If you haven’t been at 44CON last week, you missed a lot of good presentations. Plus you haven’t been around great speakers, an excellent crew, “gin o’clock” each day, wonderful audience, and great coffee from ANTIPØDE (where you should go when in London and in desperate need of good coffee).
Everyone occasionally using wireless connections (regardless if Wi-Fi or mobile phone networks) should watch the talks on GreedyBTS and the improvements of doing Wi-Fi penetration testing by using
fake alternative access points. GreedyBTS is a base transceiver station (BTS) enabling 2G/2.5G attacks by impersonating a BTS. Hacker Fantastic explained the theoretical background and demonstrated what a BTS-in-the-middle can do to Internet traffic of mobile phones. Intercepting and re-routing text messages and voice calls can be done, too. Implementing the detection of fake base stations is now a very good idea. Some specialised phones do this already. Recently an Austrian research team has published work on detecting interception equipment. Unless you use additional security mechanisms you should take a look at these technologies. Doesn’t hurt if you about it any way.
Hacking Wi-Fi got a serious boost by a presentation from Dominic White. The title was Manna from Heaven; Improving the state of wireless rogue AP attacks, and it showed the state of affairs of modern Wi-Fi hardware. Vendors have tried to defend against the attacks of the past. Especially when it comes to stripping SSL things such as the hard-coded root certificates in Google’s web browser make the life of a pen-tester hard. The updated toolbox called mana will help you to deal with modern Wi-Fi clients. Everyone using wireless communication should now about the risks involved. When in doubt, always remember that connecting to a wireless network acts as a strong form of exposure.
Conan Dooley talked about the challenges of running a network infrastructure at a hacker conference. Once you deal with very talented and creative people, then off-the-shelf solutions might not be the way to go. He offered very useful insights into the operation and gave helpful hints for anyone having to deal with a similar challenge. If it works for a hacker con, it will probably do some good for your enterprise network.
Joxean Koret demonstrated how to break the detection of malware by anti-virus. His examples shed light on the quality of the software. A lot of anti-virus products disable the protection mechanisms of the operating system in order to perform tests. This can lead to exposing the system to attack code in the worst case (paradoxically enabling malicious code to exploit the anti-virus software to gain a foothold). Again anti-virus filters aren’t the magical solution to malware entering your network. Joxean did a very good job showing this, and we recommend looking at the examples he gave in his presentation.
Speaking of incidents, you should think about them in advance. Steve Armstrong spoke about beginner’s incident handling mistakes and how to avoid them. Investigating the trails of attackers and throwing them out of your network/hosts is a task that relies on a lot more than technology. Step by step Steve explained the core failures and concepts. In addition he presented a tool called CyberCPR which enables response teams to collaborate and securely exchange information about a case. It’s still in its beta stage, but we suggest to give it a try.
We definitely look forward to attend 44CON next year! See you 8-11 September 2015 in London!