Abstract: There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.
Abstract: The year 2008 has seen some severe attacks on infrastructure protocols (SNMP, DNS, BGP). We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today's carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It's about making the theoretical practical, once more!
Abstract: This presentation will introduce a new web-based attack vector which utilizes client-side scripting to fragment malicious web content.
This involves distributing web exploits in a asynchronous manner to evade signature detection. Similar to TCP fragmentation attacks, which are still an issue in current IDS/IPS products, This attack vector involves sending any web exploit in fragments and uses the already existing components within the web browser to reassemble and execute the exploit.
Our presentation will discuss this attack vector used to evade both gateway and client side detection. We will show several proof of concepts containing common readily available web exploits.
While IPv6 security is relatively well known in European Universities, most enterprises and service providers had little exposure to it.
This is becoming really worrying because Microsoft Vista, 2008 includes IPv6 and IPv6 is even the preferred communication protocol. While this is probably a good thing, the transition mechanisms (notably the tunneling) can lead to risk exposure...
The IPv4-address exhaustion is for 2010, this means that the migration to IPv6 is happening and that it is urgent to expose the security community to IPv6 with the latest news (like secure neighbor discovery which has been designed to secure the ARP-like function with cryptographically generated addresses). The session also cover the threats linked to the dual-stack approach and the use of carrrier grade NAT.
Download the videos at http://www.brucon.org
Uploaded 19 Plays0 Likes0 Comments
In late 2008 the author was challenged by an Irish security journalist to steal her identity. The author was only allowed to use information that could be found online, could not break any laws and could not use any social engineering techniques. The author will present what information was available online, whether or not he was succesful and what lessons can be learned from the experience in relation to an individual's privacy.