End of four days of high quality conferences, social networking and fun! This was my first Black Hat experience and it was really exciting!
Some presentations were already known to me (presented during other events) and sometimes choices were difficult between two interesting tracks scheduled at the same time. But the most important was the “networking” part. It’s was really nice to meet people only known via a “@nickname“! Others guys told me that what’s make the European event so unique is the availability of all speakers. You can meet them, have a drink with them and exchange experiences with simplicity. The event is also quite small compared to big organizations like in Las Vegas.
What about the briefings now? First, those I attended were good and of a very-high technical level. Some of them were really difficult to follow if you were not involved in technologies and/or concepts covered by the topic!
The first two days were reserved for trainings and the two others for briefings. Thursday started with a presentation about exploiting Apple products (MacOS & the iPhone). I’m an iPhone user and would like to know if my favorite mobile phone was secure enough. Apple products increased their penetration on the market and became more and more potential victims. The iPhone is not easy to crack due to the multiple protection developed by Apple (all applications must be signed). Note that Charlie Miller discovered two days before the event a hole in non-jailbreaked iPhones!
My second choice was the presentation of Craig Balding about cloud security. Craig maintains the cloudsecurity.org blog and I’m one of his followers on Twitter. It was nice to meet him in real life. He tried to define “cloud computing” and explained how it can became a nightmare if not properly handled (by customers as by providers). Big questions must be answered: if a server can be easily cloned for forensics investigations, what about investigations required when the server is gone? What about log file management etc… It was a really nice talk.
Third briefing was oriented to backbones issues: All Your Packets Belong to Us. It was not the best choice, certainly not due to the presentation itself. It was really well done and covered issues with BGP and MPLS backbones (with live demos). Unfortunately, it was something I already knew. A friend attended the other conference about sslstrip which was really interesting too!
The afternoon started with some SQL injections. Excellent presentation about exploitation of operating systems via databases. I was not aware that it was possible to read/write files on the file system via SQL commands! Some SQL queries were really high level (Hey, I’m not a DBA).
Another dilemma and a wrong choice, a track was dedicated to Kerberos and it’s vulnerabilities. Not about the protocol itself but the way it is implemented in some cases. It was really technical and difficult to follow for those who are not familiar with Kerberos.
My last choice for the day one was also not the best one… I attended a presentation about Linux kernel exploitation via /dev/mem. The speaker was really a high-level kernel hacker but once again too difficult for me… Unfortunately, a presentation of Maltego was performed at the same time. The new version of this wonderful tool can interact with other open source applications like squid and grabs data from the websites visited by the users. According to friends, it was really impressive. That was day one.
The second day started with a talk about .Net rootkits. I already had the chance to see it during a Belgian event a few months ago. But if was nice to see it again. Really impressive!
Then we played a bit with RFID and ePassports! The talk was coupled with nice demos which proved to the authorities that Elvis is really still alive! 😉
The afternoon started with one of my best choices! Exploitation of meta-data in documents (PDF, Office, …). Several life demonstrations were presented by the Spanish speakers with lot of fun. They presented their tool “FOCA which helps to grab and analyze meta-data from files. A must to collect personal and technical data before performing pentests.
Finally, the last track was dedicated to the (un)security of OpenOffice. Probably the best track of this event. Lot of people think that open source means security. Eric Filiol explained (via life demonstrations) how OpenOffice documents may be changed (event signed) and/or modified to add malicious macros to them.
To resume, my three best tracks were:
- Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data
- OpenOffice Security Design Weaknesses
- .NET Framework Rootkits: Backdoors inside your Framework
When I said that some choices were wrong, I don’t blame the speakers who did a great job! I just blame me for not selecting the right presentation depending on my expectations. Finally, a few words about the facilities: The hotel was very nice, excellent service, diversified food, drinks. Oh yes! A good Wi-Fi coverage even if the firewalls were heavily tested 😉 I heard that Black Hat Europe 2010 will be held in Barcelona, I hope to be there!