BlackHat Las Vegas 2012

Posted on August 11, 2012 by

2



“The sky above Las Vegas was the color of television, tuned to a dead channel…

Ok it wasn’t. In fact it was bright, beautiful, sunny and hot as sh*t. Neal Stephenson did the keynote at BlackHat this year, so we felt we should sling the obligatory cyberpunk reference into this post….and because I (Ridley) am writing the post, I chose Gibson. The two Stephens that maintain this blog agree on most things, except for Neal Stephenson. I (Ridley) believe he is the “Steven King of SciFi” brute-forcing bestsellers by heap-spraying his verbosity into thousands of pages that were otherwise more interesting left blank (or covered in “0d0d0d0d“). Lawler on the other hand argues:

well his historical stuff is good“…or “…but data havens was a cool idea“.

To which I rebut: “If you want speculative fantasy/history, read Thomas Pynchon or Umberto Eco. Stephenson wrote Snow Crash originally to mock the cyberpunk genre, people forget that.

I’d take “Gravity’s Rainbow” or “Foucaults Pendulum” over “CryptonomiconANY day. Plus Cryptonomicon read like a bit of  a rip of the “Difference Engine” anyway. And Data Havens? Uhm: BRUCE STERLINGIslands on the Net“!? or even as far back as Vannevar Bush!? . Sh*ts been done son! Over 20+ years ago.

So anyway its probably cliched, but for me, Gibson started it all. <rant> Gibson was jam packed with prose and allusion which lead me to the greats like Borges, Kafka, Umberto Eco, and newer stuff like MurakamiGreenfeld, and “House of Leaves”. Neuromancer and the whole Sprawl series, synced right up with my dark late-teen angst and let me ride a wave of literary allusions right into my mid twenties, picking up all kinds of new authors along the way.

Gibson leads you to the greats. Stephenson leads you to…..YuGiOh and Robert Ludlum.</rant>

But I digress…

…in Vegas it was hella sunny, and we here at Beans had grand plans to enjoy the weather. (Maybe rent a convertible and go shoot guns in the desert somewhere?) But unfortunately, the only time we managed to escape the intentionally labyrinthine halls of Caesar’s Palace (during the day) was when we were  visiting the CrowdStrike cabana near the topless pool (We didn’t even know where the cabana was, we just turned on our internal “Boob Dowsers“, closed our eyes, and awoke poolside with drinks in our hands, a fine mist cooling our foreheads, while Aitel pimped Phishme :-).

Why didn’t we have the time to get away? Well, we were busy setting up and delivering our BlackHat Training: “Practical ARM Exploitation”. We have given this training many times privately but CanSecWest 2012 was our first debut of the public version of the course. For BlackHat, however, we were also debuting an accompanying talk for the first time AND attempting to deliver the the ‘condensed’ version of our (normally 5-day) course in two days. Our class was sold out (as it was at CanSec), and it went well. We got good feedback, the most valuable of which was:

Awesome materialAwesome setup. Great hardware lab, more time needed!”. We’d expected this response because we crunched five days into two. (UPDATE: In response to the feedback, we’ve teamed up with Trail of Bits to offer this course publicly for 4 days, in New York at a discount to BlackHat attendees.)

Our talk also went well, we were lucky to get a good slot and open the “Mobile Track”, and we managed to get a little press from it. We were honored to be joined by Georg Wicherski, senior researcher from CrowdStrike who along with Joshua Drake exploited a “1-day” vulnerability in Android 4.0.1 bypassing ASLR thus demonstrating and validating the techniques and methods that we (thinking we had developed independently 🙂 were ranting about in our course and talk. Thanks again for joining us Georg!

After Blackhat, I didn’t get to stay for Defcon (the world’s Silver medal conference for “Smelliest Hacker Con” second only to CCC which takes the gold). Just kidding. We’ve been going to Defcon for a while. Just slightly before “hacking became the new skateboarding“.  In reality, as early Defcon attendees (~Defcon 6), CTF players, and eventually founding members of Kenshoto (Defcon CTF Organizers) we’ve just had our fair share of Defcons. Its tough to muster the energy to enjoy Defcon especially at the end of a very busy BlackHat week.

Nonetheless, I (Ridley) did manage to get there for a few hours to snap some photos and see some friends that couldn’t make it to Blackhat.

The slides from our talk are linked here. And some sample material (like our student lab reference) and slides that showcase some of the research that went into building our course is here. This deck is 17 of 20 from our course and from the “ARM-specific ROP Techniques” unit of our course.

If you haven’t already stumbled upon it from the photos in this post, here is also a fully captioned PhotoJournal of our time at Blackhat 2012 this year.

It was great seeing everyone this year. This was our first BlackHat Vegas talk and training. (Years prior, we didn’t feel we had anything public that was “cool enough” for Blackhat Vegas, so we only did some of the other BlackHats.)  Anyway, we had fun. Hopefully we’ll see you all again next year!

This slideshow requires JavaScript.