ToorCon came to a close tonight, after the last day of lectures on network security, hacking, open source software and general ranting were complete. I'm not sure about all who attended, but I for one got quite a bit out of the lectures at this years conference. Perhaps because this year I have a more active role in my company's network security and infrastructure, as well as the fact that I am only two weeks away from my bachelors degree in Network Security.
I also got my pictures developed from my low-tech disposable camera. You know what, I seriously need to spring for a decent digital camera. I mean come on now! the quality of the pictures I am posting are pretty much the crappiest anywhere! The pictures from this conference were no exception. Since these are the only things I have though, you will just have to friggin' deal with it, because that is pretty much what this post is about... Pictures from ToorCon. (Click on them to blow them up)
This first picture was out in the hallway of the conference rooms, and was simply a picture of the ToorCon sign. This is obviously the obligatory, "This is everyone at the 'con" picture.
This second crappy picture to the right is of Dan Kaminisky talking about the big and nasty DNS vulnerability that he discovered this year. He was the second keynote speaker, and really got the crowd ready for the conference by going into fairly good detail on just how bad the DNS exploit is. Dan also explained how monumental it was to gather some of the worlds biggest names in IT and get them all to collaborate on a patch strategy, but also get them to apply the patch all at the same time.
Going down the list, this next one is a picture of the cylindrical style of the San Diego convention center. I pretty much just took this one because it is cool. I also thought it would look cool with my logo in the middle ;-)
I mentioned in my post yesterday that Jake Appelbaum gave a space on the Cold Boot attack. What I didn't mention was that he was accompanied by Bruno Oliviera. I sort of left Bruno out of the mentioning because I didn't really feel like he contributed to the lecture. It wasn't really his fault though, it was just that English is not his first language, and therefore it was hard for him to explain some stuff. The picture on the left is Bruno and Jake at the conclusion of their lecture.
Among other things, ToorCon offers tutorials on lock picking. That's right, it turns out that hackers are also interested in lock picking. Why you ask? Maybe because if physical access can be gained to systems, then it is way easy to hack those systems. Picking locks can give you that : - ) Below in order are my coworker Zack picking a practice lock, and a group of young hackers being taught how to pick locks.
While in the vendor area, where the lock picking tutorials were going on, shortly after lunch on Saturday I ran into Darren Kitchen and Shannon Morse from Hack5. Darren and I got to talking about his recent reports on the Jasager Project. I mentioned to him that I was going to write my final paper in my Advanced network Security class based off what he talked about it on his show. He thought that was pretty cool, so he actually whipped out his hacked Fon router to show my the real deal.
On top of that he hooked me up with a pre-release video from Hak5 explaining how to hack the Fon router to put Jasager on it so I can add that to my final presentation that goes along with my paper. I will not be playing that video here, as it is due to be released in the upcoming weeks at Hak5. Here is a clip from Episode 401 where Darren introduces the "Pineapple."
As you can see in the video that Darren used a real pineapple to hide the router. For Toorcon he has trimmed that puppy down, and put it into a little plastic pineapple for even easier mobility. Look for more of it on upcoming episodes.
I really wanted to find Darren and Shannon on Sunday so I could get a picture with them, but alas, I did not see them at all on Sunday. That sort of sucks because they were really cool people, and Darren especially was very cool for hooking me up with the video for my paper/presentation. They did both give me their business cards though, along with a cool Hak5 sticker which I am now proudly displaying on the back of my Toshiba laptop.
All the above pictures were basically what happened Saturday. Today, Sunday, it was a rather short sequence of events. All lectures were condensed, and they crammed everything into 20 minute talks. I still got a lot out of the stuff though.
The first lecture that I really enjoyed was on the Asprox/Danmec botnet given by Dennis Brown of Verisign. You may have never heard of the Asprox botnet, but I am sure you have heard of the Antivirus 2009 exploit right? If you are an avid reader you have! Well, this botnet is the one responsible. To the right is a picture of Dennis giving his speech about the botnet, along with some useful information that I am going to present to my boss on how to protect our users from it.
The last lecture I am going to mention was given by Dan Hubbard of Websense. When I started at Websense, Dan was the director of the Security department, then he was promoted to VP of Security research, and now he is the CTO and VP of Security research. The man literally shits gold over at Websense. Anyway, his presentation actually had nothing to do with my old company, but rather on cloud computing and how easy it is to setup 20 or more virtual servers through services like GoGrid for pennies. He went on to show the potential for hackers to host farms of servers to do their evil bidding for very low cost.
Last, but not least. This damned camera took such horrible pictures. I think it was a two part problem.
- It was a cheap disposable camera
- Everything at a hacker convention is in the flippin dark!
Thats okay though, because the ladies at my local CVS pharmacy were able to develop the film for me the best they could anyway, and get everything onto a CD. I didn't use up all the pictures, so the girls helped me out a little bit by snapping one of themselves before running it through processing.
That about wraps it up. If you were at Toorcon, hit me up in the comments. Let me know what your favorite lecture was, or what your favorite thing at the con was in the comments.