HackInTheBox Security Conference Slides (PDFs)

Here is the Schedule And Presentation Calendar
D1T1 – Barisani and Bianco – Practical Exploitation of Embedded Systems.pdf
D1T1 – Chris Wysopal – Data Mining a Mountain of Vulnerabilities.pdf
D1T1 – Lucas Adamski – Firefox OS and You.pdf
D1T1 – Petko Petkov – History of the JavaScript Security Arsenal.pdf
D1T1 – Philippe Langlois and Emmanuel Gadaix – 6000 Ways and More.pdf
D1T1 – The Pirate Bay – Data is Political – NO SHOW
D1T2 – Don Bailey – Hackers, The Movie – A Retrospective.pdf
D1T2 – Haroon Meer – You and Your Research.pdf
D1T2 – Marc Heuse – IPv6 Insecurity Revolutions.pdf
D1T2 – Mark Dowd & Tarjei Mandt – iOS6 Security.pdf
D1T2 – Meder Kydyraliev – Defibrilating Web Security.pdf
D1T2 – Wes Brown – Supercomputing, Malware and Correlation.pdf
D1T3 – Charlie Miller – Attacking NFC.pdf
D1T3 – F Raynal & G Campana – An Attack Path to Jailbreaking Your Home Router.pdf
D1T3 – John Draper – A Historical Look at the Personal Computer and Phreaking.pdf
D1T3 – Jose Nazario – Tracking Large Scale Botnets.pdf
D1T3 – Paul Sebastian Ziegler – Hacking in the Far East.pdf
D1T3 – The Grugq – OPSEC – Because jail is for wuftpd.pdf
D2T1 – Chris Evans – Element 1337 in the Periodic Table – Pwnium.pdf
D2T1 – Katie Moussouris – How to Get Along with Vendors Without Really Trying.pdf
D2T1 – Ollie Whitehouse – Finding the Weak Link in Binaries.pdf
D2T1 – Paul Vixie – Silo Busting in Information Security – NO SLIDES
D2T1 – Rodrigo Branco – A Scientific Study of Malware Obfuscation Technologies.zip
D2T1 – Shreeraj Shah – XSS and CSRF Strike Back Powered by HTML5.pdf
D2T2 – Fyodor Yarochkin and Vladimir – Messing up the Kids Playground.pdf
D2T2 – Jeremiah Grossman – Why Web Security is Fundamentally Broken.pdf
D2T2 – Raoul Chiesa – Information Warfare and Cyberwar.pdf
D2T2 – Saumil Shah – Innovative Approaches to Exploit Delivery.pdf
D2T3 – Emmanuel Gadaix – Something MEGA.pdf
D2T3 – Felix FX Lindner – Hacking Huawei VRP.pdf
D2T3 – Mikko Hypponen – Behind Enemy Lines.pdf
D2T3 – OPENBOTTLE PANEL – NO SLIDES
D2T3 – Stefano Zanero – Behaviour-Based Methods for Automated Scalable Malware Analysis.pdf
D2T123 – IOS SECURITY PANEL – NO SLIDES

Thank YOU to Security Monkey’s Chief Monkey for the links…

Some Entertaining DerbyCon Videos (Courtesy of IronGeek)

HD Moore – Wild, Wild West


Dan Kaminsky – Black Ops


Jason E. Street – Securing The Internet


Dave Marcus – 2FA-Enabled Fraud:Dissecting Operation High-Roller



Rob Fuller (mubix) and Chris Gates (Carnal Ownage) – Dirty Little Secrets Pt.2

You can see all of the videos at www.irongeek.com

Here’s All You Need to Know about Apples UDID Mess…

In the words of the Anonymous post on Pastebin …

Update: Anonymous post more info on Pastebin here:
Ip addresses given as another clue: “for the moment we think its quite safe to mention these clues:
3 IPs were involved, 2 of them were like:

206.112.75.XX

153.31.184.XX

“In July 2012 NSA’s General Keith Alexander (alias the Bilderberg Biddy) spoke
at Defcon, the hacker conference in Las Vegas, wearing jeans and a cool EFF
t-shirt (LOL. Wtf was that?). He was trying to seduce hackers into improving
Internet security and colonoscopy systems, and to recruit them, ofc, for his
future cyberwars. It was an amusing hypocritical attempt made by the system to
flatter hackers into becoming tools for the state, while his so-righteous
employer hunts any who doesn’t bow to them like fucking dogs.

Well…
We got the message.
We decided we’d help out Internet security by auditing FBI first. We all know
by now they make Internet insecure on purpose to help their bottom line. But
it’s a shitty job, especially since they decided to hunt us down and jail our
friends.

It’s the old double standard that has been around since the 80’s. Govt Agencies
are obsessed with witchhunts against hackers worldwide, whilst they also
recruit hackers to carry out their own political agendas.

You are forbidden to outsmart the system, to defy it, to work around it. In
short, while you may hack for the status quo, you are forbidden to hack the
status quo. Just do what you’re told. Don’t worry about dirty geopolitical
games, that’s business for the elite. They’re the ones that give dancing orders
to our favorite general, Keith, while he happily puts on a ballet tutu. Just
dance along, hackers. Otherwise… well…

In 1989 hagbard (23yrs old) was murdered after being involved into cold war spy
games related to KGB and US. Tron, another hacker, was
murdered in 1998 (aged 26) after messing around with a myriad of cryptographic
stuff (yeah, it’s usually a hot item) and after making cryptophon easily
accesible for the masses. And then you have Gareth Williams (31), the GCHQ
hacker murdered and “bagged” inside a MI6’s “safe” house (we’d hate to see what
the unsafe ones look like) in August of 2010 after talking about being curious
about leaking something to Wikileaks with fellow hackers on irc. And the list
goes on. It’s easy to cover up when they want to, hackers often have complex
personalities, so faking their suicide fits well.

You are welcome to hack what the system wants you to hack. If not, you will be
punished.

Jeremy Hammond faces the rest of his productive life in prison for being an
ideological motivated political dissident. He was twice jailed for following
his own beliefs. He worked until the end to uncover corruption and the
connivance between the state and big corporations. He denounces the abuses and
bribes of the US prison system, and he’s again facing that abuse and torture at
the hands of authorities.

Last year, Bradley Manning was tortured after allegedly giving WikiLeaks
confidential data belonging to US govt… oh shit. The world shouldn’t know how
some soldiers enjoy killing people and even less when they kill journalists. Of
course, the common housewife doesn’t deserve to know the truth about the
hypocrisy in the international diplomacy or how world dictators spend money in
luxury whilst their own people starve. Yep, the truth belongs only to the
elite, and if you are not part of them (forget it, that won’t happen), fuck
yourself.

People are frustrated, they feel the system manipulating them more than ever.
Never underestimate the power of frustrated people.
For the last few years we have broke into systems belonging to Governments and
Big corporations just to find out they are spending millions of tax dollars to
spy on their citizens. They work to discredit dissenting voices. They pay their
friends for overpriced and insecure networks and services.

We showed how former govt and military officials were making new businesses
using their government relationships.
They funnel public money to their own interests for overpriced contracts for
crap level services. They use those
relationships to extra-officially resolve affairs involving their businesses.

We exposed a criminal System eliminating those who think different;
criminalizing them. This System won’t tolerate those who dig for the truth, it
can’t. So no one has the right to question anything coming from this system. if
you buy a piece of hardware or software you just need to use it as it was
supposed to be used: anything else is forbidden.
No tinkering allowed.

If you buy a Playstation, you are not allowed to use it as you want to — you
can only use it the Sony wants you to. If you have found a way to improve
something, just shut up. You are not allowed to share this info with anyone
else and let them make improvements, too. We are not the real owners of
anything anymore. We just borrow things from the System. Shiny, colorful
things, we agree to play with for a fee. A fee for life.
Because this system works only if you keep working to buy new things.
Not important if they are good things, just buy new crap, even better like that.
So everything gets outdated soon.

You home, stuff, car and computer, you will pay for everything you have for all
of your life. All the time: a monthly fee, forever until you die. That’s the
future; nothing is really yours. LAAS – Life As A Service.
You will rent your life.

And better hurry up and work all day if you want to stay alive. Work ’til
you’re exhausted and don’t think. No — thinking is bad. Play games instead, do
drugs too, why not? Or go to the movies. The Entertainment Industry is here to
resolve all your philosophical and trascendental problems. Shiny colorful crap.
but please don’t think too much.
Thinking is dangerous.

Accept the offer, it’s the perfect deal.
You get all those amazing shiny colorful beads.
It will only cost you freedom…and your life.
Indians did it with Manhattan.
There’s nothing to worry about it, is there?

And what if you are a lone wolf who quietly outside the system, doing your own
thing, without saying a word? They will be mad as hell. They will try to find
you. You will be fucked up anyway, sooner or later. Because the system wants
you clearly identified, with all your personal details well packed into a
government database so it can make its watchdogs’ lives easier.

Security researchers are often questioned and their movements tracked by Secret
Service, FBI and other shits. They are asked about their projects, who their
clients are, who they are talking to, what they know about other hackers, etc..
So be a good monkey, follow the rules, head down and you’ll get some coins
that let you keep renting your life.

But hey! Wait…
We are hackers…
We are supposed to look beyond the rules, to find things others don’t see. And
THE SYSTEM, yeah the whole fucking system, it’s just another system.
…and we do that.
we hack systems.

This is our next challenge: to decide whether to become tools for the system,
or for ourselves. The system plans to use us to hold the next in their endless
wars, their cyberwars.
Hackers vs. hackers, slaves vs slaves.


We are trapped.

Jack Henry Abbott, a writer who was incarcerated almost his whole life for his
crimes, wrote before hanging himself: “As long as I am nothing but a ghost of
the civil dead, I can do nothing…”, the ‘civil dead’ are those, like himself,
who had their autonomy systematically destroyed by the state. Now his words
extend to cover all of us. We have seen our own autonomy being systematically
destroyed by the State. We are becoming ghosts of our dead civil rights.

criminals.
So yes we are criminals, we are the criminals our dear system have created:
Argumentum ad Baculum

In a world where you fear the words you use to express yourself. Where you are
punished for choosing the wrong ones, we have just decided to follow our own
way. There’s no worst kind of slavery than one where you are afraid of your own
thoughts.

Governments around the globe are already in control of us in real life, and
they have now declared war on the people to take over the Internet.
It’s happening now. It’s not waiting for you to wake up.
So now my dear friends, it’s your turn to decide where you belong,
and what you are made of.

“When the people fear the government there is tyranny, when the government
fears the people there is liberty.”
― Thomas Jefferson”

Rotten Apple

Another Apple Mess

http://pastebin.com/nfVT7b0Z

Note: An Apple UDID could be used in combination with other data to connect devices to their owners’ online user names, e-mail addresses, locations and even Facebook profiles. (Aldo Cortesi)

Here they gave links to an encrypted file with 1,000,001 Apple device UDIDs and accompanying user data.
The file must be unencrypted and instructions are given later in the pastebin post.

Apparently, the UDIDs have been taken from an FBI Special Agent Christopher Stangl, (rumor has it via a Java exploit earlier in the year). According to sources close to the matter… Among the data on his notebook was a file named NCFTA_iOS_devices_intel.csv which contained a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers and addresses.
Read more here
http://par-anoia.net/releases.html

Here are some links from major internet sites covering the story…

http://arstechnica.com/security/2012/09/1-million-ios-device-ids-leaked-after-alleged-fbi-laptop-hack/

http://thenextweb.com/apple/2012/09/04/antisec-hackers-leak-1000001-apple-device-ids-allegedly-obtained-fbi-breach/

http://www.wired.com/threatlevel/2012/09/hackers-release-1-million-apple-device-ids-allegedly-stolen-from-fbi-laptop/

https://www.networkworld.com/community/node/81331

http://techcrunch.com/2012/09/04/apple-udid-leak-theres-no-proof-yet-of-fbi-involvement-but-heres-why-you-should-still-care/

http://bits.blogs.nytimes.com/2012/09/04/hackers-claim-to-have-12-million-apple-device-records/

Automation Scripts for Backtrack 5r3

I have been testing with an excellent set of publicly-available scripts to automate tasks in BackTrack 5R3. I first heard about them when I saw Lee Baird’s presentation at the Appalachian Institute of Digital Evidence (AIDE 2012). You can see the slides courtesy of irongeek.com at this link. Lee Baird had help from Jason Arnold with crack-wifi.sh, and Jason Arnold was the main developer of sslcheck. There was a lot of time and effort put into this package, and I feel that anybody using Backtrack will benefit from using these scripts for automating many important parts of penetration tests. The package is on Google Code and it includes a set of aliases which enable you to update the subversion for the scripts and all of the scripts by simply typing update. Your first step is to download the package from google code from a backtrack shell:

svn co https://backtrack-scripts.googlecode.com/svn/ /opt/scripts
You can watch the video for a full demonstration here…

Or, if you don’t have the time to watch the video, just keep reading…

Ok after you download the scripts into the opt directory the next step is to change the permissions to make the scripts executable.

  chmod 755 /opt/scripts/ -R 



Next we will change into the scripts directory and then run the setup script.

cd /opt/scripts/ 
./setup.sh

Now exit the terminal and open a new terminal and type update

Next we will run the main discover script...


./discover.sh



(Discover is a script that allows you to choose to perform some open source intelligence gathering for the recon portion of your pentest, use Nmap to port scan an external or internal network, start a Metasploit listener, or even run other scripts such as my favorite, crack-wifi.sh.)

Crack-wifi makes the whole process of using airmon-ng, airodump-ng, aireplay-ng, and aircrack-ng to crack a wireless network's key very simple and automated. When you run crack-wifi.sh, a wireless interface is automatically searched for and tested to validate injection. You are then able to scan all your local wireless networks and choose a network to attack. If you have ever used Backtrack to crack a wireless network you know that it takes a few steps and commands to get it going successfully. Well, this script makes it very easy by automating everything. You can begin scanning the local networks for a WEP or WPA key to crack by pressing 1. When you find a network that you want to crack press Ctrl-C, and a window will pop up asking you to enter the Channel, ESSID, BSSID, and Station of the network which you want to attack. If your attack does not generate any data, or enough to crack the key, you can just close all the windows and start again, until the key is cracked. The code is updated on a regular basis, here is the additions that were made recently:
Updates

Aug 20 - Added jigsaw to setup.sh.
Aug 19 - Added goofile to the passive option for scrape.
July 29 - Added crack-wifi.sh to framework.
July 27 - Niko now takes a list of nmap greppable output.
July 25 - Added color to update alias and framework.
July 5 - Updated alias and setup.sh to reflect the new hosted location of sqlmap.
June 28 - Fixed passive recon problems with Whois-IP and LinkedIn returning job titles.
June 20 - After testing Metasploitable 2 by doing a full port scan, I noticed there were some ports missing from my default scan. The following TCP ports have been added: 1524, 6697, 8787, 41364, 48992, 49663, 59034.
June 11 - Scrape now contains passive and active options.
June 5 - Check 'notes' for a To-Do list
June 4 - Added new option - niktos

There are also some python scripts included by Saviour Emmanuel. For more information check out the googlecode wiki by going to the svn location:

They are available for download at http://code.google.com/p/backtrack-scripts/

Hackers can steal new “keyless” BMW’s in 2 minutes

What did BMW think when they decided to allow for electronic keyless entry and ignition. Did they really think they could protect buyers from hackers? Don’t they know by now that if they are going to use computers inside their vehicles that they must hire a team of security experts. I feel bad for anyone who bought one of these “hackable rides”

NICT Daedalus Cyber-attack alert system – DigInfo TV – Tech News Videos From Japan | The latest technology, products, gadgets and scientific research direct from Tokyo

NICT Daedalus Cyber-attack alert system – DigInfo TV – Tech News Videos From Japan | The latest technology, products, gadgets and scientific research direct from Tokyo.