I had posted this originally under QualysGuard Suite, but it fits much better here:
The Qualys Team is back from BlackHat and DefCon. We had a great time and introduced some of our new technologies in 3 talks:
The slides and Whitepapers for the talks can be found in tehri respective sessions on community.qualys.com.
Beyond our own talks we attended many other presentations. Here is a list of some of the presentations that we attended and found useful and applicable to our interests. Please add the presentations that you found intersting to the comment section. We are looking forward to your suggestions.
This talk demonstrated how SOHO routers can be exploited via DNS re-binding to gain interactive access to the router's internal-facing Web based administrative interface. This attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, IP address, host name, etc, and does not use any anti-DNS pinning techniques. About 17 brands of commercial SOHO routers were found vulnerable. With the help of the DNS rebinding attack, paired with the “weak end system model” in TCP/IP stack and a link to malicious website, an attacker can get interactive access to the routers internal web interface.
This talk explored techniques for attacks based around abuse of the permission system in Android. When an Android app is downloaded it prompts the user for permission to use resources like internet or GPS. This talk demonstrated how an Android app can be developed to bypass the permissions system in Android. Since modern smart phones have GPS, contacts, text messages, e-mail and other sensitive data, I think security in smart phones will be exploited in the coming years.
For a few months, the presenter monitored top search engine keywords every hour and visited the links that the search keywords generated to find malware on those links. Google, Yahoo and Bing were used for the search. This talk showed how hackers manipulate search engine algorithm to get malicious links on the top in search results and use social engineering keywords for events like ‘BP gas disaster’, ‘FIFA 2010’ or some playboy playmate to lure victims to malicious websites. At the end of the talk the presenter invited a celebrity playboy playmate on the stage whose name resulted in links that had most amount of malware.
In a nutshell, the talk on Hacking Oracle from Web Apps demonstrated various ways of exploiting the Oracle DB through SQL injection attacks. The author Sumit Siddharth showed some interesting demos using “bsqlbf”, a free tool for blind SQL injection and how it co-relates with Metasploit to achieve OS code execution. The tool has capabilities to upload and execute a Metasploit payload by exploitation of the SQL injection vulnerabilities from the Web application. From what I understood, the perspective of the talk was more focused on the fact that exploitation could be achieved by digging through loop holes at the application level itself without having to go much further.
During this contest, Defcon participants made calls to real employees of real companies in an effort to collect information about those companies,only five employees declined to give contestants the information they were seeking. Employees at every single company called gave away information about their company that they shouldn't have.
In the NSE demo, Fyodor launched SMB related NSE scripts for locating different vulnerabilities against Microsoft’s public IP space. During scanning process, he showed how Microsoft has machines that share their IPS$, C$ and D$ shares over the internet and in some cases allow full user enumeration.
A proactive module for preventing malware propagation. Very much applicable to our own Malware scanning initiative
Many others: Barnaby Jack's ATM hacking presentation, Dan Kaminsky's DNSSEC presentation, Dan Hubbard - CTO Websense - Poisioning of Realtime Search Results (Adhoc in the CSA track),
DEFCON 18 slides online: https://www.defcon.org/html/links/dc-archives/dc-18-archive.html
I liked "My life as a Spyware Developer" a lot for its down to earth description of the job: