Sunday, April 11, 2010

Hackito Ergo Sum, Day 1

Hackito Ergo Sum is a conference in IT security and hacking during 3 days in Paris. This year, it was the first edition of HES and it was from April 8th to 10th 2010. Between 50 and 70 of professionnal or passionnate people were present to assist to this event.

The first day began with Jeremie Zimmerman from "La quadrature du net" which is an organization which defense citizen rights and freedoms on the Internet. This organization have been founded in 2008 by 4-5 persons. They tell them "law hackers" i.e. they search incoherence in french and european laws. According to Jeremie, there is one Internet, but for example, in China, internet users aren't using the Internet but the "Chinternet" because of the censorship applied by the autorities (see the Tiananmen case). The second example that he has quoted was about mobile Internet. He said that's not the Internet because we can't use P2P, newsgroups and some operators decrease traffic rate.

The second talk of the morning was named "Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden" and was presented by Philippe Langlois from P1 Security. SS7 (Signaling System 7) is a group of phone protocols which are used in most of phone network in the world. At the moment, pentests are very rare on phone networks, like on IP networks in the 80's but should increase in the next 10 years. It's possible to scan and inject on these networks, for exemple we can use SCTPscan tool (developed by Philippe and included in Backtrack 4) to scan SCTP equipments. SCTP (Stream Control Transmission Protocol) is a protocol of transport layer of the OSI model like UDP or TCP protocols. To scan a SCTP equipment, we need to send an "INIT" packet. If the port is closed, it replies by an "ABORT", otherwise it replies with an "INIT-ACK" for a legitimate client and it doesn't reply to the attaquer. [Slides]

The afternoon began by a conference about the FPGA security challengeSebastien Bourdeauducq aka lekernel has briefly explained what is FPGA and then talked about the challenge which was available during the 3 days of HES 2010. If you need more informations on FPGA, I recommend you to go on Wikipedia. The challenge was composed of 6 levels with an incrementation of the difficulty level. [Slides]

The conference following the Sebastien one's was presented by Benjamin Henrion. He has talked about the modifying/hacking of one of the most widespread Linux equipement in Belgium : the Belgacom Box 2. This box is made by Sagem and have a similar hardware with Orange's Livebox. It runs an OpenRG Linux and is equipped of a VDSL interface, VoIP and an Atheros card. By default, telnet is opened and a default combinaison of login/password is used (admin/BGCVDSL2). He has also found a method to have a full admin access on the web interface just by putting login and password in the url as GET parameters. It is possible to load custom code on it, via USB key, telnet or tftp. For example, Benjamin has successfully transformed his box in a torrent box with Transmission with cli and web access, and has installed tools like Tcpdump and Airodump ... [Slides]

The third conference of the afternoon was about the utilization of artificial intelligence techniques to improve pentesting automation. The author of this talk, Carlos Sarraute, came directly from Argentina and works in Core Security, editor of the penetration testing product Core Impact. His talk has begun by a quick overview of pentests frameworks, the evolution of pentests and the description of an attack planning. He has talked about the PDDL (Planning Domain Description Language) and how we can use AI for pentests. For example, we can use different object types (host, network, port ...) and use predicates like TCP connectivity ... [Slides]

The last conference of this day was entitled "Evolution of Microsoft security mitigations" and was presented by Tim Burrell from Microsoft. Because I haven't assisted to it, I can't present you this talk. [Slides]

All comments about what I've written are welcome.

Conference's Website :
FPGA security challenge :

No comments:

Post a Comment