Presented at
Kiwicon 4: The four e:Sheep-persons of the Cyber Infopocalypse (2010),
Nov. 28, 2010, 4 p.m.
(30 minutes).
If you're a white hat sellout owning unix boxen during red-team style pentests, you can't really go dropping a kernel mode rootkit on someone's production front frontend internet banking site. Sure, you still need what a root kit offers - hiding files and processes, a persistent access backdoor - but you can't be the guy who takes out the "too critical to pen-test" service (that took your sales guy five months to negotiate testing live) when you bodge in your hacked up kernel module with your shit-ass /dev/mem insmod tekneeq. Sometimes even local privesc is too much for them to handle. So whats left? You play the shell game.
Presenters:
-
Metlstorm
Metlstorm is a cashed up, card carrying whitehat sellout, writing up customers for ICMP timestamping and SSLv2 like Qualys told him to. When he's not faffing with his word templates, he spouts poorly thought through faux-pinions on the risky.biz podcast, and organises (largely by sulking about off topic posts on #kiwicon) the second best hacker con in New Zealand. Don't let the beard fool you - he loves Windows, and heartily endorses products made by Computer Associates. Metl has bored previous Kiwicons, Ruxcons, Syscan, a Defcon and a Blackhat, pottered around a few networks (including yours) and in his spare time stuffs his face with pies and griefbacon. Metl aspires to work for EDS in an audit and compliance role, so recruiters, please contact him IMMEDIATELY.
Links: