Download presentation
Presentation is loading. Please wait.
Published byMatteo Raw Modified over 9 years ago
1
Kyle Slosek
3
Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone
4
A place for hackers, security professionals and government agents to gather and discuss security A conference for those of us who cant afford Black Hat A Party
5
There will be black hat, white hat, grey hat hackers, security researchers, script kiddies & Federal, State and Local Law enforcement There will be attempts to socially engineer sensitive information from you If you do not properly protect your devices you will get hacked
6
1. Turn off Bluetooth on your phones 2. Do not connect to the public WiFi 3. Do not use an ATM at the Rio Convention Center 4. Do not take pictures of people’s faces (unless they give you permission)
7
Several talks are given by prominent members of the Cyber Security Community Dan Kaminsky Bruce Schneier General Keith Alexander (USCYBERCOM) A better understanding of the hacking community Bruce Schneier Dan Kaminsky General Keith Alexander
8
Reporter Michelle Madigan from Dateline NBC was outed in 2007 for trying to secretly record hackers admitting to crimes MIT Students were sued in 2008 for their presentation entitled “The anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems”
9
Michael Perklin – Forensics Investigator Techniques that make a Forensics Investigator’s job harder Anti-Anti-Forensics – What investigators can do to mitigate these techniques The goal is to increase the amount of $ for an investigation and hopefully drop suit or settle
10
Technique 1 – Keep a lot of media Investigators need to image all media to keep a backup copy If you have an inordinate amount of media, the possibility of them missing something increases It also makes it more difficult to sift through the data
11
Technique 2 – Use Non-Standard RAID RAID uses common settings such as stripe size, stripe order & block size This means that the investigator will have a harder time re-building the RAID
12
Messing with Nmap Through Smoke and Mirrors – Dan Petro Anti-Reconnaissance adds to Defense-in- Depth Reconnaissance is usually done with Nmap Reconnaissance phase of attack is sometimes ignored by network defense teams
13
Demoed a tool called Nova Uses a tool called Honeyd to creates thousands of virtual machines on a network acting as Honeypots These VM’s do act like traditional VM’s (i.e. no hard drive or OS)
14
The idea is to make it harder for attackers to find real nodes The software uses machine learning language to discover attackers performing Reconnaissance Auto-Config mode will scan your network and create a honeypot to augment it
15
In 2008 found a flaw in the DNS Protocol that allowed for easy cache poisoning Talk to define fundamental issues in the development of secure code One piece of the talk defined issues with being able to properly generate random numbers
16
2 of every 1000 Certificates generated with the RSA algorithm contain no security Crypto of a majority of certificates was found to only be 99.8% effective The fundamental issue is not the RSA algorithm it’s the ability to generate random numbers
17
4 sources of randomness: Keyboard Mouse Disk Rotations Hardware Random Number Generator The solution: TrueRand Computer with 2 clocks has a random number generator Dan released DakaRand (i.e. TrueRand 1.0)
18
Can Be purchased on DVD after the conference https://www.sok- media.com/store/products.php?event=2012- DEFCON https://www.sok- media.com/store/products.php?event=2012- DEFCON Most presentations are released for download several months after the conference
19
Keynote by General Keith Alexander – Shared Values, Shared Responsibility Keynote by General Keith Alexander – Shared Values, Shared Responsibility FX and Greg – Hacking [Redacted] Routers FX and Greg – Hacking [Redacted] Routers Zack Fasel – Owned in 60 Seconds Zack Fasel – Owned in 60 Seconds Closing Ceremonies Closing Ceremonies
20
20 teams competed for all 4 days 10 teams qualified, 9 were invited by winning other CTF events and one bought their spot on ebay Teams are given points for stealing keys from their opponents and submitting to the scoring server Points are also given for defacing a service by overwriting unique team keys on others services
21
Types: Human, Goon, Press, Vendor, Speaker, Artist Uber badge given to contest winners Crypto puzzle built in to the badge software Goon badges are designed to affect all other badges
22
Schmoo Con – Feb 15 – 17 (Washington DC) Takedown Con (May) Black Hat (July 27 – August 1) ConferencePrice# Days Schmoo Con$1503 Black Hat$25006 Takedown Con $6002 DEF CON$2004
23
DC-Groups (DCGs) Meet regularly to discuss technology and security topics https://www.defcon.org/html/defcon- groups/dc-groups.html https://www.defcon.org/html/defcon- groups/dc-groups.html GroupLocationPOCContact Email DC202Washington, DCR0d3nt DC410Baltimore, MDBmore Adambmoredcg@gmail.com DC804Richmond, VAJ0c3phu5securityforefront@gmail.com
24
DEFCON 20 Program: https://media.defcon.org/dc-20/defcon-20- program.pdf https://media.defcon.org/dc-20/defcon-20- program.pdf Media: http://www.defcon.org/html/links/dc- archives/dc-20-archive.htmlhttp://www.defcon.org/html/links/dc- archives/dc-20-archive.html Purchase Extra Human Badges: http://hackerstickers.com/product/hardware- dc20-humanbadge/ http://hackerstickers.com/product/hardware- dc20-humanbadge/
25
Kyle Slosek – kyle.slosek@gmail.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.