I just returned from this year's DEFCON conference held in Las Vegas. Overall, it was a great time and I enjoyed meeting everyone. This year was my first time attending DEFCON and I was surprised at the number of attendees. There were so many great presentations that I wasn't able to attend them all. Here's a brief recap of some of the talks I enjoyed:
How to get your FBI file (and other information you want from the Federal government)
This talk was delivered by Marcia Hofmann of the EFF (Electronic Frontier Foundation). She spoke about using the Freedom of Information Act (FOIA) and the Privacy Act to properly request information from the government. Attention to detail and limiting the scope of requests is important when making FOIA or Privacy Act requests.
Cloud Computing, a Weapon of Mass Destruction?
This talk centered on DDoS (Distributed Denial of Service) attacks from the cloud. The presenters unveiled a proof-of-concept tool called ThunderClap, which utilized the Amazon EC2 cloud. They instantiated multiple virtual machines and started running DDoS attacks against their target. The economics of this attack are surprising. For an very small amount of money, a potential adversary may command a staggering amount of bandwidth, rendering the victim site unusable.
Token Kidnapping?s Revenge
Cesar Cerrudo of Argeniss delivered this impressive talk, in which he describes a token kidnapping vulnerability affecting modern versions of Microsoft Windows including Windows 7. Token kidnapping leads to a process thread's execution under an alternate security context, opening the door to privilege escalation attacks. He demonstrated a proof-of-concept exploit involving the Windows Telephony Service.
Build Your Own UAV 2.0 ? Wireless Mayhem from the Heavens!
This was one of my favorite talks at DEFCON. For around $1500-$2000, anyone can build a UAV (Unmanned Aerial Vehicle) with surprising capabilities. The speakers recommended an inexpensive and quite capable foam plane called the Skywalker. Using upgraded components along with an auto-pilot and GPS unit, the UAV was able to carry a payload of approximately three pounds. In flight, their UAV is capable of broadcasting live video and performing a variety of wireless network reconnaissance. I am inspired to build my own UAV after hearing this talk!
I had a great time at DEFCON this year. My only regret is that they ran out of the sought-after hardware badges and I got a paper badge instead. Alas, there's always next time. Thanks to the DEFCON organizers and "goons" (the DEFCON volunteers) for all their hard work. I'll see you next time!