1 / 25

DEF CON 20 Run Down

Kyle Slosek. DEF CON 20 Run Down. DEF CON Documentary. DEF CON History. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone. What is DEF CON?.

kaleb
Télécharger la présentation

DEF CON 20 Run Down

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Kyle Slosek DEF CON 20 Run Down

  2. DEF CON Documentary

  3. DEF CON History • Created by Hacker Jeff Moss in 1992 • Started as a party for a hacker friend who was leaving the country • DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone

  4. What is DEF CON? A place for hackers, security professionals and government agents to gather and discuss security A conference for those of us who cant afford Black Hat A Party

  5. What Can You Expect? There will be black hat, white hat, grey hat hackers, security researchers, script kiddies & Federal, State and Local Law enforcement There will be attempts to socially engineer sensitive information from you If you do not properly protect your devices you will get hacked

  6. DEF CON Safety Tips Turn off Bluetooth on your phones Do not connect to the public WiFi Do not use an ATM at the Rio Convention Center Do not take pictures of people’s faces (unless they give you permission)

  7. What Will You Gain? • Several talks are given by prominent members of the Cyber Security Community • Dan Kaminsky • Bruce Schneier • General Keith Alexander (USCYBERCOM) • A better understanding of the hacking community Bruce Schneier Dan Kaminsky General Keith Alexander

  8. Interesting DEF CON Facts Reporter Michelle Madigan from Dateline NBC was outed in 2007 for trying to secretly record hackers admitting to crimes MIT Students were sued in 2008 for their presentation entitled “The anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems”

  9. Anti-Forensics and Anti-Anti-Forensics Michael Perklin – Forensics Investigator Techniques that make a Forensics Investigator’s job harder Anti-Anti-Forensics – What investigators can do to mitigate these techniques The goal is to increase the amount of $ for an investigation and hopefully drop suit or settle

  10. Anti-Forensics and Anti-Anti-Forensics • Technique 1 – Keep a lot of media • Investigators need to image all media to keep a backup copy • If you have an inordinate amount of media, the possibility of them missing something increases • It also makes it more difficult to sift through the data

  11. Anti-Forensics and Anti-Anti-Forensics • Technique 2 – Use Non-Standard RAID • RAID uses common settings such as stripe size, stripe order & block size • This means that the investigator will have a harder time re-building the RAID

  12. Network Anti-Reconnaissance • Messing with Nmap Through Smoke and Mirrors – Dan Petro • Anti-Reconnaissance adds to Defense-in-Depth • Reconnaissance is usually done with Nmap • Reconnaissance phase of attack is sometimes ignored by network defense teams

  13. Network Anti-Reconnaissance • Demoed a tool called Nova • Uses a tool called Honeyd to creates thousands of virtual machines on a network acting as Honeypots • These VM’s do act like traditional VM’s (i.e. no hard drive or OS)

  14. Network Anti-Reconnaissance The idea is to make it harder for attackers to find real nodes The software uses machine learning language to discover attackers performing Reconnaissance Auto-Config mode will scan your network and create a honeypot to augment it

  15. Dan Kaminsky – Black Ops • In 2008 found a flaw in the DNS Protocol that allowed for easy cache poisoning • Talk to define fundamental issues in the development of secure code • One piece of the talk defined issues with being able to properly generate random numbers

  16. Dan Kaminsky – Black Ops 2 of every 1000 Certificates generated with the RSA algorithm contain no security Crypto of a majority of certificates was found to only be 99.8% effective The fundamental issue is not the RSA algorithm it’s the ability to generate random numbers

  17. Dan Kaminsky – Black Ops • 4 sources of randomness: • Keyboard • Mouse • Disk Rotations • Hardware Random Number Generator • The solution: TrueRand • Computer with 2 clocks has a random number generator • Dan released DakaRand (i.e. TrueRand 1.0)

  18. DEF CON & Black Hat Presentations • Can Be purchased on DVD after the conference • https://www.sok-media.com/store/products.php?event=2012-DEFCON • Most presentations are released for download several months after the conference

  19. Speaker Videos Keynote by General Keith Alexander – Shared Values, Shared Responsibility FX and Greg – Hacking [Redacted] Routers Zack Fasel – Owned in 60 Seconds Closing Ceremonies

  20. Capture the Flag • 20 teams competed for all 4 days • 10 teams qualified, 9 were invited by winning other CTF events and one bought their spot on ebay • Teams are given points for stealing keys from their opponents and submitting to the scoring server • Points are also given for defacing a service by overwriting unique team keys on others services

  21. DEF CON Badges • Types: Human, Goon, Press, Vendor, Speaker, Artist • Uber badge given to contest winners • Crypto puzzle built in to the badge software • Goon badges are designed to affect all other badges

  22. Other Cons in the area • Schmoo Con – Feb 15 – 17 (Washington DC) • Takedown Con (May) • Black Hat (July 27 – August 1)

  23. Get Involved DC-Groups (DCGs) Meet regularly to discuss technology and security topics https://www.defcon.org/html/defcon-groups/dc-groups.html

  24. DEF CON Resources DEFCON 20 Program: https://media.defcon.org/dc-20/defcon-20-program.pdf Media: http://www.defcon.org/html/links/dc-archives/dc-20-archive.html Purchase Extra Human Badges: http://hackerstickers.com/product/hardware-dc20-humanbadge/

  25. Questions? Kyle Slosek – kyle.slosek@gmail.com

More Related