Tuesday, August 19, 2008

A new obsession?

At DefCon 16, I finally got to see some of the other things going on other than CTF. I didn't see much but the thing that really left its mark was the Hardware Hacking Village. Greg and I went up there and I saw about 30 geeks or more going at it with soldering irons, miscellaneous computer scraps and DC16 badges. It was a cool site.

Greg had already been up there before and soldered a USB port onto his badge. I'd tried soldering a couple of times in my lifetime and failed pretty badly. This time, I was careful, asked for advice from experienced hardware hackers and was able to successfully solder on a working USB port.

What a rush! I'm totally hooked and have bought a couple of soldering irons (electric and butane) to work on modding all of my badges (DC 14-16). I've got a JTAG programmer at the office somewhere that I'm going to have to dig up to work on the previous badges, I think.

The thing I really want to build is a RFID cloner. The simplest, but most effective one I've found so far is the one from Chris Paget of IOActive but his BlackHat presentation with info on building it was squashed. :-( Oh well, I'll keep searching for something that will work. It may come down to having a separate reader and transmitter/writer. I don't really care too much as long as it is portable so I can use it during physical pentests.

As if I needed another obsession.

DefCon 16 retrospective

I won't bother going into any detail about the Capture the Flag competition here. You can read my blog entry over at Dark Reading or @tlas' blog for more information about our 3rd place finish and sk3wl 0f r00t's well-deserved victory. I did have an awesome time as I've had in the previous years when we won, learned a great deal from all aspects of the CTF experience and truly enjoyed spending time with my friends and teammates from the 1@stplace.

What else did I do while in Vegas for DefCon?

Thurs night, I finally met Tim and Kelly from Dark Reading in person for a fantastic time chatting and eating at the Mesa Grill in Caesar's Palace. They've been my editors for a year, now, and I'd never actually met them. We really had a great time. Afterwards, Kelly and I went by the Core Security party where we met their new CEO, Mark Hatton, Ivan Arce, Matt Hines, several other Core employees along with Rich Mogull and Mike Rothman. I picked up a couple of their Core Exploit "Black Hat Edition" card game but haven't had a chance to play it yet. Afterwards, Kelly tried to get me into the Microsoft party....FAIL.

Friday...CTF...then Plato's room to work on CTF stuff until 2:30am.

Saturday...CTF...then Plato's room to work on CTF stuff until 2:30am.

(Note: if you talk to any of my teammates, they'll tell you I did take a couple small naps during the late nights and won the "quickest to fall asleep" award along with answering a few questions while sleeping...questions that weren't asked to me.)

Sunday...CTF...but, then, I went to the Hardware Hacking Village and soldered on a USB port so I could so some badge hacking after I returned home. Next, I went to the first presentation I've ever seen at a DefCon conference. Why the first one you ask? Because CTF takes up the entire weekend! So, the presentation was "Stealing the Internet: An Internet-Scale Man in the Middle Attack." It was pretty cool. I admit that I don't know much about BGP so I probably thought this was way cooler than some other people but the room was packed. The sweetest part of the presentation was that they had hijacked the DefCon network at the Riviera and had been routing through and collecting all the passing traffic through their colocation company in NY. Wicked!

Sunday night...the DC16 Awards Ceremony was so packed and I knew we didn't win that I decided to head off to dinner with Greg. We ate at an awesome Koren BBQ restaurant and headed down the strip to relax. We wound up at Casa Fuente where we had a few mojitos and smoked some nice Ashton cigars. Afterwards, we walked the strip and made our way back to the Riviera where Greg had to get a little gambling out of his system.

Monday...I spent the day in airports and on airplanes heading home.

DefCon 16 rocked! Thank you to all my friends that I was able to see again, my brothers-in-arms from 1@stplace, Kenshoto for a great game and the DC16 organizers. See you next year!!

I'll post my pics soon.