After a few days in Las Vegasand after BlackHat,DEFCON 25is finally over! It was an amazing time around awesome people.
I didn’t attend all the talks, but most of the ones I saw were interesting:
- There’s no place like 127.0.0.1 – Achieving reliable DNS rebinding in modern browsers, byLuke Young.
This talk presented several ways to bypass protections against DNS rebinding, and ways to access data from an internal network using these techniques. Several mitigations were also presented, one of them being, to not use strong authentication only for external resources, but to enforce them for internal resources as well. He releasedJaqen, a tool used to reliably execute DNS rebinding attacks using different methods.
- The Brain’s last stand, byGarry Kasparov.
- A New Era of SSRF – Exploiting URL Parser in Trending Programming Languages!, byOrange Tsai.
This talk presented the weird behavior of URL parsers and how to get a RCE in Github Enterprise using a chain of four vulnerabilities exploiting SSRF.
Tor developershave been working on a new generation of Onion Servicesto make them stronger to resist censorship and to provide several interesting features that the current generation doesn’t have. This talk also explained that{Dark, Deep}Webis not really a thing and is most of the time used as a marketing nonsense term: the biggest website usingTor Onion Servicesis actually…Facebook.
- 如何创建第一个sha - 1碰撞and What it means For Hash Security, byElie Bursztein
This talk presented the impressive research and results from Google and CWI which led them to get a way to get SHA1-collisions after several years of work and intense computations. Some unexpected consequences have also been presented,like the Webkit repositorycorruption. Counter crypt-analysis mechanisms used to detect these collisions implemented in Gmail andGithubhave also been explained.
This talk presented internals of wind turbine control networks, and how security is totally absent from their design: unauthenticated APIs, flat network, false security claims from vendors…
- Microservices and FaaS for Offensive Security, byRyan Baxendale
这个演讲提出了一个非常便宜的(但有效)way to leverage DDoS and bruteforce attacks against websites and OTP systems, using several Microservices providers.
- Abusing Webhooks for Command and Control, byDimitry Snezhkov
This talk presented interesting ways to use webhooks and Github as a broker C&C to exfiltrate data in a constrained environment. Github issues and comments were used as a communication channel. A proposed mitigation: to restrict outbound access to required Github repositories only.
- Demystifying Windows Kernel Exploitation by Abusing GDI Objects, bySaif El-Sherei.
This nice and technical presentation explaining the process to get Ring0 exploits primitives using GDI, and analyzing security issues MS16-098 + MS17-017 with the first standpoint.
- MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt), byChris Thompson
This talk presented the new features and developments related to Windows Defender galaxy…. and how to get around the new defense mechanisms introduced in latest Windows 10 versions.
Apart from these talks, villages and panels were very exciting places to attend.SE-Village,Recon-Village,Crypto and Privacy Village,Voting Machine Hacking VillageandPacket Hacking villagewere particularly great! Also, theEFF面板on Friday night was nice to get updates and discussions from EFF directors and attorneys.
Recorded presentations and workshops are available onmedia.defcon.org.
This was a nice (but very crowded!) edition, looking forward to next year!
COMMENTS