Posted by: Jeromie Jackson
2010, b-sides, blackhat, defcon, drivesploit, EFF, GSM Hacking, IMSI Catcher, metasploit, netwitness, technology integration group, tig
Blackhat and Defcon always are a great time in Las Vegas for security practitioners and hackers alike. True to form, this year hit the mark again! Here’s a rundown on some of the more interesting findings/talks during the conventions. The Electronic Frontier Foundation (EFF) is an organization focused on defending free speech, privacy, innovation, and consumer rights. I have seen their services in action and I highly endorse their activities. At Defcon there was a mohawk fund raiser for EFF, quite a few roaming the halls during the event.
A presentation was given showing security weaknesses within a couple of ATMs. In one of the hacks he exploits the machine via the network. In the other he exposes a USB connection on the device which allows him to install malware. Here’s a video of his presentation.
There were a couple presentations about GSM exploitation. In one discussion Chris Paget discussed an IMSI (International Mobile Identity Subscriber) catcher he developed for about $1500.00 that allowed him to impersonate a cell tower. Here’s a video of his presentation. Phones would see the tower, which had a high signal strength, then connect allowing for interception of phone conversations. One other great, more commercial version of a GSM intercepter can be found here.
Most of us heard a ton about the Aurora attack that happened not too long ago. A presentation at B-Sides discussed a new Metasploit module that will allow script kiddies to easily conduct drive-by attacks. Here is a copy of the presentation discussing the topic and tool.
Rapid7 threw down another great party at the Playboy Suite in the Palms. If you know these guys they are VERY high energy. They make Nexpose, one of my preferred tools in my penetration testing and vulnerability assessment toolbag.
B-Sides is an event held alongside Defcon & Blackhat in Las Vegas. Lots of hardcore talks were held, as usual, however the location was definitely kicked-up this year. An estate not too far from the strip, the location rocked. Here’s a link to the details along with the presentations. Here’s a video of the event from the cabana in the middle of the pools.
A great event with friends, prospects, and customers. When you’re ready to address security for your organization, you know who to call.