[Full-disclosure] Recon 2010 - Speaker list, new additional capacity for sold-out training, party details
CONNECT 2010 ++ + + + + + + + \ / + _- _+_ - ,__ _=..:. /=\ _|===|_ ||::| | |_|.| | | | | | __===_ -=- ||::| |==| | | __|.:.| /\| |:. | || | .|| : |||::| | |- |.:|_|. :__ |.: |--|==| | .| |_ | ' |. ||. |||:.| __|. | |_|. | |.|...||---| |==| | | | |_--. || |||. | | | | |. | | |::.||: .| |==| | . : |=|===|:|| . ||| .| |:.| .| | | | |:.:|| . | |==| | |=|===| . |' | | | | | | | |' : . | ; ;'| ' : ` : '. ' . . : ' . R E C O N 2 0 1 0 . `.. ' . Speakers Announcement ++ REC0N 2010 ++ MONTREAL ++ JULY 9-11 ++ http://www.recon.cx + RECON returns for 2010 - Training sessions + conference + The conference is nearly sold out, if you didn't register yet, hurry up while there are still tickets left. + We expanded the two sold-out training courses - Rolf Rolles and Alex Ionescu will each train a second session July 12-14. July 6-8: - Binary Literacy: Static Reverse Engineering by Rolf Rolles (sold out) - Binary Vulnerabilities and Exploit Writing by Gerardo 'gera' Richarte - Windows Internals for Reverse Engineers by Alex Ionescu (sold out) - Coding Unpackers for Fun and Profit: TitanEngine by Tomislav Pericin July 12-14: - Binary Literacy: Static Reverse Engineering by Rolf Rolles - Windows Internals for Reverse Engineers by Alex Ionescu ++ Speakers lineup (Description at http://recon.cx/2010/speakers.html) + Keynote - Richard Thieme - Ethical Considerations of Intelligence and Information Security + Speakers - Pierre-Marc Bureau and Joan Calvet - Understanding Swizzor's Obfuscation Scheme - Ero Carrera and Jose Duart - Packer Genetics: The Selfish Code - Gynvael Coldwind and Unavowed - Syndicate Wars Port: How to port a DOS game to modern systems - Dino Dai Zovi - Mac OS X Return-Oriented Exploitation - Nicolas Falliere - Reversing Trojan.Mebroot's Obfuscation - Yoann Guillot and Alexandre Gazet - Metasm Feelings (30 minutes) - Travis Goodspeed - Building hardware for exploring deeply embedded systems - Sean Heelan - Applying Taint Analysis and Theorem Proving to Exploit Development - Alex Ionescu - Debugger-based Target-to-Host Cross-System Attacks - Ricky Lawshae - Picking Electronic Locks Using TCP Sequence Prediction (20 minutes) - Assaf Nativ - Memory analysis - Looking into the eye of the bits - Deviant Ollam - Finding Chinks in the Armor - Reverse-Engineering Locks - Sebastien Porst - How to really obfuscate your malware PDF files - Danny Quist - Reverse Engineering with Hypervisors - Jason Cheatham and Jason Raber - Reverse Engineering with Hardware Debuggers (20 minutes) - Stephen Ridley - Escaping the Sandbox - Igor Skochinsky - Intro to Embedded Reverse Engineering for PC reversers - Michael Sokolov - SDSL reverse engineering - Jonathan Stuart - DMS, 5ESS and Datakit VCS II: interfaces and internals - William Whistler - Reversing, better - Georg Wicherski - dirtbox, a highly scalable x86/Windows Emulator - Sebastian Wilhelm Graf - Rainbowtables re-implemented ++ Recon wouldn't be Recon without a Party! - Saturday 10 July at Cafe Campus (http://www.cafecampus.com) - Open to everyone (not just Recon attendees) - Lightning talks (1-10 minutes each), come prepared! - More details to be posted on the website soon. + DJ & VJ (http://cruzcontrol.org/) - Banditos - DualCore (http://dualcoremusic.com/nerdcore/) - The Gulf Stream - HpNoTik - Kasdal - Ma" - YanKat - More to come NO CARRIER ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Recon Call for Papers - July 9-11 2010
/* Architecture: x86/Linux Author: Recon Published: 2010-02-04 The shell code walls the following message: ++ + + + + + + + \ / + _- _+_ - ,__ _=..:. /=\ _|===|_ ||::| | |_|.| | | | | | __===_ -=- ||::| |==| | | __|.:.| /\| |:. | || | .|| : |||::| | |- |.:|_|. :__ |.: |--|==| | .| |_ | ' |. ||. |||:.| __|. | |_|. | |.|...||---| |==| | | | |_--. || |||. | | | | |. | | |::.||: .| |==| | . : |=|===|:|| . ||| .| |:.| .| | | | |:.:|| . | |==| | |=|===| . |' | | | | | | | |' : . | ; ;'| ' : ' : '. ' . . : ' . R E C O N 2 0 1 0 . '.. ' . C F P REC0N 2010 MONTREAL JULY 9-11 + RECON returns for 2010 - Training sessions + conference + We are accepting submissions - Single track - 45-60 minute presentations, or longer, we are flexible - There will be time for short, informal lightning talks + Especially on these topics - Reverse engineering (Software, Protocols, Hardware, Human) - Exploit development and vulnerability assessment - Data analysis and visualization techniques - Crypto and anonymity - Physical security countermeasures - Anything elite + Please include - Speaker name(s) and/or handle - Contact information (e-mail and cell phone) - Brief biography - Any presentation Supporting materials - Why it is cool and/or why you want to present it + You want to speak! - Please send the above information to cfp2010 (at) recon.cx by 15 May, 2010 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.10 (Darwin) mQENBEtqMN4BCADBIBOf6mK+H2QwfQYouyR5kkk5Imr3KmKzd/eGimX9srBeCauJ vKb6K1ENxwSna58gwdW/UZ5oNauyDuin3JLYR0mDgxUo8s7cXwf0vltcR5LWDr49 cz3DC7rY2TPLDLO6PR6lNyFbtRE+UZ/OqwWrN9yNkyLfj+L2L4MDbscHsEA+Hlur BG/4TM5FBvz0LG1v08RMDJN88PqZdg2lgjc2LS/gkcQKNS9D90BTPIJ3sWP7EVLd RnmZ1204SXqCZyGufn02REDA0t/M7WMBDtHFFioMQc7NTaW/i2wajJWjXG8HKjw1 kl7VSjE1zZXPC8q+FBJ638dSX0nphUjZv0xhABEBAAG0HFJlY29uIENGUCA8Y2Zw MjAxMEByZWNvbi5jeD6JAT4EEwECACgFAktqMN4CGwMFCQDtTgAGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEISWGw7Okw71C7YH/0m203QqH5BtH6vaJQ56W+yO I90xUoHOcLC6J9kqCc5wXMD3qZqyaDY/0aSFKyu0vxF7DSzO6PnuGWv//rJx6BkF 0rY6wdEA5iPTYcHG7Aht6LLAl96u98kUSIUNJX2l7+LvwJdJYgjxw4zFHOSjcH4d m8OXm5oNpnfpsTUSTFXEeTOnP5Uz/dodWodhlVtT73YIUEr6BWNWRVJGFg9Cnoqy M55EL4hQqhMYJDsRyUqnWAx3CJ0xqdA4dHft1CI06y7Z6FHR+J3GyqZPijJEx4Qn Tr0w9w9CI/YX0QJPuosUHpwWulWBQRXVydC/5zfB+y0S2GUz2b+kfa+pbbaaEaG5 AQ0ES2ow3gEIALUKxeg0fhzirgklcXYBpaktpppvfzK+FGHITvdK7zC1jRsRPUIq F1nLhYlEp7gBO2ROMXCIyQi+G3fjTrSWaJm1bJZUl9nwWLS0gr635zjgIL9X/isG jn6JOTlzHXfzUucnfC5M+jmmJZCQCVS0n1jpCstlu/0RMcDl/H7UPPKke+foAll/ pTqcVJzZWgVvyFRI/0SXU/63ddHb2Dn0jKJ6WLo+V8UbYJSbYF3D1Z4xUUkHf6PY xO0UOdiFnkfvHd938X6tQveLG+lRn8K/ZXtTLuztDm04XhvURujKpHvok0O5infQ mRTMnHfl/0adHA0oNUiMNoIuWRJwRPj/ppcAEQEAAYkBJQQYAQIADwUCS2ow3gIb DAUJAO1OAAAKCRCElhsOzpMO9YySB/9UVPbib6WZVDYdIY8vNWp9K17S/r/haPnk 95qgxuCHU62S4LlCIdNS/AblB3v/X42cIg3bvvWuIBjR9ayww+1KBAfPOVdMRDfq +6DSBqxN1NvbItE1S90O8vPxgEQcUC+Z/gpF8MGH4T4xcPsVI2S7qLjfZdBiGzy0 CWU8iiYPE3JE94Rootin5yJbyHlek5/BUw+3tGkkWZDUV1Ww7FPdtQQJSnHbUqP3 3mF2Ss65vxatmeIvNL3FFLeSokABKeoPZd35nJP1Snw4w4lWA93sT/a+b2GYjLtb rapk+7sYrit92kI3uA6qwoG9vM+PzJasKHT8jIyauk6RsVAba2MG =TGKB -END PGP PUBLIC KEY BLOCK- */ unsigned char buf[] = "\xb9\xab\x03\x00\x00\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13" "\xe7\x14\xc3\x41\x83\xeb\xfc\xe2\xf4\x8d\x1f\x9b\xd8\xb5\x72" "\xab\x6c\x84\x9d\x24\x29\xc8\x67\xab\x41\x8f\x3b\xa1\x28\x89" "\x9d\x20\x13\x0f\x92\xcd\x41\xe7\x71\xa0\x29\x88\x34\xe1\x6a" "\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3" "\x61\xc7\x34\xe3\x61\xcc\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34" "\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe8\x61\xc7" "\x34\xe3\x61\xc7\x34\xe3\x61\xcc\x1e\xe3\x61\xc7\x34\xe3\x61" "\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3" "\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x3f\xe3\x61\xc7\x34" "\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xcc" "\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xcc\x1e\xe3\x61" "\xc7\x34\xe3\x61\xc7\x34\xe8\x61\xc7\x34\xe3\x61\xc7\x34\xe3" "\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34" "\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7" "\x34\xe3\x61\xc7\x34\xe3\x61\xcc\x1e\xe3\x61\xc7\x34\xe3\x61" "\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3" "\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34\xe3\x61\xc7\x34" "\xe3\x1d\xc7\x3b\xc9\x61\xc
Re: [Full-disclosure] Sniffing RFID ID's ( Physical Security )
There are a few different RFID companies that each have a unique form of authentication based on top of existing standards. For example, at the place I'm working we use these cards from HID. The standards they run off of pretty interesting but it seems to me that if you could gain enough data on a specific person's card then you could replicate them. Unfortunately there are a few problems. 1) you said are worried that someone sitting downstairs in the coffee shop could skim the transmissions? the range is only about 4-5 cm or so, I think someone's going to notice you running around shoving a radio antenna near their waist. The amount of power that a skimmer would have to generate to get the data from a distance would be enough to seriously damage the person holding it. I could be wrong on this though, Ilan Kirschenbaum and Avishai Wool from / Tel Aviv University /are presenting a paper at this year's USENIX Security Symposium in which they talk about building a low-cost, high-range skimmer. What limit the range of HID cards is the fact the card is powered by the reader, while the card is powered the signal sent can be read from a bigger range. So when you actually use the card with the legitimate reader, someone sniffing the signal would't need to be at 4-5 cm... Also you don't need to show your Antenna, you could easily hide this into a bag. I beleive elevator would be the best spot to go fish for Proximity card... In my opinion a good trick to protect yourself from people trying to power your HID card is to put 2 RFID Cards next to eatch other. If they get powered, both card signal will combine and cause a conflict. For this I base myself on the fact if you present 2 HID cards at the same time to a HID reader, access will not be granted, there might be some way to isolate the two signals so don't take this for granted. 2) Encryption on top of the authentication. The chips themselves could be using a public key infrastructure just as Mike commented. You would then have to be able to mimic a card reader and know it's private keys. While what you say is true, from my experience the most commonly installed system is the HID Prox card II and it's vulnerable to sniffing and reinjection. Note that HID also have a Smart Card base system but I have no experience with it and I have never saw it in production. Jonathan Westhues did a very good presentation on RFID last year at Recon, you can get the slides and video there: http://2005.recon.cx/ recon2005/papers/Jonathan_Westhues/ Hugo recon.cx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Recon 2006: Guest speakers announcement. Call for papers and early registration ending in less than 2 weeks.
Recon 2006 - 16th 17th 18th June 2006 - Plaza Hotel, Montreal - http://recon.cx We are pleased to announce the guest speakers of Recon 2006 : Anthony de Almeida Lopes: Multi-cavity NOP-infection Operating System- Independent x86 Virus David Hulton (h1kari): Breaking Wi-Fi... Faster! (with FPGA) Joe Stewart: OllyBone - Semi-Automatic Unpacking on IA-32 Spoon: IDARub (IDARub is an IDA plugin that wraps the IDA SDK for access from the Ruby programming language) Early registration ends in less than two weeks so if you want a cheap ticket register now! visit http://recon.cx/en/reg.html for more details. The Call For Papers deadline is 31st of March, 2006 so if you want to present at Recon 2006 you have less than two weeks left submit your paper. For more details on the CFP please visit http://recon.cx/en/cfp.html. Recon 2005 videos : http://2005.recon.cx/recon2005/papers/ We are offering three training courses this year. * Advanced Reverse Engineering Learn how to unpack Packers and Protectors, and how to analyse Polymorphic viruses Instructor: Nicolas Brulez Dates: 13-15 June 2006 Availabilty: 18 seats * Introduction to Reverse Engineering Learn how you can reverse engineer programs to understand their inner workings Instructor: Nicolas Brulez Dates: 19-21 June 2006 Availabilty: 18 seats * Packet Mastering the Monkey Way Learn how to write scanners, sniffers and packet flooders using libpcap, libdnet, and libevent. Instructor: Jose Nazario and Marius Eriksen Dates: 14-15 June 2006 Availabilty: 18 seats For more details on the trainings go to http://recon.cx/en/training.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RECON2006 - Call for paper
RECON 2006 - Call for papers - 06/01/06 Montreal, Quebec, Canada 16 - 18 June 2006 We are pleased to announce the second annual RECON conference, which will take place in Montreal from the 16th to the 18th of June 2006. We are looking for original technical presentations, in the fields of reverse engineering and/or information security. Presentations should last no longer than 50 minutes and be presented in english. We will be accepting talk proposals until the 31st of March, 2006. All submitted presentations will be reviewed by the RECON program committee. Preferred topics Reverse engineering (Software, Protocols, Hardware, Social) Exploit development and vulnerability assessment Data analysis and visualization techniques Crypto and anonymity Physical security countermeasures Cool network stuff Please include the following with your submission 1) Speaker name(s) and/or handle 2) Contact information (Email and Cell phone) 3) Brief biography 4) Motivations for presentation (500 words max.) 5) Presentation abstract (500 words max.) 6) If your presentation references a paper or piece of software that you have published please provide us with either a copy of the said paper or s oftware or, an URL where we can obtain them. Please send the above information to cfp (at) recon.cx RECON program committee Cédric Blancher Nicolas Brulez Guillaume Duteille Hugo Fortier Jason Geffner Ryan Russel Mathieu Sauvé-Frankel Visit http://recon.cx for more information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phone Forensics
I really have no idea if this software is worth anything but Paraben have a software for Cell phone forensic, you might want to look into it http://www.paraben-forensics.com/catalog/product_info.php? cPath=25&products_id=273 I'd be interested to know if you found the answer to your questions. Hugo On 6-Sep-05, at 9:54 PM, [EMAIL PROTECTED] wrote: Evening All, Since this forum often dicsusses various forensic topics I thought I would see if someone here could help with an issue that I am trying to resolve. Is it possible to do a forensic investigation on a telephone that stores caller ID information after the delete function has been invoked? In otherwords, if the user has deleted the incoming caller list is it possible to dump memory to see whats there? Along this same line is it possible to gather any inbound caller ID information from a telco or another agency without a trace being initiated? Any advice you might have would be greatly appreciated. Thanks, John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/