Friday, 22 April 2011

BSides London and DC4420 experience

Update 01/08/2011: The videos are now up here. Thank you Tomasz!

Update: Thanks to Jamie Duxbury (@w1bble) for hosting most of the pictures linked to from this page. I thought it was Soraya for some reason, sorry :).

As I mentioned earlier: I was really honoured to attend BSides London and DC4420, aka Defcon London both of which were a blast this Wednesday.

Bsides London was incredible because of all of the following:
- Great people
- Great talks
- Great relation venue size vs crowd size
- Great atmosphere
- Free conference! (no cost for attending!)
- Free breakfast (muffins, coffee, milk, redbull, club mate, ..)
- Free lunch (packaged lunch, plus listed for breakfast)
- Free bar at the DC 4420 meeting in the afterparty

The first thing that surprised me was how cool was the modded donated redbull by Security Ninja / Realex:

NOTE: There are a lot more conference pictures here, I link to some of those in the blog post but there are much more there. Thank you Soraya for making all those available for everybody to see!

The first talk I attended was called "DNS Tunneling: It's all in the name!" by Arron "finux" Finnon, you can see a picture here:
One of the things that I found interesting in this talk was the mention to ssh -o 'ProxyCommand ...

Quick research into the topic reveals cool stuff such as this and this I plan to play with this in the future.

The next talk I attended was called "Jedi Mind Tricks for Building Application Security Programmes" by David Rook and Chris Wysopal, you can see a picture of them here:
and here:

Of course the slide most people laughed (myself included) the most at was when David Rook showed in an image what Business Executives think when we talk about pwnies (this was in the context of trying to avoid talking a foreign language to management):

The main things I got out of this talk were:
- Selling security to management is hard
- Calculating risk is hard, including extrapolating data from great reports such as Verizon's to the circumstances of each company, etc.
- Quantifying business risk for companies that develop code for other companies to use is perhaps the hardest to calculate of all and was not even included as part of the presentation.
- Calculating risk using simple calculations like probability x impact might be the way to go.

After that I went to "Practical Cryto Attacks Against Web Applications" by Justin Clarke, you can see a picture of him here:

I found this talk very interesting, it was basically divided into 3 sections, commented by myself below:
- ECB mode weaknesses and practical attacks: You can see things start the same because there is no initialisation vector, etc. He demoed this by entering a username prepending the letter X a number of times and seeing the ciphertext start the same
- CBC mode weaknesses: Each block is encrypted in part by the previous block, this builds a more random chain of cipher code but propagates errors, this allows ciphertext tampering from the end to the beginning allowing decryption via padding oracle attacks, which he showed a demo of using padbuster.
- Random Number generator weaknesses: This showed how making randomness a function of time alone is not a good idea and was pretty cool too.

This talk was heavily involved in client-side ciphertext tampering (CBC) or analysis (ECB) and he himself said the real solution would be to sign the payload before putting it on the client side so that the signature can be checked before the ciphertext decryption or processing takes place (He mentioned in the talk Microsoft made the mistake of checking the signature after! decryption took place, which enabled the padding oracle vulnerability patched in .NET at the end of 2010)

As he went through the presentation I realised that ECB is just plain wrong (no initialisation vector = same cipher text for any given plain text, and studying the beginning gives this away pretty quick), CBC is way better than ECB but the error propagation is really an issue (padding oracle attacks + think disk encryption: Do you want your entire hard drive data to be corrupted if something messes up just one block at the start?), for those reasons I thought about counter mode: In counter mode encryption can happen in parallel because there is no block chaining, but there is also an initialisation vector (so the first block ciphertext is random, as in CBC) and the counter ensures separate randomness of each block is possible, this makes counter mode not vulnerable to padding oracle attacks or ECB weaknesses.

So at the end I asked something like "I know checking the signature is the proper way to deal with this but given that with ECB you have the same ciphertext for a given plaintext and with CBC you have error propagation, which enables padding oracle attacks, what about counter mode?: you have none of those problems: Are you aware of any practical attacks against counter mode?" his answer was (roughly) "No, but we would have to look at the implementation".

I think the bottom line (and the take away of the talk) is just defense in depth:
- If you leave stuff on the client side: use counter mode for encryption + sign it
- Before you process that or even decrypt it upon submission, check the signature!
- Use reliable random generators that are based on as many sources of randomness as possible

After that, I went to attend "All your logs are belong to you!" by Xavier Mertens, although I arrived late (The talk started 30 minutes before Justin Clarke's talk finished) this was an awesome talk, you can see a quick photo here:

The main things I got out of this talk were:
- OSSEC is a pretty cool HIDS
- Loggly is a pretty cool cloud-based solution to store alerts (not full logs)
- Sguil is the next level for incident response event correlation.

In the lunch break both myself and Thomas Preissler were lucky to have David Rook almost to ourselves and we engaged in very interesting conversation regarding Realex, online credit card payments security, compulsory compliance boundaries (PA-DSS surfaced as a potential relevant candidate under some scenarios), data breaches and web application security in general this was a privilege and I can only thank David for being that approachable, I must say other speakers were very approachable too later on.
During this break I even got a picture with David, thanks Thomas!

After the lunch break was "Breaking, Entering and Pentesting" by Steve Lord, this talk was truly outstanding, entertaining and funny all at the same time!, here are some pictures from Soraya:

After that I watched "Breaking out of restricted RDP" by Wicked Clown:

Wicked Clown side picture:

The talk was based on the fact that you can invoke commands to be run right after you login (with valid credentials) using RDP by using rdesktop -s "%systemroot%\..\binary.exe". The cool thing here is that you can do this even when command line access and a bunch of other things have been disabled! He mentioned he contacted Microsoft about it and they are (so far) not fixing it. The only fix for this seems to be to disable command execution after login.
He even showed how to escalate privileges up to system from a restricted account that just had access to notepad and calculator! very awesome.

The steps were roughly these:
1 - rdesktop -s "%systemroot%\...\iexplore.exe" host_ip
2 - Login to host + when iexplore opens, download meterpreter payload from host you control + save into the windows temp folder (even limited users can write there)
3 - run payload via rdesktop -s "%systemroot%\..\meterpreter.exe"
4 - After the metasploit reverse handler gets the meterpreter connection, run meterpreter getadmin script, even after calling this shell cannot be obtained but the next step is possible
5 - Migrate to winlogon.exe process (after this full sysadmin privileges are gained)
6 - shell, hashdump and other privileged meterpreter commands work now!

He had the demo pre-recorded and explained everything as the demo was playing which I found pretty cool and self-explanatory, this was an awesome talk.

After that I went to "Agnitio: its static analysis, but not as we know it!" by David Rook again. This was a very interesting talk and Agnitio can be downloaded from source forge here, David talked about a number of Agnitio improvements on the works so watch this space if you are into code reviews!

Then I went to "Your money, your media - a DRMtastic Android reverse (re)engineering tutorial" by Manuel Leithner. This was pretty cool too, he made android reverse engineering accessible for the newbie like me, I could follow the talk despite having no reversing experience on Android, that's how awesome the talk was.

After that I watched "Security YMCA" by Chris John Riley, The Suggmeister, Arron "finux" Finnon and Frank Breedijk:

There is even a video on YouTube here and Thomas even took the time to write the lyrics (as well as his own BSides London conference review) in his blog here
Unfortunately I missed Brian Honan's talk ("Layer 8 Security - Security The Nut Between The Keyboard & Screen") due to an speaker failing in the other track and all the talks being moved on that track. However this picture from Soraya is perhaps one of the best slides he had:

At the end of BSides London, the man of the day was Thomas Preissler who participated and won ALL the contests! this had the difficulty not only of getting the challenge right but to also be the name picked up from the bunch, all of which he achieved!, here are some pictures of his success (you can see the conference organiser shock as he was repeatedly getting up to pick up prices!):

After Thomas's achievement one of the conference organisers said "Dude, you seriously should try to get the lottery this week!".
Finally it was said "Please complete the feedback form since we will choose another name from those who filled it in", then I said to myself "hey, I forgot to submit that!" so I start to fill the thing in and the guy waiting with the box for the last minute submissions is saying all the time "come on, dude! make something up!", I completed the feedback thing (honestly, not making anything up) as soon as I could, submitted it and amazingly I got the feedback form prize afterwards!
So I basically got to choose among the books Thomas Preissler left :), some of which I already had, so I went ahead and picked "Metrics and Methods for Security Risk Management" by Carl S. Young. A big plus here for me was that a lock picking set was also given to me courtesy of Random Storm (one of these, in the picture there are two):

When I picked the prize I got to meet Robin Wood which was a true honour for me (I had really enjoyed the shows where he appeared at Hak5, etc). Later on, I even got a change to ask him "will Ryanair let me fly with this lock pick set" and he very kindly said "do not worry, write your post address and we will post them for you" (he works for RandomStorm now, who were giving away the lock picking sets).

After BSides London we went to celebrate in the after-party with the DC4420, aka Defcon London people, this happened at The Phoenix, a pub in the centre of London.
Two more talks were held there:
- "My #dc4420 talk is so dark light just falls into it. Good job they’re all whitehats there so it’ll only be used for good." - By Steve Lord
- "cccamd, spartacus, and the largest sat-card sharing ring in the world" by Neil 'mu-b' Kettle.

I found the Steve Lord talk very interesting again, he basically talked about memory analysis and how to evade detection even at that level.
The CCCamd talk was about Sky Card Sharing and how weak the program commonly used for card sharing is, he presented a number of vulnerabilities in this program that he reverse engineered and successfully exploited.
Both talks were very funny but interesting at the same time.

Perhaps the best from the time at the Phoenix with the Defcon London guys was the opportunity to reach more to the speakers and the rest of the people: For example, I got to talk and know more about people like Tomasz Miklas, Adam Laurie, Xavier Mertens, Frank Breedijk (interesting conversations about Perl, dyslexia and seccubus!), Justin Clarke (went a bit deeper into counter-mode vs CBC and then Justin commented a lot of interesting things like "standard background checks" vs "blackhat community background checks" and plenty of other cool things), Sandro Gauci, Robin Wood, Chris John Riley and other participants like an interesting mix of Spanish, Irish and Switzerland guys I met at the very end :).

Other BSides London Reviews:
- By Xavier Mertens (he attended talks I did not attend so might be interesting/complementary)
- By Thomas Preissler

Interesting on the side remarks:
- BSides was awesome but the conversations on the DC4420 party and on the way to that place were truly interesting and the speakers got even more approachable (probably due to more talk time available), which was great.
- I was amazed at how people wrote their Android unlocking patterns without any covering, etc (security people, even well known speakers, at a security conference) and even how weak those patterns (that I saw as I was even looking away being polite) were.
- It was interesting to see how other security people share similar hobbies, for example, David Rook told me that his best was deadlifting 250kg in competition and Robin Wood told me that he could bench press 115kg (more than 1.5 his bodyweight), as an amateur power-lifter this makes them brothers in iron to me now :)