DEFCON 20 (2012)
Stealing Passwords Remotely & Malware Analysis
(Talk proposed on May 13, 2012--not yet accepted)Abstract:
I will explain and demonstrate an attack that steals Windows 7 login passwords from RAM remotely, using Windows Credential Editor and Social-Engineer Toolkit. This is very easy to do and it does not depend on any recognized vulnerabilities--it works on fully patched machines and no vendor patches are likely to stop it. Antivirus can help, however, as will be explained.
After someone hacks your company with such an attack, you need to perform Incident Response, and find out what happened, what damage was done, how to fix it, and how to prevent it in the future. I will present a practical method of malware analysis as taught by the HoneyNet Project that makes it easier to answer those questions quickly without the need to understand assembly code. I will use these tools: Wireshark, Strings, File, RegShot, Process Monitor, IDA Pro, and LordPE.
None of these techniques are very difficult or advanced--I use them as homework in college courses. Complete instructions for each demonstration are freely available on my Website: samsclass.info.
DEFCON 19 (2011)
Three Generations of DoS Attacks (with Audience Participation, as Victims)
Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker.
I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011).
Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable--let's find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor.
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, Toorcon and BayThreat, and taught classes and seminars at many other schools and teaching conferences.
Sam has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Associate of (ISC)^2, Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Hurricane Electric IPv6 Guru, CCENT.
DEFCON 18 (2010)
Who Cares About IPv6?
(Click image for video)
What is IPv6? Why should you care? If we ignore it, will it just go away?
The current Internet Protocol numbering scheme, IPv4, is nearing its end-of-life. Within two years, all the IPv4 numbers will be allocated, so that new devices will not be able to connect directly to the Internet. We all will be forced to adapt to the new IPv6 system soon. But how can we get started?
This talk explains why IPv6 is necessary, how it works, and how everyone can quickly and easily start using it now. I will explain and demonstrate how to set up a free tunnel to access the Internet via IPv6.
I will also explain the Hurricane Electric IPv6 certifications. The certifications are great because they guide a novice through the stages of IPv6 knowledge: connecting as a client, setting up an IPv6-enabled Web server, email server, DNS server, and glue records.
There are large security implications to IPv6 too. I will explain several important IPv6 vulnerabilities and countermeasures, including auto-configuration privacy risks, torrents over IPv6, bypassing VPNs with IPv6, Routing Header Zero packet amplification attacks, and the ping-pong IPv6 DoS vulnerability.
My goal is to convince the audience to pay attention to IPv6 and to guide them to an easy way to start learning about it and using it now. All my students at City College San Francisco will have IPv6 homework from now on--you need to get on board now or be left behind!
Defcon-talk 2: Essential Next Steps in the US Government Transition to Internet Protocol version 6 (IPv6) (pdf)
Defcon-talk 3: IPv4 Address Report
Defcon-talk 4: DoD IPv6 Timeline
Defcon-talk 5: gogo6 | IPv6 products, community and services
Defcon-talk 6: SixXS - IPv6 Deployment & Tunnel Broker
Defcon-talk 7: Hurricane Electric Free IPv6 Tunnel Broker
Defcon-talk 8: Scanning on IPv6 with THC-IPv6
Defcon-talk 9: utorrent app now supports IPv6/teredo directly
Decfon-talk 10: Routing Header Zero Packet Amplification Vulnerability
Defcon-talk 11: The ping-pong phenomenon with p2p links
Defcon-talk 12: Hurricane Electric Free IPv6 Certification
Exploiting the LNK Vulnerability with Metasploit(link fixed on 9-10)
DEFCON 17 (2009) Materials
Hijacking Web 2.0 Sites with SSLstrip and Slowloris--Hands-on Training
Hijacking Web 2.0 Sites with SSLstrip and Slowloris
Sam Bowne Instructor, City College San Francisco, Computer Networking and Information Technology Department
Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike's SSLstrip tool. I will explain and demonstrate this attack.
Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth--one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers.
I will provide complete instructions so that anyone can easily set up both these attacks on their own machines.
DEFCON 15 (2007) Materials
Teaching Hacking at College
Last modified: 5-13-12