My first day at Black Hat was pretty neat, I learned quite a bit, and I had my expectations shifted around. Originally, I was expecting the presentations to be the core aspect of the conference, and everything else on the sidelines. I quickly learned that the presentations are just a small part of the greater networking and information exchange going on.
The keynote was very interesting as it wasn’t technical in the least, but more a call for discourse about the tough questions that the country needs to ask about how the government and private sector need to work together to protect the country’s cyber resources. It also brought to light a question regarding cyber weapons, and who is responsible to clean up the online equivalent of a Katrina.
Moxie’s presentation on defeating HTTPS was interesting, but was more leveraging holes in other aspects of the network to gain control of an SSL tunnel. Why clever and very neat to see in action, it didn’t blow me away nor was it particularly ground breaking.
After Moxie’s talk, I spent a while chatting with Dan about the advantages of DNSSEC versus DNSCurve and how take the strengths of each to find a happy medium. I hope to implement his suggestions into LadieBug (which he thought was a bad name to have ‘bug’ in the name).
I left half way through the Mac OSX presentation since it was pretty useless. The presenter assumes you have access to a Mac and can run arbitrary code/modify binaries. From my perspective, one you’ve got that, the game is pretty much over.
After lunch I made my way to the packed room where the gang from the Invisible Things Lab talked about their TXT exploit. This was a highly anticipated talk, and I must say I personally was slightly disappointed. While their findings were interesting, due to their deal with Intel, they basically gave an overview of TXT and then talking about the Q35 hack in more detail, which is old news. Esentially, the summary of their findings were that TXT doesn’t check the SMM handler, and they disassembled the handler and found a number of bugs. The need for Dual Monitor Mode or an STM as they called it seems needed, but perhaps more eyes on the SMM handler code to help find bugs.
Hailing from AFIT, the speaker for the SecureQEMU project gave an overview of using emulation to encrypt and sign code that can’t be modified from the guest. While impressive that they managed to get it working on an unmodified OS, it was slow, and not a very complex concept.
Last, but not least was a just for fun talk on satellite hacking. This one had the room laughing for much of the hour while the speaker showed us a live demo of decoding a stream from a satellite over Africa. He then showed us how laughable the security in the RFID passports is, easily cloning and modifing his son’s passport to have Osama Bin Laden’s face, and doing a MitM attack using two $15 RFID readers/emulators.
That’s all for today, check back tomorrow for a review of the next set of briefings, and as always I’ll be updating regularly on Twitter.
Peace and chow,