We attended ShmooCon V the first weekend in February. We arrived early on Friday morning and had a wonderful time at the con and in DC. Thanks to the all guys (and gals) from The Shmoo Group and the conference staff for all their hard work in putting this event together!
There were a number of talks this year worth noting. Rick ?Zero_Chaos? Farina's humorously titled talk on 802.11 provided some interesting information on using consumer WiFi chipsets to receive (and potentially transmit) on non-WiFi frequencies. Rick found that the radios of many consumer chipsets have the ability to operate outside the normal WiFi channels 1 & 11 that those of us in the United States are legally permitted to use. Other frequencies in the range supported by some of these chipsets include those used for public safety, military communications, terrestrial broadcasts of satellite radio (i.e., SIRIUS Satellite Radio, XM Radio), and DECT-based cordless phones. We hadn't realized that there was DECT plug-in available for kismet-newcore. Rick also discussed some changes being made in the Linux kernel and userspace around software control over which frequencies a wireless chipset can operate on.
We also attended "Jsunpack: An Automatic JavaScript Unpacker" from Blake Hartstein.Jsunpack looks to be a promising new tool for analyzing packed or obfuscated JavaScript and appears to address many of the shortcoming that plagued previous approaches.
Another talk we enjoyed was 'All Your Packets are Belong To Us: Attacking Backbone Technologies' by Enno Rey and Daniel Mende. The talk raised some interesting questions about the trust model (or lack thereof) of MPLS and Carrier Ethernet services used by many enterprises today. Enno and Daniel also threw in a few live demos of re-labeling MPLS traffic traversing a carrier network, and of launching Layer 2 attacks across the cloud via Carrier Ethernet.
Overall it was a great time. We enjoyed having an opportunity to visit with our InfoSec friends, as well the getting chance to make some new ones!
- Ben Feinstein & Bow Sineath