Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kyle Slosek.  Created by Hacker Jeff Moss in 1992  Started as a party for a hacker friend who was leaving the country  DEF CON comes from the movie.

Similar presentations


Presentation on theme: "Kyle Slosek.  Created by Hacker Jeff Moss in 1992  Started as a party for a hacker friend who was leaving the country  DEF CON comes from the movie."— Presentation transcript:

1 Kyle Slosek

2

3  Created by Hacker Jeff Moss in 1992  Started as a party for a hacker friend who was leaving the country  DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone

4  A place for hackers, security professionals and government agents to gather and discuss security  A conference for those of us who cant afford Black Hat  A Party

5  There will be black hat, white hat, grey hat hackers, security researchers, script kiddies & Federal, State and Local Law enforcement  There will be attempts to socially engineer sensitive information from you  If you do not properly protect your devices you will get hacked

6 1. Turn off Bluetooth on your phones 2. Do not connect to the public WiFi 3. Do not use an ATM at the Rio Convention Center 4. Do not take pictures of people’s faces (unless they give you permission)

7  Several talks are given by prominent members of the Cyber Security Community  Dan Kaminsky  Bruce Schneier  General Keith Alexander (USCYBERCOM)  A better understanding of the hacking community Bruce Schneier Dan Kaminsky General Keith Alexander

8  Reporter Michelle Madigan from Dateline NBC was outed in 2007 for trying to secretly record hackers admitting to crimes  MIT Students were sued in 2008 for their presentation entitled “The anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems”

9  Michael Perklin – Forensics Investigator  Techniques that make a Forensics Investigator’s job harder  Anti-Anti-Forensics – What investigators can do to mitigate these techniques  The goal is to increase the amount of $ for an investigation and hopefully drop suit or settle

10  Technique 1 – Keep a lot of media  Investigators need to image all media to keep a backup copy  If you have an inordinate amount of media, the possibility of them missing something increases  It also makes it more difficult to sift through the data

11  Technique 2 – Use Non-Standard RAID  RAID uses common settings such as stripe size, stripe order & block size  This means that the investigator will have a harder time re-building the RAID

12  Messing with Nmap Through Smoke and Mirrors – Dan Petro  Anti-Reconnaissance adds to Defense-in- Depth  Reconnaissance is usually done with Nmap  Reconnaissance phase of attack is sometimes ignored by network defense teams

13  Demoed a tool called Nova  Uses a tool called Honeyd to creates thousands of virtual machines on a network acting as Honeypots  These VM’s do act like traditional VM’s (i.e. no hard drive or OS)

14  The idea is to make it harder for attackers to find real nodes  The software uses machine learning language to discover attackers performing Reconnaissance  Auto-Config mode will scan your network and create a honeypot to augment it

15  In 2008 found a flaw in the DNS Protocol that allowed for easy cache poisoning  Talk to define fundamental issues in the development of secure code  One piece of the talk defined issues with being able to properly generate random numbers

16  2 of every 1000 Certificates generated with the RSA algorithm contain no security  Crypto of a majority of certificates was found to only be 99.8% effective  The fundamental issue is not the RSA algorithm it’s the ability to generate random numbers

17  4 sources of randomness:  Keyboard  Mouse  Disk Rotations  Hardware Random Number Generator  The solution: TrueRand  Computer with 2 clocks has a random number generator  Dan released DakaRand (i.e. TrueRand 1.0)

18  Can Be purchased on DVD after the conference  https://www.sok- media.com/store/products.php?event=2012- DEFCON https://www.sok- media.com/store/products.php?event=2012- DEFCON  Most presentations are released for download several months after the conference

19  Keynote by General Keith Alexander – Shared Values, Shared Responsibility Keynote by General Keith Alexander – Shared Values, Shared Responsibility  FX and Greg – Hacking [Redacted] Routers FX and Greg – Hacking [Redacted] Routers  Zack Fasel – Owned in 60 Seconds Zack Fasel – Owned in 60 Seconds  Closing Ceremonies Closing Ceremonies

20  20 teams competed for all 4 days  10 teams qualified, 9 were invited by winning other CTF events and one bought their spot on ebay  Teams are given points for stealing keys from their opponents and submitting to the scoring server  Points are also given for defacing a service by overwriting unique team keys on others services

21  Types: Human, Goon, Press, Vendor, Speaker, Artist  Uber badge given to contest winners  Crypto puzzle built in to the badge software  Goon badges are designed to affect all other badges

22  Schmoo Con – Feb 15 – 17 (Washington DC)  Takedown Con (May)  Black Hat (July 27 – August 1) ConferencePrice# Days Schmoo Con$1503 Black Hat$25006 Takedown Con $6002 DEF CON$2004

23  DC-Groups (DCGs) Meet regularly to discuss technology and security topics  https://www.defcon.org/html/defcon- groups/dc-groups.html https://www.defcon.org/html/defcon- groups/dc-groups.html GroupLocationPOCContact DC202Washington, DCR0d3nt DC410Baltimore, MDBmore DC804Richmond,

24  DEFCON 20 Program: https://media.defcon.org/dc-20/defcon-20- program.pdf https://media.defcon.org/dc-20/defcon-20- program.pdf  Media: archives/dc-20-archive.htmlhttp://www.defcon.org/html/links/dc- archives/dc-20-archive.html  Purchase Extra Human Badges: dc20-humanbadge/ dc20-humanbadge/

25  Kyle Slosek –


Download ppt "Kyle Slosek.  Created by Hacker Jeff Moss in 1992  Started as a party for a hacker friend who was leaving the country  DEF CON comes from the movie."

Similar presentations


Ads by Google