The past week I and one of my colleagues had an opportunity to attend the DerbyCon II conference held in Louisville, Kentucky. This was the first year that we attended the conference and it has quickly become one of my favorites. Everybody was very friendly, the talks were informative, and it was well organized. We started off the conference by taking some training. One of us took the “Metasploit Mastery – Learning the Framework Inside and Out” class, while the other attended “(Aircrack-ng) – WiFi Hacking”. We felt both classes were very informative and we were able to take away a lot of knowledge that we will be able to use on the job. We were also lucky enough to be selected to give a talk at the conference. We were placed in one of the “stable talks” which were 30 minute sessions. Our talk focused on how information security was often presented incorrectly in movies and on television. It was not a very technical talk, but it was meant to provide some entertainment and a break from the more serious presentations. In that regard, it was a success. We had people come up afterwards and say that it was one of the most entertaining talks at the conference. In addition to the talks the conference had many other events to take part in. One of the ones that we focused most of our attention on was the capture the flag (CTF) competition. It was very entertaining and challenging. There were challenges involving all aspects of computer security. Even though we did not devote as much time as other teams and only had two people on the team, we were able to finish in the top 15 of well over 50 teams. This is definitely something we may spend some more time on at future conferences. Besides having fun you pick up many tricks that you might use during your day job.
With everything going on and all of the networking opportunities we had to miss some of the talks. The good thing about this and other conferences is that the majority of the talks are recorded so they can be watched at a later date, something I have been doing as I have some free time. That said, we were able to make it to a number of talks.
• “The Wild West” by HD Moore – His talk was entertaining and went over how he scanned the entire Internet for specific ports and then mapped the results in different ways. It was surprising to see that the way the data are presented can change the interpretation of the results. • “DNS Reconnaissance” by Carlos Perez – I listen to PaulDotCom and knew that Carlos is a regular member of the show, so I expected his talk to be good. It started with an overview of DNS and why it is important in reconnaissance. The rest of the talk focused on his updated tool, dnsrecon. It allows you to automate much of the DNS reconnaissance tasks while still having control over it. He showed numerous examples of the tool in use and I have already put it to use on an external vulnerability assessment. • “Next Generation Web Reconnaissance” by Tim Tomes – I think this may have been one of the best talks. It was one of the stable talks and Tim had the room packed in. The talk started with some general reconnaissance information but then moved into his tool “recon-ng”. It has two main features. One is that it focuses on domain information using various DNS queries but also includes Shodan integration. The other feature mines contact information from sources like LinkedIn that can then be used in social engineering exercises. He also released a preview of his new tool pushpin just to those that attended his talk. If you enter some GPS coordinates, the tool will search social media sites (such as Twitter or YouTube) that might contain geocoded data. It then places the results on a map overlay where you can see where the picture or post was taken. Besides being a cool tool, the information it provides can be used as reconnaissance for red teaming engagements. • “Pwned in 60 Seconds, From Network Guest to Windows Domain Admin” by Zack Fasel – This is one of those talks where you need to watch the video again and play around with the tool. I felt he did a good job with the presentation and all of the live demos worked. The talk started with an overview of all the different ways that can be used to “pass the hash” and other NTLM vulnerabilities and weaknesses. He then used some scenarios and showed different ways his tool could be used to relay SMB. He described it as the “firesheep” for SMB. We will definitely have to spend some time digesting this and trying out his tool in the lab. • “2FA-Enabled Fraud: Dissecting Operation High Roller” by Dave Marcus – In this talk, Dave Marcus talked about how McAfee started to notice a trend at European banks that relied on two-factor authentication to gain access to bank accounts. Dave explained how the malware spread across many European banks that used the same banking software that utilized two-factor authentication, how the two-factor element was used to execute the fraud, and how this malware has now spread to the US. • “Hacking Survival: So you want to compute post-apocalypse?” by Larry Pesce/Darren Wigley – This entertaining and informative talk placed the audience in a what-if scenario: How would the internet be rebuilt in case of a disaster of apocalyptic proportions? The speakers presented several scenarios that could lead to the demise of communications from unrealistic situations such as a Zombie apocalypse to more probable situations such as an EMP or Nuclear war. They discussed rebuilding communications using older technologies and simpler parts such as CB radios, scavenging spare parts from larger more powerful machines which would be of no more use, and utilizing them for smaller means communications. They eventually concluded that since wired infrastructure would most likely be destroyed, wireless communications is the way the internet would be rebuilt. • “How I owned your vending machine” by Luis Santana – Luis argues that anything can be hacked, in his case- vending machines. Luis talked about vulnerabilities in vending machines, that most are unprotected with default usernames/passwords or unlocked completely. Physical access is usually unmanned, and most vending machines have a USB interface which allows for further manipulation. Luis also spoke about interactive TV menus/information TVs which are also unlocked and can be easily thwarted just by clicking around on the touch screen. • “The Evolution of HFC” by Johnny Long – This was a great talk that every IT professional should check out when the Derbycon videos are posted online. Johnny Long is the founder of Hackers For Charity (HFC), and has made a tremendous difference offering his computing knowledge to start a computer training center in Uganda that expanded to rebuilding a village, giving the villagers sustainable work, providing food, and opportunities for street children and others to have a future in computers, learning, and education. Check out www.hackersforcharity.org for more information. • “Ghost in the Wires: The Unbelievable True Story of Kevin Mitnick’s Life as the World’s Most Wanted Computer Hacker” - Everyone in the hacker community knows Kevin Mitnick, so it was great to hear his story in his own words, standing a few feet from of me. Kevin talked about how he got into hacking phones (phreaking) to hacking computers to running from the FBI. His stories talking about some of the fun parts of breaking into things, like the McDonalds drive through and some of the not so fun consequences of his actions, like his time in jail. Kevin now owns an IT Security Consulting company and says he now get’s to do what he’s always loved to do- but legally and with permission from the client.
Overall, DerbyCon was a great experience and we hope to be back next year.
Nazia Khan and Gus Fritschie