Last week I visited HACK.LU, a security conference in Luxemburg. Besides beers at the bar and talking to interesting people there were also very interesting presentations to attend.
Most of the presentations can be found here. I will do a quick overview of the presentations which I found interesting.
Hillar Leoste from shadowserver did a very good wrap up of current Botnet activity. I am also going to play around with nepenthes to set it up as a honeypot and do some malware analysis of my own. There were some other presentations about malware analysis as well.
The death of defense in depth? Revisiting AV software was a presentation given by two people from nruns. I learned that AV scanners themselves are not always examples of Secure Coding Practices and that many exploits are still to be found in those products. A fancy demo was one exploit for a virus scanner which worked on Windows XP, Windows 2003 and… Vista! They apparently found a way around the ASLR in Vista. It was also very cool to see how one could bypass almost all virusscanners by changing the magic byte of a zip file but still making it possible to unzip the file in winzip. This indeed bypasses all layered defenses but I still think that it is a bit early to cry that ‘Defense in Depth’ is death.
Lance Spitzner did a very good opening speech the second day on fast flux botnets. These are fast changing botnets which are almost impossible to track. Most of the command and control servers sponsored by the Russian Business Network. 
Wifi Fuzzing, remote kernel exploitation was a nice presentation by three France Telecom Researchers. It focused mostly on driver exploits and AP fuzzing. Although driver exploits are old news (taking the Intel exploit at BlackHat last year into account), when you see it in action, it is scary! A sample exploit for madwifi showed a vulnerable PC sending only a couple of beacons for his network SSID and the PC was already p0wnd! Now you might think that this only affects linux PCs…think about what software runs underneath some access points…right Linux!
A funny presentation was about Injecting RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite Navigation. This focused on how you could inject fake traffic messages into car sattelite navigation systems. In the demo shown, the GPS suddenly chooses a different route because the fake message stated that there was a closed road, traffic jam, air crash, terrorist attack or … bullfight Funny messages exist in TMC apparantly.
Nitesh Dhanjani did a very good wrap up of XSS attacks and showed how it could be useful to attackers in many ways (except for the usual <alert> demo).
From a CISSP perspective Cracking Windows Access Control was an insightful presentation and showed a practical example of how the failing of the Discretionary Access Control model currently implemented in windows can cause files of a higher level read a file of a lower integrity security level and thus compromising the security of the system. This was an example of how some the dry theory learnt during CISSP studies has a direct application in the real world.
There were many other interesting talks (RFID passports, metasm, new features in Core Impact, hacking captive portals, exploiting SAP, rootkits,…) but I suggest you look to the HACK.LU website for a full agenda.
To conclude I must say I learnt quite much from the three days in Luxemburg. It was a very interesting and also entertaining experience.
PS: If you go to one of these conferences…never open your laptop and trust what you send over the network. (unless you are the one performing the MITM attack)
I needed to change my google talk password because someone was doing a MITM attack and I had forgotten to disable my google talk (or redirect it through my SSL vpn). 
UPDATE: I just learned that gtalk uses encryption! I went from the assumption that it was just plain text as most Instant Messengers but this does not seem to be the case. So my password change was not really necessary. Oh well, it does not hurt anyhow…
