It’s been a busy summer and I’m just now posting on some of the conferences that I attended. Everyone enjoyed The Last Hope, and we are now looking forward to The Next Hope!
Here are some links from the talks that I attended. You can catch recordings of all of the HOPE talks over at The Last Hope Web site. There were many presentations that I wished I could have attended, however the conference had three tracks running simultaneously, plus an ad-hoc fourth track, and I haven't yet figured out how to hack myself. Some of the talks were repeated the following week at DefCon.
Maintaining a Locksporting Organization and Breakthroughs in the Community
By Doug Farre, Jon King
Watch rock star Jon pick a Medeco lock using his “Medecoder” tool.
Citizen Engineer - Consumer Electronics Hacking and Open Source Hardware
By Phillip Torrone, Limor Fried
In her presentation, Limor dissected a retired public telephone and turned it into her home phone. Very cool. I recommend her cell phone forensics kit. Also, if you’ve heard about the mp3 player made out of an Altoids tin, it too was a project of Lady Ada.
The Attendee Meta-Data Project
By LexIcon, Daravinne, Neo Amsterdam, Aestetix, Echo, Dementia, Matt Joyce, Christopher Petro
I didn’t actually make it to this one, but like so many of the presentations that I didn’t make it to, it really interested me. I’m streaming the audio online as I type, and according to the audio, they had enough of these special RFID badges to fit about half the number of attendees. Those people were then viewed as objects in a “live” database--sort of like social networking on crack, and general crowd movement could be tracked, for example congestion around the elevators or certain vendor tables.
Wikipedia: You Will Never Find a More Wretched Hive of Scum and Villainy (Partial)
By Virgil Griffith
Introduction to MCU Firmware Analysis and Modification with MSP430static
By Travis Goodspeed
I wanted to catch this one as it seemed interesting and he’s a friend-of-a-friend, but didn’t quite make it.
Introduction to the Open Web Application Security Project (OWASP)
By Tom Brennan
OWASP is home to WebGoat and many other wonderful projects. I just attended their NYC conference and will post that information as time allows.
Advanced Memory Forensics: Releasing the Cold Boot Utilities
By Jacob Appelbaum
Autonomously Bypassing VoIP Filters with Asterisk: Let Freedom Ring
By Blake Cornell, Jeremy McNamara
A Collaborative Approach to Hardware Hacking: NYCResistor (Partial)
By Bre Pettis and Friends
I support NYC Resistor and find the group a really welcoming bunch.
Technical Surveillance Countermeasures (Electronics Surveillance and Bug Detection)
By Marty Kaiser
Marty Kaiser has been involved with digital security and surveillance for as far back as most of us have memory. Listening to Marty was like hearing an old-fashioned radio show, filled with great stories. He brought up the infamous Russian Seal Bug, which is a fascinating piece of history. I could have spent the rest of the day just listening to more pieces from his past (and present) experiences.
A Convergence of Communities
By John Strauchs
Mr. Strauchs touched on something that’s increasingly important: IT Security + Physical Security. Can you have one without the other? His talk reminded me of an RFID crack that I’d heard about recently. It’s by Chris Paget at IOActive, Inc. This was not part of the HOPE Conference, but it’s tangentially related, so I thought it worth mentioning. View a video demonstration of Chris using the device here.
By Steven Levy
Methods of Copying High Security Keys
By Barry Wels, Han Fey
I won a lock-pick at this very interesting presentation.
Port Knocking and Single Packet Authorization: Practical Deployments (Partial)
By Michael Rash
Bagcam - How Did TSA and/or the Airlines Manage to Do That to Your Luggage?
These videos are a must-see!
Basically this guy’s a PI on crack, brilliant! And if you ever need to track someone down, he will find them.
By Emmanuel Goldstein and Friends
One ploy involved Emmanuel phoning a luxury hotel in NYC (Ritz Carlton?) and confirming their bed-bug eradication assignment in the morning.
PenTest Labs Using LiveCDs
By Thomas Wilhelm
Mr. Wilhelm is a genius and wants to share everything he has learned with everyone. His generosity and attitude is infectious. I highly recommend downloading his lab.
Pen Testing the Web with Firefox
By DaKahuna & theprez98
Identification Card Security: Past, Present, Future
By Doug Farre
How to craft your own holographic IDs.
Programming Your Mobile Phone for International Calling
By The Cheshire Catalyst
I didn’t catch this one, but Cheshire sent me some of his own links from the conference that I thought were handy.
Warrantless Laptop Searches at U.S. Borders
YouTomb - A Free Culture Hack (Partial)
By Oliver Day, Dean Jansen, Quentin Smith, Christina Xu
I didn’t catch all of this one, but what I did grab was quite interesting. Here’s a blurb from their site:
“YouTomb continually monitors the most popular videos on YouTube for copyright-related takedowns. Any information available in the metadata is retained, including who issued the complaint and how long the video was up before takedown. The goal of the project is to identify how YouTube recognizes potential copyright violations as well as to aggregate mistakes made by the algorithm.”
I’ve included the above video link to a different presentation that he gave, but there was some overlap. This was quite an entertaining talk.
Strengths and Weaknesses of (Physical) Access Control Systems
By Eric Schmiedl, Mike Spindel
This talk was very engaging. The example of using yellow high-lighter pen (blends in on keypad) on your finger to track the order on a keypad (under uv lighting) was an interesting concept.
By Johnny Long
The icing on the cake. Pure fun!
This next (and last but NOT least) link is not from HOPE, but was released at DefCon from a colleague of mine, Kevin Johnson. I thought it fitting to include. It’s a “Live” Web Penetration Testing CD called Samurai. Some of you know Kevin better as The Hacker Princess…Long live the princess!