Blog

Aug 04, 2015 By Jean-Paul Bergeaux In Blog

DEF CON Promises a Secure Network for Attendees. Should I Trust It? (Hint: I’ll be using Airplane mode)

I have been to several cyber security conferences over the last few years and was always astounded that they even offered free WiFi, as if it were a joke.  Why would I connect to anyone’s WiFi among a collection of security people, especially considering it’s not hard for any random person to get close enough to either hack through the WiFi or put up a fake WiFi?

So I am going to BlackHat and DEFCON this week, and I was happily planning to use my cell hotspot like I always have until I read a FAQ from DEFCON and the topic of one of the sessions.

The DEFCON FAQ:

Is there a free network at DEF CON?

Why yes, DEF CON 23 is FULLY network-enabled. Now that we’ve perfected the art of a stable hacker con network, we’re ascending to a higher level – we’re providing you a network that you feel SAFE in using! Since DEF CON 18 we’re WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We’ll provide login credentials at Registration. We know the 3G airwaves will be saturated so we’re putting our own cred on the line to give you a net that even we would put our own mobile phones on.

If you’re feeling frisky, we’ll still have the traditional “open” network for you – bring your laptop (we’d recommend a clean OS, fully patched–you know the procedure) because we don’t police what happens

The DEFCON session:

Build a free cellular traffic capture tool with a vxworks based femoto

“…we built it as a powerful SMS, voice and data link inception tool.”

So needless to say, neither cell traffic nor WiFi makes me feel very comfortable!  I believe I’m going to turn on Airplane Mode and just focus on the conferences!

With that said, here are some of the more interesting DEFCON and Blackhat session topics I’ll hopefully be writing about next week:

-DEFEATING PASS-THE-HASH: SEPARATION OF POWERS
Kerberos Golden Ticket status update

-REMOTE EXPLOITATION OF AN UNALTERED PASSENGER VEHICLE
Explanation of the Jeep/Chrysler hack that made the news recently

-STAGEFRIGHT: SCARY CODE IN THE HEART OF ANDROID
Explanation of the Android texting hack that also made the news recently

-ATTACKING HYPERVISORS USING FIRMWARE AND HARDWARE
One of many presentations on how to cross between VMs in hypervisors.  Multi-tenancy what?

-I WILL KILL YOU
How to exploit the poor security in government systems to make it look like someone died on paper

-I HUNT PENETRATION TESTERS
How bad actors are using pen testers as conduits to get inside of US networks

And that’s just a few of the juicy topics between the two conferences over six days! Check back regularly for my updates on new technologies, trends insights from these and other sessions.

 


MORE POSTS