CONfidence 2011 Wrapup

As always it was a pleasure to go to CONfidence, the atmosphere in this event is unique and has a very un-commercial feel to it.

It started off with Lock Picking presentation by Deviant Ollam, which quite convincingly proved that your weakest point is physical security, and then gave everyone a run for their money with offering locks and lock picking tools to give people the feel of how easy (or in some cases not that difficult) it is to pick a lock – especially if it just looks tough but is actually a cheap knockoff.

The day then split to two distinctive tracks, I picked the Stuxnet one and learn less on that but more on cybercrime, cyberwarfare and how the United Nations Interregional Crime and Justice Research Institute is handling / looking out on that. Bottom line, a lot to do, little being done now and things are still shaking on the legal and control part of it – with many countries doing it and little threat of “political” issues for them.

After the launch break I got to hear a lecture about Gadu-Gadu vulnerabilities, unfortunately I did not catch the guy’s name so I cannot tell you what it is, but his lecture proved that XSS can be more than just a web site hack with Gadu-Gadu having XSS issues that would allow the execution of code. According to him, the vulnerabilities have been reported but discarded by the vendor as a non-threat, well no one in the audience felt that was a shocker.

Sitting on Mario Heiderich’s lecture proved to me once again that XSS is an endless mine of goodies, with SVG now becoming more and more acceptable, and having been built without much security in mind – SVG is the new XSS goldmine. So many issues, so little time to present them, should be Mario’s trademark :)

I didn’t have the time to sit on any other lectures during that day, so I will skip to day 2

Chris Valasek’s heap spraying and analysis proved once again that he should be dubbed the Heap Spray King with a new method to cause the apparently unexploitable hole in IIS FTP’s server to become exploitable by using ground breaking research of how to cause fragmentation and reassembly of heap blocks to allow in the end for the EIP to be under our control – with the promise to release the exploit – more to come from this great guy.

Alexey Sintsov showed us that even the most small and simple “holes” such as allowing to resolve hostnames on a compromised host can be easily turned to a full fledged remote controlling mechanism, though not new, the way it was presented showed that it is not just theoretical but actually quite easily made into practice.

Michele Orru presented his BeEF – Browser Exploitation Framework – and the ability to – once you have compromised a host by getting him to visit your website – control a remote browser and get it to do what you want. In his demo he compromised a host that had access to a vulnerable JBoss server and using the browser got the JBoss to reverse open a shell on the server – effectively gaining him root access – nice!

Aleksandr Matrosov, Eugene Rodionov showed how x64 operating systems are getting compromised by TDL rootkits and how they have researched cleanup methods – and successfully done so. Apparently the method of used by the TDL rootkit is going back to infecting your MBR – remember those methods? feels like a time warp.

Michał Sajdak proved that lack of security can even happen to security aware companies like CISCO or to their bought of companies Linksys – using simple methods of command injection (such as ;/bin/ls) he was able to completely compromise a CISCO device. A simple web scan of that application would have discovered this vulnerability – I cannot say why that product came to market with such an obvious vulnerability.

At that point again, I had to leave the conference.

It was great, see you next year.

Things I saw that were weird and cool at the same time:
1) The CONFidence treasure hunt was wacky, with tasks such as bring a nude stripper to gain points or have a tattoo of a sailor on your arm for double points
2) Wii and PS3 stations proved once again to be packed with hackers showing their skills
3) Barbecue and beer idea was a hit
4) Giving speakers a free beer as a drink on stage was weird but a good idea on how to release pressure from the speaker