Report from the conference BlackHat EU 2012

In the world of information security there is a whole bunch of conferences devoted to technical and not-so information security issues. If we talk about the United States, then definitely everyone knows about monsters like BlackHat and Defcon. In Europe, too, there are many conferences, among which I would single out HackInTheBox, the same BlackHat, as well as other small, local ones, but this does not mean that the bad ones are Chaos Communication Congress, CONFidence, DeepSec, BruCon, PH-Neutral. I managed to visit the European part of BlackHat, about which, actually, I am writing.





')

This year, the BlackHat EU conference was held in Amsterdam, in mid-March. The conference was held for three whole days - from March 14th to 16th. It had three tracks. The first two tracks were ordinary sites with reports of 45 minutes + questions. The third track was devoted to master classes (workshops). Additionally there were paid trainings. This is a rich and rich program. For obvious reasons, I could not attend all the reports and workshops, and the trainings cost money in general. I will stop on those where I managed to visit.



The first speaker (keynote speaker) was Whitfield Diffie himself. If someone does not know, this is one of the fathers of public-key cryptography (Diffie-Hellman-Merkle algorithm). He performed lively and interesting. Generally without slides. He spoke a lot about common, but important things that set the direction of the whole industry, for example, how to do things safely. In fact, this speech is recorded on video , so if anyone is interested in the philosophy of information security, please see.



The second report was from a fairly well-known comrade Sharia Shah (SHREERAJ SHAH). The topic is “ Top 10 HTML5 Threats ”. It would seem that a rather tedious title does not portend anything interesting, but in fact it was a very fascinating story about real threats and possible errors in the code. In addition, all this was accompanied by video demonstrations. Personally, I considered it a very convenient approach to collect all the threats in one place and clearly convey to the audience the existing problems. IMHO, I recommend for web developers and other fans of HTML.



The report of Vincenzo Yozzo (who just arrived from Canada from the PWN2OWN competition, where, along with his colleague, was able to “punish” the Firefox browser) was devoted to sandboxes for applications. A very visual presentation, there was even a beautiful tree with acceptable and not very challenges that are controlled by a broker, etc. Again, for developers extremely useful information.



By the way, another interesting report was devoted to the subject of sandboxing, which was already more aggressive - literally called: “How to get my own way out of the Adobe Reader sandbox”. Speakers: GUILLAUME LOVET and ZHENHUA LIU (I will not translate and distort, because I'm not sure that I heard their names correctly). The report, in fact, contains exactly what was said in the title. The conversation was about how the bug CVE-2011-1353 was found last year and how it was possible to use this bug. She just was to circumvent the limitations of the sandbox. Their conclusion: the sandbox is not a panacea. Cute, cool, interesting.



Well, I will not talk about each report. First, it was not at all, and secondly, it was easier to go by yourself and see what was there: https://blackhat.com/html/bh-eu-12/bh-eu-12-archives.html



I will also note a workshop from Nikhil Mittal (NIKHIL MITTAL), on the use of such things as Teensy, during penetration tests. In short, Teensy is a cheap programmable controller with a USB connector. Therefore, evil uncles use it as a HID device. Actually, we talked about this at the meetings of the DCG group in St. Petersburg, but Nikhil started a whole workshop. How to create, what to do, how to use, etc. In addition, he wrote a whole cloud of loads, such as: turning on Wi-Fi with a password such and such, lifting Meterpreter (backdoor from Metasploit). Enough is fun and exciting. Well, the topic of application - it is forbidden to connect storage and other devices, except for mice and keyboards (HID), to all politicians and tools there. And inserting Teensy into such a PC, we still execute arbitrary code and still infect it. It is clear that the same politicians and tools can protect against this, but, nevertheless, this is a real threat.



We also hanged out with Nikhil, and he revealed to me the joys of Indian cuisine. Man he is smart and interesting. In addition, I was able to communicate with such giants of the hack-world as Peter Van Eukhot (corelancoder, www.corelan.be ), Dmitry Sklyarov (told a lot of very interesting things), Felix Linder and many others. The atmosphere was fairly informal, despite the "status". On the second day of the conference in one of the Amsterdam bars there was a party from IOActive, where everyone could get an unlimited number of drinks at the expense of the sponsor, which, of course, only contributed to the communication and getting positive emotions. Returning to the reports, there were 2 reports from Russia, one of mine - about pen-testing and 0-day, as well as bugs in Lotus , and the second from Dmitry Sklyarov and Andrey Belenko - with this report Dmitry will also speak at PHD in Moscow, so Not everything is lost. And my report will also see the light at the DCG # 7812 meeting, as well as at the CONFidence conference in Krakow, also in May.



In addition, the conference was a section for the demonstration of developments and software, where Andrei Labunets, a good man and a student of Tyumen State University, spoke, demonstrating his fuzzing framework - Windbgshark. Quite a curious thing: network fuzzer with support for windbg scripts and modification of requests in real time, as well as displaying the structure in wireshark. He even showed one 0-day in the MS code, which was found using his fuzzer.



Summing up, I would like to note the zero presence of the Russian audience at foreign conferences. Understanding the reasons for this is not difficult. But still somewhat offensive. At the same time, I would like to note that the share of Ukrainian visitors is stable - in the area of ​​one person per conference. Last year it was at CONFidence that I met Gleb from the Ukrainian Information Security Group, this year - with Nazar from SoftServe. People are drawn to the knowledge and exchange of experience. It is inspiring!





In the photo: Andrei Labunets, I am d00kie , Nazar, Dmitry Sklyarov.