With little or no fanfare (or I've been working way too hard to notice), ShmooCon 2009 has been scheduled for 6-8 Feb 2009. If things go as they have in the past, expect tickets to go on sale early in November.
All three were worth seing, the first two were more entertaining that the last. All ran out of time (maybe we could get longer sessions on Sunday?).
I left early 'cause I started feeling under the weather, nauseous on top of being tired, so I bought copies of various talks and got out of there. Good timing, too. By the time that I got back to Virginia Beach, I was down to nausea, shakes, and sweats. Haven't felt that bad since the last bout of food poisoning. Mebbe it's the flu? (No, I didn't do any of _that_ at Shmoocon. I was good.) I'm feeling somewhat better today but am definitely considering staying in bed.
Finally met CyberEagle at the SploitCast table. I'm bigger than he thought, he's younger than I thought. (Walc: I'll keep an eye out for more give-away stuff for next year.) Ran into Bob from work (shouts!). Talked with the Army cadet again.
No major surprises this year. Cisco took a beating though, with various people poking holes in VoIP implementations, network equipment, and various of their proprietary protocols.
All in all, another good conference from Shmoocon. Looking forward to seeing what 757 and the Sploitcast groups come up with for next year (this year was a bit weak in the Arcade).
Active 802.11 Fingerprinting: Gibberish and "Secret Handshakes" to Know Your AP (Sergey Bratus, Cory Cornelius, and Daniel Peebles)
SIPing Your Network (Radu State, Humberto Abdelnur, and Oliver Festor)
Passive Host Characterization (Matt Wollenweber)
VoIP Penetration Testing: Lessons Learned (John Kindervag, John Ostrom)
Advanced Protocol Fuzzing - What We Learned When Bringing Layer2 Logic to "SPIKE Land" (Enno Rey, Daniel Mende)
The 802.11 fingerprinting talk was based around the idea that devices can be indentified by looking at the responses to requestes with various header flags turned on, in a manner similar to how NMap does OS identification by messing with the IP and TCP header flags. The tool they were working on is called Baffle. It's not available yet but we should probably keep any eye on this one as there is still a lot of interesting work to be done on/with it. Larry Pesce managed to squeeze in a talk on Access Points For Pentesting, during the same hour.
The SIP talk could have been better. They couldn't get the video for their demo to work so they had to talk about the tool they're working on, KiF (not sure what that stands for), a state fuzzer for VoIP. In some architectures, KiF can "borrow" authentication from other phones to be able to make calls.
The Passive Host Characterization was a bit dry (but still interesting). Matt is a former Trickler programmer for those that know what it is. He's posted a demo for his tool, PHC.
The VoIP Pentesting talk cetnered around some of the common configurations and shortcomings in VoIP architectures. They showed how VoIPHopper can impersonate a phone so that it can access an organization's internal network, often through the firewall (based on assumptions made during rollout of the infrastructure).
The Advanced Protocol Fuzzing talk wasn't what I thought it was going to be (Layer 2 discussions usually mean wireless) but it was interesting regardless. The group is basically working on reverse engineering and testing various Layer 2 management protocols, such as Cisco's WLCCP, using a tool called Sulley.
Here's a short view of the news/gossip from day 2:
Ethan's walking without a cane! (For those that don't know him, he's taken a lot of ribbing for managing to generate a compound break in his leg via a Segway.)
Rob and I got to talk with Dave Aitel and, later, with an Army Academy student (Dude, take one of our first three choices for intership! You'll get more out of it and you'll get to meet/know "interesting" people.)
Southern Vriginia is well represented at the conference this year, having 757 (HRGeeks), Sploitcast, and Hak5 present. I managed to donate a couple items for one of Walcy's giveaways.
Shouts to Squidly1! Who knew your offer would generate sales at the local Best Buy? (heh)
I think hotel management finally found a couple groups that didn't "mix" badly with the Shmoocon attendees. There were actually two smaller conferences: one for "business resource managers" (salesmen) and one for Anime fans. No one really wanted to mess with the guys wearing tuxedos (they also kept to themselves) and the Anime fans were considered a bit weird by most of the geeks (though a 19-year old girl in a Sailor Moon outfit can be quite distracting). But seriously, they were wearing their costumes into the same restaurants that we were in and were making our freaks/rebels (you know, body piercings, tatoos, etc.) look normal. Most of the anime attendess just wore bunny or cat ears but some had full blown costumes which somehow were a mix of faux ancient Japanese, faux American Indian, and New York City hooker. (heh)
In any case, day 2 was fun. Got to catch up with a lot of friends that I hadn't seen since last year. I triend to hang around and particpate in the Sploitcast podcast recording but I was too tired and too hungry to stick around (my hotel is in Bethesda, MD).
Day 1 of Shmoocon 2008 went pretty well. Got stuck in downtown DC traffic for hours but Karma balanced out by me ending up in the penthouse suite at my hotel. I attended:
Intercepting Mobile Phone/GSM Traffic (H1kari)
Forensic Image Analysis for Password Recovery (David Smith)
Baked not Fired: Performing an Unauthorized Phishing Awareness Exercise (Syn Phishus)
Web Portals: Gateway to Information or a Hole in our Perimeter Defenses (Deral Heiland))
Hacking the Samuri Spirit (Isaac Mathis)
.We blew off "New Countermeasures to the Bump Key Attack" and the keynote because we were just too hungry and tired.
"Intercepting Mobile Phone/GSM Traffic" was interesting though I got the impression that H1kari had dumbed it down to make it more interesting to a wider group. It was interesting in any case.
I felt the audience was a bit unfair at the end of David Smith's talk on password recovery. He had stated up front that it was a work-in-progress and that he was looking for other ideas. Basically his works comprises building attack dictionaries by extracting strings from memory space, passing them through qualifying filters (must be a certain length, must be from a certain (type-able) character set, etc.), and using the resulting dictionary in a much smaller brute force attack. (Rob! Something to include in the forensics class?)
Deral Heiland's talk on web portals had similar audience issues as it too was a work in progress. I guess we're an unforgiving bunch. It did remind us to pay attention to details when evaluating web services.
Isaac Mathis's talk well done (funny). It reminded me a bit of Johnny Long's talks on just about any subject. With a bit more practice, I think Isaac might just reach the same quality.
Overall, the conference is off to a good start (I wonder if there were any shenanigans last night). No suprises so far, security-wise. I ran into a few friends that I hadn't seen in awhile. Noticed that others were missing (maybe Saturday?).
There may be no blogging for the next few days. I'll be at Shmoocon and will be attempting to travel extremely light (i.e., I'll only have my N800 and my Razor on me). Then again, depending on how nimble my thumbs feel, I may be up to a few rounds of thumb typing into vi.
Okay, the number of days before the con is less than the fingers on one hand so I guess I should start packing. Problem is, I just finished unpacking from a last-minute trip to San Diego (I'm not gaining any spouse points here). I think I'm wearing my laptop out via the constant rebuilding, setting it up for a business environment (i.e., installing Windows), then setting it up for a known-hostile environment (i.e., a stripped down version of Linux), then rebuilding it post-conference (I like you hacker con guys, I just don't trust you as a whole).
In any case, I'm looking forward to going. The 757 bunch will be there in force (someone said 30 of us!!?), counting those that have moved away but have remained in contact. Was there anyone that was forced to take the goon route this year?
We're back from FUDConRaleigh2008. Admittedly, we were only there on Saturday. It's just taken this long to get around to doing the notes.
Both Sparks and I suffered from Bill Gates Syndrome in that I could not get F8 to recognize my CDROM drive and Sparks wireless wouldn't cooperate. His problem was surprising as it's both a recent system and a recent wireless card (which worked when we tested it in Virginia). My issue wasn't that surprising as the laptop a Sony that's over five years old. Getting a distro up and running on it, when it was brand new, was a headache and a half.
Luckily, I had the N800 with me. I was able to visit some of the sites that were talked about and I managed to grab a few photos (I'll post them when I have the change to sort through them). I think that, next time, we'll spend the weekend before building/testing systems, vice on-the-fly.
All in all, it was a good time. We sat in on a few of the talks. FedoraTV, open source GIS, and Asterisk were memorable. When we first got there, I fired up Kismet on the N800 to see what was available (RedHat provided a wireless connection). To our suprise, we detected 5 OLPC computers. We didn't see them at first but did get to touch one of three later in the day. (Hint: they show up as ad-hoc probes for "olpc-mesh".)
The one sour note of the evening (which irks me more and more as I think about it) was a particularly rude comment by Jared Smith, at the end of his talk. He'd given a copy of his book, "Asterisk: The Future of Telephone," to a young woman sitting in the row in front of me. She was actually quite happy to have received it. I suggested that she get Jared to autograph it, which she did. As I was leaving, I overheard him say something along the lines of "How would you like it signed? Best of luck to my favorite E-Bay bidder?"
Grr... What an assego ass!
(Note to Jared: Some people cherish their autographed books. I have a number of them, even some published by O'Reilly. Besides, you aren't worth that much.)
Regardless of one poorly thought out comment, I highly recommend FUDCon and BarCamp. Even if you only learn one or two new things while attending, you get to meet people from various circles and you'll probably pick up a few new ideas about some of the programs you've been using for years. Heck, you might even end up talking about one of your passions.
