Archive for February, 2008

Sunday, February 24th, 2008

Hanging with the Feds in DC

Blackhat Federal in Washington DC is officially over!  It was a great time and I’m honored to have been chosen to speak at the event.  Nitesh and I received a lot of great feedback and our talk was mentioned in a few different places (here, here and here).  Nitesh and I realize that the slides by themselves are virtually impossible to understand, so if you’re interested in hearing the full talk, please don’t hesitate to contact us.


The talks I attended were all great, but there below is a quick blurb on my favorites:


Cracking GSM – I’ve been waiting months for this talk.  h1kari and Steve from THC gave an incredible overview of how they are able to crack the A5 encryption used by cell phones to protect GSM voice and SMS communications.  They also pointed out several security weaknesses associated with cell phones and cell phone transmissions (strongest signal seeking, JVMs on SIM cards, downgrade attacks, lack of notification when weak/no encryption is being used…).  h1kari and Steve are using FPGAs to generate a 2 TERABYTE rainbow table and use FGPAs to crack the encrypted data.  With the help of a SINGLE FPGA (and the rainbow table) you can crack encrypted GSM communications in about 30 mins (30 mins as in, you capture and store the traffic as is goes by and crack it offline in 30 mins).  Commercial grade equipment that is being developed will be able to do it in 30 seconds!  This the third FPGA based project that has raised my eyebrows over the last year (this, NSA@home, and a third project that will remain undisclosed at this time), expect to see high amounts of processing power used to crack/brute force/solve previously un-crackable/ un-bruteforceable/ and unsolvable problems…  we live in exciting times my friends.




IO in the Cyber Domain, Immunity Style – Sinan from Immunity gave an awesome talk on Information Operations (IO) and how IO differs from penetration testing.  This is a discussion that I’ve had with many colleagues over many beers.  The basic gist of the discussion is, “how do you defend an organization/individual against sustained targeted attacks over an extended period of time?”  Immunity was basically given unlimited time and budget to break into an organization… it’s a scenario very closely aligned with state sponsored Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) scenarios, where the adversary can conduct sustained information gathering and targeted attacks against an organization over an extended period of time.  Immunity spiced it up by bringing into play a “few 0-Dayz” and described how they penetrated the organizations defenses in a methodical, well-planned, and well-organized manner.  IO is a topic that’s near and dear to my heart and I thought the scenarios presented in the talk were indicative of what some organizations face everyday…


 URI Use and Abuse / Dtrace: the REs Unexpected Swiss Army Knife  – I put these two talks together because Nate, Rob, Tiller, and David really brought out one of the core reasons why I like security conferences… we met the day before the conference at the hotel bar, talked about a few interesting things, and then proceeded to take a vulnerability from “un-exploitable” (as reported to us by the vendor) to “exploitable”.  Not to worry, the vendor has already been notified about the vulnerability…

Posted by xssniper | Filed in Security | Comment now »