By Jennifer Steffens @securesun
For those who know me, I'm no stranger to the world of conferences and have attended both big and small cons around the world. I love experiencing the different communities and learning how different cultures impact the world of security as a whole. I recently had the pleasure of attending my second Ekoparty in Buenos Aires with IOActive's Latin American team and it was again one of my all time favorites.
To put it simply, I am blown away by both the conference and the community. Francisco, Federico and crew do an amazing job from start to finish. The content is fresh and innovative. They offer all the great side acts that con attendees have grown to love - CTF, lock picking stations, giant robots with lasers, a computer museum as well as the beloved old school Mario Brothers game. Even the dreaded vendor area is vibrant and full of great conversations - as well as a bit of booze thanks to both our bar service and Immunity's very tasty beer!
But the real heart of Ekoparty is the community. The respect and openness that everyone brings to the experience is refreshing and gives the conference a very "family-like" feel - even with 1500 people. I met so many interesting people and spent each day engaged in inspiring conversations about the industry, the culture and of course, how to be a vegetarian in Argentina (not easy AT ALL!).
A special thanks to Federico and Francisco for the invitation and generous VIP treatment throughout the week. It was a great opportunity for us to bring IOActive's Latin American team together, which now includes 12 researchers from Argentina, Brazil, Colombia and Mexico; as well as meet potentially new "piratas" in the making. I am amazed every day at what that team is able to accomplish and am already looking forward to Ekoparty 2013 with an even bigger team of IOActive "piratas" joining us.
¡Gracias a los organizadores, speakers y asistentes de la Ekoparty 2012. La semana fue fantástica y espero verlos el año que viene!
By Stephan Chenette @StephanChenette
OK I'll try my best to follow Cesar, this years keynote speaker, Francisco, one of the founders of EkoParty and Jennifer our CEO in giving an impression of the EkoParty conference. If you haven't been to EkoParty, stop what you're doing right now, check out the web site (http://ekoparty.org) and set yourself a reminder to buy a plane ticket and a entry ticket for next year - because this is a con worth attending. If nothing else you'll learn or confirm what you had thought for years: that the Latin American hacker community is awesome and you should be paying attention to their research if you haven't been already.
Three days long, EkoParty is compromised of a CTF, Lock picking area, training, and 20 interesting talks on research and security findings. The venue is something you'd expect from CCC or PH-Neutral: An Industrial, bare-bones building loaded up with ping pong tables and massive computing power with no shortness of smoke machines, lights and crazy gadgets on stage...oh and as you read above in Francisco's summary, a Mariachi band (hey, it is Argentina!).
The building reminded me of the the elaborate Farady cage Gene Hackman had set up in the movie Enemy of the State that was used to hide from the CIA. Except Eko Party was filled with around 1500 attendees and organizers.
I saw a number of talks while at EkoParty, but I'm sure most of you will agree the three most noteworthy talks were:
- CRIME (Juliano Rizzo and Thai Doung)
- Cryptographic Flaws in Oracle Database Authentication Protocol (Esteban Fayo)
- Dirty use of USSD Codes in Cellular Network (Ravi Borgaonkar)
- Recon (Intelligence gathering)
- Penetration (exploitation of defenses)
- Control (staging a persistent mechanism within the network)
- Internal Recon
- Ex-filtration of data
|(Stephan Chenette's presentation on |
"the Future of Automated Malware Generation")
By Ariel Sanchez
What begun publicly as an e-zine in the early century now arises as the most important latin american security conference "ekoparty". All the latin american team landed Buenos Aires to spend an amazing week.
My "ekoparty week" started on monday where I got invited to attend a "Malware Analysis Training" by ESET after solving a challenge of "binary unpacking" posted on their blog. First, two intensive days were held with paid trainings which covered the following topics: cracking, exploiting, sap security, penetration testing, web security, digital forensics and threats defense. Every classroom was almost fully booked.
The conference started on Wednesday in "Konex Cultural Center", one of the most famous cultural centers especially for music and events. The building used to be an oil factory some decades ago.
On Wednesday, our CTO Cesar Cerrudo, was the main keynote of the day.
Many workshops were open for any conference assistant for the rest of the day.
At night we enjoyed a classic "Mexican Grill" at IOActive's party where VIP guests were invited. The meal was brought you by Alejandro Hernández and Diego Madero, our Mexican Security Consultants.
On Thursday and Friday were the most awaited days since the presentations were going to start.
My favorite talks were:
*Taking control of the InmarSat GMR-2 phone terminal (Sebastian Muñiz and Alfredo Ortega): Without modifying the firmware image, researchers managed to send AT commands to the phone terminal to write arbitrary memory. They copied binary instrumentation code for logging and hooking what really sends the phone on common actions like sending SMS. Then, they wrote the "data" section for redirecting the flow at some point and discovered that messages sent to the satellite "might" be vulnerable to
"memory corruption" if they are preprocessed by the satellite before retransmision. No satellites were harmed.
*VGA Persistent Rootkit (Nicolás Economou and Diego Juarez): Showed a new combo of techniques for modifing reliably the firmware of a VGA card to execute code or add new malicious basic blocks.
*The Crime (Juliano Rizzo and Thai Duong): The most awaited talk revealed a new chosen plaintext attack where compression allowed to recognize which secuences of bytes were already on the TLS data. The attack works like BEAST, with two requirements: capture encrypted victim's traffic and control his browser by using a web vulnerability (or MITM on an HTTP service). When forcing the browser to issuing some specific words on the HTTP resource location, they figured that if that portion of the random string is already on the cookie the TLS data gets more compressed. This allows to bruteforce to identify the piggybacked cookie that is automatically added to the request.
*The Future of Automated Malware Generation (Stephan Chenette): Our Director of R&D showed how different AV's performs approaches for detecting malware mostly failing. It is difficult to defend ourselves in something we dont know but we must remember that attackers are also having fun with Machine Learning too !
*Cryptographic flaws in Oracle DB auth protocol (Esteban Fayó): When authenticating a user, Oracle uses the hashed password (on the database) as the key for encrypting the server session (random). The user hashes its password and then tries to decrypt the encrypted session that the server returned. The problem is that is possible to recognize if this decryption returns an invalid padding so the initial password can be tried offline. This allows to bruteforce the process of decrypting locally till a valid padding occurs (sometimes it colides with a valid padding but it's not actually the password). This vulnerability was
reported to Oracle 2 years ago but no patch was provided by them till then.