ANNOUNCEMENT: Security On-Demand Announces ThreatWatch Response and Remediation Service | SEE RELEASE

Attending DEF CON 25 is an annual rite of passage for many members of the Security On-Demand SOC. It presents a unique opportunity to hone network hunting and cybersecurity skills, learn about the latest and greatest threats and exploits being developed today, and network with other like-minded cybersecurity professionals.  Our SOC Team came back energized. Right from the source, let’s dive into the technical take:

Wade Wells: Security Operations Analyst

The talk I enjoyed the most was “Hacking Democracy” by Mr. Sean Kanuck.  Mr. Kanuck like most speakers at  DEF CON 25had a large range of experience in cyberspace, including working for the Central Intelligence Agency’s Information Operation Center.  He talked about the various vulnerabilities that democracy must deal with in today’s modern society, how the media can be manipulated by foreigner powers, and how politicians can close voting centers to suppress voting. To quote Mr. Kanuck, “provide a low-tech, strategic analysis of recent events, foreign intelligence threats, and the future of information warfare”.

This talk intrigued me because of the analytical thinking behind solving and creating these problems. He easily illustrated how to view a complicated situation and take advantage of it in unique ways. Matching pattern together to find out who will gain the most out of a situation and thus finding who created the problem.

Chase Hatch: Security Operations Analyst and Hacker Extraordinaire

I spent a good majority of my time at the Packet Hacking Village.   I participated in Capture the Packet, and Wall of Sheep.

Capture the Packet is a honeypot that’s set up at the convention.  It captures hostile traffic seen over the public wifi network of the convention. That captured traffic is curated, I believe, over the course of the next year for the next convention.  Aside from the honeypot, CTP Participants connect to a network promiscuously and monitor packet replay traffic that is derived from that curated traffic, with a CTF-like set of objectives.

Wall of Sheep is much like Capture the Packet, but it’s the live, real-time traffic of the convention that traverses the public wifi network.  A network switch taps into that network, and offers promiscuous ethernet.  Tcpdump, grep, and Wireshark are the tools of the trade to comb through this live traffic.  The goal is to find clear-text credentials traversing the unencrypted public wifi network over insecure protocols such as FTP, Telnet, SMTP, POP3, IMAP4, and HTTP.  The point is to catch people being security-naive.  If the credentials can be verified as legitimate, all PII that’s immediately distinguishable gets put on the projected display.   Passwords are obfuscated to prevent abuse.

The workshop I attended discussed aspects of penetration testing that are not covered in texts, and come more from years of experience.   Penetration testers end up being the most valuable target on a corporate network, due to the access they obtain and the information they gather through the course of their engagement.  An attacker already on the network may hunt the penetration tester due to this value.  The workshop discussed how to operate in a hostile environment, and gave pointers on protecting you and your client’s data, both in-transit and at-rest.  It also discussed secure communication channels with the client and other testers, vetting your security testing tools, minimizing vulnerability/attack surface, and other best practices.   It also covered how to hunt Pineapples, which are cheap evil twin wireless access points that are extremely easy to use for people with little to no experience or understanding of what they’re actually doing.

Dorian James: Security Operations Center Supervisor and DEF CON 25 Champion!

  • While doing the Coindroids contest I learned how to use the REST Chrome extension to do POSTS to website.  I also learned how to actually use Hashcat to help decrypt hashes.  The top three of us are still on step four of the hacking challenge for Coindroids even though the contest is over.  I’ll get it soon.
  • Networking!  Networking is huge.  Maintain those relationships.  I met the Coindroid team last year and kept up with them throughout the year.  At this Def Con, I was “upgraded” to a contest badge and helped them out with explanations to other players although I was doing the challenge itself.  Hopefully next year they will ask me to help with the actual challenge itself, as hinted at the end of the Con this year.  As for the others that I was competing with, we still hit each other up for hints and ideas.
  • Break out of your comfort zone.  Most of the material presented at the Con is new to me.  I did go to the Packet Capture Village and ended up speaking with Devan, one of the 12 disciples of Python.  We spoke with Devan for about an hour or so about everything from what was happening in the village to Python itself. 

And most important Dorian finished second in the renowned DEF CON 25Beard and Moustache Contest!