DeepSec 2009

MWR InfoSecurity were invited to speak at the event for the second year in a row with Luke Jennings presenting a talk about attacking deployment solutions. The event was well managed and both attendees and speakers were well looked after by the organisers. The conference had a nice intimate feel to it and is focused across a range of topics that would be of interest to security consultants, security researchers and security managers in equal measure. The quality of the talks was of a good standard and some of those that stood out are outlined here.

Presenter: Neelay S. Shah

This presentation looked at a number of interesting issues that could assist security consultants when performing security assessments and also help to increase awareness among developers so they can ensure their applications are not vulnerable to them. The talk covered a wide variety of security issues including those associated with the use of IPC, named pipes, cryptography, applications that create new processes and the issues that can be manifested when developing and deploying Active X controls and thick clients. This talk is highly recommended whether you fall into the category of security consultant or developer and want to be aware of wider security issues that fall outside the OWASP top ten.

Presenter: Saumil Udayan Shah

Saumil set the tone of his talk by commenting on how applications and software are becoming more complex and how secure coding practices often get overlooked when deadlines have to be met. He then talked about the different attack surfaces including browser attacks such as the use of a number of browser plugins that could be used to take control of a browser. He gave an example of an exploit that affects the PDF plugin for IE 7 that could be used to execute code on the victims’ host when they access his web page. In addition he talked about how the exploit could be distributed via the use of social networking sites.

He also explained how different security issues could be used to roll out exploits to mass targets by exploiting flaws in other systems. Saumil provided an example where he could use SQL injection to inject malicious code into a vulnerable area which would then execute code on the host of any user with vulnerable software and that used this web application functionality. This talk is recommended to anyone who wants to understand how browser plugins, malicious payloads and client side attacks can be used in combination to perform mass pwnage.

Presenters: Peter Kleissner and Michael Eisendle

The buzz around this talk immediately indicated that it was going to be something interesting due to the media interest and the fact that Peter may be facing a law suit in the near future. As a result of this he was not able to refer to his notebook when writing the talk as this had been seized as evidence. Nevertheless, the talk was still very interesting. Peter talked about the stoned bootkit which is a Windows bootkit that can gain unrestricted access to the entire Windows system even if certain whole disk encryption products are used. This is due to the MBR not being encrypted which is where the stoned bootkit is stored.

The second part of this talk was based on Michael’s work on an RST (Remote Surveillance Tool) which is a toolkit that can be used to monitor and manipulate computers through the use of various technologies and Web 2.0 services.

Presenters: Thorsten Schröder and Max Moser

This talk focused on a universal 27 MHz wireless keyboard sniffer called Keykeriki that can allow keyboard strokes to be sniffed and commands to be executed at a distance of up to 75 meters. The guys showed a demo against a Logitech Wireless keyboard using the hardware and software that they have developed. This was a very cool talk and shows the importance of ensuring that hardware development is subject to the same security controls that software is. Further information on the talk can be found at:

http://www.remote-exploit.org/Keykeriki.html

Presenter: Nguyen Anh Quynh

There have been a number of talks on VM security in recent years so it was interesting to find out about this talk. Nguyen’s talk focused on eKimono, a Rootkit scanner for Virtual Machines that runs in the host machine and runs scans that can detect malware in the guest machine. After giving a introduction to VM architecture and eKimono, he then gave a demo of eKimono in action. This presentation applied to Windows machines running the Xen VM and this talk is recommended for all those who are interested in VM security or have to perform a security audit against VM hosts.

Presenter: Karsten Nohl

This talk focussed on A5/1 encryption and the fact that even though it has a number of flaws, there is still no public exploit available. Karsten hopes to change this in the next few months and this talk explained why GSM should not be used for security systems and how the A5/1 encryption is vulnerable to pre-computed rainbow table attacks. Although A5/1 rainbow tables have been generated in the past, they were never released, but it looks as if the project has picked up again. Only time will tell if they are to be released this time? For further information about his work go to:

http://www.reflextor.com/trac/a51/

Presenter: Dieter Spaar

The first thing what was guaranteed to happen after this talk is an increase in the price of the TSM30 mobile phone. This is because Dieter used this phone to perform his DoS attack against a GSM network. In order to demonstrate this, Dieter had access to a test GSM network which had been appropriately provided by the powers that be. This talk is recommended for all those who have an interest in GSM security.