Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was...
-
Upload
matteo-raw -
Category
Documents
-
view
217 -
download
0
Transcript of Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was...
![Page 1: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/1.jpg)
DEF CON 20 Run DownKyle Slosek
![Page 2: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/2.jpg)
DEF CON Documentary
![Page 3: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/3.jpg)
DEF CON History
Created by Hacker Jeff Moss in 1992
Started as a party for a hacker friend who was leaving the country
DEF CON comes from the movie war games (Defense Threat Condition) is also 3 on a phone
![Page 4: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/4.jpg)
What is DEF CON?
A place for hackers, security professionals and government agents to gather and discuss security
A conference for those of us who cant afford Black Hat
A Party
![Page 5: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/5.jpg)
What Can You Expect?
There will be black hat, white hat, grey hat hackers, security researchers, script kiddies & Federal, State and Local Law enforcement
There will be attempts to socially engineer sensitive information from you
If you do not properly protect your devices you will get hacked
![Page 6: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/6.jpg)
DEF CON Safety Tips
1. Turn off Bluetooth on your phones
2. Do not connect to the public WiFi
3. Do not use an ATM at the Rio Convention Center
4. Do not take pictures of people’s faces (unless they give you permission)
![Page 7: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/7.jpg)
What Will You Gain?
Several talks are given by prominent members of the Cyber Security Community Dan Kaminsky Bruce Schneier General Keith Alexander
(USCYBERCOM)
A better understanding of the hacking community
Bruce Schneier Dan
Kaminsky
General Keith
Alexander
![Page 8: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/8.jpg)
Interesting DEF CON Facts
Reporter Michelle Madigan from Dateline NBC was outed in 2007 for trying to secretly record hackers admitting to crimes
MIT Students were sued in 2008 for their presentation entitled “The anatomy of a Subway Hack: Breaking Crypto RFIDS and Magstripes of Ticketing Systems”
![Page 9: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/9.jpg)
Anti-Forensics and Anti-Anti-Forensics
Michael Perklin – Forensics Investigator
Techniques that make a Forensics Investigator’s job harder
Anti-Anti-Forensics – What investigators can do to mitigate these techniques
The goal is to increase the amount of $ for an investigation and hopefully drop suit or settle
![Page 10: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/10.jpg)
Anti-Forensics and Anti-Anti-Forensics
Technique 1 – Keep a lot of media
Investigators need to image all media to keep a backup copy
If you have an inordinate amount of media, the possibility of them missing something increases
It also makes it more difficult to sift through the data
![Page 11: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/11.jpg)
Anti-Forensics and Anti-Anti-Forensics
Technique 2 – Use Non-Standard RAID
RAID uses common settings such as stripe size, stripe order & block size
This means that the investigator will have a harder time re-building the RAID
![Page 12: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/12.jpg)
Network Anti-Reconnaissance
Messing with Nmap Through Smoke and Mirrors – Dan Petro
Anti-Reconnaissance adds to Defense-in-Depth Reconnaissance is usually done with
Nmap Reconnaissance phase of attack is
sometimes ignored by network defense teams
![Page 13: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/13.jpg)
Network Anti-Reconnaissance Demoed a tool called
Nova
Uses a tool called Honeyd to creates thousands of virtual machines on a network acting as Honeypots
These VM’s do act like traditional VM’s (i.e. no hard drive or OS)
![Page 14: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/14.jpg)
Network Anti-Reconnaissance
The idea is to make it harder for attackers to find real nodes
The software uses machine learning language to discover attackers performing Reconnaissance
Auto-Config mode will scan your network and create a honeypot to augment it
![Page 15: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/15.jpg)
Dan Kaminsky – Black Ops In 2008 found a flaw in
the DNS Protocol that allowed for easy cache poisoning
Talk to define fundamental issues in the development of secure code
One piece of the talk defined issues with being able to properly generate random numbers
![Page 16: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/16.jpg)
Dan Kaminsky – Black Ops
2 of every 1000 Certificates generated with the RSA algorithm contain no security
Crypto of a majority of certificates was found to only be 99.8% effective
The fundamental issue is not the RSA algorithm it’s the ability to generate random numbers
![Page 17: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/17.jpg)
Dan Kaminsky – Black Ops 4 sources of randomness:
Keyboard Mouse Disk Rotations Hardware Random Number Generator
The solution: TrueRand Computer with 2 clocks has a random
number generator Dan released DakaRand (i.e. TrueRand 1.0)
![Page 18: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/18.jpg)
DEF CON & Black Hat Presentations
Can Be purchased on DVD after the conference https://www.sok-media.com/store/produc
ts.php?event=2012-DEFCON
Most presentations are released for download several months after the conference
![Page 19: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/19.jpg)
Speaker Videos
Keynote by General Keith Alexander – Shared Values, Shared Responsibility
FX and Greg – Hacking [Redacted] Routers
Zack Fasel – Owned in 60 Seconds
Closing Ceremonies
![Page 20: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/20.jpg)
Capture the Flag
20 teams competed for all 4 days 10 teams qualified, 9 were invited by winning other
CTF events and one bought their spot on ebay
Teams are given points for stealing keys from their opponents and submitting to the scoring server
Points are also given for defacing a service by overwriting unique team keys on others services
![Page 21: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/21.jpg)
DEF CON Badges
Types: Human, Goon, Press, Vendor, Speaker, Artist
Uber badge given to contest winners
Crypto puzzle built in to the badge software
Goon badges are designed to affect all other badges
![Page 22: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/22.jpg)
Other Cons in the area
Schmoo Con – Feb 15 – 17 (Washington DC)
Takedown Con (May)
Black Hat (July 27 – August 1)
Conference
Price # Days
Schmoo Con
$150 3
Black Hat $2500 6
Takedown Con
$600 2
DEF CON $200 4
![Page 23: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/23.jpg)
Get Involved
DC-Groups (DCGs) Meet regularly to discuss technology and security topics
https://www.defcon.org/html/defcon-groups/dc-groups.html
Group
Location POC Contact Email
DC202
Washington, DC
R0d3nt
DC410
Baltimore, MD
Bmore Adam
DC804
Richmond, VA J0c3phu5 [email protected]
![Page 24: Kyle Slosek. Created by Hacker Jeff Moss in 1992 Started as a party for a hacker friend who was leaving the country DEF CON comes from the movie.](https://reader036.fdocuments.net/reader036/viewer/2022062404/551c30965503469e4f8b6306/html5/thumbnails/24.jpg)
DEF CON Resources
DEFCON 20 Program: https://media.defcon.org/dc-20/defcon-20-program.pdf
Media: http://www.defcon.org/html/links/dc-archives/dc-20-archive.html
Purchase Extra Human Badges: http://hackerstickers.com/product/hardware-dc20-humanbadge/