DEFCON25 logo

DEFCON 25

After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people.

I didn’t attend all the talks, but most of the ones I saw were interesting:

This talk presented several ways to bypass protections against DNS rebinding, and ways to access data from an internal network using these techniques. Several mitigations were also presented, one of them being, to not use strong authentication only for external resources, but to enforce them for internal resources as well. He released Jaqen, a tool used to reliably execute DNS rebinding attacks using different methods.

This talk presented the weird behavior of URL parsers and how to get a RCE in Github Enterprise using a chain of four vulnerabilities exploiting SSRF.

Tor developers have been working on a new generation of Onion Services to make them stronger to resist censorship and to provide several interesting features that the current generation doesn’t have. This talk also explained that {Dark, Deep}Web is not really a thing and is most of the time used as a marketing nonsense term: the biggest website using Tor Onion Services is actually… Facebook.

This talk presented the impressive research and results from Google and CWI which led them to get a way to get SHA1-collisions after several years of work and intense computations. Some unexpected consequences have also been presented, like the Webkit repository corruption. Counter crypt-analysis mechanisms used to detect these collisions implemented in Gmail and Github have also been explained.

  • Breaking Wind: Adventures in Hacking Wind Farm Control Networks, by Jason Staggs.

This talk presented internals of wind turbine control networks, and how security is totally absent from their design: unauthenticated APIs, flat network, false security claims from vendors…

This talk presented a very cheap (but efficient) way to leverage DDoS and bruteforce attacks against websites and OTP systems, using several Microservices providers.

This talk presented interesting ways to use webhooks and Github as a broker C&C to exfiltrate data in a constrained environment. Github issues and comments were used as a communication channel. A proposed mitigation: to restrict outbound access to required Github repositories only.

This nice and technical presentation explaining the process to get Ring0 exploits primitives using GDI, and analyzing security issues MS16-098 + MS17-017 with the first standpoint.

This talk presented the new features and developments related to Windows Defender galaxy…. and how to get around the new defense mechanisms introduced in latest Windows 10 versions.

Apart from these talks, villages and panels were very exciting places to attend. SE-Village, Recon-Village, Crypto and Privacy Village, Voting Machine Hacking Village and Packet Hacking village were particularly great! Also, the EFF panel on Friday night was nice to get updates and discussions from EFF directors and attorneys.

Recorded presentations and workshops are available on media.defcon.org .

This was a nice (but very crowded!) edition, looking forward to next year!

ABOUT THE AUTHOR

Jérôme Boursier

Principal Security Engineer

Security at Malwarebytes, AdwCleaner, Privacy, Adware/PUP. 8E7F 8550 9FBD 9ED8 E68F ACB9 18E8 99E6 80C4 FF62