Here is my quick wrap up of my visit to hack.lu 2011. For those who do not know me, I’m a BruCON volunteer, busy with the network stuff. This year was very special, due to unforeseen circumstances, both conferences overlapped! BruCON (the talks) were scheduled Monday and Tuesday and Hack.lu from Monday to Wednesday. Sad! As I like the Luxembourg conference and some friends chosen to attend it (big dilemma between both events), I made a small jump today to Luxembourg to attend the last day, with the help of caffeine…
The first talk was performed by a regular hack.lu speaker, Saumil Shah. Saumil is a very good speaker and has a unique way of describing technical stuffs. This year, he explained how he spend his time while traveling (he travels a lot!). This was his “hacking world tour“. From unprotected Wi-Fi networks to multimedia systems, always trying to get some Internet access. Really funny! His conclusion was: “How to protect you against hackers? Just provide them free Internet!“.
The second topic was about a Scapy extension to access GSM networks, by Lauren ‘Kabel’ Weber. In a first section, Lauren explained clearly how GSM networks work. Then he switched to his project based on Scapy. This tool was presented during hack.lu 2005 and is now able to send packets to GSM devices using the well-known OpenBTS tool. Lauren performed some nice demonstrations of attacks against mobile phones like:
- De-registration reject attack: The mobile phone is unable to receive SMS or calls.
- Authentication reject attack: Using a 2-bytes packet,(!) the attack result is a “SIM card registration failed” message, forcing a reboot of the device.
Nice project which shows how GSM networks can be vulnerable!
Michael Ossmann presented another great project: “Ubertooth: Building a Better Bluetooth Adapter“. Based on the fact that sniffing BlueTooth traffic is hard, Michael decided to build his own sniffer, for an affordable price. By default, BT adapters just drop packets not for them. No one supports a monitor mode like some Wi-Fi adapters. Michal explained the whole story to achieve the hardware project. Once done, he also wrote some piece of code to sniff BT traffic via Kismet. Good job! Funny to see how people in the audience quickly deactivated the BT on their mobile phones!
Sebastien Tricaud is well-known via the honeynet project. He talked about “visualization“. He explained why visualization is important today to be able to handle the huge amount of information collected from network devices and applications. He showed bad examples and came to the same conclusion as did Wim Remes during BlackHat Europe 2011. Hopefully! Then, Sebastien presented his tool (available with limited features for free) to visualize logs: Picviz Inspector. The tools looked to be very useful but… it does not prevent the security analyst to have a good understanding of the analyzed protocols! (my point of view)
More and more security conferences propose “lightning talks” sessions. People are free to come on stage and present a tool, a research or anything related to information security. This is a good exercise for people who don’t have enough material for a complete track or who don’t have a speaker experience. Personally I found lightning talks very interesting and some research could be definitively presented as a full talk! Today, I learned about a tool called “passdown” which allows you to extract data from network flows (live or via pcap files). Could be interesting!
Laurent Comte, from DNCS, presented a talk about the security problems in operational navy systems. Great topic! Indeed, modern war ships embark network infrastructures similar to corporate networks (firewalls, TCP/IP devices, servers, etc). That’s why they must be secured like all other networks. Helas, due to the “hot-topic” (military environment) and even if the data provided were “unclassified”, Laurent read his presentation instead of really presenting the slides. To avoid disclosure of sensitive data, I presume?
The two next presentations were about “OAuth & OpenID – securing the impossible” and “SAP security“. The first one gave a complete overview of the protocols. The conclusion was: “Protocols have good intentions, that’s their implementation which is weak“. SAP is a regular topic this year. Used by almost all big companies, SAP became a nice target. The main reason is its “insecurity”? SAP, compared to services like an ActiveDirectory, does not belong to the IT but to the business. Nice demos were performed. No more info due to lack of attentioncaffeine.
Finally, Walter Belgers from toool.nl made the show! He explained what is lock picking and what are the different types of locks versus the tools available to unlock them. With life demos… Impressive!
I’m already back in Belgium, a quick visit but good stuff and meet old & new contacts! I’m going to sleep now…