Black Hat USA and DEF CON are coming up next week and I am excited, and so should you, if your thing is breaking things. I'm looking forward to presenting, seeing some good technical talks, and meeting with folk I only get to see once a year. I always come home with a pile of things that I want to learn more about and hack on, for projects both personal and professional. In this post, I'd like to share some of the things that I'm looking forward to next week, within my interests of offensive security and reverse engineering.

I'll be speaking about reverse engineering malware (with a POS malware case study) at DEF CON, and I'll be in attendance at Black Hat USA as well. I'll be attending with about 5 other Mississippi State University faculty, students, and staff, and there ought to be at least a few alumni there that we'll be hanging out with. If you see me, or someone else in MSU gear, say hi and hang out for a while! We'll have quite a presence across both conferences.

The following is based on what I can figure out about the scheduled talks from their abstracts. A trick that I recommend is to flip through slides/whitepapers on the conference CD/DVD (if provided) for talks you want to attend to make sure they're at the technical level you are seeking. This might help you decide which talks you want to catch live, and which you'll be willing to wait on for a recording.

So what're my recommendations for those into (or getting into) vulnerabilities, exploits, reverse engineering, and related deep-technical areas? There's a lot more than I'm listing here that are likely very good talks (and a LOT of collisions in time-slots that leave us stuff to watch once videos are available) but here's a few that I'm really looking forward to...

Black Hat USA 2014

Wednesday, August 6

  • (10:14 - 11:15) Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol - Mathew Solnik & Marc Blanchou.
  • Reverse engineering baseband, over-the-air code execution, and tools for testing? Sounds like fun to me.
  • (11:45 - 12:45) A Survey of Remote Automotive Attack Surfaces - Charlie Miller & Christopher Valasek.
  • Miller and Valasek are very good at what they do, are excellent speakers, and always have something new and interesting for the rest of us to learn from. Their talk on automotive security last year was great, and I'm sure this will be as well. Ilja van Sprundel's Windows Kernel Graphics Driver Attack Surface also looks good at this time slot (and perhaps a bit more practical for some folks' every day work).
  • (14:15-15:15) Flip a coin between Tarakanov's Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8.1 and Lehmann/Sadeghi's The Beast is in Your Memory: ROP Attacks Against Modern Control-Flow Integrity Protection Techniques. This is why you buy (or wait for) the conference videos.
  • (15:30 - 16:30) Collin Mulliner's Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces sounds like it discusses bugs similar to those I was finding in SCADA HMI software, which ought to be interesting.
  • (17:00 - 18:00) I'll probably find myself in Julian Cohen's Contemporary Automatic Program Analysis talk, but pretty much all of them in this time slot look fascinating.

Thursday, August 7

  • (9:00 - 10:00) No question about it, Nohl and Lell's BadUSB - On Accessories That Turn Evil, is going to be very interesting. Braden Thomas' Reverse-Engineering the Supra IBOX: Exploitation of a Hardened MSP-430-Based Device is something I'm looking forward to digging into as well. MSP-430s are fun.
  • (11:45 - 12:45) I don't know a lot about Wang and Gluck's RAVAGE - Runtime Analysis of Vulnerabilities and Generation of Exploits, but it sounds very interesting, and I intend to learn :)
  • (17:00 - 18:00) I love Capstone, so I'm looking forward to Quynh Nguyen Anh's Capstone: Next Generation Disassembly Framework talk, though our transition from Black Hat to DEF CON may not put me in the building at this time.

Arsenal

There's usually some interesting tools being presented in the Black Hat Arsenal area. I'm looking forward to learning more about Snoopy, talking to Kyle Maxwell about Maltrieve, congratulating Michael Ligh on his new book, and checking out Mike Warner's Zig Tools. Wandering around this area and learning about some tools I was previously unaware of was a highlight of last year's Black Hat for me, so I'll probably find myself there if I'm at a loss for what talk to go to (or not in the mood to sit).

DEF CON 22

There's an alternating-years electronic/non-electronic badge thing now, and we're on an electronic badge year, which is very exciting for folk like me. It also means, on Friday, going to the opening Welcome & Making of the DEF CON Badge with Dark Tangent and LosT is a must, if for no other reason than to get a few pointers on what's going on with the badge this year. May spend some time hacking on it, if I can find something to do with it that fits my interests/skill-set.

As for the rest, DEF CON always has some fun talks, but I'll be spending a good bit of time checking out the various villages (Hardware Hacking, ICS/SCADA, Wireless, and Lock-picking, mostly), meeting with friends and peers, and a bit of time shopping for weird gear in the Vendor area.

Friday, August 8

  • (12:00 - 12:30) I have been following Philip "Soldier of Fortran"'s entertaining tumblr for a while now and I'm very excited about seeing his talk From root to SPECIAL: Pwning IBM Mainframes. It's a whole different world of computers I'm unfamiliar with breaking :)

Saturday, August 9

  • (13:00 - 13:45) - Obviously I'll be at my own Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively in the DEF CON 101 track, and I would encourage you to be there as well! After this, I'll be talking to/hanging-out-with anyone interested in some Q&A regarding my talk, and generally making friends.

  • (16:00 - 16:45) - Pickett's Abusing Software Defined Networks discusses some attacks on protocols that I'm not very familiar with, so I'm looking forward to picking up some new skills.

Sunday, August 10

  • (13:00 - 13:45) - Shane Macaulay's Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System looks like it'll really scratch that memory analysis itch. Plus all you have to do is bring weird machines into a discussion to catch my interest.a

There are a lot of good-looking talks across all of the days on surveillance/counter-surveillance that I intend to see, as schedule and mood allows. I have not yet looked at the various village schedules to see how that impacts what I'm up to either.

Conclusion

It's really looking to be a fantastic week for offensive security and low-level reverse engineering geeks, and I think that I'm going to be watching a lot of the talks I miss on video later. I'm also very much looking forward to meeting some of my readers and friends in the infosec community while I'm there, so get in touch!


An Incident in Georgia Weidman's Training (or, Don't Mess With My Students)

Thu 19 June 2014 by Wesley

Today I received an email from a student who had taken my security and reverse engineering classes that had attended Circle City Con in Indianapolis this past weekend, along with another former student. He had a good time, but mentioned an incident that occurred that he'd rather discuss over ...

read more

Speaking at DEF CON 22

Thu 29 May 2014 by Wesley

I love DEF CON (and know how to stylize the name appropriately). I attended DEF CON 17, enjoyed it immensely, and knew that I just had to speak there. I was unable to attend 18, but put in to speak at 19, was accepted, and had an even better time ...

read more

Chinese Military Hacker Indictment

Mon 19 May 2014 by Wesley

Very quickly, and without much comment yet, as I haven't dug into it much myself, here is the PDF for the indictment of the five Chinese military hackers that the Department of Justice announced today:

If you like following stories like this, I highly recoommend ...

read more

Initial Look at FireEye's Saffron Rose Report

Tue 13 May 2014 by Wesley

FireEye just posted a new report, Operation Saffron Rose on a likely-Iranian-based hacker group, Ajax Security Team. It's always interesting to read reports like this as they come out, and try to see what you can find on Google and various malware-related sites before all of the search results ...

read more