Bringing Sexy Back: Breaking in with Style

Presented at DEF CON 16 (2008), Aug. 8, 2008, 4 p.m. (50 minutes)

Security is getting better; there is no doubt about that. High value targets are increasing their security while buying into the buzzword hype with phrases like "defense in depth". Firewalls, IPS, AV, NAC, and a host of other technologies have done a lot to give the pointy hair bosses of the world the ability to sleep easy...or has it. While those PHB sleep easy in their bed the ability to compromise a site at will continues to grow. Remember the good old days of planting Trojans in microcontrollers of your enemy's hardware or shipping packages with system updates that contain backdoors? What happened to those days? What if I told you that breaking into a site is as easy as sending a package via some third party carrier or throwing up a website. This talk will cover penetration techniques that at first glance appear to be Hollywood fiction but are easy and reliable methods of intrusion. Miss this talk and you may never know why you have a package in your shipping department addressed to "U R Owned, INC.".

Presenters:

• Robert Graham - CTO, Errata Security
  Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats. He is the author of several pending patents in the IDS field. He is the author of well-regarded security-related documents and is a frequent speaker at conferences. Previously he was the chief scientists of Internet Security Systems. Before that he was the co-founder, CTO, and chief-architect of Network ICE which was acquired by Internet Security Systems.
• David Maynor - CTO, Errata Security
  David Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Maynor
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Maynor and Graham - Bringing Sexy Back - Video.mp4
• https://www.youtube.com/watch?v=v2hrtGVebjc

Similar Presentations:

• DEF CON 18 (2010) / Your Boss is a Douchebag... How About You?