|Defcon MP3 Audio Archive|
|Defcon Audio, Notes, & Links|
June 9-11, 1993 at the Sands Hotel & Casino
- Notes from the Field Inforworld's preview of Defcon 1, by Robert X. Cringely
- DoubleSpace May Not Scan Your Hardware, But Defcon Denizens Do by Robert X. Cringely
- Picture Archive for Defcon 1
- Defcon 1 Audio Textfiles.com Mirror
- Defcon Audio 1 RSS
- Ray Kaplan - To Hack or Not to Hack, That is Not the Question (7.4 MB MP3) (M4B)
- Judi Clark - Computer Privacy, 1st Amendment, Gender Roles, and Discrimination (2.2 MB MP3) (M4B)
- Dan Farmer - Sun Microsystems: Future Developements in UNIX Security Software, General Q&A on UNIX Security (6.5 MB MP3) (M4B)
- Announcement of his idea for SATAN.
Gail Thackeray - Liablity (8.1 MB MP3) (M4B)
- Computer law overview. BBS operator rights, computer search warrants, printing k0dez is not freedom of speech.
Gail Thackeray - Liablity Q&A (4.8 MB MP3) (M4B)
- Question and answer session.
Dark Druid - Getting Busted Sucks!
- No audio available.
Mark Ludwig - Virus Developements and Concerns (14.8 MB MP3) (M4B)
- Virus and bug tracking databases.
Dead Addict - The Future of the Underground (3.2 MB MP3) (M4B)
- In light of the "new" Internet, Windows, and networking, what is the scene coming to?
Curtis Karnow - The Law, and Its Intersection with Virtual Reality, and Liability in "Simulated" Environments and Worlds (4.6 MB MP3) (M4B)
July 22-24, 1994 at the Sahara Hotel & Casino
- 'Captain Crunch, Pick Up the White Courtesy Phone' by Larry Armstrong
- omputer Underground Comes Out of the Cold by John Markoff
- Cyber-Christ meets Lady Luck by Winn Schwartau
- Fear and Loathing in Cyberspace The computer underground comes to Las Vegas, by T.J. Barrett
- Survey of Computer Networking Very poor attempt by the author to evaluate a convention he never attended, with an anti-virus spin job, by Michael Dempsey
- Inside Track by John C. Dvorak
- Will Microsoft Make CompuServe a Marvel or Teach NSA to Break Code? by Robert X. Cringely
- Defcon 2 Review by Theora
- Defcon 2 Review by Iron Feather Journal
- Picture Archive for Defcon 2
- Defcon 2 Program (2.3M PDF)
- Defcon 2 Audio Textfiles.com Mirror
- Defcon 2 Audio RSS
- Mr. Upsetter & Damien Thorn - Impromptu Cellular Workshop (1.4 MB MP3) (M4B)
- An impromptu cellular workshop covering cloning, call tracking, etc.
Phil Zimmermann - PGP Keynote (5.1 MB MP3) (M4B)
- Philip R. Zimmermann is a software consultant specializing in cryptography, authentication, and data security, and is a leading advocate for public access to strong cryptography. He is the author of PGP (Pretty Good Privacy), a free public key encryption software package that has become the worldwide de facto standard for the encryption of email. The publication and wide dispersion of this software and its extensive use on the Internet worldwide has led to export control problems and conflict with the National Security Agency's desire to restrict the general use of high quality encryption, and has triggered a U.S. Customs criminal investigation.
Gail Thackeray - Privacy and Wiretapping Laws (5.4 MB MP3) (M4B)
- Deputy county attorney with the Maricopa County attorney's office in Phoenix, Arizona. Her duties include the prosecution of communications and computer related crimes. Recently she participated in "Operation Sundevil," a nationwide computer crime task force.
Curtis Karnow - Recombinant Culture: Crime in the Digital Network (3.6 MB MP3) (M4B)
- Curtis Karnow is a partner at the San Francisco law firm of Landels, Ripley & Diamond, and chairs the firm's Competitive Practices Group. His practice emphasizes intellectual property litigation and computer law. He is a faculty member with the American Arbitration Association, a former federal prosecutor, and serves as temporary judge with various Bay Area courts.
- Curt Karnow has lectured and widely on the intersection of the law and rapidly advancing technology. At last year's Defcon, he spoke on legal problems associated with complex computing and synthetic realities. These days, he's engaged in advising clients in the multimedia industry in Japan and the U.S., conducts patent litigation, and helps out Phil Zimmermann on intellectual property issues associated with encryption.
Judi Clark - Round Table Discussion: Social Elements in Networking (4.4 MB MP3) (M4B)
- The treasurer for the CPSR has organized a round table discussion. She will briefly talk about the CPSR white paper on the NII. Mara is active in Nexus-Chicago, a diverse group committed to virtual community. She will talk about the concept of virtual communities. Karen is the CPSR Berkeley chair and steering committee and librarian of note. She will talk about her Cyber-activist's top ten list. "Ask not what the Net can do for you.." Marianne, who does not speak for Sun Microsystems, will talk about Hacker Barbie: The net's not just for guys anymore. Fen, an information anarchist and cofounder of Broadcast Technologies, will discuss how capitalistic market driven forces drive a Guerilla Information Network (GIN) to create beneficial social anarchy.
Theora - Privacy & Annonminity on the Internet (6.6 MB MP3) (M4B)
- Do you have a right to privacy and/or anonymity? Does the technological means exist to provide it to you? Should you expect it? What are your responsibilities? (there's always a catch....)
- This roundtable discussion, moderated by Theora, will center around identifying problems associated with privacy and anonymity on the Internet. Design of anonymous mailers, sniffers, PGP and anonymous networks will be some of the things discussed by the panel. Phil Zimmermann, creator of PGP, M_Strata.Rose, UNIX consultant and designer of Virtual City Network, Mark Aldrich from strategic systems group of GRC, and one as yet unnamed hackers/lamers will present their views on these issues. There will be ample time for question and answer. The session will go either technical or social, depending on the interest of the people. You can write down questions in advance if you want.
Chris Hall - Private Investigator: Excellent War Stories from Past Investigations (6.0 MB MP3) (M4B)
- Chris Hall is the Chief Operating Officer of Executive Protection Associates, Inc. EPAI is a worldwide provider of executive and celebrity protection, general and SUBROSA investigations, privacy protection stategies, counter-stalking operations, electronic de-bugging, and off-shore services to the Fortune 500, celebrities and the high-technology industry. Chris is the Senior Field Investigator with EPAI's affiliate Professional Executive Investigations, Ltd. (a licensed California Private Investigative Agency). Chris has managed a team of up to 10 bodyguards, investigated complex high-technology cases, and (as an FCC licensed technician), has performed TSCM (de-bugging) for industry, celebrities, and diplomatic missions. Chris will be speaking on the art and science of physical and electronic surveillance/counter-surveillance, and will be demonstrating a fully equipped $20,000 surveillance/counter-surveillance van at Defcon 3.
The Jackal - Radio Communications Overview (6.4 MB MP3) (M4B)
- Jackal is a Computer Science major, and studies electronics, ham radio, and security issues on the side. He is a licensed amateur operator, and is a member of REACT, a volunteer community service radio organization. Other hobbies include martial arts, chess, and other strategy gaming. The Jackal has been working on computer, electronics, and security projects and issues, and is active in ham radio and community service radio. He'll be talking about radio, giving an overview, and covering the technical, security, legal, and ethical issues involved.
Steven Dunnifer - The Founder of Radio Free Berkeley (7.3 MB MP3) (M4B)
- The state of pirate radio and on battling the FCC.
Winn Schwartau - Overview of TEMPEST and van Eck Shielding and Radiation (2.4 MB MP3) (M4B)
- Overview of van Eck phreaking techniques.
Padgett Petrson - Anti-Virus Programming, or, "Cleaning Up After Other People's Messes" (5.6 MB MP3) (M4B)
- Padgett played Tic-Tac-Toe on a Univac in 1957 and hasn't stopped playing since. Part of the sixties were spent in the USAF where he almost received a reprimand for writing letters home via computer/satellite except the engineers stated that it couldn't be done. In the early '70s GM gained a program for the IBM 360 to calculate various suspension effects on a Corvette during high-gee cornering (Padgett has held FIA, IMSA, and SCCA/National licenses. Another very complex program led to a "magic" Rochester fuel injection that looked completely stock yet flowed half again as much air as the factory unit (and with enough air a small blo ck will wind to the moon.
- After setting a record for sustained flight in a Corvette (460+ feet), he turned to more plebeian interests such as designing the first full authority multiple redundant flight control computer for the F-16 (1979). In 1988, while design team lead for the FAA National Airspace Communications Topology, he encountered his first virus and a new hobby began.
- Mr. Peterson is a registered professional engineer and is currently employed as Information Integrity Manager by the Martin Marietta Information Group somewhere north of Disney World. Since encountering the Brain virus in 1988 he has written a number of anti-virus programs (FixUtil, DiskSecure) for the PC that he gives away as FreeWare. Anti-virus work is done at home where he has seven computers and seven Pontiacs (the perfect number).
Mark Lottor - Hacking Cellular Phones (3.7 MB MP3) (M4B)
- Mark has been hacking OKI cellular phones for over 3 years and his company sells a cellular telephone experimenters kit.
Winn Schwartau - High-Energy Radio Frequency (HERF) and Electromagnetic Pulse (EMP) Weapons and Technology (5.7 MB MP3) (M4B) Torquie - The European Hacking Community and 'Scene' (2.7 MB MP3) (M4B) Dr. Mark Ludwig - The First Annual Virus Creation Awards, and "What To Do When The Feds Come" (5.7 MB MP3) (M4B)
- Dr. Ludwig is the owner of American Eagle Publications.
Peter Buruk - What the Software Protection Agency (SPA) Does, its Charter, and What its Member Companies Want (4.8 MB MP3) (M4B)
- Peter Beruk is the Litigation Manager for the Software Publishers Association (SPA), the principal undo group of the personal computer software industry me Washington, DC-based organization represents over 1,100 software publishers, developers, distributors and all those affiliated with the software industry, SPA Europe located in Paris, France, represents over 150 European software companies.
- As Litigation Manager, Mr. Beruk Is responsible for coordinating the SPA's anti-piracy efforts. This includes investigating and following up on reports received through the SPA's toll free anti-piracy hotline as well as responding to inquiries from corporations throughout the country regarding software and the law. In addition, he was responsible for the development of the SPA Self-Audit Kit and the software program SPAudit, the initial elements of the SPA's anti-piracy awareness campaign over 100,000 copies of these materials have been distributed to date. Prior to joining the SPA Peter was a researcher for the U.S. Department of Agriculture Economic Research Service. Mr. Beruk received his B.S. degree from Cornell University.
White Knight - White Knight Reveals Illegal FBI Wire Tap Activity (4.5 MB MP3) (M4B)
- Also has many interesting war stories about electronic surveillance and the work of being a private investigator.
Computer Warriors! - Commercial Audio (150k MP3) (M4B)
- Listen to the excitement as the "C0mput3r Warri0rz" save your computer from evil virii attackers! Very funny stuff. From some unknown video tape promoting anti-virus awareness.
Damien Thorn - Cellular Programming Overview (5.0 MB MP3) (M4B)
- Damien is a Nuts & Volts writer.
The Dark Knight - Hackers in the U.K. (6.8M MP3) (M4B) Artimage - Closing Comments (1.4 MB MP3) (M4B)
- Artimage closes down the convention. Artimage reads a letter to the audience from Co/Dec, who is in jail, encouraging everyone to not give up. Then it's goodbye to everyone and see you next year!
August 4-6, 1995 at the Tropicana Hotel & Casino
- Defcon 3 Announcement
- Companies Face Lawsuits for Network Security Lapses
- Hackers Revel in Marketer Hype United Artists, GTE turn code-crackers into promotional ploy.
- Picture Archive for Defcon 3
- Defcon 3 Pictures From route.
- Defcon 3 Audio Textfiles.com Mirror
- Defcon 3 Audio RSS
- Bruce Schneier - Issues Surrounding Cryptography, Digital Authentication, and Digital Cash (6.9M MP3) (M4B)
- Bruce Schneier is president of Counterpane Systems, an Oak Park, Illinois consulting firm specializing in cryptography and computer security. Clients include Compaq Computer, Hughes Data Systems, Intel, MCI, Merrill Lynch, Mitsubishi Electronics, National Semiconductor, and Oracle. He is the author of Applied Cryptography (John Wiley & Sons, 1994). Applied Cryptography has sold over 25,000 copies world-wide, is being translated into four languages, and is the seminal work in the field. Other books include Protect Your Macintosh (Peachpit Press, 1994) and Email Security (John Wiley & Sons, 1995); he has also written dozens of articles on cryptography for major magazines. He is a contributing editor to Dr. Dobbs Journal where he edits the "Algorithms Alley" column, and a contributing editor to Computer and Communications Security Reviews. He serves on the board of directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the program committee for the New Security Paradigms Workshop. He is a frequent lecturer on cryptography, computer security, and privacy.
Winn Schwartau - Information Warfare, the Year in Review (6.3M MP3) (M4B)
- Winn Schwartau is one of the country's leading experts on information security and electronic privacy. As the Executive Director of Interpact, Inc., Winn provides services to industry and government on encryption, enterprise information security, policy, information warfare, van Eck radiation, HERF guns & EMP/T bombs (non-lethal magnetic weaponry) hackers, U.S. and International policies and standards, electronic privacy and related issues. He is also a partner and Vice President of Business Development, Secure Systems Group International.
- His recent non-fiction book, Information Warfare: Chaos on the Electronic Superhighway (Thunder's Mouth Press, NY.) is a successful and compelling non-technical analysis of personal privacy, economic and industrial espionage and national security. He calls for the creation of a National Information Policy, a Constitution in Cyberspace and an Electronic Bill of Rights.
- Mr. Schwartau is also the author of Terminal Compromise, a fictionalized account of a computer terrorism based war waged on the United States. After selling well as a bookstore book, Terminal Compromise was placed on the Global Network as the world's first novel-on-the-net shareware and has become an underground classic. This prophetic book predicted a number of cyber-events, including the Clipper Chip, chipping, magnetic assaults, hardware viruses, to name a few. Former Architectural Security Consultant to Hughes STX on Enterprise security network architectures, design and implementation.
- Mr. Schwartau may be reached at Interpact, Inc., 11511 Pine St., Seminole, FL, 34642. 813-393-6600, fax 813-393-6361, Email: firstname.lastname@example.org.
Robert Steele - Why Hackers Should be Considered a National Asset (5.5M MP3) (M4B)
- President of Open Source Solutions, Inc. A former spy, experienced bureaucrat, radical visionary. Tofflers call him the "rival store" to CIA. Robert will explain why hackers should be considered a national asset.
- Robert David Steele is the bureaucrat's worst nightmare: a highly educated and skilled bureaucrat himself, now a successful businessman, who has seen the light and been quoted around the world--including the notorious Singapore Straits Times saying "hackers are a national resource." He means it, and people are starting to listen.
- Steele spent 18 years as a Central Intelligence Agency spy and Marine Corps intelligence officer. He has done three overseas tours recruiting traitors, participated in signal collection operations, helped program funds of overhead imagery satellites, and been the senior civilian responsible for establishing the new $20 million Marine Corps Intelligence Center.
- He holds graduate degrees in international relations (predicting revolution) and public administration (strategic and tactical information management for national security), is a distinguished graduate of the Naval War College, completed the Harvard Executive Program (Intelligence Policy), and spent two years at CIA expense learning about artificial intelligence.
- Steele was introduced to cyberspace by Howard Rheingold and John Perry Barlow, and he's never been the same. His article in the Whole Earth Review, "E3i: Ethics, Ecology, Evolution, and Intelligence" established for the first time the concept of a citizens intelligence agency (cia) and an "open books" approach to national intelligence.
- Do *not* make the mistake of thinking Steele is anti-establishment--on the contrary, he *is* the establishment--of the future--and his contemporaries in the halls of power are just starting to figure that out. Where Steele makes a different, is in understanding that the communications and computing industries have been criminally negligent (or maybe just stupid), the government has been out to lunch, and hackers have something important to say about making cyberspace a safe place to work and play.
Jim Settle - Ex-FBI Computer Crime Investigator (6.5M MP3) (M4B)
- Spot the Fed Contest is made easy. Jim is the former head of the FBI's National Computer Crime Squad. Having been spotted as a "Fed", he left the FBI and now works with I-NET helping customers improve security on their networks. Jim can offer a perspective on the government's position on various issues (intruding, crptology, export controls) and why industry and the user community are doing very little to secure networks. Having appeared in several forums as the "loyal opposition" his views might suprise you.
Curtis Karnow - Agents in the Telecommunications Context, and "Smart" Software that We "Trust" to do the Right Thing (6.5M MP3) (M4B)
- The specific issue is legal liability and responsibility for the actions of intelligent agents, and then spinning off to chat about the liability for artificial intelligence generally.
- Curtis E.A. Karnow is the coordinator of the Communications and Technology Group at the San Francisco law firm of Landels, Ripley & Diamond. A former federal prosecutor and currently judge pro tem for various courts in the San Francisco area, Mr. Karnow specializes in intellectual property litigation, high-tech and computer law. His clients include a worldwide telecommunications company, software developers including Phil Zimmermann (PGP), distributors and users, and global home video game and multimedia manufacturers and publishers. He is the author of numerous papers in the fields of computer law and virtual reality, litigation, and arbitration, and serves on the board of Leonardo, the Journal of Arts, Technology and Sciences published by MIT.
Susan Thunder - Social Engineering and Psychological Subversion of Trusted Systems (7.9M MP3) (M4B)
- Suppose you want to gain access to the computer files of a given company? How would you go about planning an attack on that company's data when you know nothing about the company except it's name and location? I will explain the method whereby you can gain access to whatever data you want using another more than social engineering / psychological subversion techniques. At no time will actual physical access or even dial-up access to the companies computers be required. At no time a password will be needed!
- If you have an interest in how to design an attack, from beginning to end, you don't want to miss this remarkable theoretical discussion concerning the hypothetical "XYZ Insurance Company" and their data.
Theora - Survey of IRC Girrrlz, Including Vamprella, "Don't You Hate it When That Happens?" (2.7M MP3) (M4B)
- I was going to talk about all the really bad things that have happened to me and a lot of other people in the past year. You know, like having your shoe stolen while you're eating at Taco Bell. That happened to me. Or your house catching fire. Or getting stuck in a dumpster. Or having your head shaved when you are asleep. Or having someone impersonate you on IRC and then finding out that your friends actually think the impersonator is nicer and cooler than you. I was going to write about stuff like having your uninsured new laptop computer stolen, like.. yes this really happened to me before someone stole my shoe and my NIN CD. But then I thought, hey, why not talk about something happier. So I asked all the people I could find 'what is happy' and they said "LOVE." Well, some of them said some variations of it, but generally it involved male and female interaction.
- So, thinks me, this is a perfect thing to talk about. I already studied and released a linguistics study on how males and females talk differently on IRC in hacking channels. (Females are more technically inclined, vocabulary wise). But that wasn't really about 'love.' So, I decided to just ask people 'What are you like.. if some guy wants to find a girl that he could actually really 'love,' what kind of girls would you say are in this scene.'
- My little talk is entitled females of #hack -- not 'female hackers' and not 'females in search of hackers,' but females of #hack. A more appropriate title would be "what are women who are into the hacking scene and who hang out on IRC and who don't have anything better to do than answer these dumb questions really like like?" but this little talk is as it is. females of #hack. All lower case. The reason I'm going to be talking about this is because lot of guys ask me where they can meet girls. Girls who know about computers. Girls who know what hacking is about. Girls who understand those late nights at the lab. So come see what the IRC hacker femmes have to say, complete with slides. Ok, so I drew them with crayons. But so what. If you're nice, I bet they will send you GIFS.
- Females of #HACK - Paper
- Females of #HACK - Pictures
Karen Coyle - Computer Professionals for Social Responsibility Panel (6.8M MP3) (M4B)
- Karen Coyle is chair-unit of the Ber[zer]keley chapter of Computer Professionals for Social Responsibility, also known as "Nerds Without Social Skills." But she can spell. (http://stubbs.ucop.edu/~kec)
John Q. Newman - The Paper Trail of Identity Documents and What You Can Do About It (6.5M MP3) (M4B)
- General Q&A.
- John Q. Newman is the most prolific and respected author of false identification books in the country. His titles include: Understanding U.S. Identity Documents, Reborn in the USA, Reborn in Canada, Reborn with Credit, Reborn Overseas, Heavy-Duty Identity, and Be You Own Dick. Many of these books are used by the FBI and the Royal Canadian Mounted Police as reference material for their agents. Mr. Newman is continuing his research in this area and will have three new books published this year.
Attitude Adjuster - Virii Talk (2.9M MP3) (M4B)
- Extremely technical machine language discussion on polymorphic computer viruses, with a side note on cryptography uses. Invalid Media talks about his UPT system and invites people to join.
Mr. Evil - Magnetic Stripe Readers/Writers Overview (2.4M MP3) (M4B)
- A short talk on mag stripe reader/writers and concerns surrounding credit card fraud.
- Handout Page 1
- Handout Page 2
- Handout Page 3
- Handout Page 4
Glenn Campbell - Overview of Governmental Activities and Stuff Surrounding Area 51 (7.8M MP3) (M4B)
- Glenn Campbell, 35, is the principal local activist seeking greater government accountability at "Area 51," a secret military base 90 miles north of Las Vegas. Formerly a successful computer programmer from Boston, Campbell moved to the remote town of Rachel, Nevada, in Jan. 1993 to investigate the many strange stories emanating from the base. His carefully researched book, The Area 51 Viewer's Guide, helped bring mainstream attention to a story that had been dominated by UFO and conspiracy buffs with little concern for facts.
- Campbell declares himself "seriously interested" in some of the UFO tales emanating from Nevada's military restricted zone, but he dismisses most of the lights-in-the-sky stories reported in Rachel, 25 miles north of the base. "This place is a circus," says Campbell. "Anyone can make any claim they want here and get away with it. Commerce, not truth, seems to be the primary motivation here." Campbell points out that the area above Rachel is an "intense war games area" where exotic looking lights are produced by conventional military hardware. Campbell himself says he has never seen a UFO in his 2-1/2 years living in Rachel.
- Campbell is a bitter enemy of the owners of the Little A'Le'Inn, the well publicized bar, motel and restaurant in Rachel that caters to UFO believers. They consider him a government agent who has been sent to debunk the UFO sightings here and "muddy the waters" in favor of the military. Campbell, in turn, considers the owners profiteers who are equally obscuring the truth by endorsing all UFO sightings as real. Campbell is also not on good terms with Ambassador Merlyn Merlin II from the planet Draconis, a claimed "alien-in-human-form" who is frequent visitor to Rachel. "The Area 51 story has become a magnet for every nut case on the planet," says Campbell. "This is a shame, because whatever the truth may be at Area 51, it is being overwhelmed by the noise."
- Glenn Campbell supports himself through his personal investments and his mail-order business. He maintain a major presence on the Internet with a free monthly email newsletter (circulation: over 3,000 copies) and a popular World Wide Web page. Campbell is widely respected for his Area 51 research because he sticks to the facts and a rarely engages in the kind of baseless speculation that dominates the UFO field. "I am fighting primarily for less secrecy and greater government accountability, which are goals I think everyone can agree with regardless of their view on UFOs," Campbell says.
- Campbell's email address is email@example.com. Requests for subscriptions to his newsletter should be directed to firstname.lastname@example.org. A catalog of publications sold by the Area 51 Research Center is available upon request. The mailing address is Area 51 Research Center, HCR Box 38, Rachel, NV 89001.
Oscar Meyer - Carefully Consider Your Intentions Before Embarking Down the Road of Serious Hacking (2.0M MP3 broken) (M4B)
- How far are you willing to go?
- Oscar Meyer? Well, he's a real wiener. He is affectionately known to some of his friends as a corn-ball geezer. He's been more or less successful at hacking most everything that he has comes across for most of his nearly 50 years. He thinks that hacking might just be a way of life, holds unconventional views, and generally flounders about trying to make things work better. Although he believes that anything and anyone can be hacked, he is often less successful than he'd like to be. However, he keeps on trying.
- Getting past the front door is challenging, interesting and fun. However, once you are in, what do you do? Rummaging around, deleting things, screwing things up, or crashing things simply won't do. This session talks about what to do after you have you've attained access that is not specifically authorized in the context of your broader hacking goals.
Mark Lottor - Internet Domain Survey (2.0M MP3) (M4B) Stephen Cobb - The Party's Over: Why Hacking Sucks (5.9M MP3) (M4B)
- Stepehen intends to play "devil's advocate" and suggest that "hacking should not be tolerated in any shape or form as it serves no useful purpose and is a menace to society."
- Stephen Cobb, an employee of the National Computer Security Association, is Co-Chair of the Computer Ethics and Responsibilities Campaign. He is also, by birth, a Libra, and thus given to weighing both sides of everything. He has been using a modem since 1983, but has never attempted unauthorized access. He believes in gun control but practices target shooting. He doesn't believe in income taxes, but pays them anyway. He is British by birth, but holds an American passport. A former Rugby player, he is an ex-member of Mensa and the National Organization for Women. In 1970, while still in high school, he charged police lines in protest at the all-white South African Rugby tour. In 1995 he cheered the multi-racial South African victory in the Rugby World Cup.
- A fifteen year computer industry veteran, Stephen Cobb is an international consultant and best-selling author who has written more than twenty computer related texts, translated into more than ten languages, with total worldwide sales in excess of one million books. A frequent contributor to industry publications such as BYTE and Personal Computer World (U.K.), he has written extensively on security related issues and was recently appointed Director of special Projects at the National Computer Security Association (NCSA). His column on communications is a regular feature in Personal Computer World. A former tax auditor, petroleum accountant, and IBM classroom instructor, Cobb is an experienced public speaker who has made presentations to numerous industry gatherings, including the Windows Developers Conference, the Virus Bulletin Conference, and Networks Expo Boston. Now a resident of Florida's Space Coast, he holds a First Class B.A. Honors degree from Leeds University, England.
Koresh - Hacking a Job and Common Tools of the Trade
- No audio available.
Peter Shipley - Security Auditing (6.7M MP3) (M4B)
- Panel of Oscar Meyer, Mel, Bin High? This group talks about various aspects of auditing clients, the problems with reporting, and war stories and advice from a variety of perspectives.
Dead Addict - Revolution, a Look at Society and Where it is Leading Us (7.6M MP3) (M4B)
- Out of the hacking scene when all his friends got visited by unhappy beurocratic law enforcement, out the pirate scene when he realized that the social dedication to stay 'in' wasn't worth the software, Dead Addict is now a bum. Unemployed, a Win95 testing refugee, D.A. is now working on many projects that will eventually get him the hell out of this wonderful country. For the third year in a row, D.A. bullied himself into the opportunity to speak here; and to his bewilderment his previous speeches resulted in much positive feedback.
Deth Vegetable - Why the Media Sucks and Why it Doesn't Pay to Mess with Mr. T (5.0M MP3) (M4B) The Dark Knight - Hackers in the U.K. Update (1.8M MP3) (M4B)
- European hacker scene update.
Hacker Jeopardy - Saturday Night Final Round (5.5M MP3) (M4B)
- Hacker Jeopardy Questions Those recovered, at least.
July 26-28, 1996 at the Monte Carlo Hotel & Casino
- FBI Lectures Hackers at Convention by Adam Steinhauer
- Transcript from The Discovery Channel's "Cyber Life"
- Defcon 4 Pictures
- Defcon 4 Pictures From Plexor
- Defcon 4 Pictures From Speck
- Defcon 4 Pictures From Pluvius
- CNet Segment on Defcon 4 (YouTube)
- Defcon 4 Audio Textfiles.com Mirror
- Defcon 4 Audio RSS
- Eric Hughes - Digital Banking and Currency issues
- Founder of Cypherpunks List.
Yobie Benjamin - The Java Session is an Overview of Java's Security
- The Java session is an overview of Java's security --- both its strength and weaknesses. It will cover Java's security architecture and also talk about Java's future from a H/P perspective. This session IS NOT a technical session or a "Introduction to Java" class. Technical sessions may be held off-line depending on the parties going on @ Defcon.
- Yobie Benjamin is an Associate Director and Strategic Technologies Consultant with Cambridge Technology Partners (CTP), an international professional services firm that specializes in the development information technology solutions. Previous to CTP, Yobie has worked for and consulted with a number of firms including Lotus Development Corporation, Bank of America, GTE Information Systems and the American Automobile Association. Yobie specializes in large scale information systems/application architecture and emerging technologies.
The San Francisco FBI Computer Crime Squad
- No audio available.
- I have some great war stories to share with every one about some illegal Japanese intelligence bugs that I found at a DOD contracting facility which was working an U.S. Air Force contraction involving the F-18 fighter jet. U.S. Government illegally wire tapping innocent american citizens and how I caught them. Data tapping through the switch. Compromising the sub-frame rooms, cross-connect boxes, and the many uses of liquid solder. The use of a cell phone as an eavesdropping device.
Dave Banisar - Tales From Inside the Beltway
- Truly scary stories on privacy, censorship and watching Congress and the President work (sort of).
- Dave is a policy analyst at EPIC and previously at CPSR and has been working on fighting big bro for about 5 years now. I could talk about what things are going on in DC.
- No audio available.
Carolyn Meinel - Jobs are for Lusers
- The oppressive potential of employers and the diversified marketplace results in self-employment.
- No audio available.
- The system administrator and all around stud coder from the L0pht reveals problems with One-Time Password (OTP) schemes, and the TCP/IP drinking game.
Dan Veeneman - Hacking Satellite Systems
- Current notes, revisions, and links to other sites. An excellent overview of how satellites are controlled, the economies of operation, design considerations, and the security strengths and weaknesses of different generation satellites. "Satellite Vulnerabilities: Present and Future", will talk about controlling satellites, jamming and spoofing, GPS systems, future LEO systems, etc.
Netta Gilboa - Sex, Lies and Computer Crimes: The Truth Behind the Indictment of "Computer Genius" Christopher Schanot
- On March 25, 1996 Christopher Schanot was arrested based on an 11 day old warrant which stemmed from an indictment in Missouri for five counts of computer and access fraud involving Bellcore, SRI, Sprint and Southwestern Bell. Although he was not indicted for crimes involving the Internet Libertaion Front, the FBI lied and claimed in print that Schanot supposedly confessed to this. The prosecution also claims Schanot cost Southwestern Bell $500,000 damage to secure themselves after Christopher entered their system and that Southwestern Bell is supposedly now hacker proof. They claim Schanot was a co-conspirator in crimes against Southwestern Bell involving people Christopher never knew or even spoke to and involving over a dozen hackers and phreaks who haven't been arrested and others who haven't even been raided or questioned.
- At the time of his arrest Schanot, 19, was living with the woman he was dating, Netta Gilboa, 38, who is the publisher of Gray Areas magazine (http://www.gti.net/grayarea - Christopher designed the web page and also wrote reviews for it). The FBI has admitted both in court and in press reports that Schanot committed no crimes during the time he lived with Gilboa, but the bust was a result of Schanot's father calling in the FBI to supposedly help find his runaway son. Although Gilboa was not questioned, raided or arrested, Gray Areas magazine as well as Gilboa's life and character have been the subject of both court testimony and dozens of erroneous media reports. Gilboa and Schanot have not spoken out until today and although the case is still ongoing which restricts many juicy details, as much as possible will be said to try to correct the media reports, expose the father, Mike Schanot, for stalking, and to condemn everyone involved from the prosecution to the feds to fellow hackers. Extensive presence of both federal agents from *every* possible agency and media is expected at this particular speech as the case is both sensational and ongoing. For this reason, in order to protect Christopher Schanot's legal rights and privacy, as well as to prevent more charges or accusations against him, there will be no questions or comments allowed from the audience during this speech. Persons wishing to have a specific question answered about the case can either ask Gilboa in advance or after the speech. On the bright side, this expected abundance of feds will result in many more opportunities to win an infamous "I Spotted The Fed" T-shirt.
- Christopher is requesting that hackers do not speak to the media about him and is asking that donations to help him be sent care of Gray Areas Inc. (PO Box 808 Broomall PA 19008).
- Netta Gilboa is arguably the person who has gotten the furthest in the computer underground without ever committing crimes herself. She is also possibly the person in the scene questioned the most times ever by law enforcement simply for the crime of talking to hackers. Gilboa is the publisher of the award winning publication Gray Areas and is the author of "Elites, Lamers, Narcs and Whores: Exploring The Computer Underground" which recently appeared in the Seal Press book Wired_Women: Gender And New Realities In Cyberspace. She has also been published in Phrack, Computer Underground Digest, Cult of the Dead Cat, Empire Times, Dupree's Diamond News, and many other paper magazines and electronic publications. Gilboa holds an M.S. in Advertising and an M.A. in Sociology from Northwestern University and a B.A. in Journalism from State University College of New York at New Paltz.
- Hated by some, loved and respected by others, Gilboa seems to polarize the 1200+ hackers she has interacted with. Gilboa is one of the few journalists to ever take the time to get to know hackers before writing about them and to continue to try to work with them despite severe harassment of both herself and other people associated with Gray Areas magazine. Gilboa's boyfriend, Christopher Schanot, is presently incarcerated without bail for computer crimes he allegedly committed before meeting her. It should be noted that Christopher trusts Netta with both his life and with his story. According to the prosecution he was certainly in a position to check her out thoroughly and decided to be with her regardless of the consequences. The couple are now collaborating on a book tentatively titled Computer Genius which will reveal the real inner workings of the hacking subculture and raise questions about the feds, informants and security experts who are often equally dirty and who allow it all to continue while they gather "information," hack themselves, and stay employed. Numerous Internet providers will be evaluated for their roles in these events. It is also expected that manycurrent, defunct and prank groups in the warez, ANSI, hacking, virus and phreaking scene such as ACID, BOW, DPAK, ICE, IIRG, ILF, INC, LOCK, LOD, MOD, NSA, PHALCON/SKISM, NUKE, POSSE, R00T and WNOC will be explored as well. One intention is clearly to clear the couple's names. Another is to help Christopher gain recognition as an expert in the field. The combination of their different perspectives of various events they each witnessed separately and together over the years is expected to be way more powerful than any book written by either of them alone or by some reporter who simply profiled hackers but did not participate in the events themselves.
- Although Netta Gilboa has previously spoken everywhere from HoHoCon to PumpCon to Computers, Freedom and Privacy, her Defcon speech will be long remembered for its guts, candid revelations and for some of the shocking and chilling facts as well as the glaring questions behind the "Computer Genius" case itself. Few people arrested choose to reveal their stories so publicly. Don't miss it!
Richard Thieme - The Symbiotic Relationship Between Networked Computers and Humans (5.6M MP3) (M4B)
- A dialectic constituting a rising spiral of mutual transformation.
- Richard Thieme has lived in Chicago, Madrid, London, Salt Lake City, Lahaina (Maui), and now Milwaukee. Taught literature at the University of Illinois, wrote fiction. Worked as an Episcopal priest for sixteen years in three cultures. Now speaks, consults, and writes about the human dimension of computers. His focus is transformation -- individual, organizational, global -- and the transformation of spirituality online.
- Hacking redefines how we think of ourselves. Redefines how we understand out possibilities for action in the world. It's also a metaphor for new opportunities available to human beings now and in the next century. Hacking is one way to practice living in transplanetary society. That's why hackers are pathfinders for the next generation. Spirituality is simply the way getting connected online translates into new kinds of community life.
- Thieme consults on change, technology, and diversity for banks, insurance companies, law firms, schools, associations, government, etc. "The Stock Market, UFOs, and Religious Experience" is done frequently for investment and financial people.
- He writes about all this for magazines in many countries. Last four pieces (during last two weeks):
- "Stalking the UFO Meme" - in Virtual City - when you're trafficking in symbols of symbols of symbols, the Net becomes a ten-dimensional dog chasing its own tails/tales. How do you know what's real code when you're lost in a simulation of a hall of mirrors?
- "The Future of Networks/the Future of the World" - in LAN (Australia) - the transformation of human consciousness -- spirituality, community,organizational life, art -- in a networked world.
- "Japan On-Line" - in Computing Japan - the interaction of Japanese culture with Net culture and how it changes both.
- "lost" - scheduled for Wired (August 1996) - what it means for the human psyche to lose the possibility of being lost -- or found -- an archetypal dimension of consciousness for as long as we can remember.
Ira Winkler - Tips on Getting Professional Hacking Jobs (6.8M MP3) (M4B)
- Ira Winkler has performed penetrations that rival the best of the hacker community. He is in the very enviable position of being paid to hack into some of the largest companies in the world. While he holds the unpopular opinion that hackers should be prosecuted for their actions, he believes that hackers can "outgrow their ignorance and be valuable members of the information security community." His advice for wannabe computer security professionals is that, "If you want to do what I do for a living, you have got to stop what you are doing." Come and see what he means.
- Ira Winkler is the Director of Technology for the National Computer Security Association. He runs the NCSA laboratories, Firewall and Anti-Virus Product Certification programs. He also investigates information-related crimes. He is considered an expert in social engineering, industrial espionage, penetration testing, and information warfare. For samples of his penetration work, look at http://all.net/journal/csi/xsocial.html, the June 3, 1996 Forbes ASAP (p.80), and the May/June 1996 issue of InfoSecurity News.
Hack the Lies - Overcoming Media Lies (2.7M MP3) (M4B)
- "Hack the Lies" was created to give a voice to the once-silent hacker community. Over the years, popular misconceptions have arisen about the hacking community and its motives, which are now taken as fact by the general populace. "Hack the Lies" is here to dispel this misinformation and to educate the public on who we are, what we do, why we do it, and more. Come join us for discussion during Defcon IV and make your views known.
John Q. Newman - How to Get Private Information on People (7.4M MP3) (M4B)
- John Q. Newman is the most prolific and respected author of false identification books in the country. His titles include: Understanding U.S. Identity Documents, Reborn in the USA, Reborn in Canada, Reborn with Credit, Reborn Overseas, Heavy Duty Identity, and Be You Own Dick. Many of these books are used by the FBI and the Royal Canadian Mounted Police as reference material for their agents. Mr. Newman is continuing his research in this area and will have three new books published this year.
Stephen Cobb - What to do with Ex-Hackers (3.2M MP3) (M4B)
- Stephen Cobb, an employee of the National Computer Security Association, is Co-Chair of the Computer Ethics and Responsibilities Campaign. He is also, by birth, a Libra, and thus given to weighing both sides of everything. He has been using a modem since 1983, but has never attempted unauthorized access. He believes in gun control but practices target shooting. He doesn't believe in income taxes, but pays them anyway. He is British by birth, but holds an American passport. A former Rugby player, he is an ex-member of Mensa and the National Organization for Women. In 1970, while still in high school, he charged police lines in protest at the all-white South African Rugby tour. In 1995 he cheered the multi-racial South African victory in the Rugby World Cup.
- A fifteen year computer industry veteran, Stephen Cobb is an international consultant and best-selling author who has written more than twenty computer related texts, translated into more than ten languages, with total worldwide sales in excess of one million books. A frequent contributor to industry publications such as BYTE and Personal Computer World (U.K.), he has written extensively on security related issues and was recently appointed Director of Special Projects at the National Computer Security Association (NCSA). His column on communications is a regular feature in Personal Computer World. A former tax auditor, petroleum accountant, and IBM classroom instructor, Cobb is an experienced public speaker who has made presentations to numerous industry gatherings, including the Windows Developers Conference, the Virus Bulletin Conference, and Networks Expo Boston. Now a resident of Florida's Space Coast, he holds a First Class B.A. Honors degree from Leeds University, England.
Emmanuel Goldstein - Buy My Magazine! (1.7M MP3) (M4B)
- The editor of $2600 Magazine.
Mike Roadancer - Hackers Defense Fund
- The purpose behind starting the Hackers Defense Fund at www.hackers.org, information about what you can do to help, and a request for information.
Attitude Adjuster - Windows 95 Viruses and Security (2.5M MP3) (M4B)
- Extremely technical machine language discussion on polymorphic computer viruses, with a side note on cryptography uses.
The Joker's Joke (540k MP3) (M4B)
- Fuck you clown!
The Institution - Old School Hacking Overview (10.1M MP3) (M4B)
- Calling for the creation of the Institution.
July 11-13, 1997 at the Aladdin Hotel & Casino
- Picture Archive for Defcon 5
- Defcon 5 Pictures From Speck
- broken.net's Defcon 5 Pictures - Misc
- broken.net's Defcon 5 Pictures - Day 2
- Geekgrl's Defcon 5 Pictures
- Picture Archive for Defcon 5 By TDYC!
- Picture Archive for Defcon 5 By Cult of the Dead Cow
- Cyber Babes of Defcon 5
- If You Build It, They Will Con by Declan McCullagh
- Hacker Lessons by Sharon Machlis
- Spycatcher by Steve Ulfelder
- Fear & Hacking in Las Vegas by Michael Schrenk
- Hackers Turn Up Heat at Defcon 5 by Holly Knox
- Fear and Hacking in Las Vegas by Joel Deane
- Hackers Invade Vegas by Robert Lemos
- Hackers Do Vegas From The Australian
- Hackers Swap Secrets on Cracking Computers by Angie Bluethman
- Associated Press Defcon 5 Coverage Count the cliches...
- Defcon 5 Review by The Vominator
- Defcon 5 Review by Penguino
- Defcon 5 Review by Lockheed
- Crooks Hook Clueless Hackers by Joel Deane
- Plucky's Review of Defcon 5
- Rev. Krusty Review of Defcon 5
- System Failure: Issue #11 Includes several Defcon 5 reviews
- Defcon 5 Review by Soul to Squeeze
- Defcon Hacker Trips Area 51 Radar?
- Defcon 5 Comic From Computerworld
- Defcon 5 Audio Textfiles.com Mirror
- Defcon 5 Audio RSS
- James Jorasch - Hacking Vegas
- How to games the gamers. From someone who used to deal with hotel casino security. What really goes on?
Bruce Schneier - Why Cryptography is Harder Than it Looks (6.7M MP3) (M4B)
- Author of Applied Cryptography, the Blowfish encryption algorithm and President of Counterpane Systems. Why cryptography is harder than it looks.
Mudge & Hobbit - Microsoft Security (11.1M MP3) (M4B)
- The system administrator from the L0pht and the author or netcat in action! Watch Mudge and Hobbit explain why CIFS is a load of CACA, random SMB CIFS stuff in Microsoft products, and all you ever wanted to know about cracking passwords.
Cyber - An Overview and Explanation of Publically Available Crypto Tools (4.2M MP3) (M4B) Sameer Parekh - Why Cryptography is Harder than it Looks, Part Two (3.8M MP3) (M4B)
- President of c2.net. A look at implementation and production problems facing people and companies wishing to develope and distribute strong encryption.
Se7en - What the Feds Think of us Hackers. (4.7M MP3) (M4B)
- In his experience talking with federal agents Se7en has gained an understanding of the perception hackers have in the government and industy.
- NOTE: Se7en has since been found out to be full of crap.
Ken Kumasawa - Teledesign Management: Phreaking in the 90s (5.7M MP3) (M4B)
- The perspective from the industry.
Dan Veeneman - Low Earth Orbit Satellites (4.9M MP3) (M4B)
- Low Earth Orbit (LEO) satellites are nearing the launch stage, and this talk will cover the different systems that are planned and some of the services they'll offer. A bit on GPS that wasn't covered last year as well as the ever popular question and answer section.
- Dan Veeneman has served in various management and technical positions in the computer industry since 1980. He has developed financial programs for the banking, investment and real estate industries, as well as software for a variety of companies including A.C. Nielsen, McDonalds, Reuters and Baxter-Travenol. Dan has installed and supported many local and wide area networks, including a nation-wide data delivery network. He also has experience supporting Internet connectivity, including Motorola's world-wide Network Information Center. Dan has provided data security and encryption services for a number of government and civilian clients, encompassing video and data delivered over telephone, satellite and the Internet. He also edits a quarterly newsletter concerning cryptography. Dan holds an engineering degree from Northwestern University.
Ira Winkler - Lamer Test (3.9M MP3) (M4B)
- Author of Corporate Espionage. Ira contends that there is so much lameness among hackers that even an eliteness of 10% would be amazing. Take his "Lamer Test" and see if you pass!
Clovis - Issues with Security and Networked Object Systems (6.5M MP3) (M4B)
- From the Hacker Jeopardy winning team. He will discuss issues with security and networked object systems, looking at some of the recent security issues found with activeX and detail some of the potentials and problems with network objects. Topics will include development of objects, distributed objects, standards, ActiveX, corba, and hacking objects.
Wrangler - Packet Sniffing (7.3M MP3) (M4B)
- He will define the idea, explain everything from 802.2 frames down to the TCP datagram, and explain the mechanisms (NIT, bpf) that different platforms provide to allow the hack.
Carolyn P. Meinel - Happy Hacker Discussion Panel
- Moderator of the Happy Hacker Digest and mailing lists. She will preside over a seperate Happy Hacker discussion pannel that will cover the topics of wether or not "newbies" should have information handed to them, or should they learn for themselves?
Cult of the Dead Cow - CDC Live Performance (1.5M MP3) M4B)
- Live performance and drink creation with Swamp Rat, Deth Veggie, Lady Carolyn, A.J., and an unidentified "herd."
Voice of Mercury - Speech & Update (326k MP3) (M4B)
- Live pirate radio update and announcement.
Dark Tangent - Beer Contest Update (660k MP3) (M4B) Dark Tangent - Capture the Flag (CTF) Contest Results and Closing (733 MP3) (M4B)
July 31-August 2, 1998 at the Plaza Hotel & Casino
- Picture Archive for Defcon 6 By Black Cat
- Picture Archive for Defcon 6 By Snowdog
- Picture Archive for Defcon 6 By Mushin
- Picture Archive for Defcon 6 By Pinguino
- Picture Archive for Defcon 6 By Punkis
- Picture Archive for Defcon 6 By Speck
- Defcon 6 Pictures From unoriginal.org
- Defcon 6 Pictures By Nirva
- Defcon 6 Pictures By Mugugypan
- Defcon 6 Review By Tananda
- Defcon 6 Review Very detailed review by TJ Barrett.
- Defcon 6 Party Video Clip From Mike The Monkeyboy (3.8M AVI)
- Defcon 6.0 Video Collage from DNA Magazine (YouTube)
- AT&T Network Security Bulletin About Defcon
- Rev. Krusty's Review of Defcon 6
- Boogah187's Defcon 6 Review
- The Top 14 Things Prof. Feedlebom Learned at Defcon 6.0 Many inside jokes.
- Defcon 6 Program (1M PDF)
- Defcon 6 Announcement (73k PDF) (Text Version)
- Defcon 6 'Media Whore' Poll (Results)
- Stolen Defcon 6 Sign Spotted at a party.
- Hackers: the Good, the Bad, the Ugly (Original)
- Hackers Claim to Find Security Holes in Microsoft's Windows
- Hacker Convention Takes On a Corporate Tone
- The Hacker Myth Crumbles at Convention
- Attendees Beware: A Black Hat in the Sun Can Scorch Your Brain
- Black Hat: We Have Seen the Enemy and They Are... Being Interviewed on CNN
- Defcon: Fear and fascination in Las Vegas
- Defcon 6 Audio & Video Textfiles.com Mirror
- Defcon 6 Audio RSS
- The L0pht - TCP/IP Drinking Game (6.1M MP3) (M4B)
Dark Tangent - Secret Scientology Update (735k MP3) (M4B)
- Only partial amount was recorded.
Dark Tangent - Capture the Flag Contest Update (423k MP3) (M4B) Winn Schwartau - Hacker Jeopardy [Friday] (12.7M MP3) (M4B) Winn Schwartau - Hacker Jeopardy [Saturday] (10M MP3) (M4B) Gurney Halleck & *hobbit* - Lockpicking Demonstration
- This talk includes a discussion of the different kinds of locks, and an indepth look at the pin-tumbler type. *Hobbit* has disected a lock with power tools, and will show visually each stage necessary to open up a lock. Also there is a lock demonstration board with several locks from easy to hard. Pick the hard one and win a free beer!
Richard Thieme - The More Things Change The More They Don't: Soft Destruction and the Ancient Wisdom of Hacking (3.5M MP3) (M4B)
- Video (104M RealMedia)
- What works? What does it take to be an expert? To know how to see desirable goal states just before they become visible? Instead of hoping the doors you blow open have something inside besides a smiling Fed? DefCon has everything you need, right here right now, if you know how to use it. The ancient wisdom lives here but you have to know what it looks like. Hacking is the serious exploration of complex systems. It's not about using somebody else's tools or the latest equipment. Hacking is about knowing how to know how to hack. This talk gives you meta-rules, not rules. It's the truth about why the ancient wisdom of real hacking still applies.
- Richard Thieme is a business consultant, writer, and professional speaker focused on the human dimension of technology and the work place. His creative use of the Internet to reach global markets has earned accolades around the world. "Thieme knows whereof he speaks," wrote the Honolulu Advertiser. He is "a prominent American techno-philosopher" according to LAN Magazine (Australia), "a keen observer of hacker attitudes and behaviors" according to Le Monde (Paris), "one of the most creative minds of the digital generation" according to the editors of Digital Delirium, and "an online pundit of hacker culture" according to the L.A. Times.
- Thieme's articles are published around the world and translated into German, Chinese, Japanese and Indonesian. His weekly column, "Islands in the Clickstream," is published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine as well as distributed to subscribers in 52 countries. Recent clients include: Arthur Andersen; Strong Capital Management; System Planning Corporation; UOP; Wisconsin Power and Light; Firstar Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company; Allstate Insurance; Intelligent Marketing; and the FBI.
Bruce Schneier - Tradecraft on Public Networks (5.7M MP3) (M4B)
- Video (121M RealMedia)
- Dead drops, semaphores, cut outs, telltales...the tools of spying. In a world of continuous communications and ubiquitous eavesdropping, is there any hope for covert communications? Learn about some old tricks of the trade, and some new ones.
- Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm. He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center. He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.
Ian Goldberg - Cryptanalysis of the GSM Identification Algorithm (7.3M MP3) (M4B)
- About 80 million digital cell phones worldwide implement the Global System for Mobile communications (GSM) protocols. Recently it was announced that COMP128, the cryptographic algorithm that protects the "identity key" in the majority of these phones, was extremely weak, thus allowing GSM phones to be "cloned." In this talk, we will examine how COMP128 is used in the GSM protocol, describe the algorithm itself, and demonstrate how to break it. We will also discuss the implications this result has for the security of of the voice privacy features of GSM.
- Ian Goldberg is a graduate student researcher and founding member of the Internet Security, Applications, Authentication and Cryptography (ISAAC) research group at UC Berkeley. His research areas include cryptography, security, privacy systems, and digital cash.
Jennifer Granick - A Review of Several Major Computer Crime Cases from the Past Year or Two (6.7M MP3) (M4B)
- A review of several major computer crime cases from the past year or two. (Salgado A.K.A. Smak, Kashpureff and one other.) This review will describe the hack (in relatively non-technical terms), what laws applied to criminalize the hack, how the hacker got caught, the prosecution that ensued, and the result of that prosecution. Through these case studies, audience members should be able learn what not to do, and why.
- Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California. She defends people charged with computer-related crimes, as well as other offenses. Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
Ira Winkler - Technical Hacking (3.9M MP3) (M4B)
- As I have often said, most hackers display skills that can be picked up by a monkey in a few hours. Hacking is mindless the way the clear majority of hackers seem to be practicing it. In this presentation, you will learn tasks that require real technical skills and abilities. Not only will this provide you with more of a challenge, it will provide you with real marketable skills. If you "really" want to challenge your abilities and stay out of jail, you won't want to miss this session. Otherwise go play with the other Tools Kiddies.
Lorenzo Valeri - Why Are We Talking About Information Warfare? (5.1M MP3) (M4B)
- Why are we talking about information warfare? Lorenzo will try to assess the reasons of the growing fame of information warfare subject. The world is changing but not that much. He will speak at continuity and changes in information warfare in relation to military and strategic thinking. Most of the ideas developed in relation to information warfare have been thought at the beginning of this century. Moreover, there is the problem of intelligence requirements for performing information warfare. The main argument of his speech can be that what has changed is the TIME and SPEED factors but not the strategic and military thinking behind.
- Mr. Valeri is a researcher in the information warfare programme of the International Centre for Security Analysis, which is part of the Department of War Studies, King's College London. He is also a Ph.D. candidate at the Department of War Studies at King's College. His research interests are information security policies, the impact of the Internet and other online services on military and strategic thinking and, in general, non-military threats to national and international security and stability.
Cult of the Dead Cow - Back Orifice Presentation (3.9M MP3) (M4B)
- The announcement of Back Orfice, DirectXploit, and the modular ButtPlugins for BO. Last year it was an anniversary world domination party with the divinity of the bovinity + drinks from Lady Carolyn. What will it be this time?!?! The release of the Microsoft their Back Orfice Tool! Read their announcement here, and cow-er in their presence.
Mike Peros - Massive Illegal Wiretapping Exposed (4.0M MP3) (M4B)
- View the evidence from over 65,000 illegal wiretaps from local, state and federal agents, and the ensuing coverup by prosecurits, judges, and even the FBI's Louis Freech! Scanned original documents soon!
- 65,000 Illegal Local State and Federal Wiretaps and Bugs Exposed From The Tampa Tribune, January 16, 1993. (2.1M PDF)
Winn Schwartau - Introducing the Time Based Security Model and Applying Military Strategies to Network and Infrastructural Securitues (4.9M MP3) (M4B)
- As president of The Security Experts, Inc. & Interpact, Inc., he provides valuable consultation services to industry and governments on information warfare, enterprise information security, policy, hackers, U.S. and International policies and standards, electronic privacy and related issues. His work and clients span three continents. He created and still manages the two most popular www sites on the subject: www.Infowar.Com and www.Info-Sec.Com.
- Mr. Schwartau is also the author of Terminal Compromise which details a fictionalized account of an information war waged on the United States. This prophetic book predicted a number of cyber-events, including the Clipper Chip, chipping, magnetic weapons' assaults, data and hardware viruses, to name a few. He other popular writings include CyberChrist Meets Lady Luck and CyberChrist Bites the Big Apple, which cover underground hacker events, Firewalls 101 for DPI Press, Information Warfare, Mehrwert Information (Schaffer/Poeschel, Germany), for Introduction to Internet Security for DGI and MecklerMedia, several chapters for Auerbach's Internet and Internetworking Security Handbook and Ethical Conundra of Information Warfare for AFCEA Press. He is currently writing two more books (to appear by the end of 1997) and is working on two major movie projects about information warfare and privacy.
Paul Kocher - The Designing and Production of the First Dedicated DES Cracker (4.7M MP3) (M4B)
- Designer of the EPIC DES cracker.
Austin Hill & Ian Goldberg - Internet Privacy (5.9M MP3) (M4B)
- Zero-Knowledge Systems will release the first complete Internet privacy utility for consumers in September 1998. Using full strength, fully exportable encryption technology developed by some of the worlds leading cryptographers this product allows Internet users to become completely anonymous on the Internet, using digital pseudonyms and public key cryptography to establish and authenticate digital identities. The Zero-Knowledge Systems development team includes Ian Goldberg who achieved international recognition for his part in breaking the Netscape encryption scheme as well as the development team of the Archie Internet protocol. Forrester Research has estimated that 9 million people will have purchased an Internet privacy solution by the year 2000. There are currently very few Internet privacy tools on the market making this one of the highest growth areas of Internet business.
- Previous to starting Zero-Knowledge Systems, Mr. Hill was the Chief Technology Officer for TotalNet Inc., which was one of the 3 largest Internet Providers in Canada. This company was sold in March 1997 to MPACT Immedia which is Canada's largest E-Commerce company.
John Q. Newman - The Lastest in Paper Tripping, False Identity, and How to REALLY Not Be Found (3.9M MP3) (M4B) Dan Veeneman - Future & Existing Satellite Systems (5.3M MP3) (M4B)
- Video (105M RealMedia)
- Several low earth orbiting satellite systems are already in orbit, and commercial service is just around the corner. Global wireless voice and data services will be available from handheld terminals. Dan Veeneman will bring us up to date on existing and future systems and answer questions from the audience.
- Dan Veeneman has served in various management and technical positions in the computer industry since 1980. He has developed financial programs for the banking, investment and real estate industries, as well as software for a variety of companies including A.C. Nielsen, McDonalds, Reuters and Baxter-Travenol. Dan has installed and supported many local and wide area networks, including a nation-wide data delivery network. He also has experience supporting Internet connectivity, including Motorola's world-wide Network Information Center. Dan has provided data security and encryption services for a number of government and civilian clients, encompassing video and data delivered over telephone, satellite and the Internet. He also edits a quarterly newsletter concerning cryptography. Dan holds an engineering degree from Northwestern University. Dan also writes a monthly column for Monitoring Times magazine called PCS Front Line.
Dr. Byte - The Security of Wireless Technology
- Dr. Byte will give a technical presentation on the security of wireless technology. Included in this talk include overviews of: wireless networks, protocols, systems, and access mediums such as AMPS, GSM, FDMA, TDMA, CDMA, CDPD, 802.11, Mobile-IP, and Ad-Hoc Networks Current IP security technology (IPSEC) in IPv4 and IPv6 and overview of areas of research and exploration of security in wireless technologies.
- Dr. Byte is a Ph.D. candidate in Computer Engineering and an instructor of Computer Engineering at a major university. He received his B.S. and M.S. in computer engineering in 1994 and 1997 respectively. For his M.S., he worked with a real time bit error rate simulator, and developed a next generation real time hardware system for bit error rate simulations. He has developed a 16-bit RISC microprocessor in VHDL in a Field Programmable Gate Array (FPGA) able to run compiled 'C' code. His research interests include security over wireless networks, in particular ad-hoc networks using IPv6. He has co-authored 3 papers on IEEE 802.11 and IPv6.
Peter Shipley - An Overview of a 2 Year Effort in Massive Multi-Modem Wardialing (6.5M MP3) (M4B)
- Security problems occur when obvious security problems are overlooked. One commonly overlooked problem is alternative access methods to a corporate Intranet from an external machine. Many if not most companies are overlooking their secondary vulnerabilities surrounding alternate methods of network access.
- Mr. Shipley will present research covering an overview of a 2 year effort in massive multi-modem wardialing. His findings will include some personal observations and the results obtained from scanning the San Francisco bay area. When Mr. Shipley started this project he noted that there were no published research references to wardialing or documented statistical results of the types of equipment and computer networks commonly found on the POTS (Plain Old Telephone System) network. Mr. Shipley decided to change that through his research.
- Mr. Shipley is an independent consultant in the San Francisco Bay Area with nearly thirteen years experience in the computer security field. Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground and hacker community. He has extensive experience in system and network security as well as programming and project design. Past and current clients include TRW, DHL, Claris, USPS, Wells Fargo, and KPMG. In the past Mr. Shipley has designed Intranet banking applications for Wells Fargo, firewall design and testing for WWW server configuration and design for DHL. Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training. Mr. Shipley also performs post-intrusion analysis as well as expert witness testimony. Mr. Shipley is currently concentrating his efforts on completing several research projects.
Prof. Feedlebom - Pirate Radio
- If you have ever been slightly interested in operating your own micropower radio station, this is it. Why to, How to, and how to not get caught. Will also discuss the potential of legal micropower radio in the future. Kind-of a how-to, kind-of a demo, kind-of a "let's make the FCC real nervous" kind a thing.
- Prof. Feedlebom and Technopagan have operated "The Voice of Mercury" and the "Desert Crossing Radio" broadcasts for the last four years. They are also responsible for strange radio emissions that have been heard in the Los Angeles area on 104.7 MHz.
Trask - Hacking the Big Iron: Security Issues in Large Unix Environments
- I will be using the Sun Ultra Enterprise 10000 and IBM SP/2 as examples of how some of the newer, bigger Unix systems (which are increasingly being used for jobs previously performed by mainframes) present some interesting challenges in the area of system security. As you may know, the Ultra Enterprise 10000 is a SMP system that can be configured with up to 64 processors, which may then be partitioned into a maximum of 8 independent partitions. The SP/2, on the other hand, is an MPP architecture that can be configured with up to 64 8-way SMP nodes. These two architectures are different in almost every way, however both are extremely fast, and both have some security concerns not present in more traditional Unix systems. What I have found is that the security problems are surprisingly similar between the two types of machines.
- By failing to consider all aspects of security when implementing the system management tools provided with these computers, the vendors are selling million-dollar-plus products that are less secure than typical end-user workstations. I contend that as unix offerings start providing mainframe class computing power, they need to also look towards providing mainframe class security.
- Trask dropped out of high school about a month prior to graduation. After working at Wendy's, Wal-Mart and Texaco for a few months each, he decided that he would rather be a Unix sysadmin. He lives in 602 with his beautiful fiance (mgd) and is currently employed by American Express, where he gets to play with all sorts of expensive toys.
Security Panel - Securing Distributed Systems (13.0M MP3) (M4B)
- Members include Brian Martin, Gale Katz, route, Ejovi Nuwere, Mudge, Alhambra, *Hobbit*, and Anthony Eufemio.
- Q&A on Intrusion Detection (ID) system, NOS, protocol, and security utilities.
Super Dave - Copyright vs. Freedom of Speech (4.8M MP3) (M4B)
- Video (103M RealMedia)
- As policy and the economics of a world-wide economy force us to attempt an information based economy, the manufactured concept of intellectual property becomes paramount. Our preeminent corporations have shifted from GM and Ford to Disney and Microsoft; our government struggles to develop and globally enforce laws to protect the profitability of IP. These laws are intrinsically at odds with the free and unfettered exchange of ideas which is central to the validity of democracy. But IP law is built on a weak legal and moral foundation, and it is far from clear that an IP based economy is viable.
- David Gessel spent his childhood hammering steel in front of a coal-fired forge as a blacksmith's apprentice for seven years. He then went to MIT to get a degree in physics where he focused on robotics and precision engineering. Switching coasts, David joined Apple's Advanced Technology Group and worked on various things including pen-based computers, LCD technology, and digital cameras. After ATG, David worked at Interval Research Corp, researching rapid design/prototyping technologies for mechanical systems. David is now CTO of Spinner, Inc., a startup developing QTVR technology; VP of Engineering for Nebucon, Inc., a startup developing secure Internet services for small businesses; and contracts mechanical design services bicostally.
Marc Briceno - Smartcard Hacking for Beginners
- Smartcards are a marvelous tool for the security software developer. Their small form factor and tamper resistant, though not tamper proof, packaging allows for numerous applications, such as secure key storage and encryption. Unfortunately, many software developers still consider smartcards difficult to work with. No doubt largely due to the fact that vendors have so far failed to provide sufficient information and development tools. We will introduce SCARD, a free, cross-platform smartcard development, analysis, and integration tool. No longer does the smartcard-curious individual have to learn obscure low level smartcard commands. If you know how to use a UNIX shell or Windows NT, you can use smartcards. There will be a demonstration of several cryptographic, electronic cash, and GSM cards. The audience is encouraged to submit any smartcards in their possession for analysis.
- Marc Briceno is the Director of the Smartcard Developer Association, the only vendor-independent smartcard industry association. The SDA's member base is comprised of smartcard and security experts in Europe, Asia, the Americas, and Australia. The SDA distributes universal smartcard analysis and integration tools to software developers worldwide.
- Mr. Briceno coordinated the efforts leading to the discovery and break of COMP128, the GSM digital cellular telephony authentication cipher. Mr. Briceno is a senior advisor on digital telephony issues to an international development effort engaged in designing low-cost phone encryption devices and a consultant to memory chip forensic data analysis teams at several major universities.
Krusty - Social Engineering Contest (7.7M MP3) (M4B)
July 9-11, 1999 at the Alexis Park Hotel & Resort
- Defcon 7 CD - Table of Contents
- Hack Canada at Defcon 7
- BCTelephone Internal Alert
- Tananda's Defcon 7 Review
- Defcon 7 T-Shirt
- Babes of Defcon 7
- Hackerz, Phreakerz and Fedz: Three Days of Fear and Loathing in Las Vegas By Bronc Buster.
- Through the Looking Glass - Defcon 7 By Doug Mohney
- My First Defcon By Kevin Poulsen
- Bitter Cyberspace Foes Make Nice at Convention
- Defcon 7 Pictures From goapixie
- Defcon 7 Audio Textfiles.com Mirror
- Defcon 7 Audio RSS
- Defcon 7 Video RSS
- Bruce Schneier - Cryptography (12.9M MP3)
- Tradecraft on Public Networks. Dead drops, semaphores, cut outs, telltales...the tools of spying. In a world of continuous communications and ubiquitous eavesdropping, is there any hope for covert communications? Learn about some old tricks of the trade, and some new ones.
- Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm. He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center. He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.
Swift - IPv6 Overview (8.3M MP3) (M4B) Kevin Poulsen & Jennifer Grannick - The Legalities and Practicalities of Searches and Interrogations (9.6M MP3) (M4B)
- You all know who Kevin Poulsen is. If you don't, please go learn.
- Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California. She defends people charged with computer-related crimes, as well as other offenses. Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
Gh0st - Phreaking and PBX Tricks - Part 1 (1.8M MP3) (M4B) Daremoe - The Firewall Appliance: Friend or Foe? (9.2M MP3) (M4B)
- An introduction to appliance firewalls. What they are, how they work and what you can expect when you encounter them in the wild. These "new breed" firewalls are popping up everywhere, so be prepared when you meet them...
- Daremoe is the Alpha-Dog of the WolfPak, a "614 based group of security minded individuals." He is an independent computer security consultant with over ten years experience in e-commerce. He has just completed a comprehensive evaluation of appliance firewalls and their market.
Gail Thackeray & Kevin Higgins - Legal Q & A - Part 1 (5.4M MP3) (M4B)
- Part 2 (1.1M MP3)
- Part 3 (4.7M MP3)
- Each will do a brief thing on a topic near & dear to their hearts, and then open the session to an "ask the prosecutor" Q&A so people with burning questions can ask about whatever interests them.
- Gail Thackeray is a Maricopa Count prosecutor in Arizona and Kevin Higgin is with the Nevada Attorney General's office.
Mojo - Hacking Windows Registries and Shares (15.9M MP3) Vic Vandal - Hacking Oracle 101 (12.2M MP3) (M4B)
- So you've hacked your way into your "test" O/S. What are you going to do now? All the really fun data is stored in a database, probably an Oracle database. This talk will discuss some of the gory details of Oracle security and insecurity.
- Vic Vandal is a certified information security professional. He has been providing enterprise-level security design and implementation for U.S. government and military entities for the past 10 years. He currently works for a major consulting firm as a Senior Information Security Engineer. His areas of expertise are; O/S security, database security, network security, application security, firewalls, encryption, VPN's, and digital signatures.
James Jorasch - Hacking Las Vegas - Part 1 (10.7M MP3) (M4B) Techno Pagan - Radio and Computers - Part 1 (9.0M MP3) (M4B) Panel - Meet the Fed - Part 1 (2.8M MP3) (M4B) Peter Stephenson - Introduction to Cyber Forensic Analysis (15.8M MP3) (M4B)
- This session will address the techniques used to investigate network-based intrusions, especially those originating from the public Internet. Emphasis will be on techniques that provide an acceptable chain of evidence for use by law enforcement or in anticipation of civil litigation. We will cover back-tracing, forensic tools, end-to-end tracing and evidence collection and preservation as well as the forensic use of RMON2-based tools for documenting the path of an attack.
- Peter Stephenson is a well-known writer, consultant and lecturer with an international reputation in large scale computer networks and information protection. He has lectured extensively on network planning, implementation, technology and security. He has written or co-authored 14 books (including foreign language translations) and several hundred articles in major national and international trade publications. He is the principle consultant for InfoSEC Technologies division of Sanda International Corp.
- Mr. Stephenson has participated in investigations of computer system intrusions, Internet misuse and abuse and has performed forensic analysis of computer disk drives as well as backtracing analysis of intrusions coming from the Internet. He has used forensic techniques to recover lost data from computer disk drives.
- Stephenson is a member of the Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA) and the High Technology Crime Investigation Association (HTCIA). He provides volunteer assistance on request to the Michigan State Police and other law enforcement agencies.
Angus Blitter - Fear and Loathing in Cyberspace: The Art and Science of Enemy Profiling - Part 1 (10.4M MP3) (M4B)
- Part 2 (3.7M MP3)
- Quickly identifying your opponent, in any conflict, can mean the difference between success and failure. Knowing their capabilities, resources and limitations can provide the tactical advantage. The lack of this type of decision support is a serious deficiency in most information warrior's arsenals. Relying on single source intelligence is pure folly. Charlatans and carpetbaggers are salivating at the millions in government and corporate dollars earmarked for such a competitive advantage. Our discussion will provide a working definition for "profiling", how it is used and why it effects everyone!
- Angus Blitter is the founder and Grand Poopa of HSK.
Punkis - Introduction to TCP/IP (11.6M MP3) (M4B) Rooster - Insecurities in Networking Devices - Part 1 (6.9M MP3) (M4B)
- Part 2 (469k MP3)
- Part 3 (604k MP3)
- Routers and switches. These devices make up the core of what is networking. Devastatingly important, this infrastructure is key to a properly working environment. Amazingly, many administrators don't know the weaknesses and holes that are being exposed to the Internet. This talk will discuss the most common security issues in routers and switches, how they can be exploited, what a person gains from this, and how to prevent people from gaining access to your network equipment.
- Rooster has extensive knowledge of systems and networking. his experience includes all manner of networking and systems including; ATM, BGP, GigabitEthernet, FDDI, etc. Rooster is currently a network engineer at a Fortune 500 company where he maintains the Internet connectivity.
Michael Martinez - Hackers and the Media: A Love-Hate Thing (10.1M MP3) (M4B)
- For hackers, contact with the media is both exciting and frustrating. Everybody loves to grab that 15 minutes of fame and set the record straight, but the media has this annoying habit of getting things wrong, at least from a hacker's point of view. Mainstream reporters feel the same way -- hacking is cool, sexy, and guarantees readership. But hackers are so evasive, way too full of themselves, and then there's this godawful technology to try to understand. How can reporters and hackers work together, or at least understand each other?
- Michael J. Martinez reports on technology for ABCNews.com. In addition to covering more mainstream issues, Martinez has written about hacker culture, the VX community, the Pentagon's "cyberwar" problems, and the Melissa virus. His articles have been featured on Slashdot and the Hacker News Network.
- Hackers Having a Blast by Michael Martinez
Peter Shipley - Introduction to TCP/IP Exploits (14.0M MP3) (M4B) Mr. Phillip & J. Loranger - The Ethics/Morality/Practicality/Patriotism of Hacking - Part 1 (3.2M MP3) (M4B) Ira Winkler - The Myths of Hiring Hackers (9.6M MP3) (M4B)
- While Ira Winkler is not an advocate of hiring your off the street hacker, he has come to the opinion that many of them are more useful than people who call themselves security professionals. He believes that compounding the problems are bureaucrats who don't understand the problem, and try to form solutions without thinking. For example, the Critical Infrastructure Assurance Office (CIAO), formed by a Presidential Directive to help protect the critical infrastructure, was considering a plan to recruit a group of teenagers who they would guide through their college careers to be the Info Warriors of the future. Ira talks about the myths associated with hiring hackers and security professionals, as well as the problems with the efforts to supposedly protect the infrastructure. An "Are you clueless?" test for "security professionals" is given. Also recommendations to excel in the corporate world are given for hackers who are really skilled.
M0dify - Introduction to Scanning - Part 1 (3.3M MP3) (M4B) Dead Addict - Currency Systems, Credit Systems, and Associations (10.3M MP3) (M4B)
- After working for The Man (TM) for several years, DA is finally working for the little guy - implementing worldwide financial systems for multinational banking corporations. He will speak on currency systems, credit systems and associations, SET technology, its message flow, crypto usage, implementation issues, and surrounding industry issues. He will also briefly discuss security issues with current ecommerce implementations
Sarah Gordon - Viruses On (and Off) the Internet (7.7M MP3) (M4B)
- Computer viruses are currently freely available on the Internet, as well as via various mailing lists. The recent Melissa virus incident has focused attention on some issues surrounding the public availability of viruses. The panel (representing virus writers, antivirus product developers, open source advocates and academics) will represent a wide range of views on topics such as: "Is it cool to make viruses available via the Internet? Is posting of viral source code to mailing lists as a 'necessary evil' which can force developers to improve products. Should virus writing itself be illegal?" We want to hear *your* views, too, so the session will end with Q&A Interactive.
- Sarah Gordon graduated from Indiana University with special projects in both UNIX system security and ethical issues in technology. She currently works with the anti-virus science and technology R&D team at IBM Thomas J. Watson Research Center. Her current research projects include development of antivirus product certification standards, test criteria, and testing models. She has been featured in publications such as Forbes, IEEE Monitor, The Wall Street Journal, and Wired, and is published regularly in publications such as Computers & Security, Network Security Advisor and Virus Bulletin. She has won several awards for her work in various aspects of computing technology, and volunteers in an advisory capacity to Virus Bulletin, The WildList Organization, and The European Institute for Computer Antivirus Research.
Cult of the Dead Cow - BO2K is Announced and Released (21.1M MP3)
- What will we be doing? R0xiN the HAU-aus, BIzaTch!!!@@!2121lf... But that goes with out saying. In addition to the rocking of the aforementioned house, we will also be releasing BO2k. We won't reveal our sekrets of BO-Fu, but trust me when we tell you that it will make BackOrifice v1.0 look like LOGO for the TI99/4a.
Robert Lupo - Introduction to Computer Viruses - Part 1 (7.2M MP3) (M4B)
- Part 2 (6.0M MP3)
- This class covers how different virus work and how to defend agent them, including: boot sector virus, file infecters, multi-part, macro, and fakes in the world.
John Q. Newman - Personal Privacy and Big Brother Databases (14.4M MP3) (M4B) Freaky - Introduction to Macintosh Security (9.9M MP3) (M4B)
- From the author of Freaks Macintosh Archives, Freak will be hosting a topic this year at the con about macintosh security, the programs out there and their flaws. Some new programs will be released for the macintosh platform to help secure your MacOS. And more programs will be released to exploit your mac and many other platforms.
Dr. Byte - IPv6: Who/What/When/Where/How/Why - Part 1 (4.4M MP3) (M4B)
- Part 2 (5.0M MP3)
- Part 3 (890k MP3)
- Part 4 (546k MP3)
- Part 5 (224k MP3)
- Part 6 (1.8M MP3)
- The Internet Protocol has undergone substantial changes in past few years from version 4 (Classical IP) to version 6 (Next Generation IP). This presentation will overview who's using the new protocol, what the new protocol's features are, when it will become mainstream, where it's being deployed, how the transition from IPv4 to IPv6 is planned, and why we need a new fundamental protocol on the Internet. This speech will contain many technical details and will assume the knowledge of the basics of TCP/IP.
- Dr. Byte is a Ph.D. candidate in Computer Engineering and an instructor of Computer Engineering at a major university. He received his B.S. and M.S. in Computer Engineering in 1994 and 1997 respectively. For his M.S., he worked with a real-time bit error rate simulator, and developed a next generation real time hardware system for bit error rate simulations. He has developed a 16-bit RISC microprocessor in VHDL in a Field Programmable Gate Array (FPGA) able to run compiled 'C' code. His research interests include developing a taxonomy of attacks and applying it to different network environments. He has co-authored 3 papers on IEEE 802.11 and IPv6.
Cyber - How to Use BSD to Setup a Firewall/Gateway (14.2M MP3) (M4B)
- This talk will cover the basics of using free software to setup a firewall/gateway machine. Basic concepts will be reviewed, and why certain things are important will be covered. Ideal setups as well as practical solutions will be discussed. Step by step instruction with examples will be given. Q/A will be done time permitting, slides will be availible online.
- Erik has done computer security for a number of years. He has added crypto layers to existing products, as well as designed and implementedthe security authentication and authorization model for an internal account control system for a major U.S. bank. He currently works as a consultant for KPMG LLP.
Craig H. Rowland - How to Be Aware of Security Problems on Your Network (11.7M MP3) (M4B)
- A critical component of network security is being aware of what is occurring on your systems so you can spot security problems before they become a big headache. The Abacus Project is a suite of free security tools that allows administrators to monitor critical aspects of system operations on a variety of Unix hosts to help increase their awareness. This talk will detail why it is important to watch your systems closely for problems and how these and other free security tools can help bolster your site security using a variety of simple techniques.
- The core components of the project attempt to address the more common indicators of an attack such as: 1) Strange messages in audit files indicating errors or invalid input that indicate security problems. 2) Port probes that are a pre-cursor to attack and compromise. 3) Compromised user accounts and suspicious user activity.
- The three currently released tools address the above issues using generic techniques that work on a number systems. These tools are: Logcheck, PortSentry, and HostSentry.
- This talk will detail why it is important to watch your systems closely for problems and how these and other free security tools can help bolster your site security using a variety of simple techniques.
- Craig H. Rowland is a security software developer and consultant currently working for Cisco Systems Inc. His area of focus falls into network attack tool programming and intrusion detection systems. He is the author of several free security tools on the Internet and maintains the Psionic Software website to distribute security tools, papers, and advice.
Winn Schwartau - HERF Guns, EMP Bombs and Weapons of Mass Disruption (9.6M MP3) (M4B)
- At Defcon 3, Winn Schwartau talked about high-energy radio frequency guns, electromagnetic pulse bombs and assorted nefarious weapons. Trouble is, the government doesn't admit to a thing. However, through constant research, he has found more than the government would like. The August issue of Popular Science, due out on or about July 15 will feature Schwartau's article on these emerging devices - but you will get an early peek at Defcon 7 on Saturday afternoon. Russian HERF and EMP devices for sale world wide. Some are even on the Internet! Terrorist level weapons made in a garage for less than $500 and put out an E-field in excess of 1MV/meter. A video of real HERF at work. Be ready with your questions and Schwartau, as usual, will have answers.
Windmann - The Defcon Proxy Server (5.5M MP3) (M4B)
- Windmann will give an overview of the Defcon Proxy Server - what it is, how it came to be, and how to access and use it. Don't want your boss to know where you're surfing to on his dime? Would you like to anonymously view your artwork after the fact? If this is you, don't miss this informational talk. It will cover new features and access policies.
- Windmann started out in life as a BBS operator in 1989. After setting up Unix boxes to provide Usenet and Email via UUCP for his customers, he gave out shell accounts on the same machines - and after cleaning up that mess, he was a security expert! He also authored the first Windows based email application and roaming code for American Mobile Satellite Corporation and the Trimble C/GPS transceiver, and was head of Network Security for Telegroup, Inc.
Ian Goldberg - Using the Internet Pseudonymously: One Year Later - Part 1 (7.2M MP3) (M4B)
- Part 2 (5.9M MP3)
- Last year we told you about the plans for the Freedom network from Zero-Knowledge Systems: user-trivial, strong-crypto, pseudonymous use of the Internet. See how far we've gotten now. We will present the current status of the network, and discuss the challenges and obstacles we've encountered along the way.
Tom - Security Problems Associated with Client-Side Scripting in Popular Web-Based Services - Part 1 (7.0M MP3) (M4B)
- Part 2 (3.5M MP3)
- This info will also be appearing in Wired Magazine around the same time as Defcon so it's good timing, and extends the 'shorts' in Business Week (May 17, p8) and N.Y. Times (Thursday of same week). See this link for the story..
Jonathan Wignall - Extra Border Hacking - How a Company Can Be Hacked Without the Hacker Ever Picking on That Companies Machine - Part 1 (13.5M MP3) (M4B)
- Part 2 (45k MP3)
- Companies may defend themselves from hacking attacks from the Internet by using firewalls and other defences, but what about their defences beyond their site's boundary? Can attacks here cause damage? Or enable an intruder to break into their sites? This presentation will outline what tricks can happen on the Internet and how you can defend yourself outside your normal area of control, without resorting to illegal measures.
- An experienced college lecturer despite being under thirty years of age. Is well used to public speaking and his research interest is in the field of Internet security. Head of programme for higher education courses in computer networking at St Helens college, he is also actively tring to establish simular courses on information security.
V1ru5, Stephen Wadlow, Gurney Halleck, and *Hobbit* - Lock Picking Demonstration (19.3M MP3) (M4B)
- Lockpicking demonstration. This talk includes a discussion of the different kinds of locks, and an indepth look at the pin-tumbler type. *Hobbit* has disected a lock with power tools, and will show visually each stage necessary to open up a lock. Also there is a lock demonstration board with several locks from easy to hard. Pick the hard one and win a free beer!
- Notes From Defcon 6. (2.9M PDF)
Jason Scott - TEXTFILES, G-PHILES AND LOG FILES: Remembering the 1980's through ASCII (17.2M MP3) (M4B)
- In the 1980's, life started to move online, bringing with it all the wonder, terror, and breadth of human nature. Most markedly, an entire generation of teenagers turned their energies and efforts onto this growing culture and turned the world of Bulletin Board Systems into a combination street corner and clubhouse, sharing their knowledge, lying and bragging into infamy, and creating a shared experience that lasts in their hearts and minds to this day as they become the foundation of the Internet Society. While the unique forces that combined to make BBSes the experience they were have since shifted and formed other cultures in the years since, a feel for the 1980's can be found in the Textfiles (also known as g-files or 'philes') that nearly every self-respecting BBS traded, offered, or created as a matter of gaining notoriety (and more importantly, callers) in a sea of similar voices. In these textfiles, readers can reminisce or learn anew about what the BBS experience meant to those who lived through it, and easy parallels can be drawn to the 'scenes' that are now thriving online today. This talk will attempt to give historical perspective and narrative to the BBS 'scene' of the 1980's, presented by a user who was around for a good portion of it and took notes. Expect shouted refutations from the audience and eerily familiar battles waged across the message boards to live again.
- Jason Scott (Formerly The Slipped Disk) has been an observer and participant in the world of BBSs since about 1982, cutting his teeth on Boards such as OSUNY, Sherwood Forest II and III, Milliways/Outland, The Dark Side of The Moon AE/BBS, as well as hundreds of others. His experience in BBS culture of the 80's ranges from Compuserve and The Source to Deversi-dials, AE Lines and anything else that gave a carrier when you called it. He is best known as the SysOp of The Works BBS, a textfile-only board that he ran from 1986-1988 before switching to SysOp-At-Large from 1989 to the present. Realizing an entire generation's shared lore was being diluted and lost, he has started the site www.textfiles.com, dedicated to preserving all things ASCII from the 1980's. This web site is slowly killing him.
A.J. Reznor - How To Use BO2K - Part 1 (483k MP3) (M4B) Professor Feedlebom - Follow Up on Micropower Radio (9.0M MP3) (M4B)
- Last Defcon, Prof. Feedlebom led a discussion on micropower radio that kinda glossed over a lot of the technical details. This year, he returns to discuss in more detail some of the things required to place a micropower station on the air. Will also include a short synopsis on the current state of Micropower Radio, including the effort to legalize it in the United States. Handouts from last year's session will be available for those who did not recieve them in the mail (sorry).
- Prof. Feedlebom has operated "The Voice of Mercury" and the "Desert Crossing Radio" broadcasts for the last five years. While he's taking the year off this year from the big broadcast, he has been responsible for strange radio emissions that have been heard in Los Angeles and Kern Counties on a variety of frequencies. He also acts as the chief engineer for Radio Invasion, a former micropower station now broadcasting through Real Audio.
Parekh - Crypto Tales (7.1M MP3) (M4B) Steven Alexander - Firewalls: Trends and Problem (13.4M MP3) (M4B)
- This talk will cover some of the new firewalling trends and how many of them are detrimental to security. The focus of this talk will be on how the discussed trends work and how they can be used by an attacker to defeat security, and how security problems can be avoided. The discussion will not cover specific products in order to allow anyone to apply the subject matter to their current configuration.
- Steven works for a small ISP, attends his local college as a math major and spends his free time studying cryptography
Deanna Peugeot - Embedded Systems Hacking (12.1M MP3) (M4B)
- Embedded systems can often go where the average hacker cannot. They don't reside on the server to be detected by a vigilant sysop, nor do they need the dedicated resources of a computer. But no one in the hacking community seems to be taking advantage of this arena. This will cover the possible uses for a custom embedded system and how to go about creating it.
Steve Mann - Inventor of The So-called "Wearable Computer" (13.6M MP3) (M4B)
- Steve Mann, inventor of the so-called "wearable computer" (WearComp) and of the EyeTap video camera and reality mediator (WearCam), is currently a faculty member at University of Toronto, Department of Electrical and Computer Engineering.
- Dr. Mann has been working on his WearComp invention for more than 20 years, dating back to his high school days in the 1970s. He brought his inventions and ideas to the Massachusetts Institute of Technology in 1991, founding, what was to later become the MIT Wearable Computing Project. He also built the world's first covert fully functional WearComp with display and camera concealed in ordinary eyeglasses in 1995, for the creation of his award winning documentary ShootingBack. He received his Ph.D. degree from MIT in 1997 in the new field he had initiated. He is also the inventor of the chirplet transform, a new mathematical framework for signal processing. Mann was both the founder and the Publications Chair of the first IEEE International Symposium on Wearable Computing (ISWC97).
- Mann has chaired the first special issue on wearable computing in Personal Technologies Journal, and has given numerous keynote addresses on the subject, including the keynote at the first International Conference on Wearable Computing, the keynote at the Virtual Reality Conference, and the keynote at the McLuhan Conference on Culture and Technology, on the subject of privacy issues and wearable computers. He can be reached via Email at email@example.com.
David Sobel - Internet Anonymity Under Assault: The 'John Doe' Lawsuits (20M MP3)
- Several recent court cases around the country highlight an increasingly popular litigation tactic: the use of civil discovery to unmask the identities of anonymous Internet posters. In the last few months, a growing number of corporations have issued subpoenas to Internet Service Providers (ISPs) and operators of online message boards seeking to identify and locate individuals who posted material that the companies, for one reason or another, find objectionable. A spokesman for Lycos recently told Salon Magazine that the firm receives subpoenas on "pretty close to a regular basis." The underlying allegations in these cases include defamation, misappropriation of trade secrets and securities law violations. Many observers worry, however, that the legal tactic can easily be used to intimidate potential critics into silence and destroy the anonymity that has contributed to the Internet's explosive growth. David Sobel will discuss these cases and efforts to protect online anonymity.
- David also served as co-counsel in ACLU v. Reno, the successful constitutional challenge to the Communications Decency Act decided by the U.S. Supreme Court in 1997. He has been profiled as a "Newsmaker" by CNET's NEWS.COM for his work on Internet liberties issues.
- David has a longstanding interest in national security and civil liberties issues and has written and lectured on these issues frequently since 1981. He was formerly counsel to the National Security Archive, and his FOIA clients have included Coretta Scott King, former Ambassador Kenneth Rush, The Nation magazine and ABC News.
Jericho - Fakes Walk Among Us
- The recent explosion of the security industry has found itself littered with newcomers, all 'experts' in the field. Unfortunately, many of these 'experts' are nothing more than self proclaimed windbags that are no more qualified to help you with security than your local 6 year old. How do these charlatans manage to find work? Why are they accepted? More important, how do you distinguish legitimate security professionals from the fakes? These are valid concerns in today's security community. Answers to follow?
- Jericho is a security consultant (read: not an expert) working almost full time these days. His travel has taken him to standard corporate networks, to consulting for wacky spooks that everyone fears. On top of run-of-the-mill consulting, he has participated in network analysis via penetration testing, computer forensics and more. He hates crowds. :)
Simple Nomad - Overview of Activities at the Nomad Mobile Research Center
- Simple Nomad will give an overview of activities at the Nomad Mobile Research Centre, provide status on several projects, and give a detailed overview of NMRC's latest Netware hacking tool, Pandora. The new version of Pandora sports a "point, click, and attack" GUI interface, and works against Novell Netware versions 4.x and 5.x.
- Simple Nomad is the author of several FAQs on hacking, including "The Hack FAQ" which is a combined FAQ covering Netware, NT, Unix, and web technologies. The Nomad Mobile Research Centre is a non-profit organization dedicated to independent computer security research, with a focus on corporate-deployed commercial file servers.
Christian Hedegaard-Schou - What is Open Source?
- This talk will focus on what open source is, what it isn't, debunking some myths, showing some examples, and giving reasons why open source is ready for the real world. This talk is primarily aimed at government and corporate IS/MIS/IT staff and managers, but anyone who's curious as to what this "open source" thing is they've heard so much about in the past months are encouraged to attend.
- Christian Hedegaard-Schou is a private contractor and consultant who first embraced opensource about 5 years ago when he discovered Linux and installed it over his DOS partition. He's never gone back. Since he first discovered Linux he also played with FreeBSD and NetBSD on various architectures, and has been a proponent of Free software, GNU, and the newly defined "open source" movement.
Bennett Haselton and Brian Ristuccia - The "Anti-Censorship Proxy" and Technological Circumvention of Internet Censorship
- Brian Ristuccia's Anti-Censorship Proxy (ACP) is a tool for circumventing network-level Internet censorship. It combines functionality of older software such as PGP, Anonymizer, and steganography software, enabling Internet users to bypass firewalls and proxy servers without detection. ACP can be used to circumvent firewalls used by China and Saudi Arabia to block criticism of their governments, or to bypass software used in American schools to censor pages about contraception, animal rights, and many non-Christian religions.
- These countries and institutions are likely to crack down on the use of such software, provoking an "arms race" between ACP developers and their opponents. (The use of strong encryption in ACP may even conflict with some countries' import/export regulations.) This talk will describe the ACP and look at some of the directions that such an "arms race" might take, as well as describing real-world implementations of network-level censorship (in China, Serbia, the Middle East, as well as many U.S. schools), what kind of content is censored, and how the ACP could be used to bypass these restrictions. More information at ians.978.org or www.peacefire.org/bypass/Proxy.
- Bennett Haselton has been publishing studies of Internet censorship software since 1996. His reports have been used as evidence in First Amendment court cases filed by the ACLU and People For the American Way, and he has been invited to speak on Internet censorship at Computers Freedom and Privacy 99, the American Library Association national conference, the ACLU of Ohio annual conference, InfoWarCon 99, and Spring Internet World 99. Peacefire's reports criticizing censorship software have been featured on CNN financial news, MTV, Court TV, and MSNBC.
Charles Faulkner - Hacking Human Minds
- Human expertise is not found in the sum of explicit practices or algorithms. It's in the experience, mental models and heuristics of individuals. Invisible to current Knowledge Engineering, psychology and (most) linguistics, these 'rules of thumb' are available (can be hacked) through specific pragmatic, syntactic, and semantic 'filters/handles' that can be detected, influenced, and transferred. Applications / instantiations to humans achieved. Computing and human/computer interface applications sought.
- Charles Faulkner is a hacker (modeler, in polite society) of human experience and expertise whose projects have included language acquisition, futures trading, metaphoric communication, and object oriented software testing.
Michael Peros - Detecting Wiretaps
- This year I would like to speak about how to identify body wires, recorders and government informants. Also I have verified from a very reliable source that President Clinton passed a wiretap bill through executive order of the White House allowing the Federal Government to wiretap and intercept electronic-oral communication without a warrant. This came into law as of January of 1999. He did not have to go in front of Congress to bring this into law.
- Michael Peros can be reached via email.
Natasha Grigori - Anti Child Porn Militia Grand Announcement
- The Anti Child Pornography Militia (ACPM) will be making a showing at the 7th Annual Defcon Conference in Las Vegas, Nevada on July 9th - 11th. The ACPM will be actively recruiting individuals sympathetic to our cause and willing to take an active role in the battle to eliminate child pornography from the Internet.
- "We have big plans for Defcon", says Natasha Gregori, founder of the ACPM, "Not only will we be recruiting from a Hospitality Suite at the Convention, and seeking sponsors and allies; Plans are in the works for ACPM to make a presentation during the three day event, and be introduced by a major personality in the community." The Defcon Conference will also signify the commencement of operations for ACPM, after 5 months of preparation, organization, and amazing growth from its original one-woman cause. "I feel confident that the kick-off will be a success," Lawless, Director of ACPM Education, "from there, we will begin entering the political arena, lobbying for tougher enforcement against child pornography online, while assisting in any way possible with current enforcement."
- The Anti Child Pornography Militia (ACPM) is an organization committed to removing child pornography from the Internet. Child Pornography is readily available on the Internet from Usenet, web sites, and chat channels. These photographs of children, used to feed the grotesque sexual desires of pedophiles, contribute to the rising numbers in child sexual abuse cases world wide by emboldening and enticing potential perpetrators into committing acts of child abuse. The ACPM will be working to achieve its goal of Zero Child Pornography through legal, political, and legal technical means. The ACPM in no way promotes or condones illegal attacks against individuals or computers connected to the Internet.
July 28-30, 2000 at the Alexis Park Hotel & Resort
- Rave Against the Machine Defcon 2000: Hackers, Geeks, 'Script Kiddies' Party
- Defcon 8 Pictures From the hektik.org crew.
- Defcon 8 Pictures From the moloch.org crew.
- Defcon 8 Pictures From dangergrl.
- Defcon 8 Pictures From RBCP.
- Defcon 8 Pictures From JustBill.
- Blackhat/Defcon 8 Pictures From Dug Song.
- Defcon 8 Pictures From Nirva.
- Defcon 8 Pictures From Jason Scott.
- Defcon 8 Pictures From the techfreakz.org crew.
- Defcon 8 Pictures From the daimyo.org crew. (Set 2)
- Defcon 8 Pictures From the soldierx.org crew.
- Defcon 8 Pictures From goapixie.
- Defcon 8 Audio & Video Textfiles.com Mirror
- Defcon 8 Audio RSS
- Defcon 8 Video RSS
- Arthur Money - Meet the Fed Panel (15.1M MP3)
- Video (46.6M RealMedia)
- Arthur L. Money was sworn in as Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD (C3I)) on October 5, 1999. Mr. Money served as the Senior Civilian Official, Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) and Chief Information Officer of the Department of Defense from February 20, 1998 to October 4, 1999.
- He served as Assistant Secretary of the Air Force for Acquisition from January 1996 to May 1999. He was President of ESL Inc., a subsidiary of TRW, before it was consolidated with TRW's Avionics and Surveillance Group, and Vice President and Deputy General Manager for the TRW Avionics and Surveillance Group. The group is internationally recognized for airborne electronic systems and technologies, including reconnaissance and intelligence systems and advanced integrated avionics.
- Mr. Money has more than 35 years of management and engineering experience with the defense electronics and intelligence industry in the design and development of intelligence collection analysis capabilities and airborne tactical reconnaissance systems.
Eric Sinrod - Federal Computer Fraud and Abuse Act (14.7M MP3)
- We are going to discuss the Federal Computer Fraud and Abuse Act and look at how various hacking, virus and denial of service attacks trigger different sections of the Act. We will also discuss how intent and status affect levels of criminal liability. We will further discuss recent Congressional proposals to the amend the Computer Fraud and Abuse Act. Finally, we will look at international efforts to harmonize cyber-crimes laws.
- Eric J. Sinrod is a partner in the San Francisco office of Duane, Morris & Heckscher, LLP. Mr. Sinrod's practice has covered a number of important Internet, technology, intellectual property, information, communications, commercial and insurance coverage issues. He has represented domestic and international clients in major class actions and where hundreds of millions of dollars have been at stake. He also has handled numerous matters for smaller companies and individuals. Mr. Sinrod has had significant trial and appellate experience, including cases before the United States Supreme Court. Mr. Sinrod has been quoted or his work has been profiled in Time Magazine, the National Law Journal, Cyber Esq. Magazine, Business Insurance Magazine, the ABA Journal, the California Lawyer and a number of other publications.
- Mr. Sinrod is an adjunct professor of law and has published many law review and other journal articles. He is a frequent speaker on Internet, information and communications issues. He is an advisor to the Cyberspace Law Seminar at Hastings College of the Law and teaches an Information Law Seminar at Golden Gate University School of Law. Mr. Sinrod is on the Editorial Board of the Journal of Internet Law, is a member of the ABA Internet Industry Committee, and is a member of the Executive Committee of the Law Practice Management & Technology Section of the State Bar of California. He is the author of a treatise entitled Intellectual Property and Unfair Competition in Cyberspace, to be published soon by CCH, Inc. He writes a weekly Cyberlaw column for the online version of Upside Magazine, entitled "Upside Counsel", and he is a regular guest speaker covering Internet legal issues for Live Online News.
noise - Anonymous Remailers: The Importance of Widely Available Anonymity in the Age of Big Brother (14.7M MP3)
- Video (30.3M RealMedia)
- From the golden days of the Penet pseudononymous remailer, to Janet Reno's call to squelch Internet anonymity, anonymous remailers have played a vital and oft-hated role in making the 'Net safe from Big Brother. People regularly use anonymous remailers to avoid spam, to speak their minds without fear (of peers, family, employers, or governments), and to stay out of search engine indices. Like nearly any other technology, anonymous remailers can also be used by "criminals" to do "criminal" things. Under this guise, the government wishes to outlaw or severely restrict access to anonymous remailers. Remailers are not difficult to use. They're not prohibitively difficult to run, either.
- "The only way the public remailer network will survive, is if more people start setting up remailers. Even if all the current remailers never get shutdown by the Powers That Be [TM], people do tend to move, change lifestyles, pass on, lose their jobs or lose the time to run a remailer. Remailers go away. Change is the constant in life. We need more remops if the system is to survive." -- Shinn Remailer Operator.
- History, current status, and known attacks on Type I/II remailers will be the focus of the talk.
- noise holds a BS in CS from some university and will be attending her second year of law school this fall. She runs the noisebox anonymous remailer, helps the Electronic Frontier Foundation, and delights in holding heated debates with bureaucrats. noise thinks the world would be a better place (tm) if it had more cypherpunk lawyers.
Jennifer Grannick & Grant Gottfriend - The Law and Hacking (12.1M MP3)
- Video (39.9M RealMedia)
- 4th & 5th Amendment, laws that relate to hacking. A criminal and civil attorney talk, debate and answer questions. While in some situation there my be no law against something, that does not mean you can be sued in civil court or charged on "related" charges.
John Q. Newman - 10 Steps You Can Take To Protect Your Privacy (15.3M MP3)
- Video (35.3M RealMedia)
- I will cover topics such as the legal rules regarding fake ID, when and where it can be safely used, how to determine if an Internet seller of fake ID is a scammer or legit, and finally the federal governments new interest in fake ID. The ID shop, the place I recommended last year, was raided by the Secret Service 3 months ago, and I will also talk about this case. If you remember, the owner was at last years convention making and selling ID.
- My second talk will be called "10 steps you can take to protect your privacy." This will be the dry run for a presentation I will take on the lecture circuit when my big new book from Random House comes out on privacy. This talk will give straightforward steps everyone can take to drop out and stay out of Big Brother's databases.
syke - Open Source Utilities and How To Use Them to Test IDSes and Firewalls (12.9M MP3)
- Video (42.2M RealMedia)
- This talk showcases free/open-source utilities and how to use them to test IDSes and firewalls. There have been a few talks on the common weaknesses of both kinds of products, but no practical means by which to test for said weaknesses. The point of the talk is to enable people to test vendor's claims (or their own products) themselves. This talk would be of interest to developers, security admins, product reviewers, and white/blackhat hackers. Knowledge of TCP/IP and programming are recommended.
- syke is a member of New Hack City, a hacker collective based in San Francisco. He has 2 years of experience testing firewall and IDS products at a major vendor of security software.
Jason Scott - TEXTFILES.COM: One Year Later - Part 1 (5.5M MP3)
- Part 2 (2.9M MP3)
- Part 3 (6.7M MP3)
- Video (46.2M RealMedia)
- Jason Scott gave you an overview of the many amazing things that happened in the BBS world of the 1980's at the last Defcon. This time, he talks both about some pieces of history that he forgot to mention, and a wide selection of the most interesting events to happen to textfiles.com in the last year. Hear about the legal threats, the newspaper articles, the links to the Trenchcoat Mafia(!), just how many times textfiles.com has come close to being declared illegal, and why history is so important and yet hated by hackers. Jason will also pull out some nuggets of history about The Works BBS, which was at one point the largest textfiles-only BBS in his bedroom. Specifically, the truth will finally be revealed about the once-dreaded "L00ZER-B-G0NE" button.
- A quarter million visitors and going strong, textfiles.com has expanded into not only a historical collection but a group of essays about all manner of cultural aspects about BBSes, and where they've brought people today. There is also a new companion site, scene.textfiles.com, run by one "mogel," which covers the newest of the new of the textfiles "scene", which is still as active as ever.
jeru - Advanced Evasion of IDS Buffer Overflow Detection (3.5M MP3)
- Video (12.3M RealMedia)
- This is a technical talk which assumes the audience understands x86 or SPARC assembly, and buffer overflow methodologies. It presents various stealth coding techniques that can be applied to preventing detection by most current generation IDSs. The talk also includes a live demonstration of exploits written to evade IDS detection, source code of the examples included. A paper documenting the techniques, and sample code will be available from New Hack City after the presentation.
- jeru is a member of New Hack City, a hacker collective based in San Francisco. He has worked in digital design, and embedded programming. He currently spends his time as part of an IDS development team, providing application level security assessment, and pickin' his fro.
Gregory B. White - The USAFA Cadet Hacking Case: What Both Sides Should Learn About Computer Forensics (13.2M MP3)
- Video (7.8M RealMedia)
- Basically, I'll discuss the case that went to trial in the spring of '99. I was the Deputy Head of the Computer Science Department at the USAF Academy at the time and was asked by the cadet accused of "hacking" to help with his defense. I testified at the trial as an expert witness for the defense. I sat at the defense table throughout the trial serving as their "computer expert." Basically the trial was a comedy of errors by the prosecution - law enforcement, and the cadet's attorneys alike. The cadet was involved in IRC, but the law enforcement types and prosecution became convinced that he was the "hacker" (afterall, everybody KNOWS that IRC is nothing more than a place for hackers to trade information on how to break into computers - the actual sentiment expressed by the investigators). I had up to that point spent the majority of my time in the Air Force trying to protect systems and to catch those who broke into AF systems. This case really shook me as I saw the LE types latch onto the smallest of indicators and blow them into a full blown felony case (the cadet faced 15 years in Leavenworth had he been convicted of all counts). What I will cover in the talk is:
- 1.) Background of the case. 2.) The "evidence" the prosecution thought they had. 3.) The many possible areas where clues might have been found had either side known where to look (or asked anybody who knew anything about it). 4.) What lessons can be learned from this case. Those from the government and industry need to know where to look if they want to catch folks (and if they want to make sure they don't make fools of themselves) and those who might find themselves accused someday need to know how to help their attorneys find clues that could exonerate them.
- Gregory B. White, Ph.D. - Vice President, Professional Services. Gregory White joined SecureLogix in March 1999 as the Chief Technology Officer. Before joining SecureLogix, he was the Deputy Head of the Computer Science Department and an Associate Professor of Computer Science at the United States Air Force Academy in Colorado Springs, Colorado. While at the Academy, Dr. White was instrumental in the development of two courses on computer security and information warfare and in ensuring that security was taught throughout the computer science curriculum. During his two tours at the Academy, he authored a number of papers on security and information warfare and is a co-author for two textbooks on computer security.
- Between his Air Force Academy assignments, Dr. White spent three years at Texas A&M University working on his Ph.D. in Computer Science. His dissertation topic was in the area of host- and network-based intrusion detection. Prior to his Academy assignments, Dr. White was a student at the Air Force's Advanced Communications-Computer Systems Staff Officer Course in Biloxi, Mississippi. He was awarded both the AFCEA and Webb awards for student leadership and academic excellence and was a Distinguished Graduate of the course. Before attending the course in Biloxi, Dr. White served as the Branch Chief of the Network Security Branch at the Cryptologic Support Center in San Antonio, Texas. His first assignment in the Air Force was as a systems analyst at the Strategic Air Command Headquarters in Omaha, Nebraska. Dr. White obtained his Ph.D. in Computer Science from Texas A&M University in 1995. He received his Masters in Computer Engineering from the Air Force Institute of Technology in 1986 and his Bachelors in Computer Science from Brigham Young University in 1980. He separated from the Air Force in 1999 and is currently serving in the Air Force Reserves at the Defense Information Systems Agency.
Tim Lawless - Saint Jude: Modeling, Detecting and Responding to Unauthorized Root Transitions (10.5M MP3)
- Video (34.3M RealMedia)
- The recent surge of interest in security has been a boon for those developing IDS systems. Unfortunately, the IDS advancements have been disproportional in the realm of Network IDS - with host-based IDS lagging behind, only able to detect breaches after the incident. This state of affairs offers administrators, faced with the looming threat of intruders gaining access to their systems via legitimate channels, little protection beyond hardening and continually patching their systems. An intruder need only find one hole, the administrator - all of them. During this session, the Saint Jude project will be presented. Named after the patron saint of hopeless cases, the Saint Jude project is an IDS project that hopes to deliver a model and implementation able to stop a root compromise dead in its tracks, irregardless of the exploits method.
- Tim Lawless is a Systems Administer with the University of Souther Mississippi on the Stennis Space Center Campus. After having spent many a night sleeping in the machine room after a security breach, he became REALLY interested in the topics of computer security and information warfare. He is also a member of the ACPO (formerly ACPM), working to remove child pornography from the Internet.
Thomas Munn - Need for Home-Based Firewalls (11.0M MP3) Ron Moritz - Proactive Defense Against Malicious Code (10.7M MP3)
- Video (35.1M RealMedia)
- Anti-virus software is an important part of a well-devised security policy, but reactive virus detection is not versatile enough for the demands that will be made on businesses engaged in e-commerce. The year 1999 began with the birth of the Happy 99 virus - a harbinger of things to come. Happy 99, plus Melissa, PrettyPark and the Explore.zip worm are all examples of third generation of malicious replicating code, designed to exploit the Internet for their rapid proliferation. A variant of Explore.zip, called MiniZip, managed to hide itself from antiviral utilities and spread at an amazing rate around the Internet at the end of 1999. Such programs, which launch new malicious code attacks, create "first strikes" against systems and networks. Allowing untrusted code to execute on the corporate network may not be suitable for your organization. But corporate security policies that block network executables adversely affect the evolution of the Internet, extranet, and intranet. While no security implementation is absolute, functionality is not achieved by disconnecting users from the network and preventing access to programs. Therefore, proactive defense against first-strike attacks is required today.
- Almost all web sites today contain mobile code. Many of the powerful business (e-commerce) applications you need and use are written with mobile code. Consequently, net-enabled malicious software is likely to increase in prevalence and successful utilization. The factors accounting for such a prediction are the ease by which users are duped into double-clicking on malicious Email attachments and, the ease by which the sources of those Emails are automatically spoofed to seem to come from a boss or from an Email or instant message friend. Traditional pattern matching approaches are incomplete, out-of-date, and ineffective and were never designed in preventing a series of new generation attacks based on malicious mobile code and Trojan executables.
- Ron Moritz is the Senior Vice President and Chief Technical Officer at Symantec Corporation where he serves as primary technology visionary. As a key member of the senior management team interfacing between sales, marketing, product management, and product development, Ron helps establish and maintain the company's technological standards and preserve the company's leadership role as a developer of advanced Internet security solutions. Ron was instrumental in the organization of Finjan's Java Security Alliance and established and chairs Finjan's Technical Advisory Board. He is currently chairing the Common Content Inspection API industry standards initiative. Ron is one of a select group of Certified Information Systems Security Professionals. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University in Cleveland, Ohio.
Robert Graham - Evading Network-based Intrusion Detection Systems (11.3M MP3)
- Video (37.0M RealMedia)
- You've just spent $10,000 on network IDS from a trustworthy company (obviously trustworthy because the vendor spends beaucoup $$$ on marketing). You are satisfied with the purchase because you're catching all these script-kiddies who think they are putting one over on you with their "stealth" scans. But then something bad happens: your servers get hacked through your firewall, and that expensive IDS never utters a peep. How did this happen? The root of the problem is that most commercial IDSs are little more than anti-script-kiddy tools and cannot detect ueberhackers. This talk will show how to evade these IDSs using popular tools like whisker and fragrouter. It will also reveal for the first time additional secret techniques used by ueberhackers.
- Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats. He is the author of several pending patents in the IDS field. He is the author of well-regarded security-related documents (www.robertgraham.com/pubs) and is a frequent speaker at conferences. IRL, he is the co-founder, CTO, and chief-architect at Network ICE.
Xs - LDAP (8.6M MP3) D-Krypt - Web Application Security - Part 1 (2.5M MP3) Jon Erikson - Number Theory, Complexity Theory, Cryptography and Quantum Computing (10.3M MP3)
- Mr. Erikson will talk about number theory, complexity theory, cryptography, and quantum computing. The basics of number theory pertinent to cryptography will be covered, including modular math, the Euclidian GCD algorithm and Euler's totient function and theorem. Complexity theory and tractability will be explained to give a feeling for what a 'hard' problem is (NP vs P) and algorithmic runtime and Big-O notation with respect of input size will be explained to show why factoring the product of two large prime numbers isn't trivial. Then the RSA encryption/decryption algorithms will be derived from scratch, using modular math, GCD, and Euler's totient function. A few factoring methods will be described, to emphasize the complexity involved in factoring the product of two large prime numbers. Then the basics of quantum computation will be explained; superposition, EPR state, decoherence, controlled NOT gates, and entanglement. The actual quantum mechanics will be skipped to focus on the algorithms. Peter Shor's quantum factoring algorithm will be explained and demonstrated, breaking RSA in two steps. Lov Grover's quantum search algorithm will be explained and it's ability to brute force anything in sqrt(N) steps will hopefully be apparent. Since most conventional encryption will be shown to be insecure, a few quantum encryption techniques will be covered. Q&A afterwards, time permitting.
- Jon Erikson was the product of a 6th grade science fair experiment in human genetics by little Snirk Cojeno on planet Vega 7 (His parents helped a little bit). After the fair was over, Jon was sold as slave labor by the elementary school to the Orb Night intergalactic casting and modeling agency. Due to his dashing good looks and human neck, Jon quickly found himself the poster boy for Zarlak's explosive human restraint collars; his likeness plastered all over space billboards and magazines. The fame went to his head, and Jon soon attempted to join the unions, despite the strict regulations against human slaves working like the frees do. He was sentenced to 160 years on the Prison Planet Earth. As if exile to Earth wasn't bad enough, moments after landing, he was quickly carted away to Area 51 by the U.S. Government, only to be traded to a Japanese research group in exchange for some rare Pokemon cards by an agent named Jose Ronnick. In Japan, the brilliant Dr. Kenji Cronos and a lab tech named Michelle began an experimental open-brain surgery procedure on Jon, hoping to teach him about human emotion. Something went horribly wrong, and when the anasthetic wore off, Jon woke up in an empty operating room, with a giant hole his skull. All the colors began to taste like blue again, and he panicked, plugging the hole with paper mache and running into the streets to forage for himself. With 142 years left in his prison sentence, Jon began his own scientific research in the realms of cryptography, parallel algorithms and processing, artificial intelligence, and complexity theory, and has lived as a student, teacher, actor, director, writer, DJ, programmer, researcher, and entrepeneur. And he's sorry that she has to miss out on so many grand adventures...
V1ru5 - More Lock Picking - Part 1 (621k MP3)
- Part 2 (6.2M MP3)
- Part 3 (819k MP3)
- Part 4 (5.6M MP3)
- Video (42.4M RealMedia)
- Virus talk: This will be an introduction to computer viruses. Covering boot sector, file infector, multi-part, polymorphic, macro, Trojan, and script viruses. We will talk about how they infect, types of damage, and repairing.
- Lock picking talk: This talk will cover different kinds of locks, and handcuffs. And how there opened!
- Robert Lupo (aka V1ru5) has several certifications in the security field, including CCSA, CCSE. He currently works as a Network Security Administrator. He is known for his lock picking, virus, and social engineering skills. MCSE, CCSA, CCSE and SeaGate NerveCenter Certified.
Bruce Schneier - Panel Session - Panel 1 (211k MP3) Ian Vitek - Configuring Linux 2.0.* for IP Spoofing and Source Routing (6.1M MP3)
- Video (20.0M RealMedia)
- The speech will discuss hacking firewalls and filtering routers by spoofing IP and MAC-addresses. Two different spoofing techniques will be presented. Ian will first talk about what to eavesdrop (with siphon, dsniff, and tcpdump) and what kind of information one will need for these examples to work. Secondly Ian will show how to setup a working source route (full connection) with netcat through a filtering router. Then Ian will show how to setup the network on a Linux to be able to IP-spoof (with full connection) through a firewall if you sit on a untrusted network, U, between a trusted network, A, and the server, S. Both examples will be explained step by step.
- Ian Vitek works as a full time penetration tester at Infosec, Sweden (The page is in swedish). He is right now researching within Media Access level security and LDAP security (which is a big unexplored hole). He also thinks that modems are underestimated hacker tools.
- PowerPoint Slides
Mr. Nasty - Using Tools to Obtain Recon on NT Networks (7.0M MP3)
- Video (23.2M RealMedia)
- I have worked in the field of computer security for the past seven years. I test systems throughout the U.S. for various vulnerabilities and report to management how these vulnerabilities can be lessened. No one listens!
Cult of the Dead Cow - Panel (12.7M MP3) Bennett Haselton - A Protocol that Uses Steganography to Circumvent Network Level Censorship (14.3M MP3)
- Video (47.0M RealMedia)
- Many trivial techniques are already available for circumventing firewalls and proxy servers that monitor or censor network traffic -- for example, if your firewall blocks CNN, someone could setup an unblocked site outside the firewall where you can type "http://www.cnn.com/" into a form and retrieve the page contents. The problem with these "protocols" is that they make it easy to get caught, if the censors know what to look for -- for example, a GET or POST form field containing "http://" is trivially easy to detect. Even an encrypted protocol would still be easy for censors to detect, without breaking the encryption -- just the fact that you're *using* a tool for circumventing the censors would often be enough to get you in trouble.
- What we have designed is a protocol that uses steganography to circumvent network-level censorship, so that the protocol is undetectable to censors. We explain why some naive solutions to the problem -- such as hiding information in a long, dynamically-generated URL which is sent to an outside "friendly" site, or hiding information in cookies -- are not steganographically secure. Our protocol hides information in "innocent-looking" text queries that pass through the censoring proxy undetected. The page contents are encrypted and embedded in more "innocent-looking" content that is sent back to the browser.
- This sounds simple, but the mathematics of using steganography to make a protocol *undetectable* turn out to be infuriatingly complicated. Much of the talk will be devoted to attacks against the system that we didn't consider the first time around, and why more naive solutions may fall to these attacks.
- Bennett Haselton has been the coordinator of Peacefire.org since its inception in 1996. Peacefire opposes censorship that targets Internet users under 18, and maintains that profanity and smut on the Internet are not, in fact, "dangerous" to anybody, as most lawmakers and blocking software companies have made them out to be. Peacefire publishes research into different Internet censorship programs and technologies, their shortcomings, possible misrepresentations by the companies selling them, and (most popular) how to get around them.
Legal Panel - Panel Discussion (13.9M MP3)
- Video (45.2M RealMedia)
David J. DiCenso - The Citizen Hacker: Patriot or War Criminal? (9.4M MP3)
- Video (30.4M RealMedia)
- When might international computer hacking become an act of war? Some within the hacker community have felt that international hacking wasn't being done right by the DoD - it could be done much more effectively and efficiently if left to the experts - civilian hackers. This position is interesting, but is it appropriate? What ARE the international implications of electronic network information operations which target foreign actors or states? How far can an operator go before his acts become an "act of war?" What type of retaliation by a target country is permitted under international law and custom? What are the rules? Whose rules apply? In a world where hacker groups are so bold as to declare war upon a nuclear-capable major world power, and countries take military action against non-state actors geographically located in a non-hostile state, these thorny issues attain paramount importance. This presentation explores these issues in an effort to help shed light upon this "dark secret" of international relations.
- David J. DiCenso, JD - Director, Training Services at SecureLogix Corporation. Before coming to SecureLogix, Mr. DiCenso was an Associate Professor of Law at the United States Air Force Academy in Colorado Springs, Colorado. While at the Air Force Academy, Mr. DiCenso taught CyberLaw, Computer Law and Policy, as well as traditional general law topics. He was also an occasional guest speaker in the Acadmey's Information Warfare course. Mr. DiCenso's article on information warfare has been published in the Airpower Journal, and he has submitted an article on Information Operations for publication in another profesional journal this fall. Mr. DiCenso became an attorney in 1988, and served as a JAG in the USAF for over a decade. He joined SecureLogix Corporation in the Summer of 1999.
Greg Hoglund - Advanced Buffer Overflow Techniques (13.0M MP3)
- Video (42.9M RealMedia)
- This is a technical talk aimed at people who have already been exposed to buffer overflows and want to learn more. The talk assumes the audience has at least some knowledge of CPU's and processes. For those of you who already understand buffer overflows, this talk will be a refreshing discourse on technique. We will show how the injection method can be decoupled from the payload. We then explore the details and challenges of injecting code into a remote process. We will also explore the payload, the encoding methods, and how to dynamically load new functions. Lastly, we discuss the possible effects of a payload, including network worms, virus, and rootkits.
Mike Scher - What is DNS Alternate Roots? Why Does Internet Suck? (7.7M MP3)
- Video (25.5M RealMedia)
- Recently, the overlaping space among DNS, the design of browsers and search engines, international, national, and local trademark interests and law, have come to a head. A sprawling organization dubbed ICANN has taken over what used to be a task that sat squarely on one man's shoulders. The tensions are largely the result of ignorant (and purposeful) confusions of the purposes and functions of the various Internet name and resource locating systems. In this talk, we will discuss what a DNS root fundamentally IS, and the factors that keep a unified name service root in place despite many pressures to decentralize DNS root services. We'll then look at the ways in which decentralized or alternate roots could be (and have been) implemented, and their implications for trademark and software politics and design.
- Mike Scher is an attorney and network security consultant working on both the policy and technology fronts. He has designed private DNS roots and TLD systems for international Fortune 500 companies, and worked with public alternative DNS root projects. Most recently, Mr. Scher has become infrastructure technology and policy manager for a fast-growing startup company in Chicago.
Ian Goldberg - Using the Internet Pseudonymously III: It's Alive! (12.2M MP3)
- Video (40.1M RealMedia)
- The Freedom Network from Zero-Knowledge Systems allows users to maintain their privacy while on the Internet (WWW, email, IRC, etc.) by giving them cryptographically-protected pseudonyms ("nyms"). Not even Zero-Knowledge knows the identities behind the nyms (hence the name).
- Freedom has been up, running, and available for download since December. In this session, I will talk about the privacy-enhancing technology behind Freedom, what we've learned in deploying it to the world, and how various other groups have reacted.
- Ian Goldberg is Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, a Canadian company producing Internet privacy software for consumers. He is simultaneously completing his Ph.D. from UC Berkeley in the field of Computer Security and Privacy. Ian has in the past been known to find security holes in Netscape's SSL implementation, to break cryptographic algorithms used in GSM cell phones, and to throw a lot of parties.
ghandi - Dot-Com Smashing: Buffer Overflows on the SPARC (10.8M MP3)
- Video (35.4M RealMedia)
- The talk/demonstration is intended for audiences familiar with assembly language and/or stack-based buffer overflows on other architectures (most probably Intel). The topics aren't really anything new, I would just like to present them with the focus on a different processor/paradigm than Intel to better define the concepts in use. I will be covering SPARC assembly language on a fairly low level.
- Introduction to SPARC assembly, RISC, LOAD/STORE architecture; Register windows; Allocating space on the stack, SPARC subroutine calling conventions; How the code we're attacking will look; Leaf procedure optimization; How to write optimized assembly; Unix system calls from assembly language, overview of traps; Hand assembling instructions, conversion to hex, testing hex-encoded instructions in C __asm__ blocks
- Using GDB (GNU Debugger) and ADB (Absolute Debugger), disassembling compiled code, assembling instructions to hexadecimal (faster than by hand), patching executables, examining the stack of a running process, altering the stack/return address.
- Hand-crafting shellcode, basics, basic shellcode, intermediate shellcode, advanced shellcode; Delivering the payload; Bonus topics (time permitting).
- ghandi is a a Computer Science student beginning work on distributed, interactive environments (ala FreeNet or Stephenson's Metaverse) for an departmental honors project. I also work as a System Administrator at a web startup managing Sun clusters, FreeBSD servers, and Linux workstations.
- PowerPoint Slides
DDT - What PGP and Crypto is and How to Use (and not use) It (13.0M MP3)
- Video (42.5M RealMedia)
John Q. Newman - Fake I.D. by Mail and Modem - Part 1 (4.7M MP3)
- Part 2 (11.1M MP3)
- Video (46.5M RealMedia)
- I will cover topics such as the legal rules regarding fake ID, when and where it can be safely used, how to determine if an Internet seller of fake ID is a scammer or legit, and finally the federal governments new interest in fake ID. The ID shop, the place I recommended last year, was raided by the Secret Service 3 months ago, and I will also talk about this case. If you remember, the owner was at last years convention making and selling ID.
- My second talk will be called "10 steps you can take to protect your privacy." This will be the dry run for a presentation I will take on the lecture circuit when my big new book from Random House comes out on privacy. This talk will give straightforward steps everyone can take to drop out and stay out of Big Brother's databases.
Mythrandir - Penetrating B1 Trusted Operating Systems - Part 1 (5.6M MP3)
- Part 2 (4.6M MP3)
- Part 3 (3.6M MP3)
- If you have attended the Newbie B1 talk, or have previous experience with B1 systems then you will find this talk enlightening. Typically, B1 systems can only be penetrated due to misconfigurations. We will take a whirlwind tour of all of the areas to check for security misconfigurations and develop a methodology for attacking B1 Trusted Operating Systems. You are going to find B1 Trusted Operating Systems in increasing use, and you owe it to yourself to understand how to penetrate these systems and how to lock them down.
- Mythrandir, Software Evangelist and Visionary, Argus Systems Group, Inc.
- PowerPoint Slides
Sinster - Radio Energy Weapons (17.4M MP3)
- Jon Paul Nollmann's Radio Burst Cannon (RBC) is not quite a HERF gun, but close. The RBC should be able to produce up to or less than one megawatt for up to several milliseconds. More then enough to fry most computers from a minor distance. Version one will be a proof-of-concept device. Versions two or three will use higher energy and wave guides for a stronger and tighter energy burst.
Ender - Demonstration and Presentation of the Autonomous Nodes (6.7M MP3)
- Video (22.0M RealMedia)
- I am working in conjunction with them on this project and plan on a lengthy on site demonstration of the nodes' functions and AI. It's purpose mainly to demostrate that the theory of these nodes is highly functional in both network research, for exploitation and protection. To give you a quick surmise. A small LAN will be setup. NodeH (node hacker) will be inserted and printed documents of the timing and actions that NodeH will take, will be passed out to the crowd. The node will perform actions and an oversight of its AI will be presented to the crowd describing the reasons and purposes behind its decisions. Automated exploitation with an attack tree backbone (Bruce Schneier's idea from Dr. Dobb's Journal) are some of the main features. I have currently a 13 page overview which I am working on with Caezar. I have already begun development, the first run being MS compatible, with a Linux port possibly before Defcon.
- Ender is an embedded system software coder and tester for 4+ years. He has coded in solutions engineering group for customers world wide, he specializes in C and x86 assembly. Interests include prime number theory, cryptonalysis, DSPs, music, and ruling the world. Motto: Be good, be bad, just be good at it.
Evil Wrangler - Building a Backdoor Binary (8.2M MP3)
- Video (27.0M RealMedia)
- Featuring SSH 2.0.13.
Jim McCoy - Majo Nation: Building a Next Generation Distributed Data Service (14.8M MP3)
- Video (49.5M RealMedia)
- Jim McCoy is a long-time cypherpunk and who decided long ago that cypherpunks may talk about writing code but it takes Evil Geniuses to really get the job done. After helping Steve Jackson build Illuminati Online using the money from the Secret Service raid he was convinced that the best way to bootstrap a start-up was to antagonize the government, since then he has learned that there are easier ways...
Aaron Grothe - Tunneling and Firewalls (4.8M MP3)
- Video (16.0M RealMedia)
- A firewall is the first line of defense for almost every LAN connected to the Internet. Using a firewall many System Administrators restrict privileges to services they do not want to allow access to such as Telnet and FTP. Using tunneling software, people can re-enable those services by establishing virtual data paths through allowed protocols such as HTTP. The talk will provide an overview of how tunneling may be used, how to combat it, and when to use it. There will be a demonstration of how tunneling works using the httptunnel software.
- Aaron Grothe is a System Administrator for a small startup based in Omaha, Nebraska.
Chris Goggans - Lotus Domino Vulnerabilities (13.8M MP3)
- Video (45.4M RealMedia)
- This session will cover security vulnerabilties and common misconfigurations in Lotus Notes and Domino servers. The presentation will contain exploit demonstrations and discuss work-arounds for the problems. This session will also announce the results of research into new vulnerabilties.
- With Kevin McPeake, Wouter Aukema, and Patrick Guenther, all from Trust Factory.
Freaky - Macintosh Security (12.5M MP3)
- Video (40.9M RealMedia)
- Freaky will be presenting his second speech this year. Last year he covered the basics of Macintosh security and answered questions. This year he will be going over security/hacking of the MacOS and details of OSX and the security it offers. Macintosh security is a topic not well known, so he is willing to take questions early to cover in the topic.
Mr. Mojo - Windows 2000 Security (13.4M MP3) Adam Bresson - PalmOS Security and Data Protection (12.1M MP3)
- Video (39.5M RealMedia)
- My talk will focus on protection of info and device via encryption/decryption, PalmOS/hardware architecture, and the structure of a Palm application. Techniques for implementing security for information, accessing Palm system modes and understanding code will be covered.
- My Background: I'm a three year veteran of the Palm scene affiliated with PDAZone, PalmWarez, and PalmOlive. I am dedicated to understanding the system and operational functions of the world's first usable PDA. I believe a Palm can do a whole lot more than just store numbers and appointments. My discussion will share my deep knowledge of this device.
Pyr0 - FAQ the Kiddies (10.1M MP3)
- Video (33.2M RealMedia)
- Every year the attendance at Defcon grows. It was apparent this last year that many of the kiddies (W@r3z d00d5, script kiddies, and lamers) had come with the intention of learning something. Problem is, upon arrival these groups think that the only way they will be able to benefit from Defcon is if they "PROVE THEMSELF" to everybody they come across. By the end of Day 1 they have successfully burned any bridge they had the chance of building. This speech will give newbies some of the info needed to get on "the right track." Some of the highlights are:
- Dangers of being a script kiddie; Learning vs. Compiling; What your local library has to offer "Follow the rainbow booked road"; "Hacking without going to jail"; "Shutting your mouth and opening your ears"; There will be many URL's and book titles given so please bring a pen and paper.
Phillip J. Loranger - Army Biometrics (12.4M MP3)
- Video (40.3M RealMedia)
- GS-14, Director of Army Biometrics
Phil King - 8-bit Redux: Microcontroller Hacking (9.2M MP3)
- Video (30.1M RealMedia)
- In days gone by, microprocessors dealt in units of 8-bits at a time, and names such as Commodore, Atari, and Apple (as in "Apple ][") ruled the land. Intrepid hackers of amazing skill and talent worked their magic with limited resources, producing code that was a thing of beauty. The days of the widespread 8-bit desktop computer are past, but the 8-bit processor itself is not gone. It has gotten faster, added some peripherals and picked up some of the architectural features of it's larger later siblings, largely lost it's external memory, and gone into hiding as the ubiquitous microcontroller at the heart of embedded systems too numerous to count. Microcontrollers offer an excellent opportunity to recapture that spirit of the late 70's when 1K of code was a lot, while working with modern day technology. In this one hour talk, Phil King will describe how to setup a microcontroller development environment on a hacker budget and use it to learn and develop nifty 8-bit embedded system toys. The talk will be framed by descriptions of building an embedded keyboard sniffer with an Atmel AVR family microcontroller.
- Phil King is a hardware design engineer with 8 years of experience in various Silicon Valley hardware and software jobs. He received his BSEE from Stanford University in 1992, and an MSEE with an emphasis in computer networking (also from Stanford) in 1998. He is currently preparing to teach EE-281, the Embedded System Design class, at Stanford University this fall.
Thomas Munn - How to Make a Linux Firewall with IP Chains (12.5M MP3) Simple Nomad - A How-To Regarding Network Mapping (9.7M MP3)
- Video (31.8M RealMedia)
- A how-to regarding network mapping that covers some interesting techniques not commonly used.
John S. Flowers - Network IDS - Do Not Bend, Fold, Spindle or Mutilate (13.9M MP3)
- Video (45.5M RealMedia)
- All modern Network Intrusion Detection Systems (NIDS) are succeptable to not only Ptacek and Newsham style attacks, but a variety of other problems that have not yet been addressed. This talk is meant to shed some light on why many NIDS today are referred to as "Network False-positive Recorders" and why current IDS technology cannot handle monitoring high-speed network traffic. This discussion is meant to be a direct and straightforward analysis of why the current generation of NIDS will ultimately fail and how we can start taking proactive, not reactive steps in creating the future of intrusion detection technology. This discussion will also include examples of bypassing current intrusion detection systems and how the creation of a high speed, hybrid IDS will address many of the problems outlined in this talk.
- Mr. Flowers is the founder of Hiverworld and leads the Core R&D team in creating the Ansible, Swarm and upcoming IDS product. Prior to Hiverworld, Mr. Flowers was the chief architect of Inquisit's individualized news filtering service. He has also held positions as the Chief Security and Internet Architect at Utilicorp, Chief Architect of Neurosoft (later became Moviefone); and architect of the interactive voice response system that was the prototype of Wildfire. In the early 1990's he worked as an engineer for Microsoft. John was also on the first team to ever win Capture the Flag at Defcon.
V1ru5 - Updated Computer Virus Class (13.5M MP3)
- Video (45.5M RealMedia)
- Virus talk: This will be an introduction to computer viruses. Covering boot sector, file infector, multi-part, polymorphic, macro, Trojan, and script viruses. We will talk about how they infect, types of damage, and repairing.
- Lock picking talk: This talk will cover different kinds of locks, and handcuffs. And how there opened!
- Robert Lupo (aka V1ru5) has several certifications in the security field, including CCSA, CCSE. He currently works as a Network Security Administrator. He is known for his lock picking, virus, and social engineering skills. MCSE, CCSA, CCSE and SeaGate NerveCenter Certified.
Richard Thieme - Social Engineering at Defcon: Games Hackers Play - Part 1 (8.0M MP3)
- Part 2 (537k MP3)
- Video (25.7M RealMedia)
- Defcon has changed dramatically from Defcon 1 - when sixty real hackers met in face-time for the first time to Defcon 8 when thousands crowd into a hotel for a hacking "event scene." Richard Thieme has been called a "shrewd observer of hacker attitudes and behaviors" and sometimes he is. You be the judge. In this talk he reviews *very subjectively* the way truth is invented, perception managed, and media manipulated in the many rings of Defcon. It's all here - the familiar icons of good and evil, enemies of the people, Feds in disguise, happy and unhappy hackers, and his take on the truths, half-truths and outright lies that we exchange as currency in this looking-glass world.
- Thieme's predictions at Defcon 4 in "Hacking as Practice for TransPlanetary Life in the 21st Century" have all come to pass. But what's next? Hear how to position yourself for the Next Big Thing, depending on your hacking generation and the degree of real larceny in your heart.
- Richard Thieme is a writer and professional speaker focused on "life on the edge," in particular the human dimensions of technology and work. He is "a father figure for online culture," according to the (London) Sunday Telegraph and "one of the most creative minds of the digital generation" according to the editors of CTHEORY. He has spoken for OmniTech; Strong Capital Management; System Planning Corporation (SPC); UOP; Alliant Energy; Firstar Bank; MAPICS; Influent Technology Group; Navy Federal Credit Union; Arthur Andersen; the Conference of State Legislatures; the Society for Technical Communication; Association for Information Management and Research; the FBI; the Black Hat Briefings, Defcons 4, 5, and 6; PumpCon, Xmas Con, RootFest and RubiCon. He writes for Information Security, Village Voice, Forbes Digital, Wired, South Africa Computer Magazine, CTHEORY, and LAN Magazine.
Blanu - Freenet (11.8M MP3)
- Video (38.8M RealMedia)
- This is an original presentation unrelated to the paper being presented in Berkeley. That paper was "Freenet 101 + Why We're Anonymous." This presentation is "Freenet 101 + Various Attacks on Freenet + Spiffy Animations I Made with Crayons and Photoshop."
Daremoe - System Profiling: Target Analysis or How Crackers Find You (8.3M MP3)
- Video (27.3M RealMedia)
- This presentation will walk through profiling and target selection from an attack point of view. I will demonstrate techniques, commands and tools used to remotely identify systems, services and possible vulnerabilities for exploit. The presentation should teach newbie hackers how to identify potential targets while explaining to system administrators how their systems are targeted for attack.
Sarah Gordon - Virus Writers: The End of the Innocence (8.3M MP3)
- Video (26.9M RealMedia)
- Earlier research has empirically demonstrated the cyclic nature of virus writing activity: As virus writers age out, new virus writers take their places; enhanced connectivity amplifies the existing problem and various technical factors result in new types of virus writers surfacing and the cycles repeat. However, a new variable has recently been introduced into the cycle: legal intervention. The virus writing community now has experienced visits by concerned law enforcement; there have been arrests and sentencings. New laws are being enacted, and acted upon. Thus, the virus writing scene is no longer a casual game of kids on local BBS. What has been the impact (perceptually and operationally) of these visits, arrests, and most importantly, the (yet to be imposed) sentencing of David Smith. In other words, as the virus problem gets more and more attention, where are we actually going in terms of shaping acceptable behavior in our virtual communities and what, if any, impact are these legal interventions having on the impact of viruses impacting users? In order to produce a scientifically meaningful answer to this question, this pre- and post-test study examines pre-sentencing opinions of the impact of the visits/arrests/sentencing and compares these findings with those from post-sentencing opinions. Opinions are interesting and must be considered, as we know the opinions of today shape how people behave in the future. However, we are also concerned with immediate impact. To this end, impact will be examined in terms of viruses found both ItW and on the WWW, as a function of time with parameters being pre/post sentencing. In particular, we are interested in any discontinuity noted in the graph of viruses both ItW and on the WWW, and in online references to legal concerns.
- The conclusions will obviously depend on the actual results, but there appear to be essentially one of two scenarios:
- 1. The pre- and post-tests studies will demonstrate significant differences. Thus, proponents of tough police follow-up of virus writers will have some hard evidence that this actually has a financial value, as well as a societal impact.
- 2. The pre- and post-test studies will demonstrate no appreciable difference. This means that we need to re-evaluate the worth of pursuing virus writers as a useful way of curbing the problem and evaluate the wisdom of spending large amounts of public funding to pursue this avenue of defense.
Kent Radek - Designing An Anonymous Network (13.8M MP3)
- Video (45.5M RealMedia)
- Mr. Radek began life as a satellite communications engineer, decided that sucked, and went to work on a computer science degree. After a few years (better not discussed), he began life over as a software engineer with a defense contractor. It took him five years to discover that also sucked, but in the meantime, he designed a pretty cool encryption system for military communications. Recently, he began his third incarnation as a Linux developer, who, in his spare time, decided to combine the best features of Gnutella, Freenet, and Publius in order to make the world a better place for people who enjoy privacy and free speech. His interests (which are none of your business) include photography, running, cycling, SETI, penguins, and (unfortunately) DVDs. Sites to see: www.puzzlenet.net, www.radek.org, and www.grasshoppertakeover.com.
Natasha Grigori - Hacktivists to Activists - Make the Transition (8.9M MP3)
- Video (19.3M RealMedia)
- In 1999 the ACPM was formed with the goal of removing child pornography on the Internet via any means possible. After an initial announcement on HNN, and recruitment at Defcon 7, we began the daunting task of shutting down child porn sites. Initially successfully, we found that the sites we took down would come back up after a few days or weeks. Not only would they return, but it became increasingly more difficult to take them down. We were not effectively removing sites, just making them stronger. A change in tactics was necessary, and so the transformation to ACPO began. The transformation into a "legit" activist group from our beginnings in the H/P/A community did not occur without its own pains. Some felt we were becoming "soft" on child pornography and left. Others joined, not deterred by our history. We have come to form strong bonds with law enforcement internationally, and have had success at identifying both those that traffic and receive child pornography.
- Recent articles in apbnews.com, cbsnews.com, and wired.com have focused on ethical "hacker" groups fighting child porn have featured ACPO and Condemned.org, who is currently in the process of "going legit".
- In my talk Natasha Grigori (and possibly Rloxy of condemned.org) will present the problems which convinced us that hacktivism was not the appropriate path, the transition process into an activist group, and the benefits the transition has has brought us.
Subterrain Security Group - The Impact of Passive Network Mapping in Distributed Environments (9.7M MP3)
- This new approach to information gathering is the latest in stealth target aquisition technology. This lecture will discuss dynamic routing protocol internals, network mapping methodology, vulnerability analysis techniques, and OS identification procedures. Come prepared for an in-depth compare/contrast session between active and passive network information gathering heuristics. We make informed target aquisition notoriously fun and difficult to detect. The portable tool to do this will be released on Sunday afternoon.
- Subterrain Security Group releases solid, portable, and freely available open source tools for performing computer and network security related tasks.
Octil - CHaven (7.6M MP3) O'Donnell - Network Management (10.2M MP3) Rooster - Windows 2000 Security (8.1M MP3) Shaffner - Ask the Fed - Part 1 (11.3M MP3) Spot the Fed Wyatt - Radio Hacking Lee Johnston - Demonstration of Software That Allows the Construction of an Enterprise Network Inside a Single Computer
- Based on RedHat Linux, users can accurately simulate an enterprise network populated with real servers and workstations on a SINGLE COMPUTER (the system literally runs several real networked operating systems simultaneously inside one computer). It also runs multiple firewalls, gateways, routers, VPNs, or any other network device. Security experts (or hackers) can create a virtual network, populate it with Windows systems and then attack them with the latest exploits. In addition, all packet traffic can be (sniffed) sent to a file or displayed in real time. This provides security experts with detailed information about the nuts and bolts exchanges between networked computers. Thus, software-programming flaws can be identified and exploited. In addition, the system is a outstanding platform to create and test the most twisted of viruses. The kicker is you can build a virus, instantly infect a networked OS, and then rapidly see the results. If it doesn't work correctly, within seconds you can restore the infected windows OS to a virgin state, modify the virus, and try it again.
- A California native, Lee Johnston is a Senior System Analysis with Computer & Network Associates (CNA). He holds a bachelor's degree in Management Information Systems from the State University of New York. He has over 12 years of experience in computer security. Prior to his move to CNA, Lee was a System Administrator for the Air Force in Biloxi, Mississippi. On behalf of the Air Force, he authored several articles and textbooks on military networks and security. Currently, he leads the CNA's network security development team.
Dan Danknick - Fighting Robots
- If you saw the BattleBots pay-per-view show on R/C fighting robots, you heard Dan Danknick giving technical commentary during the fights. He was hired to do this as a builder of six robots himself in the past five years, as well as having written for numerous magazines on this topic. To further broaden his claws into this sport he designs and sells electronic radio interfaces to the international market as well as the SFX industry in Hollywood.
- Dan will bring a few working robots and explain their designs and how that fits into the various fighting styles developing within the sport. Time and interest permitting he would also like to discuss the developing security implications for popularized R/C robots and how they are shadowing the military construction of pocket-sized war machines. Lastly a giant box of parts and raw materials will be available for the audience to inspect and examine following the session.
July 12-15, 2001 at the Alexis Park Hotel & Resort
- Defcon 9 Pictures From Jason Scott
- Defcon 9 Pictures From goapixie
- Defcon 9 Pictures From Gothchick
- Defcon 9 Pictures From Teklord
- Defcon 9 Pictures From Echo23
- Defcon 9 Pictures From Threatlab
- Defcon 9 Pictures From DC2600
- Defcon 9 Pictures From Czarina
- 'Bed Jumping Mafia' Defcon 9 Picture Collection
- Defcon 9 Program (1.7M PDF)
- Defcon 9 Audio & Video Textfiles.com Mirror
- Defcon 9 Audio RSS
- Defcon 9 Video RSS
- Biing Jong Lin, Chieh Chun Lin, & Jan Che Su - Survey of Country-Wide Web Server Security (9.7M MP3)
- This presentation describes how we did the country-wide web server security evaluation in 1999 and 2001. It covers methodology and results. Also, we compared the difference between these 2 surveys, make some conclusion on current status and advisories to the government. Vulnerable web servers by type and percentages as well as trends are covered.
- Biing Jong Lin established TW-CERT (Country CERT in Taiwan) and worked there from 1997 to 2000. Now he works in the Science and Technology Infomation Center in National Science Council. Biing John Lin is also a consultant of nCERT, a government sponsored CERT after the cyberwar between China and USA in May, 2001 began.
- Co-author is Chieh Chun Lin and Chan Che Su. They work at Internet Security Solutions, Intl. in Taiwan. They are senior security experts and consultants, specialized in security assessment and penetration.
Freaky - OS/X and Macintosh Security (10.8M MP3)
- Macintosh Security has gone unnoticed by the public for many years, only recently it has become a topic due to the release of Apple's Mac OS X. With BSD functionality there is a whole new realm of security issues to be discussed. This years discussion will include the following, if there are other topics you would like discussed please email firstname.lastname@example.org with the topics.
- Secure Installation of Mac OS X; Configuring the firewall functionality; SSH on Mac OS X; Mac OS X Virus/Protection; Mac OS X Security Bugs/Fixes; sudo security risk 101; Obtaining Root; Denial of Service attacks; Mac OS X Hacks & Cracks
- You will also learn about the latest Macintosh security / hacking tools and see demonstrations of new apps. Plus Q&A at the end, and a guest speaker from the Macintosh Underground group Team2600 have a special announcement!
Jason Peel - Cypherpunk Grade Covert Network Channels (11.1M MP3)
- Two parties, both operating in hostile network territory, need to communicate covertly via an internetwork. They need to do so in a manner such that a well-resourced attacker cannot gain knowledge of the content of their transactions, nor even gain evidence beyond plausible deniability that discrete communication is taking place. The assumptions made are extreme; it is understood that lives may be at stake. Is the creation of such a clandestine network mechanism technically feasible? Absolutely. Should you be concerned about the implications of undetectable traffic? Most definitely. An initial R+D implementation in library form as well as proof-of-concept code built upon it will be presented. By taking advantage of peculiarities in many fielded protocols, steganographic techniques applied to the network layers, and using dynamic polymorphism based on local traffic patterns and cryptographic control, the channel is effectively able to resist detection and attack. Discussion concerning the theory, implementation, and political ramifications is welcomed.
- Jason Peel is a Senior Network Architect with Network Thought Co. Recent research+development efforts have covered wireless infrastructure auditing (including marsupial-in-the-middle attacks), PKI, anti-promisc-detection, managed enterprise lockdowns, and IPv6 vulnerabilities.
Bruce Schneier - Bruce Schneier Answers Questions (13.2M MP3) Sharad - Security & Privacy - An Introduction to Some Interesting Concepts (12.4M MP3)
- The typical netizen is blissfully unaware of the dangers that lurk each time he or she gets connected. Others consider security to be a "black art," too complex to understand - and therefore studiously avoid anything to do with it. This session serves as an introduction to the dangers that abound in today's networked existence. Besides presenting an overview of various attacks, the talk tries to demystify them by explaining the "how it works" of the attacks. We move from basic to more sophisticated attacks, cover a "proof of concept" case study and consider the counter measures possible. The session aims to serve as a starting point for all those interested in safe guarding their online existence, for those responsible for their organiztion's security issues and for just about anyone who is interested in security.
- Sharad Popli is the CTO and founding director of QuantumLink Communications Pvt. Ltd. (QLC), a five year old software company (based in Bombay, India), with a focus on Internet technologies and a specialization in Java. Sharad, an old timer on the Net (more than 10 years now) is the chief architect behind PostMaster, a popular mailserver with more than 1,500 installations across the world. A strong advocate of open source, he has been an early adopter of various open source technologies and software (including Linux since its 1.0 days and PHP when it was known as PHP/FI :)) Sharad writes from time to time (when persuaded enough!) His articles have appeared in most publications in India and also on CNETs international sites. He is an oft-invited speaker at various seminars and conferences and has addressed numerous conventions on subjects including: Java Technologies, Servlets, Linux, Email, Security issues, MTAs on Linux, Advertising on the Net, and other generic net-based topics. When not ensnared by the Net, he enjoys reading, music and the great outdoors.
FX - Attacking Control, Routing, and Tunneling Protocols (12.0M MP3)
- The protection of networked computers depends on the security and integrity of the underlying communication layers. In the last years, many people invested time to research bugs and exploits on the application level and less interest was on the network layers. We are going into the realms of protocols of ISO OSI layer 2 and 3. The audience will get a quick refresher on what Layer 2 and 3 are about and which general attack approaches exist. Layer 2 will be covered quickly and attacks using the well known ARP, CDP and some more will be explained. The primary part of the session will be focused on the abuse of ICMP and interior routing protocols (RIP & IGRP), how to scan for autonomous systems and for IP protocols other then TCP/UDP. Re-routing of packet streams for sniffing/interception will be covered as well. The finale will explain and show how to attack VPNs using GRE and how tunneling can enable you to circumvent NAT.
- FX of Phenoelit is the leader of the German Phenoelit group. His and the groups primary interests are in security implementations and implications of standards or less-known protocols. FX currently works as field infosec engineer at Lucent Worldwide Services ESS where he is supported in doing the things he generally prefers to do.
James Bamford - Researching Secrets (10.0M MP3) Shatter - FAQ The Newbies: Information for People New to Security, Hacking or Defcon (14.1M MP3)
- ETTIQUITE: How to approch people, talk with people, introduce yourself and how not to be a lamer. Example will include real life anecdotes, stories from past cons, and even things that happened the night before. PHILOSOPHY: Why are you here, and what are you doing? What is your motivation to be here? Why do you hack? Also included in this section is the concept of ethics: How your actions effect yourself, others, and the net at large, responcibility for your actions, and the differences of white/grey/black hat hacking, and why real hackers don't wear hats. LEARNING: Where to go to learn, proper steps to true knowledge, and how to avoid the trappings of being a script kiddie. Knowing the difference from downloading a useful tool for your set and grabbing a script and wrecking havok. REAL WORLD: What the media dosn't tell you, why hacking is easier on TV and the movies, and the you don't get 6-figure jobs by getting busted for hacking a .gov installation. Debunking some of the myths that the gov't and private sector look for the best hackers to hire from the lists of convicted hackers. WHERE TO GO FROM HERE: What you can get out of Defcon, what you can learn, and where to go after you nurse a major hangover. This is the general idea of the lecture, same overall concept from last year, but the content is dynamic and updated to always remain current.
- Shatter has been involved on many angles of the computer genre for over 20 years, and has spent 15+ of those years in the online/hacking aspects of it. Shatter has written many of the core '80s text files (under numerous nom de plumes) during the times when they were traded on variou BBSs. Recent work has been in online data management and profiling (enough for an entire lecture on what's really happening) as well as side security projects, artwork, and 3D design work. His next assignment is project manager on a building wide telemetry and control integration system with full accountability in real-time on a TCP/IP house net with full security implimentation, as well as physical buiding security.
Mark Grimes - TCP/IP Intelligent Agents: The Future of Electronic Warfare and Defense (11.0M MP3)
- The study of artificial intelligence bring many treasures to the development of both offensive and defensive network tools. Code can be designed to make "intelligent" decisions based on a presented data sample. When rules are explicitly laid out by RFC to indicate proper connection handling, these rules can be mapped and recalled. This would allow for an automated handling of network traffic with decision making enforced on next-packet injection. The Defcon speech will focus on Intravenous. Information will be shared with regard to overhead handling, event priority, as well as database and sensor/decoder optimizations. Examples in logic considerations will be broken down for simple attack scenarios. The IV specific design constraints and project goals will be discussed, a maillist will be announced for open discussion about the code that has been developed so far, and improvements of the overall design criteria.
- First, we will discuss what the word "intelligence" means and how it relates to source code. Recent work has been in online data management and profiling (enough for an entire lecture on what's really happening) as well as side security projects, artwork, and 3D design work. His next assignment is project manager on a building wide telemetry and control integration system with full accountability in real-time on a TCP/IP house net with full security implimentation, as well as physical buiding security. We will explain the need for code that is not only self-aware, but aware of the environment it runs in. We will briefly discuss the research conducted in the artificial intelligence field as it relates to TCP/IP networking and overall computer security. Many developers are writing code with AI properties and fail to capitalize on it.
- Second, we will discuss the state of tools/exploits today, and where they are headed tomorrow, in lieu of current security tools being seperate and disjoint. Packet sniffers seldom share information with packet crafters and IDS systems seldom share information with network scanners, for example. We will explain the need for agent code to assist in data collection, storage, retrieval and analysis for use within the scope of any tool that either runs interactively or in daemon mode for long periods of time. Discussion of toolsuite integration so that the network auditing and network detection are a more seamless process. Most exploits can be classified in only a handful of categories, most of which the discovery are based on custom scripts and source code analyzers. We will then explain the future of network assessment. We will explain where "non-intelligent" code falls flat, and how introducing rule bases, knowledge bases and a back-tracking method (memory), can allow an application to deduce plausible scenarios based on the data collected. This, in turn, will allow an application to be able to react to situations based on mathematical probabilities and/or metrics to hopefully choose the correct answer(s). Even without correct answers, it can still present the user with empirical data that may lead to a plausible next event. The Nemesis injection routines will be used in Intravenous. The threat of Nemesis by itself will be discussed with examples sited from published sources, and then will be contrasted with the introduction of AI componsents, that will make up the overall study, Intravenous (an agent concept model).
- Mark Grimes is a network security researcher whose focus is primarily on enterprise wide, multi-layered network threat, the study of TCP/IP packet pattern analysis, and the interest of machine learning and expert systems. Mark is best known for Nemesis, an eight protocol packet crafting tool suite. There are a number of articles and misc. tools, as well as the concept slides/video of the initial Intravenous concept available at www.packetninja.net. Mark Grimes is currently the Red Team Network Security and Forensics Lead for a Fortune 300 company. He has been the security lead of many high profile commercial, government and military contracts. Mark is also a developer for the ultra secure, multi-architecture OpenBSD Project led by Theo De Raadt.
Simple Nomad - Widdershins: De-evolution and the Politics of Technology (9.8M MP3) Dennis Salguero - The Business Side of Starting Your Own Consulting Firm and How They Can Succeed - Part 1 (3.6M MP3)
- Part 2 (99k MP3)
- Part 3 (488k MP3)
- Part 4 (2.5M MP3)
- I currently run my own computer consulting firm and I think that I can help others. I don't specialize in security, but obviously, there are similar tasks that need to be done. I would cover things like: - Incorporation - Taxes - Marketing - Keeping the client happy - Billing and getting paid.
- To find out more about me, I invite you visit my web site at www.beridney.com. There, you will find out about the books I have written and other conferences that I have spoken at.
Tim Mullen - Windows NT Null User (5.6M MP3) Chris Goggans & Kevin McPeake - Falling Dominos - Part 1 (7.8M MP3) Robert Graham - The Principals of Cyber-Anarchy. (8.4M MP3)
- CTO/Network ICE
TechnoDragon - Hardware Mods: How to Look for Them (11.0M MP3)
- Hardware mods. Have you ever wondered what special features can be enabled is your hardware, or even crippled for security reasons? Well, I will cover theory, fact and many designs covering identification and activation of hidden features wether they be hardware or software. Topics will include: Identification of places to perform mods in hardware. How to manipulate mods and features and settings to enable mods. How to identify what extra features can be enabled in hardware. List of what tools are required. Theory behind future mods and placement of mods in advanced devices live demos will be performed on the platforms covered and tutorials on ways to go about discovering what mods can be performed on the hardware of your choice.
Barry J. Stiefel - NAT for Newbies and Not-So-Newbies: A Tutorial - Part 1 (4.5M MP3)
- Part 2 (64k MP3)
- Part 3 (1.7M MP3)
- Part 4 (2.0M MP3)
- Part 5 (205k MP3)
- Part 6 (203k MP3)
- Part 7 (2.1M MP3)
- Part 8 (914k MP3)
- Part 9 (2.6M MP3)
- Part 10 (1.8M MP3)
- Part 11 (321k MP3)
- Part 12 (431k MP3)
- Part 13 (196k MP3)
- Part 14 (149k MP3)
- Part 15 (186k MP3)
- Part 16 (91k MP3)
- Part 17 (136k MP3)
- Part 18 (62k MP3)
- Part 19 (358k MP3)
- Part 20 (131k MP3)
- Part 21 (109k MP3)
- Part 22 (202k MP3)
- Part 23 (178k MP3)
- Part 24 (93k MP3)
- Part 25 (1.2M MP3)
- Network Address Translation (NAT) is a cheap and simple method for boosting the effectiveness of your firewall. Properly configured NAT can help hide your internal network structure from outsiders, enforce "outbound only" connections from internal hosts, and preserve scarce IPv4 addresses. This tutorial moves quickly through the basics, discusses a typical NAT configuration, describes NAT in action, enumerates the benefits of NAT, explains several potential pitfalls and shows how to configure DNS to accommodate the translated addresses.
- Barry J. Stiefel ("Stee-ful"), B.Sc., MBA, CISSP, MCSE, CCNA, CCSA/E/I, A+, is the Chief Technical Consultant at Information Engine, Inc., a Silicon Valley networking and security consulting firm. Previously, he was the founding Manager of Information Systems at Galileo Technology and was President of the Windows NT Engineering Association
Raven Alder - A Perl Script That Tracks DoS Attacks Across Cisco Backbones (7.9M MP3)
- Denial of Service attacks are well known in the security field, but in recent years distributed Denial of Service attacks have become more of a worry and a priority to ISPs. Recognizing when a DDoS attack is crossing your network is important, and being able to shut it down at your network's edge is even more so. But due to the increasing ease of spoofing the source IPs of a DDoS attack, correctly finding where the traffic is entering your network becomes more difficult. Rather than being able to traceroute via normal routing methods, most tracing of spoofed addresses has to be done hop by hop, one router at a time. In a large backbone, this can take hours, particularly when you consider that many DDoS attacks come from hundreds of different IP addresses. There aren't many tools out there to aid NOCs in tracing these sorts of attacks. Indeed, many NOCs are still forced to trace attacks by hand. To address this problem, I have written a Perl script to trace DDoS attacks backwards through a Cisco-router network. The script can handle spoofed IPs, and will run both on Cisco's older routers (7500 series) and on their Gigabit Switch Routers. This talk will present the script and provide a guided tour through the code to explain how and why it works.
- Raven Alder is a senior network engineer for a Tier 1 ISP, and hunts down DDoS attacks in the wild for fun. In addition to supporting Cisco routers, Raven is also a Solaris/Linux/BSD sysadmin, and enjoys Shorin Ryu martial arts and particle physics.
Marcus Andersson - Firewalling Wireless Devices (11.9M MP3)
- The different technologies today for providing IP-access over the air to handheld devices all pose some interesting questions about traditional security work. How to firewall? What is the physical differences of being on the "inside" versus the "outside" of the firewall? How to implement prudent securitymeasures if there is no security on the physical layer? Today, we can conclude that most base-stations used for radio LANs, regardless of technology (Bluetooth or IEEE 802.11) have coverage outside the building. This means that if someone is in the parking lot, with a PC and a radio LAN connection, one is connected to the office LAN...
- The presentation suggests some architechtureal workarounds to some of these problems, namely for example to put all handheld devices on their OWN "demilitarized" network, and not on the "inside" of the firewall. Other suggestions are made on how to implement some security on the handheld devices themselves, in order to protect them from compromising the whole network, as an unsecured "endpoint" in such a network would do. The topic of personal firewalls and automated virus-scanners for handheld devices comes in at this level.
- Some issues regarding implementing cryptography in different layers of the OSI-model are discussed, as is both risks and verified securityholes with current cryptographical implementations on the link-layer (such as WEP). A brief discussion on cryptographical protection and the impact on intrusion detection (the sensors can't see what happens if the traffic is encrypted) and virus-scanners (scanners can't scan encrypted mail) in included as well.
- It is not in the scope of the presentation to suggest a best practice, but rather to give some information on the threats of these new technologies, so that risk management can make their own decisions based on that.
Adam Bresson - Data Mining with PHP (8.9M MP3)
- Adam Bresson has been programming in PHP, MySQL and HTML for over five years. After his Defcon talk on Palm Security last year, he decided to explore security on a different, free platform. With ten years of networking experience behind him, he created GNU methods for monitoring security and data mining in PHP. He hopes you extend this foundation. Ask questions!
Nick Farr - Designing Secure Interfaces "for Dummies" (8.7M MP3)
- The old addage holds there is an inverse relationship between usability and security. The more user-friendly the system, the less secure it is. However, recent user heuristics research may lend insight into how to design more usable, more secure operating system interfaces -- independent of the underlying OS architecture, AND the gullibility of the user. By highlighting the graphical and subtexual cues recently highlighted in popular OS interfaces, the speech will cover how users are betrayed by them, either into a state of paranoia or a false sense of security. The speech will show how both states can be used to exploit the system through the user. As well, five guidelines for future interface design will be presented, showing how increasing the security of the interface can actually be used to increase, instead of restrict usability. While the talk is theoretical, each guidline will be applied as integrated into the design of a work-in-progress Kiosk package currently under development.
- Nick Farr recently graduated from the U of Michigan with a degree in Social Science, which included some graduate work at the School of Information in Human Computer Interaction. He works as a developer for the School of Public Health at the University of Michigan.
CyberEthical Surfivor - The Game (17.9M MP3)
- Ethics is that gray area between legal and illegal... and maybe your personal or corporate ethics are different that his or hers, or of someone from a different country or culture. Yet, we all need to live in the same "space." And that's the whole point of "CyberEthical Surfivor." CyberEthical Surfivor is an interactive game that pits 18 brave souls on two teams against each other. The object of the game is to be... duh... the last one standing: A true Surfivor. How you get there is half the fun, but Da Judge (Jennifer Granick) and Da Time Keeper and the D'Audience will be heavily involved in who become the Surfivor!
- CyberEthical Surfivor: The Game
Optyx - KIS: Kernel Intrusion System (6.8M MP3)
- This is the release of KIS. KIS is a self-contained binary that when executed on a system installs itself so that it will be loaded on reboot and loads a kernel module. This LKM hides itself, all of its subprocesses or desired processes, all of their files, directories, and network connections automatically. The presentation will consist of demonstrating how to setup and use KIS as well as explain some of the basic design concepts.
- Optyx is a programmer, age 20, currently living in San Francisco, California.
Daniel J. Burroughs - Applying Information Warfare Theory to Generate a Higher Level of Knowledge from Current IDS (12.2M MP3)
- The two greatest weaknesses of Intrusion Detection Systems (IDS) are the ease of which they may be evaded and their tendency to generate vast amounts of false alarms. Sophisticated attackers are able to easily avoid detection, maintaining a low profile by spreading out the attack both in time and (network) space. Meanwhile alerts are generated by normal user activity. IDS have not yet reached a level where they can reliably detect and assess advanced attacks while being able to separate normal user activities.
- This presentation discusses the use of information warfare theory, combined with multiple target tracking algorithms to generate a higher level of knowledge from current IDS. Instead of looking at IDS as the final stage in attack determination, it becomes the first stage. The IDS are treated as sensors on our network gathering information that is fed into a data fusion engine. By gathering information from different types of IDS and other sensors distributed throughout one or more networks, we aim to generate a higher level of knowledge, a situational awareness, that paints a much clearer picture of the activity on out networks.
- By combining and fusing data gathered from many independent networks, it is possible to move away from the traditional defensive posture of network security. In its place we are given more of bird's eye view of the scene, and are able to see the activity of individual attackers spread out across many networks.
- This presentation is based on research being conducted at the Institute for Security Technology Studies (ISTS), a federally funded research institute housed at Dartmouth College. A demonstration of the data fusion/target tracking system will be provided during the presentation.
- Daniel first became interested in computer security shortly after getting a 300 baud modem to connect his C64 to the outside world. Since that time he has moved on to bigger and (somewhat) better things. These have included work in virtual reality systems at the Institute for Simulation and Training at the University of Central Florida, high-speed hardware motion control software for laser engraving systems, parallel and distributed simulation research at Dartmouth College, and most recently distributed intrusion detection and analysis at the Institute for Security Technology Studies. He is also the proud owner of a Defcon leather jacket won at Hacker Jeopardy at Defcon 8.
- Institute for Security Technology Studies and Investigative Research for Infrastructure Assurance. The Institute and its core program on cyber-security and information infrastructure protection research serve as a principal national center for counter-terrorism technology research, development and assessment. It is funded by the U.S. Justice Department's National Institute of Justice, Office of Science and Technology to which it will also provide technical support. The Institute studies and develops technologies addressing counter-terrorism especially including counter-cyber terrorism issues in the areas of threat characterization and intelligence, threat detection and interdiction, preparedness and protection, response, and recovery.
Dr. Cyrus Peikari - An Open Source, International, Attenuated Computer Virus (9.6M MP3)
- The unchecked proliferation of global information networks has left society vulnerable to a digital Armageddon. Computer viruses can counter this vulnerability by stabilizing and strengthening information systems. Using analogies from medicine, this paper demonstrates the pressing need for well-designed computer viruses. This paper also proposes the design, implementation, and distribution of an open-source, international, attenuated computer virus.
- Dr. Cyrus Peikari is the Chief Technology Officer of VirusMD Corporation. He is the author of Windows Internet Security: Privacy and Protection, being released this fall from Prentice-Hall publishers. He is a former teacher of advanced mathematics at the Southern Methodist University Learning Enhancement Center in Dallas, TX. In addition, Dr. Peikari speaks on the radio about Internet Security every Friday night as a correspondent for CBS affiliate A.M 1080 KRLD in Dallas, TX
Bruce Potter & Adam - The Captive Portal (12.6M MP3)
- Adam and I have been doing research on wireless security from a practical perspective. Basically discovering what's wrong with the current security models in 802.11 networking and how they can be fixed or worked around. Adam has developed a system called the Captive Portal that will allow wireless networks to be setup that are resilent to problems with link-level authentication and encryption schemes. The system is still in development, but will be "released" by conference time (as much as open source software gets released ;). In the coming months we will be writing a paper on the Captive Portal; how it works, what it's strengths and weaknesses are, and instructions on getting one going. I will give the first part of the talk, Adam will give the second part the part that deals directly with the Captive Portal. We will also setup a wireless network at DC so folks can try and hack the portal. We're always looking for ways to improve our idea.
- Bruce Potter is the founder of The Shmoo Group, an organization of security, crypto and privacy professionals. He has done work as a network engineer, software security consultant, CTO of a failed startup, and a wire monkey. Bruce posts daily security news to securitygeeks.com.
- In 1993 Adam started the first ISP in his home town of Dunedin, New Zealand. Since then he has worked for several ISP's, small and large, in various capacities, mostly as a UNIX systems administrator. His current project is Personal Telco which is trying to leverage consumer grade 802.11b gear to build internet accessible neighborhood communities
Dr. Ian Goldberg - Arranging an Anonymous Rendezvous: Privacy Protection for Internet Servers (12.3M MP3)
- As the Internet grows in popularity around the world, we are beginning to see clashes between individuals and governments from different cultural backgrounds. Corporations, organizations, and legislatures are using local laws in order to enforce their wishes on others worldwide. Much work has been put into producing privacy-enhancing technologies that protect clients of online interactive Internet services. In this talk, we present the "rendezvous server," a primitive which allows the transformation of any such technology into one which can equally protect the providers of those services. It is our hope that being able to provide privacy for providers of online services, such as mailing lists, discussion groups, web sites, file servers, and chat rooms, they will be less susceptible to attack, and so will help prevent the Internet from becoming a place where the powerful can control the availability of content worldwide.
- Dr. Ian Goldberg is Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, a Canadian company producing Internet privacy software for consumers. Having recently received his Ph.D. from UC Berkeley, Ian is recognized internationally as one of the leading cryptographers and cypherpunks. In addition to developing many of the leading network software titles for the Palm Pilot, Ian is known for his part in cracking the first RSA Secret Key Challenge in three and a half hours, for breaking Netscape's implementation of the encryption system SSL, for breaking the cryptography in the GSM cellular phone standard, and for throwing lots of parties.
Lile Elam - Renagade Wireless Networks, Creating Connectivity on Demand (12.3M MP3)
- A panel of wireless hackers will describe how adhoc open wireless networks have been successfully setup for various events and places. From small/large happenings to local neighborhood access, learn how to create open wireless networks for all to use. After all, what is hacking without connectivity!
- Lile Elam, a hacker artist residing in Silicon Valley, has managed various Un*x based systems and networks since the late 80's. Founder of Art.Net (1994), Lile has always had an interest in sharing enabling technologies and creating networked communities.
Ofir Arkin - Introducing X: Playing Tricks With ICMP (12.7M MP3)
- During my research with the "ICMP Usage In Scanning" project, I have discovered some new active and passive operating system fingerprinting methods using the ICMP protocol. Methods that are simple, and efficient. The active operating system fingerprinting methods were not correlated into a certain logic. A logic that would allow us to have the ability to use any available method in order to, wisely, actively fingerprint an operating system. In this talk I will be releasing a new active operating system fingerprinting tool using the active OS fingerprinting methods with the ICMP protocol I have discovered. I will be explaining the tool's inner works and the various active OS fingerprinting methods with ICMP implemented and used with the tool. The tool's limitations, ways to detect its usage, and how to defend our selves from its abilities will also be discussed. Future plans and enhancements, which include a different approach to OS detection, will be presented as well.
- Ofir Arkin is the Founder of the Sys-Security Group, a free computer security research body. Ofir is most widely known for his research about the ICMP protocol usage in scanning. He has extensive knowledge and experience with many aspects of the information security field including: cryptography, firewalls, intrusion detection, OS security, TCP/IP, network security, Internet security, networking devices security, security assessment, penetration testing, E-commerce, and information warfare. Ofir has worked as consultant for several European finance institutes where he played the rule of Senior Security Analyst, and Chief Security Architect in major projects. Ofir has published several papers, the newest deal with "Passive Fingerprinting Techniques" and with the "ICMP Protocol Usage in Scanning."
Jay Beale - Attacking & Securing RedHat AKA: How Effective Has Bastille Linux Been? (12.0M MP3)
- This talk will demonstrate each of the major (widely available) exploits against Red Hat 6.x, before and after hardening the system with Bastille Linux. The idea is to show, very concretely, how Bastille Linux was effective at stopping/containing attacks, before the exploit was ever written. This is not simply a "product demo" for an open source tool, though! We'll describe exactly what hardening steps are taken to combat each attack and illustrate how these prevented/contained a compromise.
- Jay Beale is the Security Team Director at MandrakeSoft, makers of Mandrake Linux. He is also the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux. Jay is the author of a number of articles on Unix/Linux security, along with the upcoming book Securing Linux the Bastille Way, to be published by Addison-Wesley. You can learn more about his articles, talks and favorite security links via www.bastille-linux.org/jay.
Len Sassaman - What is SSL, a CA, and FreeCert? (10.8M MP3)
- The goal of FreeCertis to provide free or low-cost certificate authority services to individuals and organizations with limited budgets, as well as raise awareness of the services that CA's actually provide.
- Many users of the Internet today are unaware of what role a CA plays in the process of secure website viewing. In my presentation, I intend to give a brief explanation of how SSL works and what it is that a CA does. I will explain what the browser warning messages mean to the user, and what to do when encountering them. I will discuss the dangers of trusting CAs, and methods of ensuring that certificates are valid when the CA cannot be ultimately trusted.
- Following this, I will present details about FreeCert: what it does and does not intend to accomplish, who can benefit from it, and how it will execute these goals. Information on becoming involved in the development of FreeCert will be provided, and questions about FreeCert will be answered.
- Len Sassaman is a Systems Engineer for PDC Solutions, Inc. His primary focus is information security, specializing in email security and anonymity services. Len is an anonymous remailer operator, a member of The Shmoo Group, and a Crypto Rights Foundation staff member.
Robert Grill & Michael Cohen - Windows NT and Novell Host Based Intrusion Detection Using Native Logging and 3rd Party Log Reporting Tools (9.0M MP3)
- Auditing is defined for this presentation as the process of examining operating system (OS) audit logs to assure information stored on computers is properly protected, and meets corporate security policies. This presentation will cover the Novell NetWare 4.11 (NW) and Windows NT 4.0 (NT) operating systems. NW is capable of auditing Novell Directory Services (NDS) and file system actions, and NT for domain and file systems actions, performed on a company's WAN. Auditing tracks the following types of information: User Actions; Resource Usage; File System Security and Access Control; Login and Logoff Activity; NT and NW also includes auditing features to collect information about how a system is being used.
- These features monitor events related to system security, to identify any security breaches, and to determine the extent and location of any damage. The level of audited events is adjustable to suit the needs of an organization. This presentation illustrates the usage of NT and NW security monitoring separately; however, the concepts apply to any platform.
- The costs and benefits along with the weaknesses of such logging will also be addressed. While these are two older platforms that the software vendors would love to see upgraded, they are both still used in many organizations.
- Michael Cohen is currently an Audit Project Team Leader at a large California based bank, specializing in network and Internet security. He has over 5 years information security audit experience. He currently holds the CISA and SSCP certifications, even though he has a great disdain for such things. Previously, he worked as a big 5 security consultant and cut his teeth as network administrator holding together the worlds most poorly configured NetWare server and two of the most insecure Cisco routers.
- Robert Grill is currently an Audit Project Team Leader at a large California based bank. He has an MBA in Management Information Systems and has over 10 years information security audit experience. He holds the SANS GIAC; GSEC, GCIA, GCIH and GCFW certifications, as well as the CISA, CISSP, SSCP, CNA and CCNA certifications.
Thor - Grabbing User Credentials via W2k ODBC Libraries (8.5M MP3) Dario D. Diaz, Esq. - Digital Millenium Copyright Act (11.6M MP3)
- A presentation of the DMCA, a discussion of the terms and meanings with specific reference to the technical aspect of the Act, a case law study of specific cases around the country (not many as the law is very new and untested), and the repercussions of specific "hacking" acts that may result in a violation of the Act.
Thomas J. Munn - Using OpenBSD, Snort, Linux and A Few Other Tricks To Setup a Transparent *ACTIVE* IDS (18.2M MP3)
- Basically I will cover: How to setup Snort Sensor in OpenBSD. How to use Perl & Rules to actively adapt rules to attacks, while keeping yourself from being 'DoSed.' How to use ACID to make logs more easily accessible, and analyzed. How to use database portion to look at historical attack trends and react appropriately. How to setup "safe" management segment on your network that is both accessible to you, but hard for "them" to get into.
- Thomas J. Munn Infosecurity analyst.
Bryan Glancey - Weakest Link (15.9M MP3)
- Presentation and demonstration of attack attempts against common security software. Highlighting use of common hacking tools to attack Boot Protection, File Encryption, and other misplaced ideas. Seeking out the weakest section of security architecture and attacking based upon it.
- Demonstrations including: sector editors, Windows-based password attack programs (password grenadiers), Windows password broadcasting
- Bryan Glancey is the Director of Professional Services for Pointsec Mobile Technologies, the leading provider of mobile device security. Bryan has worked extensively with the implementation of security systems for Fortune 100 customers for the last 10 years. Bryan has spoken at a variety of industry conventions regarding information security, document management and control, and Internet technologies. Bryan holds an degree in physics; during his research he worked on 1/f frequency signal analysis, computational analysis of astronomical data, and research into electron migration using 3D modeling.
The Defendant - So You Got Your Lame Ass Sued: A Legal Narrative (13.0M MP3)
- "The Defendant" put up a website critical of his ex-employer, and within a week found himself in the center of a $120,000 lawsuit, facing some of the most powerful lawyers and largest firms in the country. With a week to fight the restraining order put against him, he had to learn everything he needed to know about legal procedures, presenting a defense, and speaking to the press. Through this, he kept the website up, answered many questions, and became the lightning rod for hundreds of angry, mistreated employees. Come listen to what he learned, and get some ideas in case it's ever you in the courtroom.
Michael Wilson - Hacker Doctrine in Information Warfare - Part 1 (11.2M MP3)
- Part 2 (290k MP3)
- Part 3 (399k MP3)
- It is now an accepted fact that computer hackers, crackers, hacktivists, virus writers, and other politically-aware individuals in the computer underground are 'taking matters into their own hands.' Whether through website defacementsor full-scale denial-of-service attacks, non-governmental, non-aligned individuals and groups are conducting what the military refers to as 'information operations' of increasing sophistication.
- What is clearly missing in these independent operations, however, is a complete and thorough understanding of how to think about attacks, how to undertake'mission planning,' and how to be truly effective. Based on our own understanding of practical applications in information warfare, 7Pillars Partners will present educational material on information operations that canhelp fill in these 'gaps' in a hacker's comprehensive understanding.
- Michael Wilson is the Managing Partner of 7Pillars Partners, with 20 years field experience in military and intelligence operations. He is an inventor, pioneer, and an acknowledged leader in infrastructural warfare, information operations, open-source intelligence, and next-generation intelligence. He is the winner of the U.S. National Defense University's Sun Tzu Award in 1997, and the G2 Intelligence Professional Award in both 1997 and 1998. Mr. Wilson can be reached at email@example.com, and a number of his professional papers are available at http://www.7pillars.com.
K2 - Polymorphic Shell Code API (14.5M MP3)
- Polymorphism has been around for years in the form of virus attacks. There is a wealth of information pertaining to this. This presentation will concern itself with the implementation of an API designed to place some black-box code (probably shellcode) within an encoded structure and deliver it against a number of Architectures (SPARC, HP, IA32, more soon).
- This code has been tested thoroughly against a number of popular NIDS Sensors (ISS, snort, dragon, NFR,), and has proven that as of yet, the code itself can NOT be detected at all. There are some possible methods of detection and that will be analyzed and future modifications to further evade these measures.
- K2 is a security consultant for a major multi-national company, personally located in Vancouver, Canada. Spare time spent mostly investigating OS/network vulnerabilities and the exploitation there of :). Years of assembly experience and a well developed cross-platform knowledge base.
Peter Shipley - 802.11b War Driving and LAN Jacking (13.0M MP3)
- Peter Shipley will discuss his latest research concerning open WLANs in the corporate and home environment. Early results will be presented along with maps illustrating the current threats showing that the current security models in 802.11 networking have set the state of network security back a decade.
- Mr. Shipley is one of the few individuals who is well known and highly respected in the professional world as well as the underground/hacker community. With thirteen years experience in the computer security field he has extensive experience in system and network security as well as programming and project design. Past positions and titles include "Chief Security Architect" at KPMG, Former and Chief Engineer for Network Security Assocates and Founder/VP at DNAI (a prominent Bay Area ISP),
- Mr. Shipley's specialties are third-party penetration testing and firewall review, computer risk assessment, secure systems design and security training. Mr. Shipley also performs post-intrusion analysis as well as expert witness testimony.
Rob Shein - Evaluating VPN Solutions (16.3M MP3)
- This session will detail a methodology by which security professionals may independently examine the security of a VPN. We will cover basic concepts of key exchange and management, leading into a description of good and bad ways by which the two ends of a VPN connection arrive at the necessary shared secret. We will discuss common mistakes such as improper random seeding or key exchange, and step through a checklist of things to check. Finally, we will apply this methodology before the audience in the testing of a running VPN system, and demonstrate two vulnerabilities that exist.
Enrique Sanchez - Distributed Intrusion Detection System Evasion (DIDSE) (7.2M MP3)
- A fast connection is the new era, but your IDS system can handle it? Can your operating system can handle it? Can you handle it?
- A DDoS is not the worse thing that an attacker can do in a distributed way. A evasion attack can take place while your IDS is just dropping packets, while it is just there checking an innumerable amount of unused packets with unused connections.
- There is no tool such as this, or is it? DIDSE distributes the attack ranging the amount of packets to be sent to the network to cause a flood to even modem connections in a timing and hidden way the is virtually impossible to hide it, combined with some accuracy in penetration an attacker could easily bypass the new era security systems. He can bypass your IDS.
- nrique A. Sanchez is an Industrial Engineer wich previously worked as system administrator before becomming senior pen-tester in an European security firm. Enrqiue A. Sanchez is involved in education, R&D and pen-testing.
Anders Ingeborn - Designing Small Payloads (7.8M MP3)
- This talk presents how to use double-injection over an existing network connection to write small remote buffer overflow exploits. A number of practical tips and code examples will be given. It will also be explained how this design can be used to hide an attack from both network based and host based intrusion detection systems.
- Anders Ingeborn works with vulnerability assessment and penetration tests at iXsecurity in Sweden. iXsecurity's clients during the last couple of years include government agencies, banks, nuclear power plants, and major corporations throughout Scandinavia. Anders also holds a MS in computer security.
Richard Thieme - Hacking a Trans-Planetary Net: The Essence of Hacking in a Context of Pan-Global Culture, the Wetware/Dryware Interface, and Going to Europa (14.1M MP3)
- When Richard Thieme spoke at Defcon 4, he said hacking was practice for trans-planetary life in the 21st century. Well, guess what? It was. But a changing context has also changed what hacking looks like. Context is content, and what was hacking at MIT on a PDP-6 just doesn't cut it any more. The essence of hacking is the same, but the game is played differently. When space war involves holographic image projection, cloaking devices, multispectral camouflage, micro-know-bots and the creation of synthetic environments that an adversary thinks are real... when cells are switched on to conduct heat and electricity... and the exploration of Titan and Europa make Mars and the moon look like inner suburbs... hacking means more than knowing how to spray paint a website or shut down a server. Hacking means an artist's imagination, an obsessive hunger for knowledge, and a deep understanding of cyborg humanity. Thieme illuminates the topography of that weird landscape.
- Key concepts: Context is content (i.e. what makes sense in one context no longer makes sense in another) what is wise in one context is insanity in another; hacking in its essence is a way to approach life with identifiable qualities and characteristics - some are innate and some can be learned. The ones that can be learned and how to learn them are spelled out; the attributes of hacking as it evolved in the sixties, if translated whole hog into the 21st century, make you look like a dork; it's not about being a script kiddie, doing DDoS attacks, or leaving graffiti - it is about the tools of imagination, the weapons of the mind, in a world of widespread deception; the practice of deception - the creation of illusion, the use of misdirection, the lethality of ridicule - are examined in relationship to hacking as the quest to know the truth; specific scenarios will be described, using the most current human resources, including war in space; the fusion of information war and space war through the "information web;" the changing definitions of humanity at the wetware/dryware interface, with emphasis on materials science and advances in brain enhancement; how life in space changes people and changes the species; and the bottom line - how the real attributes of hacking can be ported into this Borg world and used imaginatively, mischievously, and with a light touch to give real style to one's hacking and transform one's cyberlife into a work of art.
David Gessel - Intro to Quantum Cryptography (12.6M MP3)
- The subject is quantum cryptography, and the scope of the paper will be targeted toward a lay audience with a basic understanding of physics (what is an electron, a photon, etc.), computers (that they deal with binary information), and cryptography (that combining data with noise makes the data unreadable unless the noise is removed).
- I will move quickly, and at a basic level through the quantum physics involved and the cryptographic principles, and leave the audience with an understanding of the state and potential of quantum computing and quantum cryptography.
- David Gessel (Super Dave of the DoC) spent seven years of his childhood hammering steel in front of a coal-fired forge as a blacksmith's apprentice. He then went to MIT to get a degree in physics where he focused on fusion, robotics, and precision engineering. Switching coasts, David joined Apple's Advanced Technology Group and worked on a wide range of projects including pen-based computers, LCD technology, and digital cameras. David left Apple to join Interval Research Corp, researching rapid design/prototyping technologies for mechanical systems. After a few startups, David is now a consultant to Teradyne, Inc. and holds positions at Delta-e, LLC; PicoStar, LLC; idbias; and Nebucon, Inc.
Robert Muncy - Securing Cisco Routers (5.8M MP3)
- We will begin with basic IOS commands to secure a router, looking at unneed services and turning off seldom used protocols. From there we will look at configurations for defeating basic attacks against your network, including DDoS, SMURF and other nasty things you can do to networks. Next we will look at some simply access list and nifty tricks you can do with them! I will also discuss the basics of encryption, RADIUS, and other security measures you can use when making connections to multiple sites. For this talk I have assumed you have at least heard of TCP/IP ports, basic Cisco IOS commands, and the Internet and how it works! This talk is geared to Cisco novices but who have done basic networking already.
- Robert Muncy is currently employed by a financial company as Network Security Engineer. Previous to that I worked as a hired gun for several computer consultant companies.
Brenno de Winter - IPV6 Security (7.2M MP3)
- What's new. What are new risks? What are new opportunities.
- CEO, DeWinter Information Solutions
Jennifer Granick - European Cybercrime Treaty - Part 1 (4.8M MP3)
- Part 2 (215k MP3)
- Part 3 (25k MP3)
- Part 4 (1.5M MP3)
- Part 5 (347k MP3)
- Part 6 (356k MP3)
- Part 7 (722k MP3)
- Part 8 (1.0M MP3)
- Part 9 (1.2M MP3)
- Part 10 (523k MP3)
Phil King - 8-Bits and 8-Pins: More Fun with Microcontroller Hacking (14.2M MP3)
- "Microcontrollers" are microprocessors with additional peripherals, I/O controls, and memory, all built into one chip. Last year, Phil introduced the wonderful world of 8-bit micro controllers and showed how to setup your own project development lab. This year he looks at more fun, cute, and devious electronic devices you can build, this time focusing on microcontrollers with only 8-pins. What can you do with 2k of code spaces and only a few I/O lines? More than you might imagine! We'll look at various tiny projects, and see what can be done in small space and on a small budget. Bring your questions and project ideas. The people with the best ideas will go home with a complete Atmel AVR micro controller hardware development package.
- This talk will have a fairly high fun-factor looking at cool electronic toys, but there will be talk about and examples of low-level code and hardware design. Some programming experience and electronics vocabulary will definitely make the material more understandable.
- Phil King is a hardware design engineer in Silicon Valley with nine years of experience at various hardware and software jobs. He is also a part time lecturer at Stanford University, where he co-taught EE-281, the graduate level Embedded Systems Design Lab course last fall.
Keith Nugent - Windows 2000 Security: How to Lock Down Your Win2k Boxes (23.0M MP3)
- Windows 2000 provides a lot of new security features that were previously not available in earlier versions. The NT line, however, has never been considered very secure right out of the box. We'll be talking about how to use NTFS permissions, Default Security templates, Custom Security templates, and Group Policy to lock down a Win2k box. We'll look at what level of security is applied by default on a Win2k box, how to analyze these settings against proposed settings, and how to apply identical settings across multiple boxes.
- Keith Nugent has been playing with computers since his father first brought home an Apple iic. Being the youngest child, it thrilled him to no end to have something that would respond to HIS commands, as he was used to being the one who followed commands. Keith toyed with Apples and PC's for the next few years while he did other things, like grow up, go to college, run a business, and drive a tractor-trailer around the country. Then, a few years back, as tends to happen, he was the guy who was always fixing, operating, and training others on the computer. So he gave in and became the network administrator. Now years later, he's given up the pager and 3 a.m.-the-sky-is-falling phone calls of network administration to train full time. Keith is currently the technical training supervisor for a large computer training center in Chicago, IL.
Ryan Lackey - HavenCo: One Year Later (13.0M MP3)
- HavenCo provides secure colocation in the Principality of Sealand, in the North Sea, to a wide range of clients. We've gotten a lot of press in the past year, still, we get a lot of questions:
- Why do people go offshore in the first place? What can they gain? Aren't they all just software pirates and pornographers? Can existing companies restructure offshore after they get sued? What is life like on Sealand? Do you have photographs? Can I visit? Why don't you offer shell accounts? Is Sealand really a country? Is the U.K. going to invade? Are you going to setup other datahavens?
- I will try to answer these questions, and will present a slideshow walkthrough of Sealand, information about our network and physical infrastructure, and information about current clients. In addition, I'll discuss some of our current development projects, and how our services can be useful to pro-liberty forces around the world.
- Ryan Lackey is HavenCo's CTO and co-founder, living on Sealand full-time. He has worked on electronic cash and software-based datahaven systems, and originally got involved with HavenCo when looking for a secure place to host central electronic cash servers. In addition to Sealand, he has lived in Anguilla, considered wrongly or rightly as another possible datahaven location during the U.S. crypto export restricted period. HavenCo has taught him how to deal with media, politicians, and large numbers of lawyers, while running an international multi-site network, living in a 10,000 square foot concrete fortress for 3 months at a time, and missing just about every worthwhile party in the world for over a year.
Dan Kaminsky - Gateway Cryptography: Hacking Impossible Tunnels Through Improbable Networks with OpenSSH and the GNU Privacy Guard (10.9M MP3)
- 1. Theory of Gateway Cryptography. 2. Methods of securely connecting mutually firewalled hosts. 3. Turning any SSHD into a VPN termination point (without using PPP over SSH). 4. Dynamically Rekeyed OpenPGP. 5. PPTP over SSH. 6. Securely SUing to root. 7. Robustifying live-configuration of OpenSSH. 8. SFTP Compatibility Mode (implementing everything with cat, tar, and tail).
John L. Dodge & Bernadette H. Schell - Laurentian University Hacker Study Update (13.3M MP3)
- Laurentian University's Hacker Research Team from Sudbury Ontario, Canada interviewed and surveyed self-professed hackers at Defcon 8 in Las Vegas and H2K in New York City in July 2000. The objective of the study was an attempt to give a balanced view on hackers - including the "white hats" and the "back hats." Its intent was to collect information that would give a realistic picture of the way hackers think, feel, and behave rather than some unbalanced and contrived picture based on the media or innuendo. The 22-page questionnaire had five parts: (I) hacker demographics, (II) health and mind-body symptoms, (III) routine behaviors, (IV) respondents' likes and dislikes and (V) decisions regarding work and/or school.
- The media and academic writers have created many hacker myths based on their feelings or observations. Are they supported by fact or are they just fiction? Of the 20-hacker myths investigated we will present which are supported by the questionnaire data and which are not. We begin to crack the myths with a balance view.
- John L. Dodge is a professor within the School of Commerce andAdministration at Laurentian University, Sudbury, Ontario, Canada. As a partner in a management-consulting firm, he lectures and consults widely on e-commerce and organizational strategy issues. Prior to his academic career he was President and CEO of a venture capital firm and Vice President Development for a mining and development company. He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from the University of Western Ontario and a Ph.D. from the University of Bradford in the U.K. He is a Certified Management Consultant (CMC) and a Professional Engineer (P.Eng.).
- Bernadette H. Schell is Director of the School of Commerce and Administration, Laurentian University, Canada. President of a HR consulting firm in Sudbury, Ontario, she lectures widely on stress management, executive stress, and stalking protection measures. She is author of a Self-Diagnostic Approach To Understanding Organizational And Personal Stressors (1997), Management In The Mirror (1999) and Stalking, Harassment And Murder In The Workplace (2000) all published by Quorum Books. She is the recipient of the Laurentian University research excellence award (2000).
Dmitry Sklyarov & Andy Malyshev - eBooks Security - Theory and Practice (8.0M MP3)
- Security aspects of electronic books and documents, and a demonstration of how weak they are:
- "Standard" PDF encryption, ROT13 (used by New Paradigm Resources Group, Inc.), FileOpen (by FileOpen Systems), SoftLock (by SoftLock Services, Inc.), Adobe's Web Buy, Adobe's eBook Reader (GlassBook Reader), InterTrust DocBox plug-in.
- Documents publishing in electronic form have a lot of advantages against traditional on-paper publishing. You could easily find list of such advantages on web server of any company, which provides eBook solutions. But nobody perfects, and there is one big problem that related with eBooks. Information in electronic form could be duplicated and transmitted, and there is no reliable way to take control over that processes. There are several solutions from different companies that were developed to prevent unauthorized distribution of the electronic documents.
- My name is Dmitry Sklyarov. I'm employee of the ElcomSoft Company. As we have demonstrated in our speech on Black Hat Win2K Security (February 2001), encryption in Microsoft Office documents is very weak and password protection may be removed without any problems in most cases. In this speech, I'll try to cover password protection aspects of electronic books and documents. The most attention will be paid to documents in PDF format.
HC - NTFS Alternate Data Streams (8.0M MP3)
- Windows NT and Windows 2000 have powerful graphical user interfaces that make the job of assessing the security condition of and securing these operating systems considerably easier. Changing the bad logon limit is, for example, relatively easy to both understand and do in both of these Windows operating systems. Providing adequate security does not, however, always involve working with mainstream features of applications, operating systems, and networks. Alternate Data Streams (ADSs) are an example. This little-known feature available with the NT File System (NTFS) in WNT 4.0 and Win2k (RICH98) has been available since the advent of NTFS in the first WNT release, WNT 3.1. Although this feature is relatively unknown by the vast majority of WNT users and administrators, it provides a potentially very powerful attack mechanism for malicious individuals intent on compromising and exploiting WNT and W2k systems.
- What is an ADS? How can ADSs be created and how can executables be run in them? How can they be misused (e.g., by having malicious executables run in them)? How can they be found? This paper addresses these and other related issues concerning ADSs and security considerations.
Dan Moniz - The Impact of P2P on Security in the Enterprise (6.2M MP3)
- Increasing democratization of the network means more and more users are finding interesting things to do with the resources at their disposal. In the wake of watershed decentralized applications such as Napster, many commercial and open-source efforts are producing so-called "Peer-to-Peer" (P2P) or decentralized applications and computing frameworks. The genesis of P2P, decentralization, and distributed computing as a fundamental architecture has serious implications for the way security is handled, not only in the wilds of public networks like the Internet, but also in closed enterprise environments. Like it or not, users will be using these apps and participating in these networks. It behooves every security administrator to become familiar with the nature of P2P systems and to understand both the potential threats and possible benefits of such systems, as well as to anticipate user adoption and related issues.
- Dan Moniz is a Research Scientist and Chief Security Architect at OpenCola, a leading developer of Distributed Computing Infrastructure (DCI) software, including peer-to-peer (P2P) applications and reliable multicast systems. His primary work to date has been in the area of security architecture for generalized P2P applications, protocols, and frameworks. Previous projects have involved Digital Rights Management (DRM) systems predicated on true electronic rights inside capability-based secure environments as well as analysis and design of authentication protocols for distributed media streaming applications. Before joining OpenCola in September of 2000, Mr. Moniz worked as a Researcher for Viasec Limited, a crypto software development firm, and contributed to their flagship email encryption server Consus, as well as additional internal research projects involving Single Sign-On (SSO) technology, biometric identification systems, smartcard tokens, capability-based systems, and security for mobile devices. Mr. Moniz supplements this experience with several years of exposure and participation in the public infosec community at large.
Dark Tangent - Defcon Awards Ceremony (7.2M MP3) Stephen Hsu - Triangle Boy: IP Spoofing and Strong Encryption in Service of a Free Internet (16.3M MP3)
- SafeWeb is an encrypted (SSL) anonymous proxy service, used approximately 100 million times per month by hundreds of thousands of people worldwide. Triangle Boy is an open-source program that lets volunteers turn their PCs into entry points into the SafeWeb network, thereby foiling censorship in countries like China and Iran. Triangle Boy uses IP spoofing and innovative packet routing to minimize the load on volunteer machines. I discuss SafeWeb's goals and technologies, its involvement with the CIA through In-Q-Tel (the agency's venture fund) and the Internet as a catalyst for social transformation in China.
- Stephen Hsu is the CEO and co-founder of SafeWeb. He is currently on leave from his position as a professor of theoretical physics at the University of Oregon. Previously, he was an assistant professor at Yale University, and a research fellow at Harvard. His research specialty is quantum field theory and its applications to particle physics, astrophysics and cosmology. He holds a PhD from UC Berkeley and a BS from Caltech.
White Knight - Internet Video Surveillance (7.6M MP3) D-Krypt - Web Application Security (10.7M MP3) Cult of the Dead Cow - Hacktivism Panel (12.3M MP3) Jim Christy - Meet the Fed Panel (13.4M MP3)
- This years panel will build on last years format. A brief introduction and statement from each of the panel memebers, and then right into audience questions and qnswers. Jim Christy will be moderating. So far the panel includes: OSD - Paul Smulian (Information Assurance), GAO - Keith Rhodes (Chief Tech Officer), Arizona State Representative Wes Marsh, NSA - Ray Semko, Interagency OPSEC Support Staff.
William Tafoya - Meet the Fed Panel (10.5M MP3)
- For the past three years, Dr. Tafoya has been Professor of Criminal Justice at Governors State University. Previously he was Director of Research, Office of International Criminal Justice, University of Illinois at Chicago. He is a retired Special Agent of the Federal Bureau of Investigation. For 12 months (July 1989 - July 1990), he served as Congressional Research Fellow for the 101st Congress in Washington, DC. There he conducted research on police use of high technology as well as future crime. He remains the only law enforcement officer ever selected to serve in this capacity on behalf of the U.S. Congress. He has guest lectured at numerous universities and various venues internationally. In 1991 he founded the Society of Police Futurists International.
- Prior to his retirement from the FBI in June 1995, he was assigned in Washington, DC, Quantico, Virginia, and San Francisco, California. Dr. Tafoya served for 11 years at the FBI Academy as a senior faculty member of the Computer Crimes Training and Behavioral Science Units. He was the first law enforcement officer to make investigative use of the Internet. He created the UNABOMber web site in December 1993. It was generated on a NASA computer because at that time the FBI did not have the capability to implement Bill's ideas on its own computer system. Bill subsequently developed the FBI's Oklahoma City bombing web page in April 1995.
- At Governors State University, Dr. Tafoya teaches courses in Computer Crime Investigation, Research Methods and Statistics, as well as Strategic Planning. His current research interests are in CyberTerrorism and the application of Virtual Reality for training of law enforcement officers. His 1986 Ph.D. in Criminology is from the University of Maryland; it was a forecast of future of law enforcement. He was recently appointed an advisor to the National Cybercrime Training Partnership of the U.S. Department of Justice. Both the print and electronic media have interviewed him extensively nationally and internationally. Twice he has been featured in U.S. News & World Report. More recently he was featured in the April 2001 issue of Information Security.
Unknown - Credit Card Fraud (11.3M MP3)
August 2-4, 2002 at the Alexis Park Hotel & Resort
- Defcon 10 Pictures From Deviant Ollam
- Defcon 10 Pictures From the Hektik.org crew.
- Defcon 10 Pictures From CHS
- Defcon 10 Pictures From astcell
- DefCon 10 Through the Eyes of Grifter
- Kampf's Defcon 10 Report
- Defcon 10 Pictures From havoc.
- Defcon 10 Pictures From DMZS.
- Defcon 10 Pictures From ttye0
- Random Footage from Defcon 10 (YouTube)
- Defcon 10 Program (2.8M PDF)
- Defcon 10 Audio & Video Textfiles.com Mirror
- Defcon 10 Audio RSS
- Defcon 10 Video RSS
- Dennis Mattison - Network Printers and Other Network Devices, Vulnerabilities and Fixes (9.1M MP3)
- Like computers on large heterogeneous environments, networked printers and other peripherals have vulnerabilities that can lead to exposure of data, denial of service, and as a gateway for attacks on other systems. Yet, while many organizations seek to protect their computers, they ignore printers and other peripherals. We will discuss general attacks against printers and other peripherals, with specifics on known (and some newly discovered) vulnerabilities in several brands of printers, and propose possible solutions to keep both computers and networked peripherals from attack. The talk is technical but not microcode technical, and the audience needs only to bring their brains, though familiarity with the various printers and other peripheral devices available on the market is a plus.
- Ltlw0lf (aka Dennis W. Mattison) is a consultant for both military and civilian organizations, primarily an instructor on information security and assurance classes for Solaris and other UNIX environments, as well as a security and penetration testing analyst, PKI engineer, policy designer, and systems administrator. As a hobby, Ltlw0lf dabbles in vulnerability discovery, and has released several vulnerability reports involving printers and other network devices. Ltlw0lf was the sysop of "The Programmers Connection BBS" in San Diego for 8 years, and has been involved with several Sysop and Systems Administrator organizations in the past.
- Paper (741k PDF)
- Presentation (609k Magicpoint)
- Printer Vulnerabilities & Exploits
- Source Code
Saqib A. Khan - Stealth Data Dispersal: ICMP Moon-Bounce (8.8M MP3)
- This research is targeted at demonstrating that small amounts of data can be dispersed over IP based networks, utilizing the data payloads of existing protocols. Such data is expected to be kept alive on the ether until one chooses to retrieve it. The crux of the scheme is the fact that this type of data dispersal is expected to be extremely difficult to detect. Such a scheme also raises some very interesting aspects regarding using Internet traffic itself as virtual mass storage system, etc.
- As an example, a specific technique created by the author, the "ICMP Moon-Bounce", will be presented that accomplishes our data dispersal goal.
- Khan is the Founder and CEO of SecurityV, Inc. a cutting edge Network Security Auditing startup. Previous to SecurityV, Khan founded and ran Secure Networks Corporation, a succesful network security integration firm w/ offices in Harvard Square, Cambridge, MA. Prior to Secure Networks, Khan performed brief consulting stints at MIT, Sun, Checkpoint, and Lucent(INS) on multiple security and programming projects. Khan's primary interests lie in Network Protocol Vulnerabilities, Artificial Intelligence, and Cosmology. Nowadays, Khan resides in Miami Beach and spends equal time on partying and Network Security research. Khan has previously presented five techincal papers in various professional conferences. Khan has a Masters in Computer Engineering and a Bachelors in Electrical Engineering from Auburn University, AL.
Ofir Arkin - XProbe, The Year After (10.2M MP3)
- Xprobe, written and maintained by Fyodor Yarochkin & Ofir Arkin, is an active operating system fingerprinting tool based on Ofir Arkin's "ICMP Usage in Scanning" research project (www.sys-security.com). Last year at the Blackhat briefings, July 2001, the first generation of Xprobe was released.
- The tool's first generation (Xprobe v0.0.1) relies on a hard coded static-based logic tree. Although it has a lot of advantages (1-4 packets only, accurate, fast, efficient, etc.) the tool suffers from a major drawback - its logic is static.
- At Defcon 10 we will be releasing Xprobe2, a complete re-written active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
- Ofir Arkin is the Founder of the Sys-Security Group, a free computer security research body. Ofir has published several papers as well as articles and advisories. Most known are the "ICMP Usage in Scanning," and "Trace-Back" research papers. Some of his research was mentioned in professional computer security magazines. He is an active member with the Honeynet project and participated in writing the Honeynet's team book, Know Your Enemy published by Addison-Wesley.
Aaron Higbee & Chris Davis - Dreamcast Phone Home (11.1M MP3)
- DC Phone Home (DreamCast Phone Home, a pun on the well-known film ET: The Extraterrestrial) is a project that challenges conventional enterprise security models by showing the ease by which an attack to an organization's network resources and infrastructure can be performed from an internal perspective. Simply put, once the DreamCast is deployed, it 'phones home' joining an organization's internal network with a remote network. We show that this type of attack can be performed easily with a variety of available hardware and software and in such a way that is not easily discovered by an organization's employees or security resources. Our presentation will include development descriptions and demonstrations of the attack tools that we have developed and are continuing to develop. The attack tools are comprised of a SEGA Dreamcast, a Compaq iPAQ handheld device, and a bootable x86 CD-ROM which can perform the attack using any available PC. Using open-source tools that we have ported to these platforms, we have created devices that 'phones home' over known protocols.
- Aaron Higbee has been working in information security for the past four years, getting his start at Earthlink Network as a Network Abuse Administrator. In this position, Aaron became intimately acquainted with the tactics of spammers, hackers, and every kind of network abuse imaginable. Later, while working as RoadRunner's Senior Security Administrator, Aaron learned and responded to the network abuse problems that plague broadband connections. Working at two national service providers, Aaron was able to become an expert in the tactics of hackers and the mistakes that get them caught. This experience made his transition from incident response to penetration testing a natural one. Currently, Aaron works for Foundstone, Inc. as a security consultant.
- Chris Davis has been working in the field of information technology for eight years, with a concentration on information security for the past four years. He has participated in secure systems development, information security consulting, penetration testing and vulnerability assessments, and information security R&D. He is a contributing author to Newrider's recent publication Building Linux Virtual Private Networks (VPN) and continues to write and publish various papers. He has developed and instructed a number of courses, the most recent of which was a 3-month course on software vulnerability discovery and exploit coding. Currently, Chris is a Senior Security Consultant for RedSiren.
- ISO Image
Len Sassaman - Anonymity Services and the Law: How to Safely Provide Anonymous Technology on the Internet (12.1M MP3)
- Anonymity technologies can be an essential life-saving tool for whistle blowers, human rights workers, political dissidents of oppressive regimes, and can provide a safe mechanism for the free-sharing of controversial ideas while protecting an individual's "true name" reputation. Due to the possibility of abuse of these systems, however, anonymity services are often criticized by law enforcement agencies and ISPs.
- This presentation will examine some of the challenges that anonymity service providers face when their systems are used for controversial purposes, and will explore ways to mitigate the risk of operating an anonymity service.
- Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Len is an anonymous remailer operator, and is currently project manager for Mixmaster, the most advanced remailer software available. In addition, Len has contributed to the development of personal encryption software and standards.
- Source Code & PowerPoint
Fred Trotter - Operating System Fingerprinting Library (8.7M MP3)
- This is a fingerprinting library designed to bring together the fingerprinting capabilities of NMAP, QueSO and X (at least version 1). Using this library you should be able to add operating system sensitive code to your favorite Perl, Java, C or C++ code.
- At the same time the library will give you control over the execution of individual OS fingerprint tests. If you are interested in writing OS sensitive code or researching OS fingerprinting then this talk (and the code) are for you. Everything will be released GPL.
- In his first life, Fred Trotter worked at the Air Force Information Warfare Center, and was a spook. But, while the Air Force let him work on cool stuff, which was good, it paid crappy, which was bad. So, Fred quit working as a spook and went to work for Rackspace. And there was much rejoicing. At Rackspace Fred Trotter tried to protect the largest installed base of RedHat servers in the world, and often succeeded. Then that contract ended abruptly and there was wailing and gnashing of teeth, for Fred had been paid well, and had gotten used to bank. Then, Lo, exault was hiring, and Fred Trotter applied and was hired, and there was much rejoicing, and the people did feast upon the lambs and sloths, etc. Then after 40 days (more or less) exault was bought by VeriSign. Then 40 days (more or less) later the VeriSign stock price plummeted, and the beatings given it by Wall Street were not just, or holy. But, Verily, though his stock options were worthless, he still had a cool job with a cool company in a crappy economy; and there was much rejoicing.
Jay Beale - Bastille Linux 2.0: Six Operating Systems and Still Going! - Part 1 (2.5M MP3)
- Part 2 Attacking and Securing FTP (8.9M MP3)
- Bastille Linux is a security tightening program that has proven capable of thwarting or containing many of the vulnerabilities discovered in operating systems. Originally written for Red Hat Linux, Bastille has now been ported to six operating systems, including HP-UX. This talk will talk about what Bastille does, what we've done to it in the last year, and what we're working on next. Most importantly, it will teach you something about hardening systems and beating worms, even if you're an old spacedog of a sysadmin.
- The Unix FTP servers have been called 'the IIS of the Unix world' for their frequent and potent vulnerabilities. Each has provided remote exploits, usually at the root privilege level, on a consistent and frequent basis. WU-FTPd is the most popular Unix FTP server by far, shipping by default on most Linux distributions, and even on Solaris, and being installed most commonly on the rest of the Unix platforms. This talk will demonstrate working exploits on WU-FTPd, then show you how to configure WU-FTPd to defeat them. While the talk will use WU-FTPd as the primary example, we'll also discuss ProFTPd, the other major FTP daemon for Unix.
- Jay Beale is the president and founder of JJB Security Consulting and Training, LLC. He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX. Jay is the author of a number of articles on computer security, along with the upcoming book Locking Down Linux the Bastille Way to be published in the second quarter of this year by Addison Wesley. You can learn more about his articles, talks, courses and consulting via www.bastille-linux.org/jay.
- Secure FTP PowerPoint
- Bastille PowerPoint
Jennifer Stisa Granick - The USA PATRIOT Act & You (11.6M MP3)
- This presentation will update attendees on changes to the law under the USA PATRIOT Act, with special emphasis on how the changes may effect political activists and the investigation and prosecution of computer crimes.
- Jennifer Stisa Granick is a Lecturer in Law and Director of the Litigation Clinic at Stanford Law School's Center for Internet and Society. Ms. Granick's work focuses on the interaction of free speech, privacy, computer security, law and technology. She is on the Board of Directors of the Honeynet Project, a computer security research group, and has spoken at the National Security Agency, to law enforcement officials and to computer security professionals from the public and private sectors in the United States and abroad. Before coming to Stanford Law School, Ms. Granick practiced criminal defense of unauthorized access, trade secret theft and Email interception cases nationally. She has published articles on wiretap laws, workplace privacy, and trademark law.
- Cyber Rights Now: 'Scotty, Beam Down the Lawyers!'
Dan Burroughs - Correlation & Tracking of Distributed IDS (8.5M MP3)
- Standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. However, it is not the attack but rather the attacker against which our networks must be defended. To do this, the information that is being provided by intrusion detect systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear. By applying techniques from radar tracking, information warfare, and multisensor data fusion to info gathered from distributed IDS, we hope to improve the capabilities for early detection of distributed/coordinated attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks.
- Daniel Burroughs is a research engineer and Ph.D. candidate at the Institute for Security Technology Studies at Dartmouth College. His areas of research have included mobile agents, distributed simulation, and distributed intrusion detection. He is also the head of engineering for SignalQuest, Inc., which specializes in the development of embedded sensors.
Jon Miller (Humperdink) - Securing Your Windows Internet Server (7.5M MP3)
- I will show people how to secure different Windows servers using common sense and a variety of different tools. The fundamentals can be applied to any Windows server whether it is NT4/2000/.NET as well as IIS or Exchange. I will also walk people thru many good security tools that are a must have for any Windows server. I will actually secure a server at the talk that will later be placed on the CTF network. I will anounce a FTP location at my talk where all of the tools I will feature can be downloaded from.
Ryan Lackey - Anonymous, Secure, Open Electronic Cash (12.7M MP3)
- Electronic cash has been the lynchpin of cypherpunk software goals for decades -- yet, there is no viable electronic cash system in the marketplace. We will describe the theory, applications, past attempts, politics, failures, and successes in the field. We present a specification and implementation of a new system which is secure, open, extensible, free, and which will hopefully avoid the technical and strategy mistakes which plagued earlier systems. We will solicit developer involvement in creating applications which use this infrastructure. We hope this infrastructure is a first step toward limiting the power of governments and other oppressors vs. individuals and small groups throughout the world. It is also an example of how to proivide a critical infrastructure application, in an open-source form, in the post-dotcom world, and a generally-applicable demonstration of how security hardware and software can be used in applications to win user trust.
- Ryan Lackey, founder and CTO of HavenCo, has been involved with electronic cash and other cypherpunk applications for years. In addition to HavenCo and living full-time on Sealand, he works on several open-source software and hardware projects which are finally ready for public launch. He has a great interest in seeing technology deployed in the service of individuals fighting against the State.
Ian Peters - Rubicon: An Extensible Gateway IDS (5.3M MP3)
- IDSs have traditionally been seen as purely information resources, requiring human intervention in order to act on alerts. Recently, support for modifying firewall rules and killing active connections have begun to appear in IDSs, but these suffer from shortcomings. A desire has been recently expressed by many people for an active, 'Gateway' IDS (GIDS), allowing filtering and routing of traffic to be performed by a gateway computer using both traditional firewall-style rules, and also NIDS-style analysis. Rubicon was developed to supply this functionality, and more, in an extensible manner. This talk will discuss some shortcomings of current NIDS products, and hence the need for GIDS, the design and development of Rubicon, and the future for GIDS in general and Rubicon in particular.
- Source Code
Thomas Munn & tgr2mfx - Using Filesystem Crypto and Other Approaches to Protect Your Data/Privacy on BSD and LINUX - Part 1 (8.5M MP3)
- Part 2 (189k MP3)
- Part 3 (238k MP3)
- This talk will cover using the LOOP-AES package to encyrpt data on a removable, USB hard disk in Linux.
- The presentation will focus on using encryption to protect your data, via using GNUPG, removable keychain, and a removable hard disk, to encrypt your home directory. It will focus on how to install the USB device, include a script for getting things going "automagically," and installing the LOOP-AES patch to both a stock and a custom kernel. The BSD portion of the talk will cover the use of tightvnc, ssh tunnels, 802.11 and vnconfig to keep personal data personal in a business environment.
- Thomas Munn started security in 1997, working for Kellogg's on a now defunct firewall. He has worked in the financial, health, and cereal industries. He has spoken at the last three Defcons, on topics ranging from personal firewalls to automated intrusion detection ideas. His outstanding accomplishments are: setting up a SNORT IDS box, integrating windows and NT via ssh, and getting a loopback device to encrypt his homedirectory. His first computer was an Atari 800. He enjoys meeting hacker types and learning from them. He knows a little Perl, and is a Linux guru, with a smattering of OpenBSD. He despises Microsoft Windows.
- tgr2mfx has been #!'ing in an Installshield world since the days of BSD/386. He hails originally from Plessis, NY but streetraces in Denver now. Wills current projects are writing fibonacci sequencers in Bourne shell, fidgiting with a Bourne shell SQL equivalent for /etc, a P2P file sharing system (using multicast-ip6, ssh and nfs) and an automagic src and ports installer for OpenBSD.
Roger Dingledine - The Mixminion Anonymous Remailer Protocol (12.0M MP3)
- Mixminion is a message-based anonymous remailer protocol intended to take the place of the old Mixmaster network. Mixminion provides secure single-use reply blocks (Mixmaster provides no support for replies, instead relying on the older and less secure Cypherpunk remailers), and introduces nymservers that allow users to maintain long-term pseudonyms using single-use reply blocks as a primitive. It also integrates directory servers that allow users to learn public keys and performance statistics of participating remailers. I'll cover a variety of serious anonymity issues with Mixmaster and other deployed networks and published designs, and also describe some of the many surprising anonymity risks that come from adding these new services.
- As a cryptographer and network security expert, Roger Dingledine lives in that space between theory and practice. He prefers to tackle the really hard problems so one day we can build real solutions. Current interests include anonymous publishing and communication systems, censorship-resistance, attack-resistance for decentralized networks, and reputation.
Jaeson Schultz & Lawrence Baldwin - Extreme IP Backtracking (9.0M MP3)
- A prudent system administrator will review system logs. While performing this log analysis, administrators may detect nefarious activity of various types (port probes, exploit attempts, DOS/DDOS). Of course, what you receive in the system logs doesn't contain the offender's name and telephone number. Rather, most firewalls and intrusion detection systems will log an IP address, or at best, a reverse DNS lookup of the IP address. This presentation outlines several "Road-Tested" techniques for tracing IP addresses back to a responsible party. Included are many real-world examples from our research; Step-by-step traces ranging from the trivial to the impossible.
- Jaeson Schultz is an independent security consultant specializing in log analysis and intrusion detection. He has accumulated over 14 years experience programming and troubleshooting networks for various governmental and corporate organizations. Formerly employed by Counterpane Internet Security, Jaeson spent the last two years monitoring the security of Fortune 1000 companies and performing security and software engineering. While at Counterpane, Jaeson helped to identify the networks responsible for the thousands of alerts received at the Counterpane Secure Operations Center per day.
- Lawrence Baldwin is an independent Network Performance Consultant and author with over 15 years experience in deep protocol analysis and troubleshooting mission-critical networks and applications for Fortune 500 companies. In 2000, Baldwin developed and deployed one of the first Internet "neighborhood watch" systems known as myNetWatchman (mNW). mNW is a distributed IDS (dIDS) that uses the collective awareness of thousands of cooperating participants to identify compromised hosts and notify compromised machine owners. In an average day, mNW processes more than 1,000,000 events from a global sensor network of more than 1,300 firewall and IDS systems in 40 countries. mNW analyzes and back traces event activity from 50,000 unique hosts per day, identifying compromised hosts and sending Email notifications at a rate of approximately one per minute. The data collected by mNW enables analysis of global attack trends, identification of DDoS bot assimilation activities, and signature-independent detection of new worm activity.
John Dodge, Steve S. Mautsatsos, and Bernadette H. Schell - Should Organizations Employ Hackers? Implications Drawn From the Book Hacking of America (10.3M MP3)
- This Defcon 10 presentation, while drawing from the study, will discuss the implications of employing hackers in the work place. The book Hacking of America (Greenwood, 2002) reports on the Laurentian University study of the hacker community and in particular the conference participants of Defcon 8 and H2K. The study data was collected though a 20 page self-report questionnaire completed by hackers at these conferences. It was also supplemented by selected in-depth interviews.
- John L. Dodge is the Director of the Electronic Business Science Program and is a professor within the School of Commerce of Commerce and the Department of Math and Computer Science at, Laurentian University, Sudbury, Ontario, Canada. As a partner in a management-consulting firm, he lectures and consults widely on e-business and organizational strategic issues. Prior to his academic appointment, he was President and CEO of a venture capital firm, and Vice-President Development for a mining and development company. He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from Ivey School of Business, University of Western Ontario and a Ph.D. from the University of Bradford in the U.K. He is a Certified Management Consultant (CMC) and a Professional Engineer (P. Eng.).
- Steve S. Moutsatsos, LLB (Queen's University, Ontario), LLM (LSE), is a partner with the law firm of Weaver, Simmons, Sudbury, Ontario, Canada. He has practiced as a commercial lawyer in the information technology field for over twelve years, acting as counsel for both multinational technology companies as well as various small software developers and Internet start-ups. Steve is a part-time lecturer at Laurentian University, where he also serves on the Board of Governors.
- Bernadette H. Schell is Dean of Business Information Technology, University of Ontario Institute of Technology (UOIT), Canada and President of a HR consulting firm in Sudbury, Ontario. She lectures widely on stress management, executive stress, and stalking protection measures. She is also author of a Self-Diagnosis Approach to Understanding Organizational and Personal Stressors (1997), Management in the Mirror (1999), and Stalking, Harassment, and Murder in the Workplace (2000), all published by Quorum Books. She is the recipient of the Laurentian University Research Excellence Award (2000).
Christian Grothoff - GNUNet (12.0M MP3)
- GNUNet is an anonymous peer-to-peer networking infrastructure. GNUnet provides anonymity, confidentiality, deniability and accountability, goals that were thought to be mutually exclusive. In GNUnet, users can search for files without revealing the query to anybody. Intermediaries can not decrypt the query or the reply, but they can verify that the reply is a valid answer for the query. This allows GNUnet to deploy a trust-based accounting scheme that does not require end-to-end knowledge about transactions and that is used to limit the impact of flooding attacks.
- Anonymity in GNUnet is based on the idea that it a host is anonymous if the perceived sender of the message looks sufficiently like a router. Based on this realization, GNUnet nodes can individually trade-off anonymity for efficiency without affecting the anonymity of other participants. GNUnet is written in C and licensed under the GNU Public License. GNUnet is officially part of the GNU project.
- Christian Grothoff is a Ph.D. Student in Computer Sciences at Purdue University. He is primarily working on OVM, a DARPA funded project to build a customizable real-time Java Virtual Machine. Christian Grothoff started the GNUnet project, a secure peer-to-peer file-sharing network to protect privacy.
Steve Schear - GNU Radio (8.4M MP3)
- Wireless communication devices have traditionally been exclusively hardware in nature. Software has augmented and is now replacing basic functional elements of radio systems. The conclusion of this process is a radio where almost all functions are performed by software. GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.
- Steve Schear is the CEO of Lamarr Labs. He has led development of commercial spread spectrum radios and held engineering, business development and marketing positions at TRW, Citicorp, Cylink, Com21, Mojo Nation and Counterpane Internet Security. Steve is currently the project administrator of GNU Radio.
Rich Bodo - It is Now Safe to Compile Your Phone System - Part 1 (7.0M MP3)
- Part 2 (7.7M MP3)
- The telephony industry was late to adopt open-source software and commodity protocols. The open-source development community is rapidly correcting that problem. Everyone from enthusiasts to Fortune 500 companies are now deploying open-source telephony software, from PBX's to voice messaging systems to VoIP gateways. This lecture will focus on the practical. We'll provide demos of the major open-source telephony systems, a brief tutorial on rapid application development, and a discussion of the effect these systems will have on the future the industry. Special attention will be paid to Bayonne and other GNU projects, and their relationship to the more ambitious GNUComm and GNU Enterprise meta-projects. Attendees should leave with an understanding of the general capabilities of the major existing open-source telephony projects and a working knowledge of basic application development with the GNU telephony subsytem.
- Rich is a regular contributor to the Bayonne project, and the coordinator of the GNUComm and Voxilla projects. He worked as a software engineer at several silicon valley telephony companies, and one Linux company, before founding Open Source Telecom Corporation (OST). OST has been deploying open-source telephony systems since 1999. He has most recently spoken at the O'Reilly Open Source Convention and the Intel Communications Tech Summit. He organizes the bi-annual Free Telephony Summit as well as the Telephony BOFs and GNUComm booths at LinuxWorld conventions.
- Source Code
Ian Clarke - Freenet: Past, Present, and Future Direction (11.2M MP3)
- Freenet is a system designed to allow people to publish and read information on the Internet with reasonable anonymity for both producers and consumers of information. To achieve this, Freenet uses a totally decentralized emergent architecture. This talk will describe the interesting aspects of Freenet, the challenges we have faced, and what the future holds for the project.
- Ian Clarke is the architect and coordinator of The Freenet Project. Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland. He has worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division. He is originally from County Meath, Ireland.
Agent OJ - Applescript (in) Security in OS X - Part 1 (2.5M MP3)
- Part 2 (893k MP3)
- Part 3 (1.9M MP3)
- AgentOJ, a Macintosh programmer for Team2600, will be speaking on Applescript in the OS X environment, covering both attack and defense tools using Applescript. Topics covered will include: Applescript as an information gathering tool (system info, list of users, open services, etc). Applescript as an attack tool (Applescript Trojans, destructive scripts, exploiting scriptable applications, and a proof of concept Applescript Trojan). Applescript as a defense tool (log checking, locking down an OS X system, automating network security scripts, and a proof of concept Applescript defense suite). General applescript security practices will also be covered.
John Q. Newman - Post-9/11 Privacy (9.8M MP3)
- No bio or topic synopsis available at this time, however John is an exellent speaker and his lectures are always entertaining as well as informative.
Scott S. Blake - The Politics of Vulnerabilities (12.2M MP3)
- The vulnerability reporting process is rife with competing interests. Research is conducted by software vendors themselves, paid consultants, government agencies, professional and academic researchers, as well as people who make their living in other ways. Each of these groups have particular interests in the process. The vendor of the targeted software has their concerns. The public at large has an interest in the process (and its results), but it is unclear what the public should be concerned with. This talk explores vulnerability reporting from all angles, including that of the public good. Atendees will learn a rudimentary cognitive framework for understanding the powers in play in vulnerability reporting and apply that to understand the present and the future of security.
- As BindView's Vice President of Information Security and an internationally recognized security expert, Mr. Blake is responsible for providing security expertise to BindView's corporate strategy and operations. Before taking this role, he was the leader of BindView's RAZOR security research team. Prior to joining BindView, Mr. Blake designed perimeter security, network security architectures, and developed security policies for several large companies including leaders in financial services and telecommunications, as well as several large hospitals and universities. He has spoken at many security conferences, authored numerous articles on security topics and is frequently sought by the press for commentary. He holds a B.A. in Social Sciences (International Relations) from Simon's Rock College, a M.A. in Sociology (Political Theory) from Brandeis University, and is a Certified Information Systems Security Professional.
David Endler & Michael Sutton - Web Application Brute Forcing 101 - "Enemy of the State (Mechanism)" - Part 1 (533k MP3)
- Part 2 (9.6M MP3)
- This presentation focuses on the ease with which many web application Session IDs can be brute-forced, allowing an attacker to hijack a legitimate web user's online session (e.g. Slashdot, Apache, Register.com, PHPNuke, etc.). While a somewhat narrow area of web application security, the simplicity of the attacks and the prevalence of these vulnerabilities on the Internet make this an important topic. Malicious users can easily try (usually automated) combinations of well-known usernames and passwords, or indeed attempt all possible combinations of the accepted Session ID character set. However, the scope of a brute force attack can be greatly reduced when Session IDs are predictable in nature. The presentation will include an overview of the issues involved in exploiting predictable or "reverse-engineerable" Session IDs in popular web applications, including a demonstration with several real-world exploitation examples. It will conclude with a description of techniques both users and web developers can use to protect against these types of attacks.
- David Endler is the director of iDEFENSE's security research group, iDEFENSE Labs. iDEFENSE is a global security intelligence services company that provides advanced warning and analysis of cyberthreats - from technical vulnerabilities to hacker profiling to the global spread of malicious code. Prior to iDEFENSE, Endler served with Deloitte and Touche LLP in the e-business security and technology practice. In previous lives, Endler performed security research for Xerox Corporation, National Security Agency, and Massachusetts Institute of Technology. Mr. Endler holds a B.S. and M.S. in Computer Science, and is an active member of the Open Web Application Security Project (OWASP).
- Michael Sutton is a Senior Security Engineer for iDEFENSE Labs. Prior to joining iDEFENSE, Sutton established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. The ISAAS practice is responsible for information systems auditing on both external financial audit engagements and internal audit outsourcing. Consulting engagements included SAS 70 audits, attack and penetration tests, architecture reviews, computer forensics and designing security policies. Sutton has also worked in the Ernst & Young ISAAS practice in New York. He is presently pursuing a Master of Science in Information Systems Technology degree at The George Washington University and has a Bachelor of Commerce degree from the University of Alberta.
- Source Code & PowerPoint
- iDefense Session Auditor Tool
Brett Eldridge - Mobile VPN Vulnerabilities & Solutions (10.4M MP3)
- A real life solution to the mobile VPN problem will be presented. It uses OpenBSD on a laptop with an IPsec tunnel to a gateway. The real benefit to the audience is that potential security vulnerabilities will be discussed (e.g., sending IKE ID in the clear, allowing udp/500 to the gateway from all IP addresses, the use of Aggressive vs. ID Prot mode in Phase 1). In addition, potential solutions to those vulnerabilities will be presented.
- Brett recently joined NetScreen as the Director of Professional Services. Prior to NetScreen, he was a co-founder at OneSecure and before that a senior technical security consultant at HP Consulting. Brett has written numerous papers and presentations on security.
- Source Code
Chris Hurley - Hardening Solaris Installs - Part 1 (1.9M MP3)
- Part 2 (3.4M MP3)
- Part 3 (5.7M MP3)
- A step-by-step guide to hardening a Solaris installation. Focusing primarily on Solaris 8 but with concepts that apply to all Solaris/Unix installs, attendees will learn the steps that need to be taken to lock down a Solaris installation. While recognizing the best practice of pre-deployment hardening, the concepts presented also apply to already live Solaris installations. Rather than focusing on known attacks and reacting to them, this presentation will better equip system/security administrators to proactively reduce the risk of a successful attack against their systems.
- Chris Hurley is a Senior Information Security Engineer working in the Washington DC area. Primarily focusing his efforts on vulnerability assessments, he also performs penetration testing, forensics and incident response operations. He has spoken at the IATF Forums in Washington DC and has written numerous whitepapers for both print publications and online security sites. Many of his papers can be found at his site SecurityTribe and also at Security Horizon. He has worked as a Defcon Goon for the past three years which probably explains both the bags under his eyes and the rubber truncheon in his hand.
- Source Code & PowerPoint
Wilco van Ginkel - The Other Side of Information Security (10.0M MP3)
- Until now, the focus of Information Security within organisations was mainly technical. Organisations are becoming more and more aware of the fact that this technical side - although very important - is just one part of the total security solution. Currently, organisations are increasingly changing their focus to the organisational side of Information Security. In order to control the organisational issues of Information Security, an organisational oriented approach is needed. Such an approach will be the subject of this talk and will give the audience an overview, ideas, references, hints & tips of this organisational side. Items to be discussed are: Risk Management; Security Policies & Procedures; Security Standards; Security Awareness; Security Auditing & Monitoring; Where Organisational meets Technical.
- Wilco has University backgrounds in Business Economics, Business Administration, Computer Science and Information Security. He has held positions as assistant teacher at the Erasmus University Rotterdam (NL), as Technical IT Auditor, as IT Security Architect, and as teacher Information Security at different business schools and universities. Currently, he works as Senior Security Consultant for Ubizen, where he is also a teacher for Ubizen College. When he is not working, you can find him under water (Scuba Diving), playing computer games, travelling or reading a book.
- Source Code & PowerPoint
FX & FtR - Attacking Networked Embedded Systems (12.2M MP3)
- Servers, workstations and PCs are the common targets of an average attacker, but there is much more to find in todays networks. Every device that has a processor, some memory and a network interface can become a target. Using printers and other common devices as examples, we will show how to exploit design failures and vulnerabilities and use the target as an attack platform. We will also release some tools, methods and sample code to entertain the audience and aid further vulnerability research in this area.
- FX is the leader of the German Phenoelit Group. His and the groups interest is in less known or commonly ignored protocols, devices and techniques. FtR of Phenoelit is the resident Perl guru and algorithm guy of the group.
Bruce Potter, Tony 'Xam' Kapela, and Adam Shand - Wireless Networking (9.3M MP3)
- Wireless networks have seen explosive growth in the last year. Wardriving a city last July resulted in only a handful of access points. Now there are hundreds if not thousands of access points in every city in the nation. And during the same time holes have been shot in all major wireless security protocols. People deploying wireless technologies are either unaware of the risk involved or have decided the productivity gain out weighs the risk. We feel it is more of the former than the later. This presentation will discuss contemporary issues in wireless network security. While we will discuss some of the basic foundations of wireless security such as WEP, the talk will be more focused on the state of the art. The speakers all have heavy backgrounds in community wireless networking using open standards and living in hostile environments. They will draw upon their knowledge to give the audience an idea of where they can expect wireless security to go in the next year.
- Tony Kapela (aka Xam) -- Asside from being a full-time student in Madison, Wisconsin, Tony choses to spend part of his free time thinking about wireless systems and mesh networking. His more recent projects include "MeshMadison" -- a network aimed at open-community transport, supporting transparent roaming in downtown Madison. His other interests include Ethernet adultry, HPNA acrobatics, and playing drums.
- Bruce Potter -- Bruce is the founder of the Shmoo group of security professionals (www.shmoo.com). He is also the founder of the NoVAWireless community wireless network group in Northern Virginia. He has a soon-to-be published book on wireless network security with O'Reilly.
- Adam Shand -- Adam started PersonalTelco in November 2000 due to a happy series of coincidences. He believes that information wants to be free despite the fact that people want to be paid.
Gingerbread Man - Lock Picking: Techniques and Tools for High Security (8.2M MP3)
- The talk will cover current techniques used for picking locks such as mushroom pin tumblers, Medeco, Abloy, and tubular locks. The talk will also cover how to formulate attacks on new locks.
- I am a self taught hobbyist. I have five years experience in amateur locksmithing. I am currently attending a Canadian University as a Computer Science major.
Nicholas Fischbach and Sebastien Lacoste-Seris - Layer 2, Routing Protocols, Router Security & Forensics (11.2M MP3)
- Our talk will cover the (in)security of layer 2 protocols (CDP, xTP, HSRP, VRRP, VLANs, etc) and its consequences. We will also discuss routing protocols attacks and how to (try to) protect your infrastructure. The architecture, security, secure management and forensics of routers and switches will also be covered. This last part of the talk will be complementary to the presentation from FX of Phenoelit.
- Nicolas Fischbach is managing the IP Engineering Department and Sebastien Lacoste-Seris is the Security Officer and managing the IP Research & Development Department at COLT Telecom AG, a leading provider of high bandwidth data, Internet and voice services in Europe.
- Nicolas and his team are working on network, system and security architectures for the Swiss network. Previously he was dealing with the Internet Solution Centre deployment and security processes/auditing for major financial institutes, insurance companies and large hosting/housing projects. He worked for a French ISP and he's also teaching network and security courses in engineering schools and universities. He has an Engineer degree in Networking and Distributed Computing.
- Sebastien Lacoste-Seris is leading the Research and Development department for COLT Telecom AG and is also in charge of the security for Switzerland. His team is mainly working on the evaluation, integration and development of new IP based technologies. He previously worked for several major European ISPs as a network and security architect, he also did consulting and software auditing (ITSEC) for a security company. Sebastien holds a Degree in Computer and Network Engineering.
- Nicolas and Sebastien are co-founders of Securite.Org, a French speaking portal on computer and network security, and are frequent speakers at technical and security conferences. You can reach them at firstname.lastname@example.org
Kevin Spett - SQL Injection (12.1M MP3)
- SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this talk is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.
- Kevin Spett is a web application security expert and researcher. His discovery new SQL injection attack techniques and frequent security mailing list postings have made him among the most respected web application security professionals in the world. Kevin's responsibilities include maintaining the SPI Dynamics SecureBase and researching web application security concepts and software. He has been a SPI Dynamics employee since its inception.
Adam Bresson - Consumer Media Protections (10.4M MP3)
- Did you buy "The Fast and the Furious" soundtrack only to find out you couldn't archive the songs to MP3s on your PC? Companies including Vivendi Universal, AOL Time Warner and Sony employ different protection methods on DVDs, video games and CDs. Many consumers argue that these protections abrogate their legal rights. I'll be presenting a broad overview of these Consumer Media Protections (CMPs) and will conduct demonstrations of how to identify and bypass them. I will focus on bit-level video game, video signal and audio CMPs. Whichever side of the legal argument you fall on learn the law, learn your rights and speak-up.
- Adam Bresson owns GreentreePC, a Los Angeles-based on-site network consulting service. At Defcon 8 and 9, he spoke on Palm and PHP security, respectively. He founded and continues to develop two exciting Internet startups: Recommendo.com and GetAnyGame.com.
- Source Code
Cyrus Pekiri & Seth Fogie - Hacking .NET Server (10.7M MP3)
- Windows .NET Server is Microsoft's new contender against Linux in the server market. Scheduled for release in 2003, .NET Server (which was originally released for beta testing under the codename "Whistler") is re-engineered from the Windows 2000 Server codebase. .NET Server's survival will probably depend on how users perceive its security. Bill Gates himself realized this when he released his "Trustworthy Computing" memo in Jan. 2002. His ultimatum echoed what hackers have been saying for years: get secure or fail.
- This speech will focus on the new security features in .NET Server -- and how to break them. The purpose is to identify early weaknesses while the OS is still a release candidate so that developers and network administrators can make informed decisions before deployment. This talk is technical, using live examples and some source code, but there will also be enough general information to benefit anyone interested in .NET Server security. Coverage includes weaknesses and exploits in the following areas: Windows Product Activation (WPA) on .NET Server; New Encrypting File System (EFS) changes; .NET Server Smart Card support; Kerberos implementation; Wireless standard implementation; Remote Desktop Security; Death of the Microsoft Security Partners Program (MSSP); Microsoft security partners full disclosure "gag rule"
- Dr. Cyrus Peikari is Chief Technology Officer of VirusMD Corporation. Seth Fogie is Director of Engineering at of VirusMD Corporation. Peikari and Fogie co-authored the first book ever written on .NET Server: Windows .NET Server Security Handbook from Prentice Hall PTR (ISBN 0130477265).
- TDAT .EXE File
Matthew Marsh - Replacing TripWire with SNMPv3 (9.0M MP3)
- This talk demonstrates how to use SNMPv3 software (specifically illustrated using Net-SNMP) both with minor custom configurations and also with specialized MIBs and Agents to provide file data and file hashes on demand over secure channels. I also discuss the use of the "TCP Inform Trap" as a syslog-style message transfer mechanism. I spend the majority of the time showing how the authentication and privacy features of SNMPv3 provide robust bi-directional security message transfers. Along the way I demonstrate how to use the split between the authentication and privacy features to provide double blind random file hashes of a managed system. Use of trigger settings to capture file changes will be discussed. I provide the example MIBs and related Agent code for general Unix platforms running Net-SNMP and where possible discuss how to get the code working on Microsoft or other platforms. Time permitting I will digress into ways to integrate these techniques into common Network Management platforms.
- Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix Systems, LLC, Author of Policy Routing Using Linux (SAMS), Creator of PakSecured Linux. Working in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. Worked extensively with various SNMP platforms both as a user and as a vendor. On NEAR & BITNET in 1984 (pre-Historic Internet) and addicted ever since. As Chief Scientist of the NEbraskaCERT researching IPv4/IPv6/IPSec integrated security networks. Developed the first (and currently still the only) SNMPv3 managable policy routing firewall system for Linux available under GPL at www.paksecured.com. Actively researching management and design of integrated security networks.
- Source Code
Skroo & Grifter - Resurrecting the Scene Through Local 'Hacker' Meetings (11.7M MP3)
- Many people are interested in bringing their local underground community closer together by organising meetings for those in the area. While this is certainly a good idea, doing it successfully is not as simple as it sounds.
- Grifter (Salt Lake City 2600) and skroo (Los Angeles 2600) intend to cover the more relevant points of starting local meetings. Topics discussed will include identifying if your area needs a meeting, setting things up, choosing a location, running the meeting, and keeping it going successfully. This will be done in a Q&A session based on the speakers' experiences both attending and running $2600 and other meetings. Questions from the audience will be actively encouraged.
Joe Burton & William Reilly - Dmitry Sklyarov and the DMCA: 12 Months Later (11.6M MP3)
- Joe Burton will discuss the events that lead to Dmitry's arrest last July in Las Vegas for violating the DMCA. Joe will also discuss the legal issues surrounding the case, the current status of the criminal proceedings in California and some thoughts on the future of the DMCA. Joe has been one of the nation's leading critics of the aggressive civil and criminal application of the DMCA's anti-circumvention provisions. Bill Reilly will discuss how non-U.S. software developers and others can avoid falling into US digital jurisdiction by analyzing how the Federal government brought charges against Dmitry. Joe and Bill will also discuss how the DMCA, the USA Patriot Act and other recent legal developments are increasing the liability for network administrators and network security specialists.
- Bill Reilly is a California-based attorney who specializes in Network Security and Intellectual Property law. He is a GIAC-certified Advanced Incident Handling Analyst and author of numerous articles on network security law. He is also Managing Editor of the Journal of Internet Law and writing a network security law handbook for system administrators and CIOs.
- Joe Burton is a partner in the San Francisco office of Duane Morris LLP, a national law firm with approximately 500 lawyers. Joe is the defense counsel for ElcomSoft Co., Ltd., Dmitry Sklyarov's Russian employer. Joe also represented Dmitry in his initial court appearances last summer in Las Vegas and San Jose. Joe practices in the area of complex civil, criminal and appellate litigation. His practice includes trade secret and patent litigation with an emphasis in cybercrime and cybersecurity matters. Joe was also former chief of the U.S. District Attorney's office in San Jose, where he initiated and supervised all federal prosecutions in the San Jose venue, reporting directly to the United States Attorney in San Francisco.
Ian Vitek - Citrix and Terminal Services (8.8M MP3)
- Citrix and Terminal Services are becoming very popular. Ian Vitek will speak about:
- Scanning and finding Terminal Services and Published Applications. This will include statistics of open and vulnerable servers.
- Connection to Published Applications. This can be harder than you think. Most of the servers have Published Applications. You can't just see them.
- Breaking out from the given environment and elevation of rights.
- Demonstration. The way administrators setup their Citrix servers every so often the Citrix client can't enumerate Published Applications or connect to them from Internet. Tools for enumerating and connecting to Published Applications will be released.
- Ian Vitek has been working for iXsecurity in Sweden as a Penetration Tester for seven years. He is more a networking guy then doing assembly stuff. He is the writer of "macof" and "briiis."
- Citrix Source Code
- Citrix READ ME
Ken Caruso - Community Wireless Networks: Friend or Foe to the Telecom Industry (7.1M MP3)
- Ken will talk about different types/implementations of community wireless networks. He will also discuss why companies in the industry like, dislike and do know what to make of the community wireless movement. Most importantly he will tell you why this movement is important and what role it has promoting privacy, community owned infrastructure, and peer-to-peer communications.
- Ken Caruso is a co-founder of the Seattlewireless.net project. Seattle Wireless is focused on enabling people to build public/open wireless MAN in the Seattle area. He is a network engineer by trade and by night evangelizes community wireless networks.
Lucky Green - Trusted Computing Platform Alliance: The Mother(board) of all Big Brothers (13.8M MP3)
- The Trusted Computing Platform Alliance, which includes Intel, AMD, HP, Microsoft, and 180 additional PC platform product vendors, has been working in secrecy for 3 years to develop a chip which will begin shipping mounted on new PC motherboards starting early next year.
- This tamper-resistant Trusted Platform Module (TPM) will enable operating system and application vendors to ensure that the owner of the motherboard will never again be able to copy data which the media corporations or members of the TCPA don't wish to see copied, or to utilize the TCPA's software applications without pay.
- Lucky Green will explain the history of the TCPA and the alliance's efforts, identify the dominant players in the TCPA and their objectives, discuss how the members of the TCPA will be able to limit and control a user's activities by remote, show how TPM's might permit a software vendor to exploit a bug in the GNU General Public License (GPL) to defeat the GPL, and detail previously unthinkable software licensing schemes which the TCPA enables.
- Lucky will then analyze the bill currently pending in the U.S. Congress (S.2048) that will make it illegal to sell PC hardware in the future that does not comply with the TCPA's specifications.
- Lucky Green has been a long-time activist in the Cypherpunks cryptography advocacy movement. He is best known for his role in coordinating the reverse engineering and break of the GSM digital mobile telephony authentication and voice privacy systems, showing that the systems had been deliberately weakened in the interest of facilitating national intelligence collection. Lucky also FedEx'ed, at his own expense, crates of PGP source code books to Europe, becoming the first person to legally export PGP from the United States. Faced with a demonstration of its absurd position that it was legal to export books from the U.S., but not electronic copies of the source code contained within those books, the U.S. Government came under increasing pressure from industry and was forced to relax governmental controls on strong cryptography in January of 2000.
- Source Code
Michael Glasser CRL (aka Laz) - High Security Locks, and Access Control Products (13.3M MP3)
- The topic of the talk will be covering both high security locks, and access control products. The locks covered will be including, Medeco, Mul-T-Lock, Assa, Fichet, Concept, Miwa and others. The access control technology will cover, Proximity cards, Mag stripe cards, Biometrics, keypad technology, and others. Questions will be answered on other topics, such as safes, standard locks, lock picking, CCTV, computer security, and other security issues.
- Michael Glasser is an ALOA Certified CRL and a New York State Licenced alarm installer. He is a member of both ALOA, and the North Jersey Master Locksmith Association. He currently is working as a manufacturers rep for access control and security electronics. The companies he reps are Bioscrypt, IEI, Recognition Source, Tatung, and others.
zSnark - Building Secure Wireless Networks - Part 1 (583k MP3)
- Part 2 (11.1M MP3)
- Wireless has become quite popular in network scenarios from the basic home network to the corporate LAN to the point-to-point backbone tying together offices or job sites. Wireless security and security breaches have been getting lots of press as have various vendors' multitude of proposals for cute proprietary ways to solve some of the problems in currently available products (primarily 802.11) by retrofitting them with better encryption, better authentication, tightly integrated access control, etc. What is lacking is a well-defined practical approach for the administrator in deploying (or the auditor in testing) a wireless network with currently available technology. This talk will begin with an overview of my present threat model and the details of various attacks against typical wireless networks. Following this I will give a walk-through of building a secure 802.11 LAN as well as the monitoring and auditing necessary to keep it secure. Time permitting I will also bring up a guest or two to discuss several "theoretical" attacks and other things yet to be revealed.
- zSnark specializes in wireless networking and general UNIX tomfoolery. He is a member of the GhettoHackers and supports his local 2600. Among other things his alter ego spends most of his days working on wireless networks and various projects including SeattleWireless. See openbs.org or ghettohackers.net for his infoz.
Vic Vandal - Intelligence Gathering (16.8M MP3)
- This comprehensive talk covers the tools and techniques used in corporate espionage, information warfare, and private investigation. It also includes an overview of laws that one must be aware of before employing such tools and techniques.
- Vic has been employed as an "InfoSec Samurai" by various government entities for the past 13 years. He was "drafted" (kicking and screaming) into the InfoSec discipline to develop proprietary security software for a specific government agency, and the rest is history. Some of the sensitive federal data he has helped protect has belonged to the CIA, DEA, Secret Service, Treasury Dept, Commerce Dept, and every other federal agency in existence. He has also done the same for the Department of Defense, Navy, Marines, and Army. He has worked extensively in every area of information security. Any more 411 and he'd have to kill you (heh).
Michael I. Morgenstern, Richard Schaeffer, Marcus H. Sachs, O. Sami Saydjari, Steve Lipner, Tom Parker - Disclosure: The Mother of All Vulnerabilities (11.1M MP3)
- Michael Morgenstern will be leading a panel comprised of several individuals from the 'other side' of information security. Panel highlights will include: An overview on vulnerability disclosure in the past; Potential impacts of irresponsible disclosure; New threats (Does cyber terrorism exist?); The vulnerability disclosure "food chain"; The issues involved in the handling of a new vulnerability, from the perspective of a commercial software vendor; What "responsible disclosure" means; The ideal disclosure metric, is it plausible?; Ways in which communities can work together to better the disclosure process.
- There will be time for questions during and after the presentation
- Michael I. Morgenstern (Global InterSec, Moderator), Richard Schaeffer (National Security Agency), Marcus H. Sachs (Office of Cyber space Security), O. Sami Saydjari (SRI International), Steve Lipner (Microsoft Corp.), Tom Parker (Global InterSec)
Philippe Biondi - Security at Kernel Level (10.7M MP3)
- Security is a problem of trust. Having a system that offers services to Internet and that can be trusted is very hard to achieve. Classical security models focus on the physical limit of the machine. We will see that it can be interesting to move the trust limit between user space and kernel space and that it is still possible to enforce a security policy from this trusted place. We will also see some practical aspects with a review of some implementations that exist for Linux kernels.
- Philippe Biondi is a security consultant at Cartel Securite. He is involved in the developpement of LIDS. He does about everything that is related to computer security.
Greg Miles (aka DOC) - Anatomy of Denial of Service Mitigation Testing - Part 1 (8.6M MP3)
- Part 2 (878k MP3)
- DOC has had the privilege of working on a project that was focused on looking at new product technologies relating to DOS and DDOS mitigation. Several commercial companies were formed who's entire focus was to find solutions to DOS and DDOS issues. Different types of detection were used in each product from pure rate analysis to statistical analysis and anomaly detection. This talk will focus on the testing methodology, testing results, lessons learned, and thoughts on the direction that this technology will be moving.
- DOC has over 15 years of information technology and security experience in the USAF, Defense Information System Agency (DISA), commercial and manufacturing industries. DOC is CIO for Security Horizon, Inc., a security professional services firm with HQ is Colorado Springs. His focus there has been on Organizational focused activities to include security assessments, policy and procedure development, and project management. He is also an authorized instructor of the NSA INFOSEC Assessment Methodology. DOC has built and managed Computer Incident Response Teams (CIRT) and provided extensive technical and project management skills related to information security. He has served as Director, CyberCrime Response, responsible for CIRT, Computer Forensics, and Training responsibilities. He has served as an INFOSEC Program Manager, where he was responsible for establishing and supporting the worldwide security program for the U.S. Defense Information Systems Agency's Field Security Operations, to include Computer Emergency Response Teams (CERT) in 5 locations worldwide. Greg also served as a Senior INFOSEC Engineer, supporting NASA's efforts with the Earth Observing System. DOC served 6 years in the U.S. Air Force with a concentration in Information and Security. He has authored articles for security periodicals and websites, to include The International CyberCrime Journal, DuckTank (now Security Horizon), and Small Business Marketing Ideas. DOC has been a previous technical speaker at the BlackHat Briefings and APCO conventions.
- Power Point
Richard Thieme - 1992... 2002... 2012... Hacking: The Next Ten Years (14.8M MP3)
- Ten years ago hacking was a frontier; ten years from now, hacking will be embedded in everything we do, defined by the context in which it emerges. Real hackers will be pushing the frontiers of information networks, perception management, the wetware/dryware interface, and the exploration of our galactic neighborhood. Mastery means not only having the tools in your hands but knowing that you have them... and using them to build the Big Picture. Richard Thieme illuminates how to do that.
- Richard Thieme is speaking for the seventh year at Defcon. He is a contributing editor for Information Security and has written for Wired, Forbes, Salon, and Secure Business Quarterly. He recently spoke for the FBI's Infragard Superconference, FS-ISAC and the Dept. of the Treasury as well as other hacker cons and numerous businesses and associations. His column "Islands in the Clickstream" is at www.thiemeworks.com.
DJ Sweet Sensation - SNMP Attacks/Security - Part 1 (8.4M MP3) Dan Kaminsky - Black Ops of TCP/IP: Work NAT, Work. Good NAT. Woof - Part 1 (2.8M MP3)
- Part 2 (11.3M MP3)
- Communication under TCP/IP networks has become extraordinarily popular; still, there remains significant problems that as of yet have remained unsolved within its layered rules. So, lets break the rules, elegance (and possibly security) be damned. Signficant new techniques and code will be unveiled to answer the following questions:
- A) Instant Portscan - Is it possible to discover instantaneously what network services have been made available, even on massive networks?
- B) Guerrila Multicast - Is it possible to send a single packet to multiple recipients, using today's multicast-free Internet?
- C) "NATless NAT" - Is it possible to share a globally addressable IP address without translating private IP ranges a la NAT? Is it possible to allow incoming connections to an IP multiplexed in this manner?
- D) NAT Deadlock Resolution - Is it possible to establish a TCP connection between two hosts, both behind NATs?
- Various interesting uses of these new packet-level primitives should be discussed, and OpenSSH will trotted out as the method of bringing some degree of security unto the resulting chaos.
- Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. He recently wrote the "Spoofing and Tunneling" chapters for Hack Proofing Your Network: Second Edition, and has delivered presentations at several major industry conferences, including Linuxworld, Defcon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he is the founder of the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.
Roelof Temmingh & Haroon Meer - Setiri: Advances in Trojan Technology (12.1M MP3)
- The presentation will describe the inner workings of the Trojan "Setiri." Setiri leads a new wave of Trojan horse technology that defeats most conventional security devices including personal firewalls, NAT, statefull inspection firewalls, IDS, proxy-type firewalls, and content level checking. The presentation will focus on the setting up of a bi-directional communication stream in non-conducive environments, rather than describing the features of the Trojan.
- The presentation will include an online demonstration - a well-protected PC located inside a heavily protected environment will be Trojaned with Setiri. The computer will be taken over by a controller that is situated outside of the network. At the same time network traffic will be manually inspected.
- Roelof Temmingh is the technical director and a founding member of SensePost. After obtaining his degree in electronic engineering in 1995, he helped to establish SensePost along with some of South Africa's leading IT security minds. He is currently involved in the coding of proof-of-concept code, and the practical realization of complex security concepts. Roelof has been a speaker at the 2001 Summercon conference and the 2002 Black Hat Windows conference.
- Haroon Meer joined SensePost as a Technical Security Specialist after over 7 years in the networking/security industry. He has a wide background in security and networking from writing code to administration of large campus networks. He is currently heavily involved in the development of additional security tools and proof-of-concept code and has been a speaker at the recent Black Hat Windows Briefings in New Orleans.
Mick Bauer - Stealthful Sniffing, Logging, and Intrusion Detection: Useful and Fun Things You Can Do Without an IP Address (12.2M MP3)
- Centralized event-logging and automated intrusion detection are required tools for good network security. But what can you do to prevent your loggers and IDS probes from falling victim to the same attacks they're supposed to warn you about? As it happens, one cool thing you can do is run such systems without IP addresses. In my presentation I'll describe the benefits and drawbacks of this technique, and demonstrate how it can be used in conjunction with Snort, syslog-ng, and other standard *nix tools to build stealthful loggers and IDSes.
- Mick Bauer is a Technology Counselor (information systems security consultant and engineer) for Upstream Solutions, based in Minneapolis. His areas of expertise include firewall architecture and integration, security policy, network application security, and Unix and NT system security. Mick is the author of Linux Journal's popular "Paranoid Penguin" security columns, and of the upcoming book Building Secure Servers With Linux (O'Reilly and Associates, October 2002).
Error - Neuro-Linguistic Programming (NLP) - Part 1 (7.9M MP3)
- Part 2 (4.1M MP3)
- This talk is primarily about psychology and relates to typical programming in no way. Neuro-Linguistic Programming (NLP) is best described as new age pseudo-science by some and the future of psychology to others.
- Through this talk on NLP you will learn about the ability to control and otherwise manipulate as well as teaching via "knowledge encoded linguistic algorithms." You should also gain the ability to do a "cold read." You will also learn about "NLP modeling." Some should walk away with a greater understanding of human psychological patterns.
- About me: Happily spreading memes for years to come.
Michael Schrenk - Introduction to Writing Spiders & Web Agents (10.7M MP3)
- You can have a lot of fun with the Internet by ditching your browser in favor of writing special purpose programs that look for - or do - very specific things on the Internet. This session will equip you with techniques to extract and interact with data from websites without a browser, parse and filter data, follow links, deal with encryption and passwords, and manage terabytes of information. You'll also learn why writing these programs is a useful activity, and walk away with ideas and abilities to write useful spiders or web agents of your own design.
- Michael Schrenk is a freelance Internet developer, instructor and writer. Much of his consulting business revolves around the creation of spiders, which search the Internet for information of value to his clients. He has also developed web strategies and online applications for Disney, Adidas, Nike and many others.
Huagang Xie - LIDS (9.8M MP3)
- The talk will discuss the backgroup, current architecture and use the LIDS. And also will talk about what kind of attacks LIDS can detect and prevent and finally will get into details how to build a secure linux system with LIDS.
- Huagang Xie, the author of the open-source (GPL) LIDS project, is a kernel hacker and Linux enthusiast. Gradudated from Tsinghua University and Insititue of Computing Techology of Chinese Academy of Sciences, he has extensive experience in Linux kernel, kernel security and host/network-based IDS. He currently works as software engineer at IntruVert Networks.
Rich Murphey - FreeBSD Exploits & Remedies (9.3M MP3)
- This talk continues the review of system hardening and security management presented in the BlackHat talk, "Locking Down Your FreeBSD Install." We walk though well-known exploits for the FreeBSD 4.5 release, showing the mechanisms and effects on the system. We then discuss the way in which the vulnerability is assessed and monitored, and the ways in which the system can be hardened or access controls can be refined to reduce the risk of exposure. For each of these, we show the key features of the bundled tools for monitoring and controlling access.
- Rich Murphey was a founding core team member of FreeBSD and XFree86. He received a PhD in Electrical and Computer Engineering from Rice University, was on the faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies before joining NetIQ recently. His main interests are development of Beowulf clusters and Intrusion Detection Systems.
FozZy - Advanced Shellcodes (9.1M MP3)
- Shellcodes are tiny machine language programs designed to be injected inside a vulnerable process and executed with its priviledges. They traditionaly do simple actions, like exec-ing a shell or writing to a file. They can be easily defeated by host intrusion prevention and detection systems like filesystem ACL, kernel system calls ACL, non-privileged chrooted processes, etc. Is it possible to bypass these security measures, or at least take advantage of what they permit? In this talk, FozZy will present how to design small polymorphic shellcodes downloading encrypted modules or binaries and executing them directly in memory. (Ever got a shell without running /bin/sh? ;) Through live demos with HIDS and NIDS on, we'll see the limits of current security systems on open-source OSes.
- FozZy is the director of the French "Hackademy" and chief redactor of the newspaper Hackerz Voice. Topics covered include computer and network security and intrusion, real social engineering attempts, French credit and phone cards hacking, and hardware hacking.
- Source Code
Thomas Rude (aka Farmerdude) - Next Generation Data Forensics & Linux (12.9M MP3)
- The field of data forensics ('computer forensics' as commonly referred to) is rapidly changing. Historically data forensics was focused on the imaging, analysis, and reporting of a stand-alone Personal Computer (PC) hard drive perhaps 1 gigabyte (GB) in size using DOS-based tools. However, due to a number of changes and advances in technology an evolution has begun in the field of data forensics. So where do we stand today? Increasingly, forensic examiners are faced with analyzing 'non-traditional' PCs, corporate security professionals are doubling as in-house forensic examiners and incident first responders, and critical data is residing in volatile system memory. This is the 'Next Generation of Data Forensics.' What is the Next Generation Data Forensics platform of choice? Linux. Why Linux? There are a number of key functionalities within the Linux operating system environment that make it the best platform for data forensics. Among them: Everything, including hardware, is recognized as a file; Support for numerous filesystem types; Ability to mount a file via the 'loopback driver'; Ability to analyze a live system in a safe and minimally invasive manner; Ability to redirect standard output to input, or 'chaining'; Ability to monitor and log processes and commands; ability to review source code for most utilities; Ability to create bootable media, including floppies and compact discs.
- "Farmerdude" is a security consultant for RedHat, Inc. When not performing vulnerability assessments, penetration tests, or designing security technologies such as firewalls and VPNs, he can be found in the lab testing various security tools, applications, and operating systems for weaknesses and flaws. Farmerdude has presented on topics ranging from steganography, data forensics, and social engineering, at various Cyber Crime and INFOSEC conferences. In addition to serving as the current Vice President for the Atlanta Chapter High-Technology Crime Investigation Association (HTCIA), he is also a member of the Atlanta Metropolitan Crime Commission.
Nate Rotschafer - N-Stage Biometric Authentication - Part 1 (5.8M MP3)
- Part 2 (219k MP3)
- Part 3 (198k MP3)
- Part 4 (109k MP3)
- Part 5 (147k MP3)
- Part 6 (253k MP3)
- Part 7 (259k MP3)
- The topic will be about using biometric authentication as part of a multiple stage authentication mechanism. This discussion will explore various applications and flaws with the technology along with some of my ongoing research into a replay attack on the devices by capturing what "goes down the wire."
- I am a sophomore at the University of Nebraska at Omaha working towards a degreee in computer science with a focus in information security along with a degree in computer engineering. I've done research on the topic of biometrics for local conferences and was recognized by the university as a Scott Scholar.
Michael Rogers - Steganographic Trojans (8.4M MP3)
- As anti-virus manufacturers develop more efficient techniques for stopping an infection, potential attackers must become more cunning and resourceful in their deployment methodologies; they must create "invisible" code... But how? What are the possibilities of developing an invisible virus or Trojan?
- The purpose of this talk is to explain the research we have collected, and to identify potential distribution methods, including JPEG, MPEG, and MP3, which may utilize steganographic hiding techniques to obfuscate the source code of various programs such as viruses and Trojans.
- Michael has been working in the information security field for four years and is currently the Senior Security Engineer for Exceptional Software Strategies, Inc., located in Baltimore, Maryland.
Andrew Hintz - Covert Channels in TCP and IP Headers (10.7M MP3)
- How would you communicate securely in a country where encryption is outlawed or where key escrow is mandatory? How can you prevent the Feds from forcing you to turn over your encryption keys? Simple. Don't let your adversaries know that you're transmitting encrypted information. Using covert channels you can completely hide the fact that you're transmitting encrypted information. During this presentation we'll give an introduction to covert channels in TCP and IP headers, release a few vulnerabilities in current TCP timestamp covert channels, and demonstrate and release software that enables covert communication via TCP and IP headers.
hellNbak - Selling Out For Fun and Profit - Part 1 (2.9M MP3)
- Part 2 (1.8M MP3)
- Recent events in the security industry have caused multiple groups to cry foul and claim that many so called hackers have sold out. A war of words has errupted between those crying foul and those who have apparently sold out. Most recently, Gweeds presented a talk at H2K2 that touched on many nerves when he pointed fingers at specific people in the security industry.
- While the talk given by Gweeds was based mostly on made up stories and FUD, he touched on some points that deserve a bit of attention. Additionally, the articles written in The Register by Thomas Greene points out that the media in general has a responsibility to verify facts - somthing does not seem to be hapenning.
- The talk presented by hellNbak will address these issues along with some of the dirty little secrets in the security industry. In general, hackers hack for the quest of knowledge and the ability to be places that others cannot go. Based on this, Hacktivism, cyberterrorism, and selling out is a myth and until hackers are hacking for a real cause it always will be.
- hellNbak has been around the IT security industry for 11 years and a member of NMRC for three of those years. He has worked in a security related capacity for large companies such as IBM, BindView Development and Ernst & Young. Up until this year, hellNbak has found it necessary to hide behind his NMRC nym but after Defcon hellNbak, now a self-employed security consultant, no longer needs the cover of a nym to protect himself from clueless managers and threatening venduhs.
Robert Lupo (aka V1ru5) - Introduction to Computer Viruses: Understanding the Fundamentals of How to Identify, Remove, and Defend Against Hostile Code (14.6M MP3)
- This talk will cover: How different computer viruses work "boot sector, file infector, multi-parti, VBS, Java, the different OS viruses, etc..."; How to remove different computer viruses with and without anti-virus software; How to defend against computer viruses and hostile code; Computer viruses and different operating systems; The future of computer viruses and hostile code.
- Robert Lupo "V1ru5" currently works for Expedia.com as there global network security engineer. He has several certifications in security including CCSA, CCSE, Internet Security Certified, and MCSE. Robert has lectured at Defcon in the past plus H2K, H2K2, University of Illinois, North Dakota State University and others nation wide.
Sean Lewis - BSD Security Fundamentals (10.4M MP3)
- FreeBSD security fundamentals will cover some security basics as well as advanced topics on FreeBSD host and network security. Emphasis will be on hardening a FreeBSD machine from the inside-out, locking down ports, services, filesystems, network activity, etc. Some of the material presented in this talk will be BSD-agnostic, and some will apply to an UNIX environment in general. Review of several recent UNIX security vulnerabilities and valuable information on monitoring and safeguarding your system as well as your network.
- Sean Lewis has over six years of computer security experience, focusing mainly on UNIX systems - hardening, penetration testing and kernel-level lockdown of servers in various roles. Sean has designed systems for various large organizations that assume critical network roles and must be among the top host-based secured machines on the network. Using open-source technology, these systems are not only some of the most secure machines you can find, they are also some of the least expensive. Sean is a Checkpoint Certified Security Administrator, and has in-depth knowledge of firewall installation and maintenence as well as penetration testing and evasion tactics with popular firewall products in use in corporate America. Sean has also designed networks of varying scales, including a high-speed, high-availibility B2B e-business trading infrastructure that attracts millions of hits per month. Sean also has experience with Windows NT and 2000 security, as well as a large deal of work with networking devices such as switches and routers. He also has published several documents regarding Windows NT and IIS security, including 'quick checklists' for post-installs and ongoing maintenence currently in use by several large organizations.
GOBBLES Security - Wolves Among Us (16.7M MP3)
- Video Part 1 of 7 (YouTube)
- GOBBLES Security members will be giving a presentation called "Wolves Among Us," which will discuss the evil motivations of certain members and organizations of the security industry, the big companies that are underqualified for security and yet reap such incredible revenue for their services, the way the media is uninformed and further intentionally writes incorrect information concerning hackers, and more. Concrete examples will be cited, and then discussion on the greater ramifications of those examples will be held.
- GOBBLES Security -- currently the largest active nonprofit security group in existance (that favors full disclosure). GOBBLES Security consists of 17+ members, ranging from the age of 15 to 28. Unlike some groups that make this claim, GOBBLES actually publishes advisories for the sake of security, and not as an opportunity to get some political vendeta aired - and also publish advisories at a rate greater than one every three years.
Dr. Walter C. Daugherity - Quantum Computing 101: How to Crack RSA (4.9M MP3)
- The brand-new technology of quantum computers offers the prospect of exponential speedup, making heretofore infeasible problems like cracking RSA conceiveable. The fundamentals of quantum computing are presented, and how a quantum computer could be used to crack RSA is described.
- Dr. Walter C. Daugherity is a Senior Lecturer in Computer Science and Electrical Engineering at Texas A&M University. He received a bachelor's degree from Oklahoma Christian University, and master's and doctor's degrees from Harvard University. His research interests include fuzzy logic, object-oriented programming, and quantum computing. With David A. Church he created the first course in quantum computing at Texas A&M University, which will be offered for the third time in the fall semester this year.
Elonka Dunin - Cryptography and Steganography (4.7M MP3)
August 1-3, 2003 at the Alexis Park Hotel & Resort
- Pinguino's Defcon 11 Writeup
- Picture Archive for Defcon 11 By Pinguino
- Picture Archive for Defcon 11 By WOWhacker
- Defcon 11 Trip Report From Mark Stamp
- Defcon 11 Pictures From ttye0
- Defcon 11 Write-Up By Girlvinyl
- Defcon 11 Pictures From Russ
- Hacker Chicks at Defcon 11
- Defcon 11 Program (4.4M PDF)
- Phil Zimmermann - A Conversation with Phil Zimmermann
- Video (39.7M RealMedia)
- Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that U.S. export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates, Inc. (NAI) in December 1997, where he stayed on for three years as Senior Fellow. In August 2002 PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann now serves as special advisor and consultant. Zimmermann currently is consulting for a number of companies and industry organizations on matters cryptographic, and is also a Fellow at the Stanford Law School's Center for Internet and Society.
Paul Wouters - Deploying DNSSEC
- Video (56.0M RealMedia)
- Although DNSSEC is still a moving target, it has matured enough for large scale experimenting. The first part of the presentation explains the new concepts in DNSSEC and the new record types introduced. Rudimentary knowledge of DNS is required. The second part of the presentation is a step-by-step guide using Bind to secure an existing zone. Participants who which to secure their own domain need to have the latest Bind9 snapshot and a copy of the zones they wish to secure. The third part of the presentation will demonstrate the interaction between the Registrant and the Registrar. The Dutch SECREG system will be demonstrated for securing .nl domains at the ccTLD. The VeriSign experiment will also be shown on how to secure the generic TLD's. Time permitting, participants are invited to try and compromise the speaker's secured zones.
Bruce Potter - Bluetooth - The Future of Wardriving
- Video (36.4M RealMedia)
- By some estimates, there are more Bluetooth radios deployed than 802.11 radios. However, Bluetooth as largely been ignored by the security community. Over the next several years, this will change dramatically as Bluetooth security tools catch up with 802.11 security tools. Bluetooth devices tend to be always-on machines that generally contain and transmit highly personalized information. Due to limitations of the platforms and interfaces that utilize Bluetooth, many developers chose to avoid implementing security mechanisms. This combination of private information and lowered security makes Bluetooth a likely candidate for attacks targeted at an individual... or simply an interesting protocol to keep voyeurs happy. This talk will cover the basics of the Bluetooth protocol and its security mechanisms. I will discuss attacks that may be carried out against Bluetooth enabled PANs. I will compare Bluetooth and 802.11, especially from a discovery and interception point of view. Finally, I will present The Shmoo Group's new Bluetooth wardriving utility.
Leia Amidon, Omar Ahmed, David McLeod, Harry Regan - After Napster
- Video (37.2M RealMedia)
- From Napster to the current emerging techno-social phenomena of livehives and smart mobs, the evolution of peer-to-peer networks is exhibiting an exponential profligacy both in use and popularity, and actually influencing the evolution of human social interaction on both a local and a global scale. Beginning with Napster, the popular Internet file sharing software created in 1999 by Shawn Fanning, arguably a revolution has taken place. Napster was at the forefront of the one of the most important electronic debates of the 20th century's fin-de-siecle: DMCA and various attendant copyright debates. However, the perhaps the most important role that Napster played was as a "proof of concept" on a grand scale (98 million globally at its peak) of the power of peer-to-peer communications. Wireless data communication devices have screamed onto the networking scene in and may be poised to revolutionize social intercourse. Blogger journos can instantly upload text, audio, and video to their weblogs from the scene of breaking news events. With conventional cellular telephones tactical organization of crowds, "smart mobs," can be coordinated in political actions. The newest breed of communication technologies can document in real-time documentation of an event without the need to rely on traditional media reports. In "proof of concept" exercises, recent anti-war protests have utilized "livehive" and "smart mob" technologies to out flank police actions and effectively shut down city centers and targeted economic targets. "After Napster" will follow the evolution of peer-to-peer networks and their evolution as social communities of affording a new level of global awareness and action.
Fyodor - Advanced Network Reconnaissance Techniques
- Video (35.6M RealMedia)
- Fyodor will present real-life examples of common network and firewall configurations, then demonstrate practical techniques for exploring and mapping those networks. He will cover IDS evasion, "phantom ports," advanced ping sweeps, firewall circumvention, DNS hackery, IPv6, and more using his free Nmap scanner and many other open-source tools.
Greg Conti - Interface Design of Hacking Tools
- Video (34.2M RealMedia)
- Publicly available computer security tools are often great works of technological expertise. A great deal of effort goes into the technical implementation, often at the expense of the user interface and overall user experience. Designed for all levels of expertise, this talk explores common user interface design techniques that will put a usable front-end on computer security tools. A variety of tools will be examined and critiqued to illustrate and reinforce these techniques. Attendees will leave with an increased understanding of user interface and user experience design that they can apply to their own development projects to make them more effective.
Lenard Kleinrock & Sally Richards - At Risk! Privacy: Homeland's Rights to Take It Away and the Hacker as a Hero to Restore Privacy Via Code to Protect the Every Day User
- Video (33.2M RealMedia)
- Leonard Kleinrock, co-creator of the Internet and Sally Richards, author and privacy advocate, talk about the past present and future of privacy and civil rights and how they pertain to the next wave of technology -- keeping your data safe from both government agencies and commercial entities leveraging your info for Big Brother and commercial uses? Will this next level of technology to block Big Brother be illegal and the technologists developing it be jailed for some government infringement of national security? Where will the code heroes of tomorrow come from? And how will they be able to leverage their code into commerce?
Michael Schrenk - Online Corporate Intelligence
- Video (19.3M RealMedia)
- A rapidly growing number of businesses use webbots and spiders to collect corporate intelligence about their competitors. This session will explore: the types of information companies gather about each other, where they get it and what they do with it. We'll also discuss: privacy concerns, methods for writing stealthy webbots, and various related opportunities for the community.
Bryan Glancey - PDA Insecurity
- Video (26.9M RealMedia)
- Palmtops are going in power and popularity. How is the security on these devices and what can be easily bypassed. We will look at the HP 5455, the pinnacle of Palmtop security and see how easily its biometric security can be overcome. We will also cover basic security holes present in all palmtops - regardless of model.
Mystic - Mimicry
- Video (15.2M RealMedia)
- Mimicry is the ability to survive by mimicking your surroundings. In 1996 a book named Disappearing Cryptography by Peter Wayner was published and with it proof of concept code called the mimic functions that allow for encrypted data to be hidden in innocent looking text. This allows for encrypted data to be passed through networks undetected by filters looking for anything out of the ordinary. This talk will include an introduction to how the mimic functions do what they do and will also be an introduction to a tool called ircMimic that uses the mimic functions to hide data in an IRC conversation.
J0hnny Long - Watching the Watchers: Target Exploitation via Public Search Engines
- Video (28.3M RealMedia)
- In today's world of all-knowing, all-seeing search engines, it should come as no surprise that very sensitive information lies in the deep recesses of big search engines' data banks. What may come as a surprise, however, is just how much of a search engine's collected data exposes security flaws and vulnerabilities about the crawled sites. In some cases, even after a security hole is fixed, a search engine may cache data about that vulnerability, providing information about other avenues of attack. This process of "watching the watchers" is not theoretical. It happens, and it happens daily.
- This session demonstrates the technique of crawling one of the most popular search engines for security vulnerabilities on one or many targets simultaneously. Sample information will be extracted about various friendly targets without sending any data or packets to the intended targets, leaving those targets completely unawares. A database of hundreds of vulnerabilities (and growing) will be uncovered and presented to the participants, as well as an automated tool which can be used to scan search engines for vulnerabilities on participant's hosts and networks.
- A little-known research page has been started with working examples of this technique applied to one popular public search engine. See johnny.ihackstuff.com/security/googleDorks.shtml for details. This presentation (especially when presented in conjunction with a live Internet feed) is not only informative and eye-opening, but both refreshingly fun and amazing to watch. Most participants will have a great deal of familiarity with the search engines presented and will be delighted (and rightfully concerned) to see them operating in a manner they were not designed for. Solutions for remedying and controlling this amusing (yet very serious) vulnerability will also be discussed.
OldSkoolS - Satellite TV Technology: How It Works and What You Can Do With Different Dishes
- Video (32.7M RealMedia)
- Ever wondered what that big 10' dish in your neighbor's back yard is good for? Pondered what signals you could pick up other then subscription TV on your small dish? OldSkoolS walk you through the wonderful world of satellite technology. He will quickly bring you up to speed on what the difference is between C- and Ku-band, and what the different protection systems used in today's satellite communications. Tips on procuring used and new hardware will be given as well as a few legal tips. A live demonstration of hardware and software will be shown (If a view of the southern sky is provided for the satellite dish). No background knowledge of satellite TV technology or systems is needed.
Chung's Donut Shop - The Luna Correspondence Protocol
- Video (33.1M RealMedia)
- The Luna Correspondence Protocol is an anonymous finitely improbable data dispersal and stealth security nexus. Elaborated, Luna is a protocol designed to ensure traffic travelling across the Internet can't be snooped by prying eyes. Luna is the greatest and best attempt - to date - at purely anonymous and secure data transmission by commingling various techniques involving encryption, data relaying and mathematics - absolutely not security by obscurity.
- By attending our presentation, the viewer will learn of our comprehensive first-class research conducted in the fields of wide data dispersal, data security and anonymity. The attentitive listner will receive free donuts (Chung's special recipe).
- No esoteric knowledge is required of the listener, only a grasp of networking, as our talk is straight-forward. Data coding and math theory (discrete math) will be discussed, so appropriate knowledge is a plus, but definitely not required.
Paul Clip - Hacking From the Palm of Your Hand
- Video (36.3M RealMedia)
- Palm handhelds have become almost ubiquitous and very cheap, every month sees the announcement of yet another flavor with new and improved functions. Yet, how effective are Palms as a hacking platform? This presentation will cover some of the existing security tools on PalmOS before focusing on the release of a new TCP-based scanner running on PalmOS capable of net recon, banner grabbing, and web vulnerability scanning. Design criteria and implementation details will be discussed, as well as a demonstration of the tool in action. The scanner will be available for download at Defcon.
Robert Imhoff-Dousharm - Credit Card Networks 101: What They Are, and How to Secure Them
- Video (27.7M RealMedia)
- Credit card networks have grown into a viable and necessary asset in large transaction based businesses. Are these networks protected? Are there formal security measures to protect these packets from external, and internal threats? Most network administrators, controllers (CFO) and CIO's are not even aware of credit card's flow or existence on a network. Further some over protect their switched network, disabling these systems from working correctly. One needs to have knowledge of these networks, know the possible exploits, and how to secure them.
Len Sassaman, Peter Palfrader, noise, Michael Shinn, Ryan Lackey - Behind the Remailers: The Operators and Developers of Anonymity Services
- Video (41.2M RealMedia)
- Anonymity and privacy are cherished rights of Internet users. This panel brings together some of the key figures behind the type-II remailer network in operation today. Intended to be an audience-directed presentation, these panelists are prepared to answer all of your remailer related questions, from topics concerning remailer software development, usage, legal implications, social aspects, and personal experiences.
Ofir Arkin - Revolutionizing Operating System Fingerprinting
- Video (37.7M RealMedia)
- Xprobe is an active operating system fingerprinting tool, which was officially released two years ago at the Blackhat briefings USA 2001. The first version of the tool was a proof of concept for the methods introduced in the "ICMP Usage in Scanning" project, which I have conducted. Two years after, and several versions later (mainly Xprobe2 v0.1 release), this talk would examine several issues with operating system fingerprinting we (Fyodor Yarochkin and myself) have encountered during the development of Xprobe and Xprobe2. Mainly the talk will explain why traditional operating system fingerprinting methods suffer from a number of caveats, and how these issues directly affects the results different operating system fingerprinting tools relying on these methods produce (these issues will be explained along with different examples). During the talk I will introduce several advancements in the field of operating system fingerprinting. The methods introduced greatly enhance the accuracy of operating system fingerprinting. Several new ways to gather information about a host OS will be uncovered along with ways to overcome many of the current issues of active operating system fingerprinting methods. During the talk examples will be given, and the audience will be encouraged to participate in a discussion. A paper release, and a new version of Xprobe2 will accommodate the talk.
ParanoidAndroid - Beat the Casinos At Their Own Game
- Video (24.6M RealMedia)
- Tired of having casinos take your money? Did you know that it is possible to be a long-term winner in some casino games? This presentation will cover the basic information that you need to learn about card counting, sports betting and other casino games where you can gain an advantage. The presentation will also cover casino surveillance and how to avoid detection. There will also be discussion on casino comps and other ways to take money from the casinos.
Jaya Baloo - Government IP Tapping: Vendors & Techniques
- Video (34.9M RealMedia)
- Jaya Baloo (CCNP, CISSP) has been working in InfoSec for 5 years, starting at Unisource in The Netherlands. After moving to KPN Telecom, she has worked internationally for the Dutch Telecom Operator in Namibia, Egypt, Germany, and Costa Rica designing secure IP infrastructures for national operators. More recently she has worked in Prague for Czech Telecom on Lawful Interception.
Tony Kapele - Fashonably Late - What Your Networks RTT Says About Itself
- Video (36.6M RealMedia)
- In this session, we will explore network fingerprinting through the use of high-frequency active probes to determine the network's delay. We will also discuss how signal analysis techniques on those delay measurements can be employed to characterize a network's performance and configuration. Using examples from a real-world enterprise network, various layer-1 and layer-2 features will be exposed including: a router or switch's queuing behavior, evidence of unrelated cross-traffic, and the presence of a configured monitoring or "span" port, perhaps indicating the presence of an eavesdropper.
Bill Scannel - Punishing Collaborators Redux
- Video (28.6M RealMedia)
- Just when you thought Total Information Awareness was dead, The Department of Homeland Security rolled out plans in February of this year to introduce an Orwellian airport passenger profiling system called CAPPS II. The plan originally called for running checks on credit, banking, and criminal records every time a citizen flew on a commercial aircraft. Bill Scannell didn't feel like being asked 'papers, please' every time he traveled, so he targeted the only airline participating in the testing of CAPPS II: Delta Airlines. The resulting Delta boycott and millions of dollars in negative publicity caused Homeland Security to pull the plug on the program pending a privacy investigation, and for Congress to withhold all 2004 funding.
Daniel C. Silverstein & Damon McCormick - Increasing the Security of Your Election by Fixing It
- Video (35.7M RealMedia)
- In response to the problems that plagued the last United States presidential election, many communities plan to replace existing paper ballot machines with electronic voting systems. Unfortunately, the new systems open up a Pandora's box of security issues that traditional paper ballots do not face. It is difficult to understand the issues because there is a serious lack of data describing the real world performance of these systems. This problem is compounded by the fact that the major commercial vendors' products are closed, proprietary systems protected as trade secrets. Ignorance of the unique security concerns raised by electronic voting could leave U.S. State and Federal elections open to unprecedented levels of fraud. This past April, a new online election system was used at the University of California at Berkeley. We present this system as a case study, which sheds much needed light on electronic voting security. We describe the workings of this system, and discuss the findings of our security analysis. Additionally, we crafted a man-in-the-middle attack that exploits a flaw inherent in the system architecture. Our talk provides a detailed technical explanation of the attack.
- Finally, we discuss the implications of the case study. We will show that many of our conclusions apply to the major commercial systems, in spite of tangible differences with the case study system. We will answer questions from the audience, and offer constructive ways to address some of the concerns we raise. This talk is suitable for attendees of all technical levels. For a thorough understanding of our man-in-the-middle attack, we suggest that you have some programming experience and familiarity with DNS and NAT.
Cat Okita - Aura: A Peer To Peer Reputation System (4.2M MP3)
- Video (26.3M RealMedia)
- Aura is a peer-to-peer reputation system designed to create localized reputation information linked to specific users and/or systems. It can also function as a carrier of information in the form of 'recommendations.' Current research in trust metrics and reputation systems will be briefly covered, and implementation and design challenges will be discussed in greater depth
Joe Klein - Information Leakage -- You Posted What?!
- Video (36.4M RealMedia)
- If information is power, they why are so many organizations willing to give away this power? Are they are not aware of the risk to their network by posting network diagrams on the Internet? Or to staff, by posting the CEO's home addresses, wife and kids names on their website? Or to the organizations financial wellbeing by leave their financial transactions zipped on their company ftp server? The focus of this presentation will show the ways organizations release information both intentionally and non-intentionally.
Susan Brenner - Toward a Criminal Law for Cyberspace
- Video (35.7M RealMedia)
- The traditional model of law enforcement was shaped by certain assumptions about criminal activity. These assumptions derive from characteristics of real-world crime, i.e., that victim and offender must be in physical proximity, that crime is limited in scale, that physical evidence will be found at a crime scene and that crime falls into identifiable patterns. These assumptions gave rise to a hierarchically-organized model which operates on the premise that crime is localized, i.e., occurs within a specific geographical area encompassed by a single set of national laws. The traditional model, in effect, assumes the primacy of nation-states as law enforcers.
- Neither these assumptions nor the premise that crime is localized apply to cybercrime; cybercrime makes nation-states irrelevant. It evades the assumptions that shaped the traditional model and, in so doing, creates significant challenges for law enforcement. It is therefore necessary to devise a new approach for dealing with cybercrime, one that takes into account the distinctive characteristics of technologically-mediated crime.
- Such an approach is evolving in the cybercrime task forces established pursuant to a mandate contained in the USA PATRIOT Act. Whereas the old model emphasized law enforcement's reacting to completed crime, this approach emphasizes collaboration between potential victims and law enforcement in an effort to prevent cybercime. It also emphasizes lateral, networking arrangements in which law enforcement personnel often function more as consultants than as sole investigators. Clearly, a lateral, collaborative approach is a more advantageous strategy for dealing with cybercrime.
- The problem is that individuals also need to be involved if this approach is to be effective. Currently, corporations and other entities are more likely to understand the need and have the resources to partner with law enforcement in an effort to implement cybersecurity. This is not generally true of individuals, but it may be possible to use new principles of criminal liability - modified rules of criminal law and imported, modified civil law rules - to create incentives for individuals to participate in such an approach.
SensePost - Putting The Tea Back Into CyberTerrorism
- Video (33.4M RealMedia)
- Many talks these days revolve around cyber terrorism and cyber warfare. Some experts suggest such attacks could be effective - others say that targetted country-wide cyberterrorism is just for the movies... or a Tom Clancy book. In this talk we look at very practical examples of possible approaches to Internet driven cyber warfare/terrorism. The talk will include an online demo of a framework designed to perform closely focussed country-wide cyber attacks.
Roberto Preatoni - The Future Frontiers of Hacking - UMTS Mobile Phone Platform Web Intrusions: The Best Indicator of the Vulnerable Status of the Internet
- Video (35.1M RealMedia)
- The introduction of the UMTS mobile telephone protocol will be the last frontier for hackers. How will they act? What vulnerable points will be expolited? How the UMTS technology will pose a treath to our everydays lifes leading to complete loss of privacy. Web defacements and Internet scams. A sharp overview on trends and techniques used by web intruders. Linux or Windows? Internet security myths. Zone-H, the Internet thermometer. Internet scams are the best indicator of the vulnerable status of the average Internet users.
Eric Goldman - Criminal Copyright Infringement and Warez Trading
- This talk will discuss criminal copyright infringement and how it applies to warez trading. We will discuss what is legal and what isn't, who has been prosecuted, why they were prosecuted and what happened to them, and why the law is bad policy. You should expect to leave the talk more knowledgeable about what activities are criminal and how great or small the risks are.
Spyde~1, AutoNiN & Mystic - The UPS (Undetectable Packet Sniffer)
- Video (16.0M RealMedia)
- Presentation of the UPS - the Undetectable Packet Sniffer: a Hostile packet sniffer posing as an Uninterruptible Power Supply. Complete HOW-TO: hardware configuration, software configuration, integration into a non-functional UPS, installation and use. Proof of concept project by the Tri-Valley Security Group (TVSG).
Robert Sheehy - Theft of Service Attacks
- Video (36.8M RealMedia)
- This talk will focus on the security holes prevalent in many subscription based service products such as Internet dial-up service, web hosting, software purchases, and satellite television. Specifically the talk will focus on various billing system attacks, application attacks, increasing account privileges to gain unauthorized or extended access to subscription content, and bypassing account restrictions; It will be demonstrated how these attacks are performed, and how to detect and react to them.
Mikko Valimaki & Ville Oksanen - The Story of EFFI: How We Started a Cyber-rights Group in Finland, Which Kicks Ass
- Video (34.4M RealMedia)
- We want to show you how just a couple of fellows can start a truly efficient cyber rights group at a regional level (state, country, etc.) and influence the encryption, privacy, fair use, etc. laws & change the public opinion. We did this in Finland in a year. EFFI was founded in 2001 and now, in summer 2003, has some 300-400 paid members and counting. We got to the nation's main newspapers in spring 2002 and hit the radio and TV in fall 2002 and been since then regulars in the media. Our top achievement so far has been stopping E.U. Copyright Directive (Europe's DMCA) in Finland. We've also fundamentally changed the law on the feeedom of speech and spamming (see www.effi.org for details).
- Next, we'll answer basic questions on how we get there. Who proposes these laws and how can even individual hackers and tech enthusiasts influence the legislative process? How did we build relationships to politicians? How did we got ourselves to TV regulars in Finland and changedthe public opinion to our support? How can we extend our regional success to European level? Finally we want to explain why the political, moral, and legal issues are inherently global and why the hacker community should support action in every corner of the world. We get into details of U.S. and European hacker-unfriendly politics and compare different options to support our common cause: influence parliamentary and democratic process vs. act independently & anonymously hacking the software of "evil corporations." Our approach is to act with names and do everything politically correct.
Silvio Cesare - Open-Source Kernel Auditing and Exploitation
- Video (38.6M RealMedia)
- For a period of up to 3 months in 2002, a part-time manual security audit of the operating system kernels in Linux, FreeBSD, OpenBSD, and NetBSD was conducted.
- The aims of audit were to examine the available source code, under the presumption of language implementation bugs. Thus classic programming bugs, prevalent in the implementation language [C], exemplified in integer overflows, type casting, incorrect input validation and buffer overflows etc. were expected. The initial introduction to auditing examined easily accessible entry points into the kernel including the file system and the device layer. This continued to an increased coverage and scope of auditing. From this work, identification of conjectured prevalent bug classes was possible. These results are in favour of the initial expectations; that bugs would be that in line of classical language bugs.
- The results of this audit are surprising; a large [more than naively expected] number of vulnerabilities were discovered. A technical summary of these vulnerabilities will be treated in detail. Bug classes and [conjectured] less secure specific subsystems in the kernel will be identified. These conjectures support the the research of Dawson Engler's work in automated bug discovery in application to open-source kernel auditing.
- Vulnerabilities after bug categorisation, are applied in the treatment of exploitation. The results are again surprising; exploitation sometimes being trivial, and primarily being highly reliable. The assumptions of exploitation difficulty, is conjectured to be a false belief due to lack of any serious focus on kernel auditing prior to this paper. This conjecture is supported by in-line documentation of kernel sources indicative of immediate security flaws.
- Attack vectors are identified as a generalisation of bug classes. Risk management is touched upon to reduce the scope of attack, but is not the primary purpose of this paper.
- Discussion is finally that of vendor contact, and the associated politics of vulnerabilities. First hand reports of acknowledgement times, problem resolution times and public dissemination policies are presented in candid. The author may be biased at this point, but it appears that in during this audit period, open-source holds up to the promise of security concern and responsibility in its community. Problem acknowledgement in at least one of the the cases presented is perhaps the fastest in documented history (less than three minutes).
- The majority of the vulnerabilities discovered during the audit, were resolved and patched in co-operation with the open-source developers and community responsible for each respective operating system. A very large thanks must go to Alan Cox, Solar Designer and later followed by Dave Miller who made enormous efforts to continually resolve all issues uncovered.
tommEE pickles - Streaming Media Theft and Protection
- Video (29.3M RealMedia)
- tommEE pickles presents an 101-type approach to streaming media. He will talk about sites that host streaming media, how to leech the media off of them and how to also protect site that host streaming media.
Richard Thieme - Hacker Generations: From Building the Network to Using the Network to Being the Network
- It has all happened so fast. Eleven years of Defcon define three identifiable generations of hackers. (Yes, that's an arbitrary distinction, but it's useful.) The first generation helped build the network, the second learned how to use the network, and the third has become the network. The management of perception in the mind of society is the battle in which we are now engaged. Online life is threaded through with deception and counter-deception, intelligence and counter-intelligence, but that's second nature to the latest generation of hackers. They understand that intuitively. They operate in small cells, manage their egos with discipline, and execute stealthy sophisticated operations with finesse.
Beetle & Bruce Potter - Airsnarf - Why 802.11b Hotspots Ain't So Hot
- Video (20.5M RealMedia)
- As wireless hotspots continue to pop up around the country, the opportunity to take advantage of the weakest point of this new networking fad becomes greater. What weak point is that? Why, the user, of course. Why sniff traffic, or crack WEP, or spoof MACs, when you can simply ASK for and easily receive usernames and passwords? Members of the Shmoo Group discuss how wireless miscreants can garner corporate or hotspot credentials the easy way: rogue access points. Additionally, a new utility will be provided to make rogue AP setups a cinch - with a twist. Little to no wireless knowledge is needed to understand how simple it is to never again pay for wireless hotspot access.
Brian Hurley & Ann Gabriel - Internet Radio Politics
- Video (30.6M RealMedia)
- A summary of the current legal state of Internet radio. How the RIAA, a group of popular commercial webcasters, and Congress conspired to betray smaller webcasters, in an attempt to eliminate the majority of stations broadcasting on the Internet. We will compare the philosophies of those who see Internet radio as just another mass medium to be controlled and consolidated into as few stations as possible, and those who want to maintain a large number of stations with a rich variety of programming, and how these groups are fighting to influence the public, Congress, and the media. We'll close with a look at the future of Internet radio, and outline the Webcaster Alliance's strategy to break the RIAA's hold over this new medium.
Wendy Seltzer - The Internet's Private Cops
- Video (33.3M RealMedia)
- It is not only governments that are engaged in surveillance of Internet activity. Increasingly, private actors, including corporations asserting intellectual property interests, are being given the power to police the network and demand user identities, in the name of enforcing their private interests. Even when the law does not give them the authority, some have been overzealous in sending legal threats claiming such rights. This presentation will examine the legal claims (such as DMCA, copyright, trespass) frequently raised by private parties, your rights in response, and ways to protect yourselves from these threats, including via the Chilling Effects website.
Seth Fogie - Embedded Reverse Engineering: Cracking Mobile Binaries
- Video (31.9M RealMedia)
- The embedded mobile market is headed for a day of reckoning when it will become the target of virus/trojan writers. To prepare for this, security experts must understand reverse-engineering fundamentals, as they apply to the pocket PC device, so they can research, investigate and understand the impact of malware and how to prevent it from spreading.
- Unfortunately, when it comes to understanding malware for the PPC environment, there is little guidance. The only exception to this is ironically found in the backyard of same people who would write the destructive code. What we are talking about is the reverse-engineering of software protection schemes.
- As a result, this talk will focus on the security protection schemes built into PocketPC software, and how these protections are circumvented. Using the same tricks, tools, and techniques that crackers use to bypass anti-piracy schemes, we will demonstrate first hand how these programs are cracked using a simple 'crackme' serial validation program as an example. We will start with a discussion on the hardware environment and reverse-engineering fundamentals to provide a background and foundation for the core of the talk; a step-by-step demonstration on how to crack a real program.
Gregoire Gentil - Hack Any Website
- Video (16.3M RealMedia)
- This session will learn how you can hack any website whatever its protection. The most basic and simple attack against a website is to change the content of one of its pages. When trying to attack a website, one first thinks to attack the web server. But attacking the client could be easier and more powerful. This is what you will see during this session. In one hour, you will understand how to take the full control of Internet Explorer 4.x and above and modify on-the-fly the content of any HTML page before it is rendered.
Cindy Cohn - What Hackers Need to Know About Post 9/11 Legal Changes
- Video (40.1M RealMedia)
- The Bush Administration's relentless assault on freedom and privacy online and offline hit the ground running with the PATRIOT Act in the immediate aftermath of 9/11, but hasn't slowed since then. While the terrorist acts had absolutely no relationship to computer hacking, hackers were a clear target in the PATRIOT Act and subsequent developments. The changes in the legal landscape are vast and wide, but anyone interested in computer security research, whether professionally or as a hobby, should have a basic understanding of the new world order. EFF was one of the broad coalition of groups that fought the PATRIOT Act -- its analysis comes up first in a Google search on the law -- and continues its work opposing all of its ugly brothers, sisters, cousins and step-children. The talk will focus on the portions of these laws and programs that affect hackers of all hat colors, including:
- Changes in the Computer Fraud and Abuse Act; The expanded definitions of "terrorist" and "material assistance to terrorists" and what they may mean for toolmakers; All your logs are belong to us - the reduced provisions for subpoenas to ISPs and others who have information about you; What reduced judicial oversight,fewer checks and balances and more sharing among various cops means in practice; What Patriot II/DSEA holds in store; TIA, CAPPS II and other acronyms you should know about; How can you legally to better protect yourself and others.
Dan Kaminsky - Stack Black Ops
- Video (39.0M RealMedia)
- What can your network do? You might be surprised. Layer by layer, this talk will examine previously undocumented and unrealized potential within modern data networks. We will discuss aspects of the newest versions of scanrand, a very high speed port scanner, and the rest of the Paketto Keiretsu. Interesting new techniques will also discussed, including: Bandwidth Brokering - a technique that allows market-based load balancing across administrative boundries using existing TCP protocols; DHCP-less Bootstrapping - a sub-optimal but effective strategy for bootstrapping network access for hosts that cannot directly acquire a DHCP lease; State Reconstruction - a design model that allows stateless network scanners (such as scanrand) to acquire deep knowledge about scanned hosts; Multihomed Node Detection - a simple set of techniques that expose firewalled hosts with alternate paths to an unfirewalled network link; Generic ActiveX Encapsulation - a step-by-step methodology for safely launching arbitrary win32 tools (such as putty or a Cygwin OpenSSH environment) from a web page.
- We will also be discussing significant advances in data visualization, made necessary by the sometimes daunting amount of raw information these sorts of tools can expose one to.
David Rhoades - Hacking Web Apps
- Video (43.6M RealMedia)
- WARNING: The vulnerabilities you are about to see are real. Only the names have been changed to protect the vulnerable. Viewer discretion is advised. Is your web application secure? Many have found out the hard way: encryption and firewalls are not enough. Since 1996 the instructor has performed security assessments against web-based applications for Fortune 500 companies. The applications audited included consumer banking (U.S., Europe, and Asia), business banking, credit unions, conference & travel reservation systems, credit card applications & account access, 401K account access, stock broker transactions, and consumer telephone account access.
- What were the real-world vulnerabilities encountered? Come see for yourself as this fast paced course re-enacts these hacks. See what the weaknesses were and how they were exploited. If Fortune 500 companies made these mistakes, chances are good that they are not alone. The lessons learned will apply to web portals, e-commerce (B2B or B2C), online banking, shopping, subscription-based services, or any web-enable application. Watch how attackers manipulate HTTP and HTML to locate web app vulnerabilities. See the latest hacker tools and techniques for web apps. Demo: Real-world web app weaknesses and exploits will be demonstrated live. The vulnerabilities demonstrated will be based on real vulnerabilities seen by the instructor while auditing customers - only the names have been changed to protect the vulnerable. This presentation offers valuable insight into some subtle but serious dangers for online applications.
Matt Shannon - _vti_fpxploitation (4.1M MP3) (M4B)
- Video (25.6M RealMedia)
- With over 32,000 Frontpage enabled webservers currently on the Internet, it's easy to take it for granted. However, Microsoft Frontpage is one of the least documented and most mis-understood web authoring systems available. In this presentation we will seek to close that gap, and expose the inner working of the Frontpage and Frontpage Server Extensions protocol. We'll show the hidden flags and undocumented options within the session data, many of which are unavailable even to Microsoft Frontpage users! Plus we will debut new open source tools geared directly toward taking advantage of the Frontpage systems, including a Perl-Gtk Frontpage vulnerability scanner.
- Our presentation will cover the following areas: An Initial Perspective "Breaking down the overall system, providing an overall process view." Decoding the System "Explaining the authentication system, the protocol spec, command sequence, and undocumented options." Knocking on the door "Debut custom tools built to specifically manipulate the authentication system and provide an open source Frontpage vulnerability scanner." What to do when your there "Provide a basic understanding of Microsoft's Active Server Pages Visual Basic language, and provide example hacker tools developed in ASP." Holding down the fort "Give those supporting frontpage the much needed information to help better secure their enterprise."
FX - More Embedded Systems
- Video (39.3M RealMedia)
- The talk focuses on more embedded systems - this time, looking into the mobile world of GSM as well. How can the infrastructures and protocols in the Internet enabled GSM world be used for attacks? This session will give you an introduction to the concepts of WAP and GPRS. Equipped with this knowledge, some interesting applications of these protocols will be presented. Of course, it also covers some funny things you can do with (against) mobile phones. The second part will show you the latest advancements in Cisco IOS exploitation. While Phenoelit showed you last year that it can be done, we will go on and show you this year that it can be done better, more reliable and more elegant.
Tom Parker, Matt Devost, Marcus H. Sachs and Toby Miller - Adversary Characterization and Scoring Systems
- Video (49.3M RealMedia)
- Cyber adversary characterization is a topic which was conceived by the panel members along side other members of the computer security and intelligence communities in an attempt to provide an accurate way to build profiles of cyber adversaries, much like the way in which criminal psychologists profile more traditional criminals. The characterization metrics conceived attempt provide a characterization of both theoretical adversaries, classing them based on statistics harvested from the wild and an accurate way of characterizing an adversary at an incident response level by studying the methodologies used during the attack. The panel will begin with an introduction to the topic, followed by in depth discussion regarding the various characterization metrics and their applications; toward the end, we will be taking questions from the floor.
Adam Bresson - Manyonymity: PHP Distributed Encryption
- Video (36.9M RealMedia)
- Manyonymity is an advanced, self-programmed PHP Distributed Encryption web application under the GNU GPL. Manyonymity premieres at Defcon 11 in conjunction with a self-developed, new theory of encryption: geometric transformation. Manyonymity is a customizable, easily-maintained PHP Distributed Encryption web application including verified installation, maintenance and a powerful user interface. Manyonymity allows anyone to run their own GNU GPL encryption and fingerprinting server. We'll discuss general encryption, the functionality of Manyonymity, demonstrate a sample implementation and discuss future development. Manyonymity, it's who you don't know.
Daniel Roelker - HTTP IDS Evasions Revisited
- Video (36.3M RealMedia)
- HTTP IDS evasions have been prevalent ever since the release of RFP's whisker. But what's been happening since? This presentation addresses the advancement in HTTP IDS evasions since whisker. Some of the specific topics covered will be: The evolution of protocol-based IDS and signature-based IDS in regards to HTTP evasions. What's the same and what's different? Latest and greatest obfuscations in URL Encoding (what the IDS vendors don't know). We'll go into the various types of URL encodings, how the different types of Unicode encoding really work, and new encoding types and combinations that confuse IDS HTTP decoders. Evasions using HTTP/1.1 protocol characteristics, in the spirit of Bob Graham's Sidestep program.
- The following source code will be released to demonstrate and automate the various URL encoding methods and HTTP/1.1 protocol evasions tactics: Source code for automatically generating URL IDS evasions using the tactics discussed in the presentation. Source code for generating Unicode codepoint values on target IIS machines for further fun with URL obfuscation and evasion. Source code that profiles web servers for what types of evasions do and do not work against them -- hopefully this can be released.
Michael Sutton & Pedram Amini - Hacking the Invisible Network: The Risks and Vulnerabilities Associated with Wireless Hotspots
- Video (35.2M RealMedia)
- Wireless hotspots are emerging as an effective means of providing on-demand Internet access for users with 802.11x enabled devices. The networks typically exist in places frequented by business travelers, such as hotels, airports or in locations with persistent clientele such as coffee shops. The technology provides an efficient and cost effective way for companies to deliver Internet access to their customers and also offers an alternate revenue source, as many networks are "pay for play." Most users are enticed by the convenience of these networks, but are unaware of the security risks that they present. Companies have historically implemented security by building an impenetrable fortress around network assets. This system is flawed. It does nothing to protect the multitude of portable devices such as laptops and PDAs that are frequently used outside of this fortress. Hotspots are shared networks that broadcast traffic. By design, hotspots do not implement encryption schemes such as WEP, which provides a target rich environment for malicious attackers. Unencrypted network traffic can be intercepted and traditional remote attacks can be perpetrated on machines that are operating without protection from attack. This poses a significant risk for corporations as these devices commonly contain sensitive corporate data.
- Research conducted on numerous hotspot implementations has revealed that most leave end users unnecessarily exposed to both local and remote attackers. Most networks also have weak access controls that leave business owners exposed to loss of revenue from various attack scenarios such as session hijacking, data tunneling and connection sharing. The presentation will address the following: The risks associated with using Hotspots. Specific attack scenarios - identifying tools and techniques that were used. The network design of specific hotspot implementations. What users can do to protect themselves.
Grifter - Dumpster Diving: One Man's Trash...
- Video (41.9M RealMedia)
- There are few things that yield more information about an individual or organization than their very own trash. This simple fact can be both fun and frightening depending upon which side of the fence you're on. Practiced by hackers for countless years, the act of dumpster diving has been an essential tool in the hackers toolkit; and an often overlooked area of an organizations security policies.
- This speech will cover but not be limited to: Who are Dumpster Divers? What it is, and why they do it; What to wear and take with you when Dumpster Diving; Basic Rules to follow to stay safe and within the law; What to do if approached by the authorities; Areas to dive and not to dive; Interesting and Humorous Anecdotes; Ethics; Protecting your privacy or the privacy of your organization.
Sean O'Toole - Metamorphic Viruses
- Video (23.4M RealMedia)
- This talk will cover the components and theory behind metamorphic engines. Also, how they create a better stealth method for viruses since it will cause the body of the virus to completely change in apperance while still containing the same functionality. This method of virus writing has gained much attention since this century, compared to it's earlier day, which include the '98 Win95/Regswap and others whose techniques have now developed into what we know as Metamorphism today.
Jay Beale - Locking Down Mac OS X
- Video (35.5M RealMedia)
- Apple's OS X operating system combines BSD Unix with easy-to-use Mac operating system components. This has produced an operating system that natively runs Microsoft Office, is friendly as can be finding you people with which to chat and exchange fileshares with, and yet still runs a command line! Needless to say, it could probably use some lockdown before you want to take it to Defcon, or even to the airport, with the wireless card plugged in. The speaker has ported Bastille Linux to OS X and learned a thing or two about locking down OS X in the process. This talk will demonstrate lockdown, showing you how to harden the OS X operating system against future attack.
Jonathan Wignall - Network Worms: What Is Possible
- Video (41.9M RealMedia)
- Network worms have been around for almost as long as the computer networks they need to spread via, but it only with the advent of mass Internet access that they have become commonplace. This presentation will outline what network worms are, and how they differ from a "normal" computer virus, but in the main concentrate on what future worms could achieve. The presentation will look forward to what we could see in both the near, and far future giving examples of what can be developed. Web replication and other possible distribution methods will be discussed and you will learn why so few worms currently effectively achieve mass distribution. No prior technical knowledge is required of the audience, and should be understandable by those with limited knowledge of computers, although greater knowledge will be a plus.
Mick Bauer - Self-Abuse For Smarter Log Monitoring
- Video (37.1M RealMedia)
- Your Unix-based webserver has logs, and you know you should be keeping an eye on them. But what should you be looking for? Would you recognize an attack even if you saw one? What sort of automated log-watchers are available, and what if you need to tell *those* what to look for? Attacking your own system while scanning its logs is a quick way to learn what anamolous log activity looks like. Plus, it's a fun excuse to run Nessus, nmap, and whisker against someone who won't call the cops on you (i.e., yourself). In my presentation I'll demonstrate this sort of productive self-abuse, using the aforemention tools plus less-glamorous but equally useful commands like telnet and wget. My groovy two-laptop demos will show both attacks and logged messages simultaneously, adding to the overall excitement. In addition to all that, I'll discuss how to fine-tune the mechanisms that control logging, and how to use automated log-watchers such as swatch (which needs to be told what to look for) and logwatch (which doesn't necessarily). The presentation will culminate in a challenging game of "You Be the K1d10t," in which Defcon attendees will be welcomed to take their best shot at my wireless-connected laptop, while the audience & I watch the log messages that result (or don't). Anybody who roots my box, or causes a really entertaining log message, will receive a piece of the donated junk arrayed on the stage for that purpose. (But if my box gets DoSed beyond salvage, I'll just ask some trivia questions and call it a day, so please play nice!) This will be a fairly technical presentation. Attendees should have a working knowledge of the Unix variant of their choice (my demo systems both run Linux), but my presentation should be comprehensible to most Unix newbies, while still being useful to intermediate and maybe even advanced users (hey, everybody knows different stuff).
Criticalmass & Matt (404) - Social Engineering Fundamentals
- Video (37.9M RealMedia)
- This presentation will tell you about how social engineering and its fundamentals come into play with an attack on a network, person, or company. It will inform people on how to prevent these attacks and how to tell if a person is being attacked.
Brett Neilson - Malicious Code and Wireless Networks
- Video (36.4M RealMedia)
- With over 55,000 viruses circling the globe it is no wonder we are so paranoid about protection, but are we being paranoid enough? A new threat stands to potentially disrupt systems worldwide and cause hundreds of millions in damage. In this presentation we will discuss current wireless trends and some of the vulnerabilities they bring. In addition we will also discuss some potential wireless threats and explore some reasons why malicious code could spread within a wireless system.
Inertia - Introducing nmrcOS
- Video (15.2M RealMedia)
- nmrcOS provides a secure environment for the modern hacker-type to call home, which would help protect the privacy and security of the users of the system. In addition, it provides a portable working environment for the hacker on the go - easy loading on simple hardware, no-nonsense command-line for uber control, yet usable by most people out of the box. Discussion will focus on the history of the project and current design choices. Details on how to develop for the system will also be presented. Presentation includes demonstration of installation and configuration.
Jeffrey Prusan - Technical Security Countermeasures
- Video (34.2M RealMedia)
- As a corporate security advisor, former investigator, and TSCM technician, we will dispel the myths behing bugging and wiretapping. We will separate what tappers can and can not do (everything you see in the movies is not always true!!). What companies can do that will realistically protect themselves from eavesdropper and thereby help to protect their network, proprietary information, and intellectual property. We will explain and demonstrate the sophisticated electronic tools used by a professional sweep team, and describe what happens during the sweep process. We will demonstrate how phones are tapped in homes (analog phones), small businesses (KSU telephones systems), and larger companies (PBX systems). We will show how corporate spies attempt to infiltrate company telephone systems and ultimately compromise your network infra-structure. We show how anything purchased to detect eavesdropping from a "spy shop" will only waste your money and give you a false sense of security. We lay out the planning and execution of a successful sweep, and explain how to protect your company from threats in the future.
Viki Navratilova - Today's Modern Network Killing Robot
- Video (32.5M RealMedia)
- Today's Modern Network Killing Robot will give an overview on the new generation of DDOS tools. Back in the day, a couple of large pings could take down lots of machines. When those techniques stopped being effective means of taking down networks, people started writing DDOS programs. These programs required a little bit of manual work to install, but were effective at taking down large networks for a while. This generation of DDOS tools were made famous in the media by DDOS'ing famous websites for hours at a time. Soon people learned to control the damage done by these tools, and so a new generation of DDOS tools were born: Ones that could infect thousands of machines automatically to create large botnets, and hide their communications in order to evade detection better than their predecessors. These botnets are now the most effective DDOS tools in popular use today. This talk will go over the more popular botnets, such as gtbot and sdbot, and talk about how they work and some ways to spot them on your network.
Rich Murphey - Intrusion Prevention Techniques on Windows and Unix
- Video (38.6M RealMedia)
- What exactly is intrusion prevention and why the heck should we care? This talk surveys some of the common features of Intrusion Prevention systems, largely constrained by architectural layering of Windows and Unix kernels We then look at a case study of intrusion prevention and discuss how it differs from IDS, Firewall, AV, and others.
Ryan Lackey - HavenCo: What Really Happened
- Video (47.1M RealMedia)
- HavenCo, an attempt at creating an offshore data haven, was launched in 2000 by a small team of cypherpunks and pro-liberty idealists. During 2002, the Sealand Government decided they were uncomfortable with their legal and PR exposure due to HavenCo, particularly in the post-DMCA and post-9/11 world, and regulated, then took over the remains of the business, forcing the remaining founders out. While HavenCo continues to serve a small number of customers, it no longer is a data haven, and has exposed the ultimate flaw in relying on a single physical location in one's quest for privacy.
Michael D. Glasser - OSI Layer 1 Security
- In today's corporate environment electronic physical security is a serious business. Every corporation has some form of access control and/or CCTV system in place. There are only three really important questions to ask about it. Does it do what it's designed to do? Was it designed to do what it needs to do? WHO'S RESPONSIBLE AT THE END OF THE DAY?
- This presentation will; Give in depth explanation of the different technologies used in access control and CCTV today; Give an overview of general system designs; Give the most common security flaws that are existing today.
Chris Hurley - The WorldWide WarDrive (11.4M MP3)
- The WorldWide WarDrive is an effort by security professionals and hobbyists to generate awareness of the need by individual users and companies to secure their access points. The goal of the WorldWide WarDrive (or WWWD) is to provide a statistical analysis of the many access points that are currently deployed. Roamer will discuss the origin of the project, many of the difficulties the project has run into with the press and "other entities," the truth behind the goals of the project and the direction the project is moving in the future. Also, the full statistical analysis and results of the Third WorldWide WarDrive will be revealed for the first time.
Simple Nomad, Inertia, jrandom, Weasel, Cyberiad, Sioda an Cailleach, HellNbak - Free Your Mind: The NMRC Info/Warez
- New years bring new threats. Laws such as the DMCA, PATRIOT and DSEA are threatening hackers to the core. But instead of lecturing on what the underground could be doing to counter, NMRC will lead by example and present what they have been working on for the past year. New tools, new techniques, new information, and a new operating system! All open source, all full disclosure, all with security and privacy in mind.
Icer - Why Anomaly Based Intrusion Detection Systems are a Hackers Best Friend (8.7M MP3)
- The security market is booming. New types of tools are emerging all the time with promises of being able to protect networks better than the last generation. The newest trend is anomly based intrusion detection systems. These systems claim the ability to detect new types of attacks before comprable signature based systems while being able to scale to higher network speeds. Are these claims true? Will these systems be the silver bullet to protectthe clueless? Are these tools any better than the other script kiddie prevention tools? This talk will answer these questions and more.
Abaddon, Dragorn, Anton Rager, Joshua Wright & h1kari - Abusing 802.11 (20.3M MP3)
- Video (63.8M RealMedia)
- Panel will discuss network detection, protocol-level vulnerabilities in all the 802.11 families, new techniques for defeating WEP, vulnerabilities in WPA/802.11i, and detecting attacks against 802.11 networks. Other topics will be driven by questions from the audience.
July 30 - August 1, 2004 at the Alexis Park Hotel & Resort
- Ian Clarke - Freenet: Taming the World's Largest Tamagotchi (24.6M MP3)
- Since March 2000 the Freenet project has been the very embodiment of the 'release early, release often' mantra, gaining invaluable experience of the unpredictable challenges encountered when deploying a P2P architecture on a large scale. This talk will discuss recent developments in the project including our 'next generation' routing algorithm, and a sophisticated but elegant new load balancing mechanism called 'adaptive rate limiting.' Expect the talk to employ lots of real-world data to illustrate how theory translates to practice when looking after the world's largest Tamagotchi. Ian Clarke is the architect and coordinator of The Freenet Project, and the Chief Executive Officer of Cematics Ltd, a company he founded to realize commercial applications for the Freenet technology. Ian is the co-founder and formerly the Chief Technology Officer of Uprizer Inc., which was successful in raising $4 million in A-round venture capital from investors including Intel Capital. In October 2003, Ian was selected as one of the top 100 innovators under the age of 35 by the Massachusetts Institute of Technology's Technology Review magazine. Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland. He has also worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division. He is originally from County Meath, Ireland.
Peter D. Feaver and Kenneth Geers - The First International Cyber War: Computer Networks as a Battleground in the Middle East and Beyond (4.5M MP3)
- This briefing addresses the world's first global Internet war: the cyber skirmishes associated with the Palestinian intifadah. What started out as a localized conflict spread to battles around the globe as forces sympathetic to either the Israelis or the Palestinians joined the fray. With the Middle East cyber war as a backdrop, this presentation will cover the ways in which people can try to affect the course of world history through coordinated action in cyberspace. The authors first describe the globalized and asymmetric nature of modern warfare, the asymmetry of computer hacking, and the psychology of subcultures. They outline the legal issues surrounding cyber warfare, from the perspective of a lone hacker to a massive government intelligence service, and discuss the problems inherent in cyber retaliation and in the prosecution of hackers. On the technical side, this briefing discusses the targeting of Internet sites for attack, and the strategies used by hackers to bring them down or merely leverage them in more subtle ways to support their cause. The primary focus is the means used by cyber commanders to accomplish political and/or social goals, in particular the creation of Web portals through which their foot soldiers are able to unite and rain network packets down upon their enemies. Finally, this briefing examines the difference between the perception and the reality of cyber attacks. We address the strategies that national governments are employing to combat the threat, the potential impact of cyber attacks on military operations, and the vexing problem of Denial of Service attacks, Web defacements, and free speech. The authors assess the threat and the limits of the more powerful weapons in the cyber arsenal, and consider who might be the biggest target of cyber attacks in the coming years. Peter D. Feaver (Ph.D., Harvard, 1990) is Professor of Political Science and Public Policy at Duke University and Director of the Triangle Institute for Security Studies (TISS). Feaver is co-directing (with Bruce Jentleson) a major research project funded by the Carnegie Corporation, "Wielding American Power: Managing Interventions after September 11." Feaver is author most recently of Armed Servants: Agency, Oversight, and Civil-Military Relations (Harvard Press, 2003),and co-author, with Christopher Gelpi, of Choosing Your Battles: American Civil-Military Relations and the Use of Force (Princeton University Press, 2004). He is co-editor, with Richard H. Kohn, of Soldiers and Civilians: The Civil-Military Gap and American National Security (MIT Press, 2001); and author of Guarding the Guardians: Civilian Control of Nuclear Weapons in the United States (Cornell University Press, 1992). Kenneth Geers (M.A., University of Washington, 1997) is a Computer Investigations and Operations analyst with the Naval Criminal Investigative Service (NCIS). His career at the Department of Defense also includes work at the National Security Agency, the Defense Intelligence Agency, a SAIC nuclear arms control support team, the John F. Kennedy Assassination Review Board, and the U.S. embassy in Brussels, Belgium. He is an expert in French and Russian, who finished first in a class of seventy at the Defense Language Institute at the Presidio of Monterey. Mr. Geers is the author of training and testing software to prepare U.S. Army Major Commands for Russian strategic arms inspections, and he has designed multiple U.S. Army Space and Missile Defense Command websites devoted to arms control.
Jon Callas - How do we get the World to use Message Security (23.4M MP3)
- The time has come for people to start using email encryption extensively. There is enough threat from attackers as well as ignorant judges that email is not safe. SSL isn't good enough. But how? How do we get people to do this? How do you get people whose VCRs blink 12:00 to use encryption? How do you get people to remember to encrypt? This talk discusses both specific answers as well as open architectures to nudge people down the road of encrypting their email.
n0namehere - Real World Privacy, How to Leave Less of a Trail in Life (22.3M MP3)
- Like leaving breadcrumbs in the forest, individuals leave a data trail throughout their day. This talk will look at practical ways to leave a smaller data wake. Privacy isn't dead. Time, money and effort are needed to maintain and live outside the data collection mechanisms that are now part of society. This is not a talk to look at the ways in which your data is shared, but a look at examples and methods by which one can minimize sharing the data in the first place. Topics to be covered include communications, money, medical, travel, shopping, rubbish and major life events. The key is to not leave any data, but, when one must leave data, leave it in a way which it won't trace back to you. n0namehere started down the privacy route in the early 1990s after mistakenly hearing cell and cordless phone calls on his recently purchased scanner. Realizing the ease in which others could listen in on his life, this event led to a re-evaluation of his behavior which changed his life. He spreads the word among friends and family, encouraging many down the road to stronger privacy. n0namehere is a big computer company survivor whose personal and professional work focuses on computer security and privacy issues ranging from running to designing to breaking systems, networks and applications. n0namehere has worked for Fortune 500 companies, consulted on hundreds of system and network designs and worked security/privacy issues during the Summer Olympic Games. n0namehere doesn't live in a cave but balances privacy and reality in his daily life.
Scott Fullam - Introduction to Hardware Hacking (19.8M MP3)
- Interested in hardware hacking but were not sure where to start? This presentation is for you. I will show you how to get started with modifying equipment for fun and useful purposes. I will show you the best ways for opening the enclosures for electronic equipment without destroying it, how to identify electronic components, how to solder together circuits, where to get parts, and will do a walk through of several hacks I have completed. The talk is intended for beginners, but all experience levels will get a kick out of it. Scott Fullam is the author of the O'Reilly book "Hardware Hacking Projects for Geeks" published in February 2004. Scott Fullam has been hacking hardware since he was 10 years old with his first Radio Shack 100-in-1 electronic kit. He built an intruder alarm to keep his sister out of his room. Scott attended MIT earning Bachelors and Masters degrees in Electrical Engineering and Computer Science. While and undergraduate he built a shower detection system so that he could see if the community shower was in use to allow him to sleep in a few extra minutes in the morning if it was occupied. After graduating from MIT Scott designed children's toys and built close to 50 prototypes in 2 years. He then went to work at Apple Computer in the Advanced Technology Group designing digital still cameras. In 1995, Fullam co-founded PocketScience, which develops revolutionary mobile Email communications products and services. As the Chief Technology Officer (CTO), Fullam personally developed all of the algorithms for the company's products. He also led the team that developed PocketScience's products and reference hardware. Scott now works as an independent consultant assisting consumer electronic companies design high quality products and manufacture them in the Far East. Scott holds 15 U.S. patents. Never satisfied with how the consumer electronics products he own work, he often takes them apart and enhances their capabilities.
Dead Addict - Hacking the Media, and Avoiding Being Hacked by the Media (23.0M MP3)
- Hackers have been demonized and romantisized in the media. Some hackers interactions with the media have caused their eventual incarseration, while others seem to pimp the media to promote their careers. Dead Addict will provide a framework for manipulating the media and avoid being the victim of the media. While this talk will be relavent to hackers, it is applicable to all that consume or are consumed by media. Dead Addict will also discuss methods to improve the quality of reporting and influence the media without appearing in it.
Dark Tangent - Award Ceremonies (6.1M MP3)
- The Dark Tangent acknowledges those who made Defcon 12 possible, contest winners and the techniques that were used to win.
Cameron Hotchkies - Blind SQL Injection Automation Techniques (23.2M MP3)
- Due to improper software design and implementation practices, the number of web-based applications vulnerable to SQL injection is still alarmingly high. Yet the actual steps used to exploit these applications remain very tedious and repetitive. This presentation will focus on methods available to automate the task of exploiting blind SQL injection holes. It will also feature a new tool, "sQueaL" and explain some of the research, used in the creation of this tool as well as ideas for expansion on the tool or other uses of the core libraries developed. Cameron Hotchkies, a.k.a. nummish, is a member of the 0x90.org digital think-tank and head developer of the new blind injection tool, SQueaL. In his non-free time, he works as a web-application developer and has witnessed (and had to repair) great atrocities in web application design. This has left him a bitter and frail shell of his former self. Some people have suggested he get out more. He is currently struggling to write code to teach him how to properly pronounce the word "about." This will be his first time speaking at Defcon.
Robert Imhoff-Dousharm and Jonathan Duncan - Credit Card Networks Revisted: Penitration in Real-Time (21.6M MP3)
- Credit card authorization is the core to all major businesses, both on and off the Internet. Yet an alarming number of businesses are not taking the right steps to insure that your credit cards are secure against fraud and theft. In bringing this to light (Credit Card Networks 101, July 31, 2003 - DC 11), you were awed at the posibility, but were not provided with any real proof. This year we, that's you and I, will walk through the process of identifying credit card traffic on a network, decyfering packets and propagated rouge credit card data to a host comeputer. You will be provided access to a private WiFi network. This networks will have credit card data streamming across it for you to sniff. With your help, we will discover information about credit cards packets, and how to design our own packet to be sent. Robert "hackajar" Imhoff-Dousharm in the last 2 years, Robert has worked for Shift4, a Credit Transaction Gateway. As an analyst he insures best fraud practices, compliceny and security are meet at all clients sites. He has worked with government agency's during fraud investigations. He also works with new and potential clients to implement best practice in software design of credit card intigration software. Robert has spoken at Defcon 11 (Credit Card Networks 101) about the potential risks currenly impeading on credit card networs. He will demonstrate those risks this year with "Credit Card Networks Revisted: Penitration in Real-Time".
Ian Vitek - Exploring Terminal Services, The Last 12 Month of Research. (Or, The Evil Admin and his Tools) (22.8M MP3)
- Got shell? On a Citrix or Terminal Services server? The speech will demonstrate some common ways to explore terminal services. Uploading files with the keyboard and elevate luser rights to SYSTEM. How secure is it for a client to connect to a Citrix or a terminal services server if an evil admin owns the box? Tools and exploits will be released. If you approach Ian he probably wants to talk about privilege escalation or web application security.
Foofus - Old Tricks (21.9M MP3)
- In September of 2003, a noted security consultant was terminated from his job over controversy surrounding a document that he co-authored. One key focus of the document was the risk associated with operating system monocultures. This idea was nothing new. In fact, in 1989, the following passages appeared in a book that spent over four months on the New York Times best seller list: "Just like genetic diversity, which prevents an epidemic from wiping out a whole species at once, diversity in software is a good thing. A computer virus is specialized: a virus that works on an IBM PC cannot do anything to a Macintosh or a Unix computer. [snip] Diversity, then, works against viruses. If all the systems on the Arpanet ran Berkeley Unix, the virus would have disabled all fifty thousand of them. Instead, it infected only a couple thousand." -- Stoll, Cliff. The Cuckoo's Egg, New York: Simon and Schuster Pocket Books, 1989. Pages 51 and 347. The point of this citation is not to cast any disrespect on the authors of "CyberInsecurity: The Cost of Monopoly" (on the contrary, in fact). Rather, we wish merely to note that the risk of monocultures was identified at least fourteen years ago, and was widely published. Why fuss if someone repeats it? Foofus.net wants in on this kind of action. In that spirit, we've looked high and low for a bunch of other old ideas so that we can breathe new life into them, and (in the famous words of a respected security research team), make "the theoretical practical," in an effort to tax the patience of those who would rather we kept our heads in the sand about ideas that are right there in the open, but inconvenient to demonstrate. Until now. Come to this presentation, and savor some exquisite fun. We will demonstrate our tools and techniques, and we think you will find that they are interesting and useful. But not new. We promise that we have not invented a damn thing here; the basic concepts are 100% recycled, but we hope they will encourage people to get serious about areas where they've been coasting for too long. The focus of the talk is Windows: tools will be presented for identifying potential trust relationships between disparate hosts, tinkering with friendly wireless interfaces, easy access to network shares without bothering to crack password hashes, and (if our luck holds) maybe even alittle more. It'll be really fun, and stuff. Foofus leads a team of security engineers at a midsize technology consulting firm in the midwest, where he has worked for the past seven years. He has spoken at a variety of events and conferences including Toorcon and LISA. His chief technical interest is software security, and in his spare time he enjoys playing guitar, cooking, and attending the symphony.
Rakan El-Khalil - Information Hiding in Executable Binaries (20.1M MP3)
- Information Hiding (IH) techniques are much researched in the context of watermarking or fingerprinting images and sound files, mainly as a means of copyright protection and piracy prevention/detection. Those mediums offer a significant amount of redundancy, thus lending themselves to the implementation of robust IH systems. Executables however do not offer such amounts of redundancy, and have thus far proven to be a difficult and rarely used medium for steganographic and other IH purposes. The aim of this talk is to be an introduction to IH, with a thorough coverage of state of the art techniques for embedding into binaries. Hydan, a tool for performing such embeddings in machine code, will be presented. In addition to typical IH uses [steganography, watermarking], the tool and techniques shown can be used in anti-reverse engineering, trusted application execution, frustrate some buffer overflow attacks, and as an engine for metamorphic viruses. An interesting effect of the tool is that the executable remains the same size before and after embedding, while of course remaining functionally equivalent. Rakan El-Khalil is currently on sabbatical in France. He is a recent MS CS graduate from Columbia University. While he was there he worked on a variety of projects at the CS Research Lab, such as an IDS that uses machine-learned models to detect network threats, and a syscall based permission system on OpenBSD [predating systrace]. He was also responsible for the short-lived official KaZaA Linux client `kza'. Currently he is involved with The Bastard, a powerful linux disassembler, and has been researching steganography and information hiding in machine code.
Michael Davis - The Open-Source Security Myth and How to Make it a Reality (24.3M MP3)
- Open Source software is frequently described as more secure, than closed source software for two reasons: the number of people available to correct a problem is potentially larger; and anyone can review the source code for vulnerabilities or malicious code. Unfortunately, the current state of design documentation does not support a cost-effective security review. In addition to compromising the confidence in the software, the lack of documentation also sets an unnecessarily high bar, for new members to join an Open Source projects. This unintended consequence directly reduces the number of people available to correct vulnerabilities or otherwise improve the software. The presentation provides a rationale for creating development documentation and identifies available tools. Michael Davis oversees the Security Engineering services provided by Dynamic Security Concepts, Incorporated (DSCI). During recent efforts to encourage his customers to use Open Source solutions; he oversaw the security review of a number of Open Source security tools. He possesses a broad security background and has been a featured speaker for select audiences on the subject of intrusion detection and evaluating security solutions in general.
Deral Heiland - The Insecure Workstation (20.6M MP3)
- The insecure workstation. A creative look at the windows group policies as a security solution in today's workplace and how easily they are circumvented. This talk will discuss the where, what and why on policies and also demonstrate simple tricks to bypass policies and exploiting poor policy implementation. Deral Heiland has been in the IT field since 1994 working in the following industries; newspaper media, system integrator, manufacturing. Held the following position network administrator, financial systems manager, network field engineer and network security analyst. He presently holds the following certifications SSCP, CCNA, CCWS, CNE5 and CWSE.
Maximillian Dornseif - Far More Than You Ever Wanted to Tell - Hidden Data in Document Formats (24.6M MP3)
- Applications usually put all kinds of information besides the ones which you intend to into saved documents. This can lead to embarrassing revelations. We will take a look into different types of application data and what can be hidden in there. This allows us to "scrub" our own documents to avoid unwanted information in there but also to look for information in documents which the authors didn't want to hand out. Go grasp the scope of the problem we will present a large scale study of hidden information in documents on the Internet. Maximillian Dornseif has studied laws and computer science at the University of Bonn, Germany where he wrote his PhD thesis about the "Phenomenology of Cybercrime." He has been doing security consulting since the mid-nineties. His clients included the industry but also government. At the moment he works on a third party founded research project about measurement of security and security breaches taking place at the Laboratory for Dependable Distributed Systems, RWTH Aachen University. He also oversees several other projects in the area of detection and documentation of security incidents. Dornseif has published in the legal and computer science fields on a wide range of topics.
Brett Neilson - The Advantages of Being an Amateur (24.9M MP3)
- For close to 100 years amateurs have been working with radios and sending transmission all over the world. The dawn of the information age has inspired many new technologies and advancements in communication; and amateur radio is no exception. Today's modern amateur radio operators are building wireless networks and enjoying several advantages over their unlicensed counterparts. This presentation will review some of these advantages as well as talk about some of the newer areas of interest including HSMM and APRS. Brett L. Neilson is a network security and systems engineer with a strong background in the wireless industry. Currently he is working for one of the world leaders in intrusion prevention supporting clients with network security related issues. He previously worked for one of the leading wireless communication companies as a Senior Systems Administrator and RF field technician. While there he worked to develop, deploy, and maintain their national infrastructure. Some of his work is currently published in two information security related books, Maximum Wireless Security and Maximum Security 4th Edition. Mr. Neilson is a former member of the North Texas FBI Emergency Response Team (InfraGard) and is a FCC-licensed amateur radio operator. In these roles he has worked with multiple government agencies providing emergency communication assistance and coordination. Mr. Neilson's broad knowledge and experience has allowed him to be involved with many organizations; providing network and security related solutions.
J0hnny Long - Google Hacking- The Return of the Googledorks (24.9M MP3)
- Google hacking is not new, but it's back and deadlier than ever. This talk is the follow-up to last years very successful talk "Watching the Watchers." Attendees will learn the tricks and tactics that any self-respecting Google hacker should know. Expanded extensively since last year, the techniques and always killer examples from the "googledorks" database are always a crowd-pleaser. Witness how sites from all over the net fall victim to seemingly impossible searches from hackers armed with only the world's hottest search engine. A special 'security' section this year covers how to find everything from usernames and passwords to live IDS data, live vulnerability scanner output and SQL injection points. This talk intends to spread the word and help protect the security community from this dangerous and eye-opening form of information leakage. Johnny Long "sold out" many years ago by accepting an I.T. position within a major international company. By promptly securing each and every site he breaks into, Johnny has managed to maintain his friendships with hackers on both sides of the security fence. Regardless of the color of his hat, Johnny is still passionate about hacking, and it shows through his work, his website and especially through his presentations which consistantly secure rave reviews.
Michael T. Raggo - Steganography, Steganalysis and Cryptanalysis (16.4M MP3)
- This presentation will present steganography and techniques for steganalysis (identifying files with hidden messages). A review of steganography will provide the basis for identifying and dissecting carrier files. There will also be a demonstration of carrier file analysis and disection. There will also be a demo of my new steganography detection program, StegSpy. Cracking and reverse-engineering steganography programs will also be covered. A cryptanalysis case study will review the steps necessary to reverse engineer and reveal a hidden message. Additionally, other steganalysis and password cracking tools will be highlighted. Michael T. Raggo (CISSP, IAM, CCSA, CCSE, CCSI, MCP, SCSA) is a principal security consultant for VeriSign, Inc. As a consultant, Mr. Raggo architects and deploys firewalls, intrusion detection systems, and PKI solutions. In addition, he also performs security assessments, penetration tests, and forensics investigations. He is also an instructor for VeriSign's suite of security classes including "Applied Hacking and Countermeasures" and the author of StegSpy, a steganography detection program. Mr. Raggo is a guest speaker at nationwide conferences including SANS, WebSec and InfoSec. Prior to joining VeriSign, Mr. Raggo was supervisor of system administration for www.nasdaq.com at the NASDAQ Stock Market. Mr. Raggo has 15 years experience in the information systems field including experience as a UNIX system administrator, network administrator, and firewall administrator. Mr. Raggo conducted graduate work in information systems at Johns Hopkins University. Prior to that, he earned his BSET in electrical engineering from Rochester Institute of Technology.
Wavyhill and Andre Goldman - Toward a Private Digital Economy (Trusted Transactions In An Anonymous World) (25.9M MP3)
- Current financial privacy tools have drawbacks arising from centralized ownership and control, and the limitations of the service-for-profit model. A better approach is to construct a fully distributed environment for economic activity which mimics in freedom and variety of action the way cash is used in the physical world. The key to this variety is the element of locale. We introduce the "Farmer's Market" model of anonymous commerce and refine it to a software functional description. We explore some exotic kinds of business viable in this new environment and ways to connect them to the transparent banking world. Number theory can be used to derive an "algebra of trust," exploited in practical ways to reduce risk in anonymous transactions, and overcome barriers to adoption of this and other digital cash systems. We also discuss the boot-strapping problem and suggest some ways to address it. Afterward, everyone is invited to participate in a role-playing simulation experiment to test the viability of these ideas using a prototype graphical software environment. Wavyhill is a software engineer having a 25 year history with industrial research organizations and developers of operating system, video, and graphics products. An anarcho-capitalist without portfolio and advocate of privacy and anonymity, he has also done experimental engineering work on artificial islands. He has no academic credentials that he will admit to. Andre Goldman writes on law and philosophy. He works in the area of non-jurisdictional law, and was the primary author of "The Common Economic Protocols."
Greg Conti - Network Attack Visualization (24.1M MP3)
- On even a moderately sized network, activity can easily reach the order of millions, perhaps billions, of packets. Hidden in this sea of data is malicious activity. Current network analysis and monitoring tools primarily use text and simple charting to present information. These methods, while effective in some circumstances, can overwhelm the analyst with too much, or the wrong type of, information. This situation is worsened by today's algorithmic intrusion detection systems, which, although generally effective, can overwhelm the analyst with unacceptably high false positive and false negative rates. This talk explores the possibilities of visually presenting network traffic in a way that complements existing text-based analysis tools and intrusion detection systems. By graphically presenting information in the right way, we can tap into the high-bandwidth capability and visual recognition power of the human mind. Using the proper visualizations, previously masked anomalous activity can become readily apparent. This talk will be of interest to those who wish to learn about information visualization as it applies to network security. It requires a basic understanding of the OSI model and packet encapsulation. Attendees will leave with an increased understanding of information visualization that they can apply to their own development projects and management of their networks. Greg Conti is an assistant professor of computer science at the United States Military Academy. He holds a masters degree in computer science from Johns Hopkins University and a bachelor of science in computer science from the United States Military Academy. His areas of expertise include network security, interface design and information warfare. Greg has worked at a variety of military intelligence assignments specializing in signals intelligence. Currently he is on a Department of Defense fellowship and is working on his PhD in computer science at Georgia Tech. He is conducting research into denial of information attacks.
Lucky225 - Phreaking in the Age of Voice Over IP (13.9M MP3)
- Phreaking in the age of voice over IP? What the hell is voice over IP? If you're asking this question and you're interested in phones and thought phreaking was dead back in the early '80s when blueboxing died, or 2002 when AT&T killed redboxing on long distance calls then, this is the speech for you. Or if you know what VoIP is but want to know how the hell it has any impact on phreaking you should also attend. This talk intends to educate it's audience on the new age phreakers. Most of the discussion will involve a detailed explanation of Calling Party Number (CPN), ANI, and Caller ID, and the differences between all three, we will also be covering the basics of phreaking with voice over IP technology, Asterisk, and VXML. Not all of this presentation will be dealing with VoIP, this is a basic new age phreaking presentation that will show the latest techniques that phreaks are using today it's not just about free calls either, hell you get that with VoIP anyways! You will learn not only why VoIP is important, but such things as spoofing caller ID (and no we don't mean orangeboxing, social engineering telus, our methods are simple to use and will cost as little as $15/month). As technology is rapidly changing, so is our phone system. We will be discussing a basic over view of voice over IP and some of the services provided by many of these so-called "broadband phone companies." We will also be discussing calling cards that use VoIP technology to provide cheaper rates to their customers. We intend to explain how VoIP is changing the phone system and making it very easy for the every day consumer to spoof caller ID by spoofing Calling Party Number (CPN), and how this can be exploited to circumvent security in such things as voicemail, credit card activations, and even telephone company numbers that when you call from your "own phone" will give you complete control over your dial-tone telephone line. We also plan on showing how easy it is to get around services like "Call Intercept" without even spoofing caller ID. We will also be discussing why *67 and complete caller ID block features offered from the phone company are not adequate privacy protection as anyone can still get your phone number when you call them with your number blocked, we'll of course describe how this can be possible. As time permits there may very well be much more, you wont want to miss this presentation. Lucky225 is the co-host of an Internet streaming radio show "Default Radio" that streams on Rant Radio a free non-profit shoutcast server that has been running for 6 years. He has been a writer for 2600 magazine since 1999 and has spoken at both H2K2 and Defcon 11. He has been an avid phone phreak since his early teens in high school and has much experience with the telephone system and a wide variety of knowledge ranging from regular telephones, payphones, cell phones, and voicemail systems to ANI, caller ID, PBX's, switches, VoIP and much more. Strom Carlson is one of the last true phone phreaks; he has an intense interest in the structure and history of the telephone network and an intense distaste for fraud, theft, and vandalism. He collects all things related to telephony (including recordings), and although he is rapidly running out of space in which to store his many cubic meters of telephone equipment, he will eagerly and compulsively snap up anything made or published by Western Electric if given the chance. He encourages all phone phreaks and interested parties to learn what they're really talking about; he also encourages you to listen to everything on http://www.phonetrips.com and to poke around http://www.stromcarlson.com.
Tony Arcieri - PDTP: The Peer Distributed Transfer Protocol (18.7M MP3)
- Despite decades of evolution, Internet file transfer is still plagued with problems to which formalized solutions are either inadequate or nonexistent. Lack of server-side bandwidth often renders high demand content inaccessible (which we affectionately refer to as the Slashdot effect). When the ability of a single server to provide content is exceeded, manual mirror selection is often utilized, providing an unnecessary and often problematic experience for end users. No formalized cryptographic mechanism exists for preventing tampering of files located on a particular server, and consequently malicious individuals have managed to place Trojans in the releases of many high profile open source applications. The Peer Distributed Transfer Protocol (PDTP) aims to solve all these problems. PDTP can either function with a network of servers providing content directly to clients, or can provide BitTorrent-like download swarming, by forcing clients to participate in file transfers. PDTP includes built-in mechanisms to prevent file tampering through the use of the Digital Signature Standard, and is able to automatically verify that a given file has been signed by a DSA key with a complete x.509 certificate check to ensure a given certificate can be trusted. PDTP also provides a UDP-based decentralized search mechanism which, unlike current systems such as FastTrack, Gnutella, or FreeNet, does not consume undue bandwidth or system resources, all while removing legal liability for content indexing from the central services being utilized as entry points to the search system. Tony Arcieri is a system administrator and programmer for the Pielke Research Group and Colorado Climate Center at Colorado State University. He has also contributed to a number of open source projects, including authoring the Ogg Vorbis plugin for XMMS, the cdcd and gdcd X11 CD player applications, and various contributions to other projects such as the subversion version control system and the FreeBSD operating system.
Wendy Seltzer and Seth Schoen - Hacking the Spectrum: Open Source Software Vs. the Broadcast Flag (23.0M MP3)
- The FCC, at Hollywood's request, has mandated a broadcast flag for High-Definition Digital Television (HDTV). By July 2005, it will be unlawful to sell devices that don't respond to a "do not copy" flag or that provide unencumbered high-definition digital outputs. The flag's "robustness" requirement will make it impossible to build an open-source HDTV version of the TiVo. This talk will demonstrate how these rules thwart user innovation, showing an open-source HDTV PVR (MythTV on Linux) you soon won't be able to build. We'll discuss the law and challenges to receiver regulation, and encourage people to get HDTV cards while they still can. Wendy Seltzer, Electronic Frontier Foundation Staff Attorney. Wendy Seltzer is a staff attorney with the Electronic Frontier Foundation, specializing in intellectual property and free speech issues. As a fellow with Harvard's Berkman Center for Internet and Society, Wendy founded and leads the Chilling Effects Clearinghouse, helping Internet users to understand their rights in response to cease-and-desist threats. Prior to joining EFF, Wendy taught Internet law as an adjunct professor at St. John's University School of Law and practiced intellectual property and technology litigation with Kramer Levin Naftalis and Frankel in New York. Wendy speaks frequently on copyright, trademark, open source, and the public interest online. She has an A.B. from Harvard College and J.D. from Harvard Law School, and occasionally takes a break from legal code to program (Perl). Seth Schoen, Electronic Frontier Foundation staff technologist. Seth Schoen created the position of EFF staff technologist, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF's legal work, and the public understand what the technology products they use really do. Schoen comes to EFF from Linuxcare, where he worked for two years as a senior consultant. While at Linuxcare, Schoen helped create the Linuxcare Bootable Business Card CD-ROM. Prior to Linuxcare, Schoen worked at AtreNet, the National Energy Research Scientific Computing Center at Lawrence Berkeley National Laboratory, and Toronto Dominion Bank. Schoen attended the University of California at Berkeley with a Chancellor's Scholarship.
Dan Kaminsky - Black Ops of TCP/IP 2004 (26.8M MP3)
- Continuing the research done in previous years on advanced protocol manipulation and the high speed evaluation of large network characteristics, this year's Black Ops of TCP/IP goes into new territory with a deep analysis of the Domain Name System (DNS). A core element of the TCP/IP application suite, it is everywhere and there is unexpected power contained within. Interesting Facets of the Global DNS Architecture: A high speed scanner for DNS servers, modeled after my TCP scanner "scanrand," recently executed several Internet-scale sweeps of the net. Surprising results, with direct implications for computer forensics operations, will be discussed and analyzed. Distributed, High Speed, Large File Dissemination via DNS, a.k.a. "Reinventing the Square Wheel." Although there have been previous attempts to serve files over the DNS architecture, none have been even remotely usable. I will discuss a new approach that, through its significant performance improvement, is indeed remotely usable. One-To-Many Streaming Data Dissemination over DNS: The previous system maximizes speed at the expense of making streaming impossible. We will discuss an interesting alternate approach that almost usefully distributes streaming audio data to endpoints via their DNS queries. SSH over DNS: I will demonstrate a cross-platform, userspace mechanism for moving SSH data over DNS queries. This has implications for captive wireless portals, which often allow bidirectional DNS traffic. To complete this work, some enormously complex data needed to be understood, and tools were worked with and written towards that end. Experimental 3D information visualization mechanisms and tools are thus available to be demonstrated, extending from using a 3D renderer usually used for MRI medical data as a generic static 3D canvas to using a custom OpenGL particle plotter to dynamically plot multidimensional factors of incoming data streams. A number of other topics will be raised as well, including: Uses and abuses of remotely visible incrementers and decrementers (such as the IPID field in many TCP/IP stacks, and initial TTL values on arbitrary DNS queries). Uses of generic packet race conditions, whereby useful information can be gleaned from which packet of a relatively large set effects the state change. Protocol transliteration between TCP and UDP, allowing unreliable communication over what appears to be a TCP session, and allowing reliable data to be transmitted, with zero data expansion, over a UDP link. Potential solutions to the SSH bastion host security problem, whereby the invocation of remote ssh binaries at a firewall or "bastion host" opens up a single point of major failure for a server infrastructure. Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems, and he is best known for his work on the ultra-fast port scanner scanrand, part of the "Paketto Keiretsu," a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. He authored the "Spoofing and Tunneling" chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, Defcon, and past Black Hat Briefings. Dan was responsible for the dynamic forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. Dan is based in Silicon Valley.
Nathan Hamiel - Down With the RIAA: Musicians Against the Recording Industry (21.7M MP3)
- Down with the RIAA is a look at the current state of the music business and where it is headed. The presentation uses statistics and facts to map out where the industry currently is and details the problems with the current model. After the problems with the current model are shown then the groundwork for the future of the music business is laid out showing how the recording industry is no longer needed. Included in the presentation is information on how artists can produce their own music cutting out the recording business. The recent increase in quality and decrease in price of recording equipment has made it very feasible for artists to make very high quality recordings on their own. This is the way of the future, and the processes are detailed by an independent music producer with experience in the field. Most people do not know it is possible to make quality recordings that rival commercial ones from your apartment, without even disturbing your neighbors. People are screaming for a change in the music industry. With all of the problems that the RIAA is creating for the music consumer, consumers will begin to be open to a new model where the hassles of the RIAA will no longer be an issue. The future of the music business will also afford more opportunity to artists leveling the playing field and decreasing competition between artists. Nathan Hamiel (Ichabod Ver7) is an independent artist and producer living in Jacksonville, FL. As an artist he has shared the stage with acts such as The Union Underground, Fuel, Scrape, 8Stops7, Phoenix TX, The Crux Shadows, and many more. Using his skills gained as a recording engineer he has been able to create high quality recordings using very reasonably priced equipment many times surpassing the quality of commercial recordings. He has many albums and recordings to his credit and shares the knowledge with other artists and producers world wide. He has created some of his own techniques, including ones on layering drum samples that can now be heard on many different recordings. On the technology side, he is a CISSP, was a presenter at Interz0ne 3, and VP of the Jacksonville 2600.
Grifter, Russ Rogers and Tierra - Project Prometheus (24.0M MP3)
- The goal of Prometheus is to create an open source project that takes into account the inherent flaws in the Microsoft implementation of Alternate Data Streams (ADS) and uses those attributes to create a tool for increased security. The concept is similar to making lemonade from lemons. We're taking an insecure component of the NTFS file system and creating a tool that will provide increased security. Russ and Grifter will be explaining and demonstrating the use of Alternate Data Streams and then discussing an open source project which they have currently begun development on. Grifter has been involved in the scene for over a decade and currently runs 2600SLC, the Salt Lake City 2600 meeting, and DC801 the Utah Defcon meeting; where he often lectures on a range of security related topics. He has been published in numerous online and print publications and has previously been a speaker at several Defcons. He has also been the subject of interviews for various online, print, and television pieces regarding different areas of the hacker culture over the years. He is a Defcon goon and primary organizer of the Defcon Scavenger Hunt and Defcon Movie Channel. Russ Rogers is the CEO and CTO of Security Horizon, a Colorado Springs based information security professional services firm and is a technology veteran with over 12 years of technology and information security experience. He has served in multiple technical and management information security positions that include manager of professional services, manager security support, senior security consultant and Unix systems administrator. Mr. Rogers is a United States Air Force Veteran and has supported the National Security Agency and the Defense Information Systems Agency in both a military and contractor role. Russ is also an Arabic Linguist. He is a certified instructor for the National Security Agency's INFOSEC Assessment Methodology (IAM). Tierra, while still somewhat new to the scene, has been manipulating bits since the 7th grade, and is currently working on his computer science degree at the University of Utah. He has been attending 2600 meetings for more than 3 years now in Salt Lake City, and has been helping run the Defcon Scavenger Hunt since Defcon 10 (you'll find him at the scavenger hunt table again this year). While working with the DC801 crew on projects such as this, he spends his time mastering his PHP and SQL skills on various personal projects such as TIMAP found on SourceForge.
IcE tRe - Virus, Worms and Trojans: Where are we Going? (14.7M MP3)
- It seems that the major target of most online bugs is actually quite the same. Over and over again the uninspired, pop the box, seems to be what most writers are after. In this talk I will explore a bit of virus history in relation to goals, starting with older viral intentions, moving to what appears to be the intentions today and what possibly could be the intentions tomorrow. This talk will be fairly abstract and I will setup the examples that I use so no previous knowledge will be needed other than a basic idea of how viruses work and what damage they can cause. This information, most people already have from the coverage gleaned from your average newscast, if not other places. This talk in particular, should appeal to the broadest audience. IcE tRe, like many of the people attending Defcon has been involved with networking/internet/"new media" since the early 90's. Working with two major unnamed ISP over the years has helped these companies weather the storm of the past 10 years of viruses, DDOS attacks and various other security problems.
Michael Rash - Advanced Netfilter; Content Replacement and Port Knocking Based on Passive OS Fingerprinting (24.8M MP3)
- The boundaries between network access control devices and network monitoring devices are steadily becomming blured. Network intrusion detection systems are moving into the realm of not only monitoring network traffic, but also modifying it either through dynamic reconfiguration of firewall rulesets, spoofed session-busting traffic, or outright alteration of application layer data (ala Snort_inline). Firewalls themselves are also getting smarter about protocol validation and application layer data. This talk will discuss two main topics; 1) a patch to the 'iptables' string match extension in the Linux kernel that allows iptables to perform the same data substitution as Snort_inline but three times faster, and 2) a new tool called "fwknop" that implements port knocking authentication based on passive operating system fingerprints as detected via iptables log messages. The latter makes it possible to allow only, say, Linux systems to connect to your SSH daemon. Michael Rash holds a Master's Degree in applied mathematics with a concentration in computer security from the University of Maryland. Mr. Rash works as a security research engineer for Enterasys, Inc. where he develops signatures and writes code for the Dragon IDS. Previous to Enterasys, Michael developed a custom host-based intrusion detection system for USinternetworking, Inc. which was deployed on over one thousand systems from Linux to Cisco IOS. Michael frequently contributes to open source projects such as Netfilter and Bastille-Linux, and has written security related articles for the Linux Journal, Sys Admin Magazine, and Information Security Magazine. He is also a co-author of the book "Snort-2.1 Intrusion Detection" published by Syngress (to be published in late May, 2004). Michael is the developer of two open source tools "psad" and "fwsnort" that are designed to tear down the boundaries between iptables and the Snort IDS. More information about Michael and his open source projects can be found at: http://www.cipherdyne.org.
Ask EFF - Discussion and Q & A on the State of Digital Liberties (25.1M MP3)
- The Electronic Frontier Foundation (EFF) is one of the premiere digital liberties organizations in the world. We fight for freedom of expression on the Internet, the right for researchers and consumers to reverse-engineer their devices, expansion of the public domain, and electronic privacy and anonymity. On this panel, three representatives of EFF will discuss the latest developments in digital liberties, including free speech on the Internet, copyright infringement lawsuits, and electronic surveillance laws under the USA-PATRIOT Act. Audience participation and discussion are part of the deal. Come with your legal and policy questions this is your chance to ask EFF! Annalee Newitz (www.techsploitation.com) is EFF's Policy Analyst. She talks to the media, conducts research, and writes policy recommendations and white papers. Although she is a digital rights generalist, her special areas of interest are expanding the public domain, free speech, and network regulation. Previously, she was Culture Editor at the San Francisco Bay Guardian, and was the recipient of a Knight Science Journalism Fellowship in 2002. She writes a syndicated column called Techsploitation and is published regularly in Wired, Security Focus and Salon. In her off-hours, she edits an indie magazine called Other (www.othermag.com). She has a Ph.D. in English and American Studies from UC Berkeley. Wendy Seltzer is a Staff Attorney with the Electronic Frontier Foundation, specializing in intellectual property and free speech issues. As a Fellow with Harvard's Berkman Center for Internet and Society, Wendy founded and leads the Chilling Effects Clearinghouse, helping Internet users to understand their rights in response to cease-and-desist threats. Prior to joining EFF, Wendy taught Internet Law as an Adjunct Professor at St. John's University School of Law and practiced intellectual property and technology litigation with Kramer Levin Naftalis and Frankel in New York. Wendy speaks frequently on copyright, trademark, open source, and the public interest online. She has an A.B. from Harvard College and J.D. from Harvard Law School, and occasionally takes a break from legal code to program in Perl. Kevin Bankston, an attorney specializing in free speech and privacy law, is the Electronic Frontier Foundation's Equal Justice Works/Bruce J. Ennis Fellow for 2003-05. Before joining EFF, Kevin was the Justice William J. Brennan First Amendment Fellow for the American Civil Liberties Union in New York City. At the ACLU, Kevin litigated Internet-related free speech cases, including First Amendment challenges to both the Digital Millennium Copyright Act (Edelman v. N2H2, Inc.) and a federal statute regulating Internet speech in public libraries (American Library Association v. U.S.). Kevin received his J.D. in 2001 from the University of Southern California Law Center, and spent his undergraduate years at the University of Texas in Austin. Kevin's fellowship at the EFF is sponsored by Equal Justice Works Fellowships and the Bruce J. Ennis Foundation. Seth Schoen created the position of EFF Staff Technologist, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF's legal work, and the public understand what the technology products they use really do. Schoen comes to EFF from Linuxcare, where he worked for two years as a senior consultant. While at Linuxcare, Schoen helped create the Linuxcare Bootable Business Card CD-ROM. Prior to Linuxcare, Schoen worked at AtreNet, the National Energy Research Scientific Computing Center at Lawrence Berkeley National Laboratory, and Toronto Dominion Bank. Schoen attended the University of California at Berkeley with a Chancellor's Scholarship. Jennifer Stisa Granick is Executive Director of the Center for Internet and Society (CIS). She teaches, speaks and writes on the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Previously, she founded the Law Offices of Jennifer S. Granick, where she focused on hacker defense and other computer law representations at the trial and appellate level in state and federal court. At Stanford, she currently teaches the Cyberlaw Clinic, one of the nation's few law and technology litigation clinics. Granick continues to consult on computer crime cases and serves on the Board of Directors of the Honeynet Project. She was selected by Information Security magazine in 2003 as one of 20 "Women of Vision" in the computer security field.
CrimethInc - Electronic Civil Disobedience and the Republican National Convention (12.9M MP3)
- Electronic Civil Disobedience and the Republican National Convention. An introduction to the theory of hacktivism and the usage of hacking skills as a means of fighting for social justice by pressuring corporations and government to adopt progressive changes. Explores the history of electronic civil disobedience, tips on how to wage your own ECD campaigns, and how to participate in the upcoming actions to coincide with the protests against the Republican National Convention in late August. CrimetheInc is an Anarchist hacker revolutionary having led successful electronic civil disobedience campaigns against a variety of government and corporate targets. Experienced political activist, having helped organize dozens of large protests against the war in Iraq, global capitalism and neo-liberal free trade agreements. Is currently organizing a multi-pronged hacktivist campaign against the Republican National Convention to coincide with the massive demonstrations to take place in New York City. Specific history about the speaker is not available due to the nature of this project.
Gene Cronk - IPv6 Primer (21.0M MP3)
- The IPv6 Primer will encompass the basics of IPv6, including some of its roots, the transitioning mechanisms available, and some security concerns early adopters should be aware of in several different environments. This presentation is meant for anyone who has heard about IPv6, but would like to know the basics of the protocol and its implementation. Gene Cronk, CISSP, NSA-IAM, resides in Jacksonville, FL and is currently providing system administration services to an advertising and marketing firm. He has 10 years of experience in electronics, system administration, networking and system security. Gene is best known for his work on the North American IPv6 Task Force, and his work on Fu King Linux (an IPv6 enabled distribution of Linux), which includes security tools that can be run in IPv4 or IPv6 environments. He has also spoken on IPv6 and other topics at several venues. When not totally absorbed by system security related issues, Gene can be found wardriving, actively participating as Vice President of the JaxLUG, and building a successful and dynamic 2600 chapter, of which he is currently president.
Elonka Dunin - Kryptos and the Cracking of the Cyrillic Projector Cipher (24.2M MP3)
- In a courtyard at CIA Headquarters stands an encrypted sculpture called Kryptos. Its thousands of characters contain encoded messages, three of which have been solved. The fourth part, 97 or 98 characters at the very bottom, have withstood cryptanalysis for over a decade. The artist who created Kryptos, James Sanborn, has also created other encrypted sculptures such as the decade-old Cyrillic Projector, which was cracked last September by an international team led by Elonka Dunin. This talk is intended for a general audience with beginning to intermediate cryptographic experience. Elonka will go over how the code was cracked, and the current state of knowledge about the Kryptos sculpture, its own encrypted messages, and its mysterious CIA surroundings. Elonka Dunin is a professional game developer, working at Simutronics (play.net), a provider of massively multiplayer online games. Also an amateur cryptographer, Elonka led the international team that cracked the decade-old KGB Cyrillic Projector Code in September 2003. Elonka was born in Los Angeles, studied Astronomy at UCLA, and then joined the United States Air Force, where she worked on the SR-71 and U-2 reconnaissance aircraft. Elonka is a world-traveler who speaks multiple languages, and has visited scores of countries around the world, and every continent (yes, including Antarctica). She has won awards for cracking various codes, such as when she cracked the PhreakNIC v3.0 Code, an up-until-Elonka unsolved puzzle created by SE2600. Since September 11th, Elonka has also been helping out with the war on terrorism by teaching government agents about cryptography and what types of codes that Al Qaeda may be using. She is co-founder of the Kryptos Group, an online group of cryptographers and interested hobbyists trying to crack the last part of the code on the famous Kryptos sculpture at CIA Headquarters.
Richard Thieme - Quantum Hacking: In Search of a Unified Theory (9.7M MP3)
- The search for a unified theory of everything in contemporary physics stems in part from the fundamental inability to reconcile quantum physics and relativity theory. This has pushed research toward complex mathematical models such as string theory in an effort to model a single way of looking at everything. The same can be said of the distribution of power in networks and hierarchies. The individual person looks like one kind of thing when viewed in the context of a network and another kind of thing when viewed in the context of a hierarchy. This is analogous to describing a photon as both a particle and a wave. The context of our inquiry determines the content that results and the primary object of that inquiry, the "individual person," is revealed to be a social construction, not an empirical fact. The lack of a unified theory of humanity and computing is one reason we experience cognitive dissonance today. The notion of the "individual person" is central to current debates about privacy, intellectual property, and the legality or illegality of network aggression ("black hat hacking"), but from the point of view of the distributed network, there is no individual person, there are only nodes in the network. In addition, we all inhabit nodes in multiple networks simultaneously. We can field any network-determined identity we choose but we do not determine an individual identityuntil we choose a network identity. That choice is made in the moment in which we act, so paradoxically, while context determines content, choice is always prior to context and creates it. Until we choose, it is impossible to predict with certainty which choice will be made and therefore what identity will be fielded. This is why security based on perimeter defense or authentication is by definition a failed model. This analysis has profound implications for traditional notions of free will, loyalty, citizenship, and security. It explains why hackers who evolve from working in online meritocracies to working in corporate structures literally become different people. It explains why a disciplined hierarchical structure like the military can use network centric warriors and fight networks with networks while maintaining a basic identity for the moment as the machinery of a nation state. It explains why perspective is worth fifty points of IQ and why perception management creates perspective. It provides one more example in support of Alfred North Whitehead's assertion that "the major advances in civilizations are processes that all but wreck the societies in which they occur." We are in search of a unified theory of an emergent multi-nodal cyborg personality and how it exercises power. This theory must address hierarchical and distributed structures and what they mean for human identity, law, and global organization and geopolitical strategy. What are the genuine sources of our power? What is the point of reference from which that power is exercised? Who do we believe ourselves to be in the moment in which we act and how do we thereby define ourselves not in theory but in practice, not in the chat room but on the field of action? And finally, why is knowing that we are doomed to fail the key to victory? Richard Thieme shows how boundaries have morphed, power has been redefined, and The Matrix is more than a movie. Not since Blade Runner has a film described so well the territory that must be crossed. Owning our own souls is the ultimate intention of Third Generation Hacking, the only end that justifies the means. Thieme holds nothing back as he addresses the deeper implications of what it means to be the network. The stakes are high and the battle is worthy of our best efforts. This talk is a call to arms to accept responsibility for the life and death battle being waged for the hearts and minds of digital humanity.
Todd Moore - Cracking Net2Phone (6.6M MP3)
- Do you think using Internet Telephony is more secure than a regular phone? Think again! Internet telephony is becoming more common and those that think it is safer from wiretaps than regular phone communications are wrong. This presentation will demonstrate how to decrypt Net2Phone's dialed phone numbers, and playback fully reconstructed audio conversations from network packet captures. Included will be a demonstration of NetWitness 5.0's VOIP playback capability. Todd Moore is the product manager of NetWitness, a commercially available cyber-forensics tool. Moore's extensive knowledge of Internet technologies, network security, and software development helped make NetWitness well-known for providing powerful insight into network traffic. Moore has over ten years of professional experience in the field of network security and has extensive experience developing commercial software applications. He has a bachelor in Computer Science from Old Dominion University and is a Microsoft Certified Solution Developer (MCSD). Moore started with CTX Corporation in 1996 securing global intranets and designing network security software to help audit and analyze network traffic. He joined Forensics Explorers, a Division of ManTech ISandT, as Director of Software Development in 1999 and later became the NetWitness Product Manager. Moore teaches classes on designing quality software and has made numerous television appearances presenting the latest in technology trends. He has two patent pending inventions in the field of cyber-forensics. Moore resides in the greater Washington, D.C. area.
Sarah Gordon - What Do You Mean, Privacy? (7.3M MP3)
- Privacy doesnt mean the same thing to everyone... Since you're interacting in a global space, you need to understand what people outside your immediate frame of reference are thinking when they talk about privacy because what they think will influence ttheir expectations and their actions. This talk will give you the opportunity to examine some other views of privacy, explore your own thinking, and compare it with others both from the global information security community and the audience. Finally, we'll look at how well those thoughts match up with behaviors related to various aspects of what we call "privacy." Sarah Gordon has spoken at Defcon on topics from the security of PGP, women of #hack, and the impact of legislation on virus writing, and done lots of security related stuff for lots of different groups.
Kathy Wang - Frustrating OS Fingerprinting with Morph (24.2M MP3)
- Sun Tzu once stated, "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks. There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe, and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response. Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and will frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting, and how to frustrate them. A newer version of Morph will be released with the talk, as a concrete example of the discussed techniques. Kathy Wang broke into programming with BASIC on the Apple IIgs. She has a bachelor's and master's degree in electrical engineering from the University of Michigan, where she specialized in VLSI chip design and semiconductor device physics and fabrication. She worked at Digital as part of the Next-Generation Alpha Chip Design Team, and got to spend an entire wonderful summer blowing up Alpha chips. She has published a paper on some of the work she did there at an IEEE conference. Kathy has instructed courses ranging from Semiconductor Device Physics to Vulnerability Assessment and Penetration Testing. Since Digital got broken up by Compaq and Intel, Kathy has focused on the software side of things. She has worked at Counterpane Internet Security, and currently works as a Senior Infosec Engineer at The MITRE Corporation. Kathy is also a founder of Syn Ack Labs, a computer security research group focused on cryptography, steganography, and low-level packet hijinks.
Kevin Mahaffey - Smile, You"re on Candid Camera: The Changing Notions of Surveillance in Postmodern America (55.8M MP3)
- Recently, surveillance has become somewhat of a pop-culture fascination. From the Reality TV shows permeating every network's line up to the webcam phenomenon of the late 1990s, surveillance has become more a source of entertainment than ever before. Benjamin Franklin's quote, Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety, has long served to exemplify the American, Big Brother, notion of surveillance: that the government is the main aggressor and seeks to take away privacy and thereby, liberty. My talk will contrast traditional perceptions of surveillance in American culture with new notions brought forth in the emerging digital economy. The privacy of individuals is being bought from individuals through tangible or intangible rewards and resold as demographic data to the highest bidder. Instead of resisting the reduction of privacy, people are embracing surveillance as a benign improvement of everyday life. If we continue such a trend, will society be better for it, or will ubiquitous surveillance serve to implement Orwell's nightmare in 1984? Kevin Mahaffey is an Electrical Engineering student at the University of Southern California. He has conducted extensive research regarding the sociological effects of the growth of commercial surveillance in American culture. When not confusing sociology with technology he is the Director of Software Development for Flexilis and is currently developing a few Bluetooth security tools hopefully to be released this year at Defcon. He also writes the occasional article for DailyWireless.com and has 6 years of experience working in commercial internet technology.
Jesee Krembs and Nicholas Farr - The Hacker Foundation: An Introduction (12.5M MP3)
- The Hacker Foundation (THF) is a non-profit organization dedicated to establishing and maintaining a research and service organization to promote and explore the creative use of technological resources. Simply put, we want to help people do useful things with technology. This announcement is a formal launch of the foundation. There will be a brief statement about the foundation's goals, operations and how the foundation can work for you. Jesse Krembs is a Defcon Speaker Goon. He's a cofounder of The Hacker Foundation. Nicholas Farr: After an academic career focusing on memetic sociology and HCI, most of Nicholas Farr's professional career has been in non-profit management. Administrative work in academia, public radio and computer recycling strengthened his ability to navigate difficult bureaucratic situations. He works on The Hacker Foundations administrativa between MBA classes, press assignments and accounting work for a defense contractor in Michigan.
Brett Moore - Shoot the Messenger Using Window Messages to Exploit Local Win32 Applications (23.6M MP3)
- The windows GDI interface uses messages to pass input and events to windows. As there is currently no way of determining who the sender of the message is, it is possible for a low privileged application to send messages to and interact with a process of higher privilege. This presentation will cover in details some of the flaws exposed through these messages, and demonstrate how they can be exploited to conduct privilege escalation and other attacks. Attendees should be familiar with the shatter attack concept and may want to review the following documents before attending: "Shatter Attacks How to break Windows" by Chris Paget, "Win32 Message Vulnerabilities Redux" by Oliver Lavery, "Shattering by Example" by Brett Moore. Brett Moore leads the security research and network intrusion teams at security-assessment.com. He has been credited with the discovery of multiple security vulnerabilities in both private and public software vendors products including Microsoft web products.
Jason Scott - Digitizations And Documentary (24.3M MP3)
- Jason Scott of textfiles.com, a site dedicated to the history of dial-up bulletin board systems, embarked on a quest to film an all-inclusive BBS documentary in 2001. What started out as a one-year project grew to three, and what started as a two-hour film will be a six-hour series. Thousands of miles of travel and 200 interviews later, the production is now nearing the end of editing and the release date. Jason tells you what he learned, why you shouldn't hesitate to make your own projects, and the occasional story that technically can't be mentioned in the film. Jason Scott is the creator and webmaster of textfiles.com, a website dedicated to collecting the files and related materials from the era of the dial-up BBS. This website, originally built from files he collected as a BBS user in his early teens, has expanded to many gigabytes of data and now recieves thousands of visitors a day. Inspired to create "the ultimate BBS list" from the hundreds on his website, he suddenly started recieving dozens of stories from BBS users and operators who found their old BBSes listed among others. Recogizing a missing piece in the story of computers, Jason used his dormant filmmaking skills (Emerson College Film Degree, 1992) to create this documentary.
Sean O'Toole - Mutating the Mutators (6.1M MP3)
- Since the introduction of metamorphic stealth in the computer virus world, it has been suggested that the method can also be used to protect any, even legitimate, code. The only downfall of this technique is that how the engine manipulates the code remains constant. This allows the original code to be obtained by using an optimizer. The next step for this stealth method is to create an engine that will change how the code in manipulated. This speech will outline how to create an engine that integrates random code with alternate encoding of an instruction to create a semi-random set of instructions, which will fit into the metamorphic engine paradigm. Sean O'Toole is fresh out of college for Computer Science and Mathematics. He has been playing around with viruses since high school and had also taken independent studies on computer viruses in college. As well as the above, he also helped institutions such as NCAR use Artificial Life Algorithms for modeling.
SensePost - When the Tables Turn (22.7M MP3)
- Until now network security defences have largely been about building walls and fences around the network. This talk revolves around spiking those walls and electrifying those fences! During this talk we will highlight techniques (and tools) that can be used to turn the tables on prospective attackers with passive-Strike-Back. We will explore the possibilities across the assesment spectrum responding to the standard assesment phases of intelligence gathering, reconnaissance and attack with disinformation, misdirection, camouflage, obfuscation and proportional response. Roelof Temmingh is the technical director of SensePost where his primary function is that of external penetration specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of Perl code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding." He has spoken at many international conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The Black Hat Briefings. Roelof drinks tea and smokes Camels. Haroon Meer is currently SensePost's director of Development (and coffee drinking). He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including the Black Hat Briefings. Haroon doesnt drink tea or smoke camels. Charl van der Walt is a founder member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in information security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.
Doug Mohney - DIGEX At the Dawn of the Commercial Internet (21.9M MP3)
- Hearken back to the days of yesterday, circa 1993, when men were men, the Internet "backbone" was T3 and run by ANS, and a few brave start-up companies around Washington D.C. were fighting the phone company and each other to build the "commercial" Internet. One of them, DIGEX, literally started out in the founder's basement in '92 and rapidly grew to be a major force in what ultimately became known as web hosting. DIGEX "invented" web hosting, was first to light-up mtv.com, collected a whole bunch of dot.gov sites including one for a Langley, VA-based agency, and grew into a 600+ person company with a 1996 IPO. Doug Mohney was employee #10 at DIGEX and witnessed a whole bunch of stuff from late '93 through 1997. Doug Mohney was employee #10 at DIGEX. He is often confused with employee #1 (Doug Humphrey; Mohney does not have Humphrey's beard, wife, or bank balance). Currently, he is online editor for VON Magazine and a contributor to Mobile Radio Technology magazine. His first Boardwatch article, a history of DIGEX, was published in 1997 to critical acclaim by most and heartburn by a few.
Nothingface - Automotive Networks (22.4M MP3)
- This presentation provides an introduction to the electronic networks present on late model automobiles. These networks will be described loosely following the OSI model of networking. Common uses of these networks will be presented, and the privacy implications of some uses will be questioned. The presentation will conclude with an introduction to OpenOtto, a free software and hardware project implementing the network protocols previously described. Nothingface is formally educated in electrical and computer engineering and informally (i.e., not) educated in automotive maintenance and repair. He has been known to earn his keep doing software design, hardware design, and security consulting. Nothingface is currently employed designing hardware and software for two-way radio communication networks.
Thorsten Holz, Maximillian Dornseif, Christian Klein - NoSEBrEaK: Defeating Honeypots (26.2M MP3)
- Honeynets are one of the more recent toys in the white-hat arsenal. They are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. Sometimes it is even suggested that deploying honeynets is a way to incerase security. We scrutinize this assumption and demonstrate a method how a host in a honeynet can be completely controlled by an attacker without any substantial logging taking place. We show how to detect honeynets, circumvent logging on a honeynet and finally 0wn a honeynet hard disabling all of a honeypots security features and present the tools to do so. While being fairly technical the a basic knowledge how shellcode and the like works should be enough to follow the talk. Thorsten Holz is a research student at the laboratory for dependable distributed systems at RWTH Aachen University where he is trying to bring a solid scientific foundation to Honeynet research. Maximillian Dornseif and Christian N. Klein have studied computer science at the University of Bonn, Germany; Dornseif also holds a degree in laws. Both are involved in computer security and the German computer underground, namely the Chaos Computer Club, for a long time and are doing security consulting together since the late nineties. Their clients include the industry like Deutsche Telekom and T-Mobile but also government.
h1kari - Smart Card Security: From GSM to Parking Meters (24.8M MP3)
- Smart Cards are used all over the place in every day life. The unfortunate (or fortunate) side of Smart Cards is that most widely deployed systems don't use any real security and rely mostly on obscurity. This presentation will discuss the different types of Smart Cards, exactly how to reverse engineer the protocols they use, and how to exploit their security weaknesses. For demonstration, we will look at GSM SIM cards and San Diego Parking Meter Debit Cards and show how their security can be defeated. h1kari has been in the security field for the past 5 years and currently specializes in 802.11b wireless security, Smart Card, and GSM development specifically to exploit its various inherent design weeknesses. He is the main developer of the bsd-airtools project, a complete 802.11b penetration testing and auditing toolset, that implements all of the current methods of detecting access points as well as breaking wep on them and doing basic protocol analysis and injection. David has spoken at numerous international conferences on Wireless Security, has published multiple whitepapers, and is regularly interviewed by the media on computer security subjects. h1kari is also the founder of Nightfall Security Solutions, LLC and one of the founding members of Dachb0den Research Labs, a non-profit southern california based security research think-tank. He's also currently the chairman of ToorCon Information Security Conference and has helped start many of the security and unix oriented meetings in San Diego, CA.
spoonm and HD Moore - Bubonic Buffer Overflow (32.0M MP3)
- The Metasploit Framework has progressed from a simple network game to a powerful tool for administrators and security analysts alike. Over the past several months, the Framework has been enhanced with improved exploit techniques and a truly advanced suite of payloads. This presentation provides a background on what exploit frameworks are, what they can provide you, and why you should be using one. A live demonstration will highlight many of the advanced features of the Framework, describe how they can be used to accomplish a variety of tasks, and show that the technology for "hacking like in the movies" is already available today. Attendees will be provided with an early-access copy of version 2.2 of the Metasploit Framework; which includes a number of techniques and exploit modules that are not publicly available anywhere else. Additionally, this release is the first version of the Framework to include a development kit for creating your own custom modules. Spoonm is currently pursuing a Bachelors degree in Software Engineering. Much to the detriment of his early morning classes, he is an active researcher in many different security areas, most notably in the exploitation and post-explotation process. He has developed several post-exploitation tools, and between working as a security consultant, and asm wielding, he currently spends most of his time working on the Metasploit Framework. HD Moore is one of the founding members of Digital Defense, a security firm that was created in 1999 to provide network risk assessment services. In the last four years, Digital Defense has become one of the leading security service providers for the financial industry, with over 200 clients across 43 states. Service offerings range from automated vulnerability assessments to customized security consulting and penetration testing. HD developed and maintains the assessment engine, performs application code reviews, develops exploits, and conducts vulnerability research.
Adam Bresson - Identification Evasion: Knowledge and Countermeasures (23.3M MP3)
- Everyday you're right to privacy is being compromised! From security cameras, to illegal searches, to unauthorized monitoring you are being watched. You must protect yourself... and your rights. Using identification evasion, you can immediately strengthen your protections. I'll discuss knowledge and countermeasures in the computer and real worlds while presenting many great methods to turn the tables on surveillance. In addition to other in-depth demonstrations and examples, you'll see identification evasion in action as I present the video "Night As Jason Biggs" (for the first time, unedited) where I applied these techniques in Las Vegas. You'll learn some things, enjoy the talk and be entertained! Adam Bresson (adambresson.com) works during the day as an I.T. Manager for a Santa Monica Investment Banking firm. He also hosts a weekly Los Angeles open mic night, independently codes commercial web sites and challenges corrupt authority as often as possible. At Defcon 8, he spoke on Palm Security. At Defcon 9, he spoke on PHP, data mining and web security. At Defcon 10, he spoke on Consumer Media Protections (CMP) generating considerable industry interest and press. At Defcon 11, he spoke on Manyonymity: PHP Distributed Encryption releasing a GPL'ed suite of web application tools. Can you recognize him?
Jamie Butler - VICE: Catch the Hookers! (17.4M MP3)
- Rootkits are the backbone of software penetrations. They provide stealth and consistent access to a computer system. Rootkits employ technology for covert ex-filtration of data, IDS evasion, and anti-forensics. Rootkit technology is now incorporated into the most deadly of threats, network worms. Serious security professionals must understand rootkit technology in detail. Commercial anti-virus technology is woefully inadequate at dealing with the threat. There is no magic security tool that will protect your system. Rootkits now employ specific methods to evade many security utilities, including Host-based Intrusion Prevention Systems (HIPS). This talk focuses on specific rootkit threats and more importantly, how intrusion-prevention software can be designed to detect these threats. Illustrated threats include Direct Kernel Object Manipulation (DKOM), hooking, and runtime code patching. We will release a new version of our freeware tool, called "VICE," that can detect many of these rootkit threats. Jamie Butler is the Director of Engineering at HBGary specializing in rootkits and other subversive technologies. He is the co-author and a teacher of "Aspects of Offensive Root-kit Technologies." Prior to accepting the position at HBGary, he was a senior developer on the Windows Host Sensor at Enterasys Networks, Inc. He holds a MS in Computer Science from the University of Maryland, Baltimore County. Over the past few years his focus has been on Windows servers concentrating in host based intrusion detection and prevention; buffer overflows; and reverse engineering. Jamie is also a contributor at rootkit.com.
Nick Mathewson - Snake Oil Anonymity: How To Spot It, And How Not To Write It (19.6M MP3)
- Much software that promises "anonymity" fails to deliver, as witnessed by a succession of compromised file-trading networks, back-doored communications systems, overhyped vapornets, and insecure "improvements" on existing remailer networks. I'll discuss a bunch of allegedly anonymous systems, and explain how a clever attacker can defeat each of them. Audience members will learn to recognize the warning signs of broken anonymity in anonymous communications and P2P; and will learn a few principles to help them design the anonymity properties of their own systems. Nick Mathewson is one of the main designers on Type III (a.k.a. Mixminion), the protocol that will replace the one currently used by the Mixmaster anonymous remail. He is also the lead developer of the Mixminion software, and a core developer on the Tor anonymizing proxy. He lives in Cambridge, MA.
Lukas Grunwald - RFID and Smart Labels: Myth, Technology and Attacks (14.8M MP3)
- This talk provides an overview of the RFID Smart Labels, small labels on products with an embedded microchip and an antenna. Smart Labels store product and serial-number, expiration date, etc. and can be read from a distance. The industry is planning to put these labels with an international product code on every product within the next decade, effectively replacing the old bar-code system. Some stores already use Smart Labels, for example certain pharmacies in the US, and in Europe the Metro Group in their Future Store. At the end of this talk there is a practical demonstration of RF-DUMP, my tool to read and write Smart Labels, check their meta-data and manipulate it. Mr. Lukas Grunwald is CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany) a globally acting consulting office working mainly in the field of security and Internet/eCommerce solutions for enterprises. Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, forensic analysis, audits and active networking. Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively in conferences such as Hackers at Large, Hacking in Progress, Network World, Internet World, Linux World (USA/Europe), Linux Day Luxembourg, Linux Tag, CeBIT Conference.
Tzi-cker Chiueh - Program Semantics Aware Intrusion Detection (18.6M MP3)
- One of the most dangerous cybersecurity threats is "control hijacking" attacks, which hijack the control of a victim application, and execute arbitrary system calls assuming the identity of the victim program's effective user. These types of attacks are viperous because they do not require any special set-up and because production-mode programs with such vulnerabilities appear to be wide spread. System call monitoring has been touted as an effective defense against control hijacking attacks because it could prevent remote attackers from inflicting damage upon a victim system even if they can successfully compromise certain applications running on the system. However, the Achilles' heel of the system call monitoring approach is the construction of accurate system call behavior model that minimizes false positives and negatives. This presentation describes the design, implementation, and evaluation of a program semantics-aware intrusion detection system called PAID, which automatically derives an application-specific system call behavior model from the application's source code, and checks the application's run-time system call pattern against this model to thwart any control hijacking attacks. The per-application behavior model is in the form of the sites and ordering of system calls made in the application, as well as its partial control flow. Experiments on a fully working PAID prototype show that PAID can indeed stop attacks that exploit non-standard security holes, such as format string attacks that modify function pointers, and that the run-time latency and throughput penalty of PAID are under 11.66% and 10.44%, respectively, for a set of production-mode network server applications including Apache, sendmail, FTP daemon, etc. Dr. Tzi-cker Chiueh is currently an associate professor in computer science department of Stony Brook University, and the chief scientist of Rether Networks Inc. He received his B.S. in electrical engineering from National Taiwan University, M.S. in computer science from Stanford University, and Ph.D. in computer science from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received a NSF CAREER award in 1995. Dr. Chiueh's research interest is on computer security, network/storage QoS, and wireless networking. Dr. Chiueh's group developed the world's fastest array bound checking compiler that incurs less than 10% run-time overhead than programs without checking under GCC, and built the world's fastest disk-based logging system, which accomplishes a single-sector disk write operation within 450 micro-seconds.
Len Sassaman - Mixmaster Vs. Reliable: A Comparison of Two Anonymous Remailer Applications (23.3M MP3)
- The "Type II" remailer network has been operating since 1995, providing strong anonymity email services to the public. We recently performed an analysis of the anonymity provided by the two independent implementations of the Type II protocol. This is joint work with Claudia Diaz and Evelyne Dewitte, to be presented at the ESORICS conference in September. This talk will discuss the methods used to evaluate the anonymity provided by Mixmaster 3.0 and Reliable 1.0.5. It will explain the threat models considered for email anonymity and known attacks agaist them, highlight the differences in the mixing algorithms used, identify potential areas of weakness in the applications, and explain the reasoning behind the different design decisions in the two applications. Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Formerly the security architect for Anonymizer and a software engineer for PGP Security, Len is now focusing on research in the area of practical attack-resistant anonymity systems which can be widely deployed and used by large groups. Additionally, Len is an anonymous remailer operator, and maintainer of the oldest actively-used anonymity software, Mixmaster.
The Shmoo Group - Wireless Weaponry (17.1M MP3)
- From the same crazy folks who brought you Airsnort, Airsnarf, Bluesniff, Fine Tooth Comb, HotspotDK, and yes, the HackerBot, comes the annual deluge of wireless wackiness. The Shmoo Group takes a break from beer, Root-Fu, and their constant media-whore campaign to just give Shmoo shtuff away, and it's all wireless-related for you RF rogues. Updated hardware. Updated software. Blah, blah, same old boring sh... WAIT! What's this?! NEW hardware? NEW software? OMFG. Bow before the Sniper Yagi! Bork all sorts of "secure" wireless networks with new tools from the Shmoon! It's time to update your kick-ass arsenal, folks! If you're a "Wireless Warrior," TSG has your "Wireless Weaponry" and a saved-for-Defcon announcement sure to make the Shmoo in you rejoice! The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development. They get a kick out of sharing their ideas, code, and stickers at Defcon. Whether it's Root-Fu, lock-picking, war-flying, or excessive drinking, TSG has become a friendly Defcon staple in recent years past. Visit www.shmoo.com for more info.
Joshua Teitelbaum and Peter Leung - CryptoMail Encrypted Email for All (Including Grandma) (15.8M MP3)
- Four years ago, CryptoMail introduced the first secure open source web based email solution. System administrators and hostile parties no longer had the ability to read a users email. With functionality similar to Hushmail, the world was introduced to an open source solution that they themselves could host. At Defcon 12, CryptoMail.org will be releasing to the public a major advance in its technology. Users will now be able to transparently and securely communicate with PGP users. Users will be able import their private PGP key set upon account creation as well as external PGP public keys. Architect Joshua Teitelbaum and project manager Peter Leung will present the overall design of the architecture, the infrastructure and the logistics of the upcoming CryptoMail Email System release. We will demonstrate the technology integration inside the new release for the first time. At the conference, you will have the chance to preview the new release. Joshua Teitelbaum developed the CryptoMail Email System and founded CryptoMail.org in 2000. Joshua is the primary developer and technical lead of the email system. He communicates with other developers and members around the world to discuss future features and improvements to the CryptoMail Email System. Besides information security, Joshua holds an active interest in building scalable trading systems for broker/dealers and portfolio managers. Peter Leung joined CryptoMail.org in 2000 as the webmaster and the project manager. His main task in the organization is to direct, manage, and organize the software release process. Peter collaborates with other members to document the email system and informs everyone about the organization's activities. Peter holds a BS in mechanical engineering, BS in mathematics, and MBA from SFSU.
Rebecca Mercuri - Hack the Vote: Election 2004 (30.5M MP3)
- In the rush to solve problems that emerged from Florida's Presidential election dispute in 2000, computerized voting systems have been deployed in unprecedented numbers. Estimates indicate that 30% of the USA will be voting on fully electronic equipment offering no capability for independent recounts, and another 50% of the country will be casting ballots tabulated by computer-based scanners. Vendors and promoters of these systems have made promises of reliability, accuracy and accessibility. Yet evidence from the 2004 primary season and earlier uses in 2002 and 2003 elections have demonstrated malfunctions resulting in irretrievable loss of vote data, usability issues including county-wide denial of service incidents, and fraud allegations due to software substitutions. This talk will explore the vulnerabilities of electronic voting systems to insider and outsider attacks, along with the possibilities and ramifications of large-scale vote fraud in the 2004 election and beyond. Dr. Rebecca Mercuri became an overnight celebrity during the media frenzy that ensued when the U.S. Presidential election ended in a dead heat in November 2000. A few weeks earlier, she had successfully defended her Doctoral Dissertation "Electronic Vote Tabulation: Checks and Balances" at the University of Pennsylvania, and then found herself writing testimony in the now-legendary Bush v. Gore case that was working its way through the legal system. Her testimony was presented to the U.S. 11th Circuit Court of Appeals and referenced in the briefs to the U.S. Supreme Court. Since then, she has provided formal testimony on voting systems to the House Science Committee, Federal Election Commission, U.S. Commission of Civil Rights, and the U.K. Cabinet, has been quoted in the U.S. Congressional Record, and has played a direct role in municipal, state, federal, and international legislative initiatives. Rebecca's comments on election technology are frequently cited by the media, and she authors the quarterly "Security Watch" column in the Communications of the Association for Computing Machinery (archived at www.notablesoftware.com). Having recently completed a research fellowship at the John F. Kennedy School of Government in their Belfer Center for Science and International Affairs, Dr. Mercuri will be moving to Harvard University's Radcliffe Institute in the Fall. Bev Harris, author of "Black Box Voting: Ballot-Tampering in the 21st Century," began writing on the subject of electronic voting machines in October 2002. Her investigative journalism has since been cited in The New York Times (three times), and on CBS, Fox News, and CNN. In writing Black Box Voting, Harris spent over two thousand hours researching voting machines, and interviewed hundreds of witnesses including many election officials and even voting machine programmers who work directly for the firms that build these machines. During the course of writing Black Box Voting, Harris discovered that one of the largest voting machine companies, Diebold Election Systems, had committed a massive security breach, leaving thousands of sensitive voting system program files on an unprotected web site. These files have now triggered a national investigation and activism movement to restore clean, trustworthy voting systems.
Adam Laurie and Martin Herfurt - Bluesnarfing: The Risk From Digital Pickpockets (16.3M MP3)
- In November 2003, Adam discovered serious flaws in the authentication and data transfer mechanisms on some bluetooth enabled devices, and, in particular, mobile phones including commonly used Nokia, Sony Ericsson and Motorola models. Shortly thereafter, Martin Herfurt of Salzburg Research Forschungsgesellschaft mbH expanded on these problems, and teamed up with Adam to investigate further. This talk will cover the issues arising out of these flaws, including loss of personal data, identity theft, phone tapping, tracking, fraud and theft of service. The threat to individuals and corporates will be examined, and statistics and examples from the real world presented, as well as live demonstrations of each of the problems. Details of how the industry reacted, what they did, didn't and should have done will also be discussed. This will be a fun talk and a real eye-opener for those with Bluetooth enabled devices. Adam Laurie is Chief Security Officer and Director of AL Digital Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, DOS and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, "CDGRAB." At this point, he and Ben became interested in the newly emerging concept of "The Internet", and were involved in various early open source projects, the most well known of which is probably their own "Apache-SSL" which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at Defcon since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings.
Joe Grand - Advanced Hardware Hacking (11.7M MP3) FX & Halvar Flake - We Can Take It From Here (15.9M MP3) Meet the Fed (11.9M MP3) **