A week has passed since the Las Vegas craziness and we’ve had some time to write down our impressions about the Black Hat, Defcon and BSidesLV conferences as well as our own IOAsis event.
It was great for me to meet lots of people—some of who I only see once a year in Las Vegas. I think this is one of the great things about these events: being able to talk for at least a couple of minutes with colleagues and friends you don’t see regularly (the Vegas craziness doesn’t allow long chats most of the time). I also got to meet people personally for the first time after working together and/or communicating just by email, Twitter, or chat. The IOActive team delivered a lot of successful talks that were well received by the public, which makes me proud of our great team and reflects well our constant hard work.
By Fernando Anaboldi
Fwknop at IOAsis:
The “Single Packet Authorization” term was first mentioned by MadHat at the BlackHat Briefings in July 2005; however, the first available implementation of SPA was the release of fwknop in May 2005 by Michael Rash. Basically, it grants access to a service upon receiving a particular packet.
We had the opportunity at the IOAsis to attend a fwknop presentation given by Michael Rash. The tool is currently capable of performing several useful things:
· It allows you to hide a service on a “closed” port.
· It lets you create a “ghost service” where a port switches for a short period of time to whatever service is requested within an SPA packet (e.g. SSHD)—and it doesn’t seem to be susceptible to replay attacks like a normal port knocking implementation would.
· And the list goes on.
Hidden and obscuring available services on external networks looks like a first interesting line of defense, and fwknop seems to be the leader in that field.
BlackHat/BSides/Defcon Week: Finding My Peace
After finally recovering from a week (which felt like a month) in Vegas, I can safely say that I found my peace. Although it was one of the more hectic weeks I’ve had this year—and the most successful BlackHat/BSides/Defcon personally—I managed to find myself in a better place professionally, socially, and generally. How did this come about?
Although BlackHat has been wandering the past few years between what it used to be—a highly professional security conference—and what it started to become (for me at least)—a vendor dog-and-pony show—I thought the new format of tracks focused on different security elements made a difference in how attendees approached the topics. Additionally, the arsenal pods allowed more free-form presentations and discussions on new technologies and ideas while capitalizing on the hallway-track that conferences so famously miss out on.
My schedule really put me in a position to appreciate the entire spectrum of our amazing community: speaking at BlackHat first thing in the morning after the keynote, switching gears to volunteer for the security staff at BSidesLV, and then speaking at BSides. From the more polished feel of BlackHat to the relaxed atmosphere of BSides, from a stressful speaking slot to giving back to the community, it just made perfect sense…
Having a chance to get together with people I consider friends online and offline was another critical aspect of my week in Vegas. Although some of these meetings were ridiculously short, the energy, and the relationship boost they gave was invaluable. A critical part of being in information security is the ability to work with industry peers in ways that nurture critical thinking, innovation, and peer-support (and criticism). Being able to throw around research initiatives; explore new elements of the information security world; and talk about business, government, international relations, law, economics, physical security, and other crazy aspects that we all need to take into account is a must-have in an industry that has almost zero-tolerance for failure.
Wrapping it up with a massive Defcon attendance, talks, and of course the occasional party was the cherry on top. Although some nights felt more like work than play, you won’t hear me complaining because even though party hopping between 4–5 venues to catch up with everyone really took its toll physically, I got to see a beautiful sunrise over the desert.
Last but definitely not least, getting the chance to meet with co-workers from around the globe was a great experience made possible by working for a company large enough to have people in almost every time zone. So, being able to do that against the backdrop of an amazing Freakshow party (thanks again to Keith Myers and Infected Mushroom) just made all the talks about exploits, kernel space vulnerabilities, counter-intelligence, and social engineering that much more appropriate ?
Until the next Vegas, stay safe!
