Matt Weir presented his research project which was aimed at finding better ways to crack passwords by making better password guesses.
Update: Matt’s blog, Slide deck, Sebastien Raveau’s word list (1, 2)
There are basically two types of password cracking, Online by trying usernames and passwords directly in the login screen. This only gives you a few tries since the system and its countermeasures is still opertional.
Offline, by trying to match passwords against password hashes, mostly for forensic reasons.
Read more…
This talk explained and demonstrated an exploitable Linux Kernel USB driver vulnerability and explained the fuzzing process used to find it. Unfortunately due to legal issues, the details could not be attacks.
While the speaker did not test windows, it is highly likely that these flaws exist in Windows as well.
This talk is about privacy. Privacy is good, but it is also a haven for “evildoers”. It also hurts law enforcement and prevents social control.
Privacy is broken, because it is too complex. One of the ways to measure this is to see if the users IP address can be obtained. This is the gold standard.
Rsnake and Jabra demonstrated client site exploits that will defeat common proxy techniques such as classic HTTP proxies, CGI proxies, SOCKS proxies, and Tor.
Read more…
Unfortunately, Matt Fiddler could not make it to the talk because of acute appendicitis. There three guys are from http://in.security.org. They presented the results of their attempts to break high security electromechanical locks. Unfortunately they are not able to disclose the details of how they attacked the locks in the USA, but more information will the disclosed at Hacking at Random in Vierhouten in the Netherlands from 13 to 16 August.
Read more…
This talk described the investigation of a criminal server, but how do you start?
The speaker noticed that the same malware turned up on two compromised sites he investigated, so it seemed that there should be a relationship between the two sites. Both sites called back to a url with hostname gwtsdjeni.com. The name schema of the site seems to indicate that this is a torpig site, with one single deviation; the url contained an extra d before the word jeni. So this seemed to be a modified version of the torpig network.
Read more…
The talk is designed to demonstrate that an endless stream of applications, platforms, and even critical infrastructure is actually vulnerable to Cross Site Request Forgery (CSRF).
Most vendors that refuse to address these issues all use the same argument: “If users do something stupid it their problem.” Well, if they do it in your context it is your problem. This is what the guys from securewebmail.com found out as well.
Read more…
Chris and Mario presented and demonstrated the new Metasploit modules that are designed to find and identify Oracle databases, find the SIDs, brute force passwords and escalate privileges.
An interesting comment is that they where actually able to evade Snort detection by base64 encoding the attack.
Read more…
The talk gave insight into three actual samples of malware the authors find during their work.
Read more…
This talk gave an insight into how Steven Adair and his coworker Matt Richard found out about an actively abused 0-day exploit in Adobe Acrobat and the how responsible disclosure got it in a mess.
Their investigation of this specific vulnerability was triggered by an Adobe advisory which discussed the vulnerability without much detail, but mentioned the name the command and control server. Analyzing their malicious PDF samples they found this server in a malicious sample from a bit earlier and they already had the server name in their DNS monitor.
Read more…
Moxie Marlinspike, Dan Kaminski and Mike Zusman all presented talks at both Blackhat and Defcon that expose serious flaws the implementation and model of SSL and the way we us it today.
Read more…
Categories: Blackhat, Conferences, Defcon Tags: Blackhat, CA, certificates, Citrix, Dan Kaminski, Defcon, DNS, DNSSEC, Maxie Marlinspike, Mike Zusman, Security, SSL, Thrust, VPN
