My first Defcon experience

Defcon 23Defcon is a meta-conference which anyone passionate by IT security should attend. It is more than a conference, it is the heaven of hackers and security professionals, a place where definitely you will find something both cool and useful, even if you are interested in web security, reverse engineering, social engineering, hardware, lock-picking, Internet of Things or car-hacking topics.

Las Vegas

If Defcon reputation is not enough to get you at the conference, Las Vegas might be another reason to come here. If you don’t like to sleep, have some free time and some money, you’ll surely enjoy Vegas. Casinos and night-clubs are everywhere.

If you didn’t visit Paris or New York, no problem, here you can find the Tour Eiffel and the Statue of the Liberty. You can also visit a lot things: High Roller Wheel, Bellagio Fountain show and Luxor pyramid hotel are just a few examples.

Continue reading

NetRipper – Smart traffic sniffing for penetration testers

Ionut

Ionut Popescu, Senior Security Consultant @ KPMG Romania has been accepted as speaker at the prestigious DEFCON conference. He will present one of his projects: NetRipper tool, developed especially to be used in penetration testing projects.

The conference will be held in Las Vegas, Nevada, between 6-9 August 2015.

NetRipper – Short description

The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is the tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.

https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Popescu

And we will be waiting to share  his experience at the conference in the next article.

Hacknet 2015

Map-God1KPMG Europe’s internal information security conference – Hacknet, was held in Berlin and lasted two days, the 29th and the 30th of April.

This year, it was Ionut, Daniel and me who had the privilege of representing KPMG Romania.

Our team arrived in Berlin on the 28th. After taking our luggage to the hotel, we went for dinner, followed by a short walk in the city.

First Day

The conference kicked off early on the 29th and the program for the day consisted of three presentations and the CTF competition.

First presentation was on Relaying Contactless EMV, by a colleague from KPMG NL. After an introduction to smart-cards and EMV, the speaker described the concept of Relay Attacks on Contactless Transactions. Afterwords, he showed a video illustrating his Android implementation of the attack, the novelty of his approach being the small time overhead incurred by the relay. Measurements showed that the duration of a relayed transaction was very close to the duration of a native transaction (sometimes, due to optimizations, even faster). Continue reading