Vegas Aftermath: Black Hat & DEF CON Takeaways

August 12, 2016 John Nye

Black Hat

Last week marked my third year in Las Vegas for the annual “hacker conferences,” BSides Las Vegas (which I was unable to attend), DEF CON and Black Hat. Black Hat is two days of briefings, tool demos, workshops, and a very large array of security vendors. Finally, the week affectionately known as “hacker summer camp” by attendees is capped off with the largest, longest-running, hacker conference in the world – DEF CON.

While there, I saw many interesting talks, found out about security services and products, and networked and chatted with a lot of my peers. All of this has sparked many blog ideas which I will be writing about in the near future. Below are brief summaries of a few of the talks that stood out.

  • Dan Kaminsky – Keynote: Dan spoke on how the internet, as we know it, is not how networking originated, and it’s not likely this is how it will end up. We are heavily reliant on a lot of old and outdated protocols with the internet as it stands – DNS, FTP, NTP, and many others. These protocols were adopted originally because they worked, not because they were secure. In 2016 we have patched and fixed as many of these protocols as we can. But, as Mr. Kaminsky said, “We can’t keep screwing this up forever. NTIA has noted half (!) of the population warily backing away
    [from the internet]. Let’s talk about how it really works, so we can discuss how we can do it better.”
  • $Hell on Earth: From Browser to System Compromise: This presentation was given by a group from Trend Micro that have participated, and won, several of the “Pwn2Own” competitions. This is a competition in which security researchers attempt to find zero-day exploits in popular, and patched, browsers. This includes the likes of Chrome, Internet Explorer, Safari, Firefox, etc. They successfully found several critical attacks and were not allowed to release them until the vendors had a chance to respond and repair if they chose to. In the slide deck linked above see how the researchers were able to get system and kernel level access on targets directly through the browser.
  • This is not even close to all of the topics I will be researching and likely writing about from Black Hat, but there were also several interesting topics discussed at DEF CON.

    DEF CON

    DEF CON had even more great talks, sessions, SkyTalks, villages, and a plethora of other amazing things to see, do, and learn. There is always much more than one person can take in during a four day conference. To add to the difficulty of experiencing as much as possible was the record-setting attendance. DEF CON has been steadily growing since its inception 24 years ago, culminating in an estimated 22,000 attendees for this year’s event held at the Bally’s and Paris Casinos in Las Vegas.

    Because of the excess in turnout there were some hiccups the first couple of days that made some stuff more difficult to do, but after those were resolved the organizers and “goons” (what they call the volunteer security force), managed to organize the chaos very well, and I saw several talks that were fascinating. Most of these are worthy of their own blog post so keep your eyes on CynergisTek’s Twitter feed for new ones. I am sure they will be frequent and interesting for a little while at least.

    • Mousejack: Exploiting Vulnerabilities in Non-Bluetooth Wireless Keyboards and Mice: In this presentation, which was the most concerning one I saw, Marc Newlin showed a packed hall of hackers how to use a Logitech “unifying” receiver and attack other Logitech connected devices. He showed how the firmware in the unifying dongle could be re-flashed and in conjunction with an open-source program (MouseJack) can force pair any type of wireless device to any system with a Logitech dongle in the USB port. He also showed many other concerning attacks on various brands of wireless keyboards that allows him to inject or intercept keystrokes. All of these attacks would allow a malicious actor to perform a litany of intrusive attacks on victim’s machines with almost any kind of non-bluetooth wireless dongle attached. This one is top priority for me to investigate and write a detailed blog on. Expect it soon.
    • Picking Bluetooth Low Energy Locks from a Quarter Mile Away: This topic was discussed more than just during the presentation I attended. In several of the villages (lock-picking, wireless, and IoT), there were a multitude of bluetooth locks that were hacked surprisingly easily. The talk showed how it is fairly trivially possible to remotely unlock virtually any of the popular brands of locks. I will research this more as well and report back if there is anything to discuss.

    There are dozens of others on my list that I am anxious to dive into. Feel free to ask me any questions, as usual, and there will be plenty more content that stems from my recent trip to Las Vegas.