After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon. After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about in my BlackHat USA 2009 post. After an extremely long night I crashed in the early morning and slept through most of the first day of DEFCON talks. I did however catch Richard Thieme’s talk about UFOlogy, which was one of the talks I really wanted to see.
Shortly after Richard’s talk and some discussion with friends about what to do for dinner, I started not feeling well so I went back up to my room. After an hour or two I knew I really was sick because I started getting the fever sweats, cold chills, and headache, so I ordered some room service since I probably needed to eat, called it a night and went to sleep. I stayed in bed pretty much all day Saturday and only came downstairs once in the afternoon during the conference to speak during the Metasploit track, and then went right back upstairs to my room. By then I had a horrible cough and chest congestion, but was feeling much better regardless, so I decided to take a walk for a couple hours and let the dry desert air into my lungs for a bit.
I hadn’t yet walked the length of the Strip this visit, and also hadn’t eaten a FatBurger, both of which are personal Vegas traditions. Since I was running out of days in Vegas during which to accomplish these, I decided to walk from the Riviera up on the North end of the Strip all the way down to FatBurger which is near the South end of the strip, get a burger, and then walk back, which took around 2.5 hours and immensely helped my lungs and cough.
By the time I got back to the Riviera, I was feeling well enough to attend some parties, so I went up to the Penthouse for a while to check out the IOActive Freak Show party for a bit. It was similar to last year’s party, but had some new attractions so that wasn’t too bad. I tried to dance for a bit but my chest cold was severely holding me back since I could only dance for a few minutes before not being able to breathe. I left that party shortly after Keith went on since I couldn’t really dance and he started off with tracks that were a little too glitchy for my taste anyhow. Unfortunately I missed the fire dancer at the IOActive party who had a fire hoop like my friend Angi’s, but living in Austin surrounded by burners I think I’m a bit spoiled regarding fire spinning/dancing/performance anyhow. After leaving the Penthouse I took the Ninja Shuttle over to the Ninja Party and hung out there for a few hours talking to friends and waiting in line at the bar until I decided not to push my recent health luck and went back to my room at the Riviera and went to sleep.
On Sunday I slept a little late still trying to fully recover until I needed to check out of my room. Unfortunately this meant that I missed Richard Thieme’s other talk on BioHacking, but I did manage to catch a few more of the talks before I had to head to the airport to catch my plane back to Austin. You can read my thoughts on the talks that I saw below:
Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything – Richard Thieme
Richard is an exceptional speaker, and I personally love UFO and extraterrestrial lore and pop culture. It’s fun to try and sift through all the conspiracy theory, misinformation, pop-culture, and cover up to try and see if there’s any truth there, and that’s what Richard’s talk was essentially about. It was also a follow-up to the talk he gave the previous year, Hacking UFOlogy 101. It’s always a pleasure to hear Richard speak because he’s very engaging and has very well organized content, even if he does never seem to be able to cover it all.
MSF Telephony – I)ruid
Since the Metasploit track was available at both BlackHat and DEFCON, I had the opportunity to give my talk a second time. I presented a turbo-talk about the new telephony library that I’ve added to Metasploit. I discussed exploiting systems with Metasploit over dial-up and the new Metasploit Wardialer, both of which use the new telephony library. It didn’t go quite as well as it did at BlackHat, however I was rushing to try and get it down to about 10 minutes due to some scheduling conflicts and confusion and the Metasploit track having more content for DEFCON than it did at BlackHat. I managed to hit the 10 minute mark, and my voice held out even though my throat was dry, scratchy, and I wanted to cough the entire time.
eXercise in Messaging and Presence Pwnage – Ava Latrope
I had briefly looked at Extensible Messaging and Presence Protocol (XMPP) back when I was doing a lot of research in the VoIP security space, and remembered it looking like a huge pile of attack opportunity. XMPP is basically an interoperability standard borne of Jabber which provides a protocol for managing Instant Messaging sessions and communication, presence applications, and is beginning to merge a bit with some of the VoIP and “Unified Communications” systems. After seeing this talk, I’m glad to know that I was pretty much correct. Ava’s talk was short but did a good job explaining what XMPP is, what it’s generally used for, some of it’s attack surface, and then detailed some DoS and amplification attacks that are possible due to the way the protocol is designed.
Unmasking You – Joshua “Jabra” Abraham and Robert “RSnake”
I only caught the last half of this talk, but basically the Google “Safe Browsing” functionality phones home. A LOT. Like, way more often than is probably necessary. How often do they update their site and URL filters anyway? Anyhow, if you’re an 31337 h4x0r and you like to hide the source of your traffic when you h4x, but then use the Internet normally when you’re not, the uniquely identifying information that the Google “Safe Browsing” functionality sends to Google when updating it’s filters every 0.23435151 seconds or so will easily track you across your covert and overt sessions, through Tor, across proxies, you name it.
AAPL- Automated Analog Telephone Logging – Da Beave and JFalcon
I had met Da Beave and JFalcon via the Telephreak BBS a year or so ago and had yet to meet either of them in person, so I went and checked out their talk. They covered the newest iteration of iWar, spoke a bit about HD’s WarVOX, and showed some interesting systems they’ve found over dialup. Basically it was VoIP-ish wardialing in about 20 minutes, since it was a turbo talk.