Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference Jeff Moss

"This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presented.

Chris Hurley (Roamer) is a Senior Penetration Tester working in the Washington, DC area. He is the founder of the WorldWide WarDrive, a four-year effort by INFOSEC professionals and hobbyists to generate awareness of the insecurities associated with wireless networks and is the lead organizer of the DEF CON WarDriving Contest. Chris has spoken at several security conferences and published numerous whitepapers on a wide range of INFOSEC topics. Chris is the lead author of "WarDriving: Drive, Detect, Defend ", and a contributor to "Stealing the Network: How to Own an Identity", "Aggressive Network Self-Defense", "InfoSec Career Hacking", and "OS X for Hackers at Heart"."

"Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed, including:

* A temporal attack against IP fragmentation, using variance in fragment reassembly timers to evade Network Intrustion Detection Systems
* A high speed DNS tunneling mechanism, capable of streaming video over a firewall-penetrating set of DNS queries
* DNS poisoning attacks against networks that implement automated defensive network shunning, and other unexpected design constraints developers and deployers of security equipment should be aware of
* Mechanisms for very high speed reconstruction of IPv4 and IPv6 network topologies, complete with visual representation of those topologies implemented in OpenGL.
* Analysis of the potential for using name servers as IPv4->IPv6 gateways.
* In addition, we'll briefly discuss the results of research against MD5, which allows two very different web pages to emit the same MD5 hash.

Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems.

He is best known for his work on the ultra-fast port scanner scanrand, part of the "Paketto Keiretsu", a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. He authored the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", was a co-author of "Stealing The Network: How To Own The Box", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings.

Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. Dan is based in Silicon Valley."

"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepted encoding schemes to launch attacks right through most security tools? Come and see what hackers know; if you rely on these products to keep you safe, you can't afford not to.

David Maynor
Mr. Maynor is a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs."

"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all.

Ruby is an elegant and powerful language that supports concepts like reflection and meta-programming. As more developers use the powerful features, more layers of the language implementation get exposed. In the presentation, I will review several vulnerabilities found in Ruby and its standard libraries, some publicly disclosed and others reported privately to the core Ruby developers. The focus of the vulnerability review is to highlight the different levels of the language implementation that need to be audited to identify vulnerabilities for a given application based on the complexity of the language features used.

Though Ruby is the example language used in the presentation, the concepts extend to most interpreted languages commonly used today.

Dominique Brezinski, resident technologist at Black Hat, has spent the last few years thinking about and implementing advanced intrusion detection and response at the operating system level. His background in security spans the last decade and includes extensive experience in protocol and software vulnerability analysis, penetration testing, software research and development, and operations/incident response in large-scale computing environments. Dominique's former employers include Amazon.com, Decru, In-Q-Tel, Secure Computing Corporation, Internet Security Systems, CyberSafe, and Microsoft."

"This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors.

The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches for fuzzing text based protocols which can be more complex then fuzzing binary protocols.

This talk will include:

* 0 day vulnerabilities (or one day)
* Example fuzzing scripts
* Proof of concept code

Ejovi Nuwere is the founder of SecurityLab Technologies. Nuwere gained media attention and international recognition for his highly publicized security audit of Japan's National ID system--JukiNet. Nuwere is the Chief Technology Officer of SecurityLab Technologies where he heads the companies VoIP security auditing group. He currently lives in Boston and is working on his second book, Practical Penetration Testing (O'Reilly)."

"In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character encoding and Japanese are significant issues for Japanese agents. This session will cover the various issues on Japanese when using popular forensic tools and other technical issues for future considerations.

Hideaki Ihara was born in 1973. He Specializes in Windows system security, intrusion detection and analysis and computer forensics. He was awarded the MVP for Windows Security by Microsoft and is author of many books regarding security published by O'reilly, Shoeisya. Ihara has been director at NetAgent Inc. since June 2005"