OATv2.0 in FRHACK 01

At last, after a loooong time, i got some time to breathe and the first thing i wanted to do is write post about my FRHACK experience.

frhack-conference-securite-informatique

FRHACK is an International IT Security conference by Hackers, for Hackers 😉 It is organized by Jerome Athias, a well known hacker from france. First edition of FRHACK was held in a small beautiful town Besancon.

As it was my first talk in an International Security Conference, I was amazed to see hackers around the world sharing their ideas and research work. I got chance to meet IT security gurus, hackers  like David Hulton ( A well known crypto guy), Vlatko Kosturjak ( OpenVAS team member), Philippe Oechslin ( Author of Rainbow Tables),Richard Stallman ( Founder of GNU project).

FrhackPic

David Hulton, Me and Blake Cornell

And security consultants and Penetration Testers like Andres Raincho ( Author of W3af tool),jon Rose , Blake Cornell ( One of my good friends and share the good name space in VoIP Security) , Nicolas Thill ( With amazing hair and co-author of HostilWRT)

IMG_2486

Me, Jon Rose and Andres Riancho

Conference was running in 2 tracks, it was difficult to attend all the talks. I attended some interesting talks including OpenVAS, The good, bad and ugly of crypto where david showed how easy it is to steal passwords from ASTRA VoIP phones, HostileWRT where Nicolas Thill and Philippe Langlois showed how HostileWRT can be used to turn friendly Wireless Access Point into an Autonomous, Curious, Standalone, Malicious & Really Annoying Device.

Me speaking :)

Me speaking 🙂

My talk was on Unified Communication Security with Microsoft Office Communication Server R1/R2 and was scheduled on second day of the conference. The sole purpose of the talk was to educate and create awareness about UC security around MS OCS R1/R2. At the end of the talk, I released a free source security assessment tool for MS OCS – OATv2.0 which stands for OCS Assessment Tool

OATv2.0

OATv2.0

Previous release of OAT was result of some of our integration work and hence had some limitations on Authentication and Transportation protocol front. OAT v2.0 introduces new attack vectors against MS OCS server R1/R2 over TLS and NTLM/Kerberose Authentication protocols.

OAT v2.0 was officially presented and released in my talk at FRHACK 01 with demonstrations of attacks and usage in various penetration testing topologies. I am planning to upload OAT v2.0 along with documentation on its official website soon. As there is no tool available for assessing Microsoft OCS servers, i hope OAT will help to improve security posture of OCS deployments.

I am sharing my slides, for those who missed FRHACK.

Also See :

  1. A brief commentry on FRHACK: Day One
  2. A brief commentry on FRHACK: Day two

FRHACK

Conferences

NOW SHOWING

Can’t come to FRHACK? Don’t worry, we are providing LIVE STREAMS for you. + DVDs

Monday 7th
Tuesday 8th 9th – 11th
Hour Speaker track #1 Speaker track #2 Speaker track #1 Speaker track #2 Training / Workshop
8:00 Registration Registration
9:00 Introduction
Jerome Athias
EN/FR
Massive malicious activities (malware spreading, DDoS attacks)

Alexey Kachalin
EN
Building Hackerspaces Everywhere

Philippe Langlois
EN/FR
Trainings / Workshops
9:30 Fuzzing the brain : applied social and cognitive psychology

Bruno Kerouanton
EN/FR
OpenVAS – Open Vulnerability Scanning

Vlatko Kosturjak
EN
Training / Workshop
10:00 Reverse engineering and cryptographic errors

Philippe Oechslin
EN/FR
HostileWRT – Abusing Embedded Hardware Platforms for Covert Operations

HostileWRT Team
FR/EN
New Algorithms for Attack Planning

Carlos Sarraute
EN
All browsers MITM keylogging on remote

p3lo
FR
Training / Workshop
11:00 Break Break Break Break Break
11:30 The Good, the Bad, and the Ugly of Crypto

David Hulton
EN
Unified Communications Security

Abhijeet Hatekar
EN
SS7

Philippe Langlois
FR/EN
Training / Workshop
12:30 Lunch Lunch Lunch Lunch Lunch
14:00 -1 day talk announcement

Cesar Cerrudo
EN
Identification & Exploitation of Business Logic Flaws in Web Applications

Georgiadis Filippos
EN
Wireless Sensor Networking as an Asset and a Liability

Travis Goodspeed
EN
Auditing and securing PHP applications

Philippe Gamache
FR/EN
Training / Workshop
15:00 Automated malware analysis, forensic analysis, anti-virus technology

Mihai Chiriac
EN
Memory forensic and incident response for live virtual machine (VM)

Nguyen Anh Quynh
EN
Asterisk Resource Exhaustion DoS: Don’t let the fuzz get you!

Blake Cornell
EN
Mystification de la prise d’empreinte
(OS Fingerprinting Defeating)


Guillaume Prigent
FR/EN
Training / Workshop
16:00 Break Break Break Break Break
16:30 w3af

Andres Riancho
EN
Lockpicking

Alexandre Triffault
FR
Internet Marketing vs. Web Security:
Guide to Extreme Black Hat Online Profits!


Anselmus Ricky
EN
Flash Remote Hacking

Jon Rose
EN
Training / Workshop
17:30 Free Software in Ethics and in Practice

Richard Matthew Stallman
EN/FR
FREE LIVE STREAM
TBA

Rodrigo Rubira Branco (BSDaemon)
EN
Training / Workshop

Oops! I hacked it again
Fuzzing the brain : applied social and cognitive psychology
Historically, cunnings and stratagems have been applied to battle plans, social promotion and money making. Sun Tzu, Machiavelli and many others have popularized such uses, but discoveries of the twenthieth century in the field of social psychology, coupled with inovations designed to convince consumers of the interest to buy, allowed a better undersranding of the dynamics of persuasion. The behavior of the humain being is ultimately predictable when certain stimuli are applied, which enables people who have mastered those principles to win the game.

Bruno Kerouanton (Switzerland)

Cryptographic reverse engineering
Reverse engineering and cryptographic errors
Philippe Oechslin (Objectif Sécurité) (Switzerland)

Because any programmer can use a good crypto library to write crypto software it is often easier to crack a system by finding programming errors through reverse engineering rather than to cryptanalyse the algorithms used. We show this with three compelling examples:

– The MXI-stealth FIPS 140-3 level 2 certified key, were a poorly implemented “enterprise” feature allowed to extract unsalted hashes prior to authentication, before it got patched.

– A version of the E-capsule Private Safe software, where the manipulation of two bytes allows to use any of the admin, public, private or even panic password to access all data.

– The DataBecker PrivateSafe software, where a checksum ruins all the efforts of the blowfish key setup algorithm

Browsers Man-in-the-Middle
All browsers MITM keylogging on remote
p3lo (France)

Identification & Exploitation of Business Logic Flaws in Web Applications
Georgiadis Filippos (Greece)

The talk will include an introduction into business logic and some theory on the identification and exploitation of business logic flaws for malicious purposes. Real life examples and scenarios (collected from my experience as penetration tester) will be presented. It will include a theoretical approach on the automation of the identification of business logic flaws and a presentation of BLe (A custom automated tool capable of detecting business logic flaws in web applications). Finally guidelines for safeguarding the applications against business logic flaws will be presented.

w3af

Open Source tools like Nikto, Wapiti, Pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Comercial products have the features, but also have high product costs and are almost impossible to customize.

w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project’s main objective is to become an open platform where anyone can contribute with new techniques and code to identify and exploit vulnerabilities. w3af’s core and plugins are fully written in Python and right now the project has more than 130 plugins and 60K lines of code!

My talk will introduce this tool to new users, while showing it’s features and the new GUI which was created during the last OWASP SoC. During the talk, I’ll perform a couple of demos of the main features and explain how the advanced exploitation features work.

Andres Riancho (Argentine)
Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

Lockpicking
Alexandre Triffault (France)

Wireless Sensor Networking as an Asset and a Liability
Travis Goodspeed

Travis Goodspeed (USA)

Turning Fonera into an automatic Wi-Fi hacking machine
HostileWRT – Abusing Embedded Hardware Platforms for Covert Operations

Advertisements

About this entry