You are here: Home Community BreakingPoint Labs Blog

Toorcon X Mini Wrap-Up

On the whole, I was very happy to have attended the 10th Toorcon in San Diego, CA. Toorcon is probably my favorite small con. The attendance isn't massive but the people are generally more interested and knowledgeable in hacking and security. Not to mention that downtown San Diego is a blast and the weather is absolutely perfect. These were my highlights:

The Future of Lockpicking, datagram
I was glad to see a talk on lock picking that went beyond the realm of a simple how to or a single type attack.  Datagram didn't spend too long explaining the lockpicking techniques even though he did have some good animated visual aids. Instead, he focused a lot on how a lock vendor would react to new attacks getting media publicity. Just like in the software security world, some vendors wouldn't ever go beyond a PR response. Some vendors would add a metal plate in a certain place, much like a software patch, and others still redesigned the locks entirely. Some very interesting industry parallels.

Owning Telephone Entry Systems, Joshua Brashers
So many apartment complexes, condos, and gated communities have computerized panels that visitors can use to ask permission to gain entry. The talk outlined many different types of attacks against these types of systems. Most of these appear to be serviced by 3rd parties and allow you to remotely dial-in. And of course, default passwords are rarely changed. He showed how he was able to “back door the front gate” by adding a new entry that played a “Rick Roll” instead of calling a resident and later opened the gate. Another and more scary attack he outlined was the ability to proxy normal entry calls to his apartment using a VoIP server to perform the MiTM. This looked like it was a lot of fun.

How To Impress Girls With Browser Memory Protection Bypasses, Alexander Sotirov
This was a great talk. Although Dowd and Sotirov gave this talk at Blackhat almost two months ago. It was still a fun and entertaining talk to sit though. Alex outlined the implementations of the newer Microsoft memory protection schemes like SafeSEH, DEP, and ASLR. Then showed how and why none of them were effective in defending Internet Explorer from attacks and how much that impressed the ladies. The paper is here.

Posted by Sean Bradly (2008/10/01 13:27:21.035 GMT-5)
0 comments | Tags: voip // blackhat // strikes // evasion //

Vegas Redux: Black Hat / Defcon Materials

The materials from my Black Hat and Defcon presentations are now available online. If you were not able to attend the talks, the Tactical Exploitation whitepaper is a good place to start. The Black Hat presentation was much more detailed than the Defcon version, due to the longer time slot.

Posted by HD Moore (2007-08-09 18:25:53)
2 comments | Tags: conference // defcon // blackhat //

Viva Las Vegas: Tactical Exploitation


I will be presenting at Black Hat USA 2007 (August 1-2) and Defcon 15 (August 3-5) with Valsmith of Offensive Computing on the topic of Tactical Exploitation. This talk introduces a tactical approach to penetration testing that does not rely on exploiting known vulnerabilities. Using a combination of new tools and obscure techniques, we will walk through the process of compromising an organization without the use of normal exploit code. More information about this talk can be found in the DarkReading article.

Posted by HD Moore (2007-07-26 14:37:39)
0 comments | Tags: conference // defcon // blackhat //