided by Ptrace. Paul Craig and Matt Weeks, respectively though “Internet Kiosk Terminals: The redux” and “Network Nightmare: Ruling the nightlife between shutdown and boot with Pxesploit” also provided efficient demonstrations regarding the bypass of Internet kiosks limitations and local security controls through low-level code within PXE enabled motherboards.
Our favorite conferences were probably “Kernel Exploitation via Uninitialized Stack”, by Kees Cook, as well as the workshop dedicated to “Binary Instrumentation for Hackers”, by Gal Diskin. Both of them dived deeply into the technique and pointed out powerful security tools.
The global atmosphere was relaxing and conducive to knowledge sharing, and High-Tech Bridge’s team looks forward to attending the Defcon 20.
Last update on 4 October: Photos are available on our Facebook page.