Course Description


The DEFCON Story

Originally started in 1993, it was a meant to be a party for member of "Platinum Net", a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I'll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can't remember. Why not invite everyone on #hack? Good idea!

Where did the name come from?

The short answer is a combination of places. There as a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn't want any association with a time of year. If you are a Phreak, or just use your phone a lot you'll notes "DEF" is #3 on the phone. If you are into military lingo DEFCON is short for "Defense Condition." Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.

Speakers on DEFCON 15

44 Lines about 22 Things that keep me up at Night

Agent X

What keeps a hacker up at night? What issues and projects keep Agent X from getting a good night's sleep? This turbo-rant will present 22 things that make the night seem long and morning far off. Technology challenges, social challenges. Issues with the hacker scene, issues with the way the world works.

Agent X: Jesse Krembs is co-founder of the Hacker Foundation and former president. He travels widely performing radio survey & installation work, for Fortune 500 companies and municipalities. He's been involved with Defcon since 1998 is now Head Speaker goon. In his spare time he tinkers with tech in his secert lair 893 Studio.


Ofir Arkin CTO Insightix

Network admission control (NAC), network access protection (NAP), network access control (NAC), and many other acronyms refer to a technology which aim to provide with access control verification before (and after) allowing an element to access the network.

Unfortunately due to the lack of standardization, and the diversity of solutions, many (if not must) NAC solutions suffer form a multitude of weaknesses impacting the deployment, implementation and the overall protection they provide.

The presentation examines various NAC solutions from leading vendors, highlight their weaknesses, and demonstrate how they can be bypassed.

The presentation is an updated presentation, which includes new material, and new unpublished methods to bypass NAC solutions.

Ofir Arkin is the CTO of Insightix (, leading the development of the next generation of IT infrastructure discovery, monitoring and network access control systems for enterprise networks. He holds more then 10 years of experience in data security research and management. He had consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors. Ofir is the author of a number of influential papers on information warfare, VoIP security, network discovery and network access control and lectures regularly at security conferences. Ofir is chair of the security research committee of the Voice Over IP Security Alliance (VoIPSA). Ofir is the founder of Sys-Security Group (, a computer security research group.

Remedial Heap Overflows: dlmalloc style


Sometimes even the top dudes need a refresher course. Remedial Heap Overflows is not so much a lesson to the lame, but a refresher for the leet. One day the speaker was approached (in a subway, of course) by a top-notch dude (who has his own posse) and asked how they work. Clearly not even the best of the best always know everything.

Atlas, a disciple of the illustrious Skodo, has a history in programming, systems support, telecom, security, and reverse engineering. His introduction to the hard-core hacking world was through dc13's CTF Qualifiers. atlas won the individual contest in 2005 and lead the winning team "[email protected]" in 2006. atlas has written the WEP-cracking tool bssid-flatten, the @Utility-Belt (toolkit for hacking and exploitation), and his favorite tool, disass.

Injecting RDS-TMC Traffic Information Signals

a.k.a. How to freak out your Satellite Navigation

Andrea Barisani co-Founder and Chief Security Engineer, Inverse Path Ltd.

Daniele Bianco

RDS-TMC is a standard based on RDS (Radio Data System) for communicating over FM radio Traffic Information for Satellite Navigation Systems.

All modern in-car Satellite Navigation systems sold in Europe use RDS-TMC to receive broadcasts containing up to date information about traffic conditions such as queues and accidents and provide detours in case they affect the plotted course.The system is increasingly being used around Europe and North America.

The audience will be introduced to RDS/RDS-TMC concepts and protocols and we'll show how to decode/encode such messages using a standard PC and cheap home-made electronics, with the intent of injecting information in the broadcast RDS-TM stream manipulating the information displayed by the satellite navigator.

We'll discover the obscure (but scary!) messages that can be broadcast (and that are not usually seen over legitimate RDS-TMC traffic), the limits of standard SatNav systems when flooded with unusual messages and the role that RDS-TMC injection / jamming can play in social engineering attempts (hitmen in the audience will love this!).

In order to maximize the presentation we'll also demo the injection...hopefully at low power so that we won't piss off local radio broadcasts.

Andrea Barisani is a system administrator and security consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 16 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. He's currently involved with the Gentoo project managing infrastructure server security being a member of the Gentoo Security and Infrastructure Teams along with distribution development. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester and openssh-lpk projects and he's been involved in the Open Source Security Testing Methodology Manual, becoming a ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.

Daniele Bianco is a system administrator and IT consultant.

He began his professional career as a system administrator during his early years at university.

His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure.

For the time being Daniele is working as a consultant for Italian astrophysics research institutes, involving support for the design, development and the administration of IT infrastructure.

One of his hobbies has always been playing with hardware and recently he has been pointing his attention on in-car wireless and navigation systems. He's the resident Hardware Hacker for international consultancy Inverse Path Ltd.

Daniele holds a Bachelor's degree in physics from University of Trieste.

Bridging the Gap Between Technology and the Law

John Benson "jur1st"

The recent case of Julie Amero has cast a bright spotlight on the difference in understanding between the worlds of technology and the law. We will examine adoption of technology within the legal profession, trial court decisions, as well as legislative and appellate decisions which may be inconsistent with generally accepted security measures.

John Benson is the co-chair of the Kansas City Metropolitan Bar Association Computer Law and Technology Committee, adjunct professor at the Colorado Technical University, and an electronic discovery analyst at a large midwestern law firm. While in law school he excelled in the areas of evidence and trial advocacy, produced papers on the Sony XCP Rootkit and NSA warrantless wiretapping program, and was a general menace to the local network administrators.

A Journalist's Perspective on Security Research

Peter Berghammer (pf0t0n) CEO Copernio: Future Formats

The presentation details the process whereby journalists select, discard, research and ultimately publish security related articles. It outlines the credibility necessary for security researchers to be taken seriously in the presentation of their findings and examines the "blowback" that criminal and kiddie hackers have on the security industry from a journalists perspective. This talk also looks at the current practices of legitimate software companies between secure content (DRM et al), metadata tracking, hardware and software tracking, and the very close parallels between their methods and those of the "hacking" universe.

Peter Berghammer owns a number of companies in the military and consumer electronics market spaces. Additionally he has written monthly articles for the past few years dealing with security, the law, legislation. In 2005 he was named a Fellow at Stanford Law's Center for Internet and Society (researching security items and munitions law). He speaks frequently in international venues on items surrounding security, security breaches, privacy issues and pending legislation. Full bio info at:

Analyzing Intrusions & Intruders

Sean M. Bodmer Savid Technologies, Inc.

Intrusion Analysis has been primarily reserved for network junkies and bit biters. However, due to the advances in network systems automation we now have time to pay more attention to subtle observations left by attackers at the scene of the incident. Century old sciences have enabled criminal investigators the ability attribute attacks to specific individuals or groups.

Sean M. Bodmer is an active developer and deployer of intrusion detection systems. Sean is also an active Honeynet Researcher, specializing in analyzing signatures and behaviors used by the blackhat community regarding patterns, methods, and motives behind attacks. Currently Sean is working on a highly-adaptive sensor network under a joint commercial venture in which global sensors are deployed to generate better understandings of various attack approaches and techniques.

Teaching Hacking at College

Sam Bowne Part-time Instructor, City College of San Francisco, Computer Networking and Information Technology Department

Last semester I taught a new course in "Ethical Hacking and Network Defense" at City College San Francisco. I had legal, ethical, and practical concerns about this class, so I took several precautions to protect the students from one another, and others from them. The course was a success--it was full and popular, and there were no security problems (at least none that I found out about).

We have built hacking into our Computer Networking and Information Technology program. The topic is important and exciting for the students, and reinforces their security knowledge. I encourage other college teachers to do the same.

Sam Bowne: Degrees: B.S. in Physics, Edinboro University of PA; Ph.D. in Physics, University of Illinois, Urbana Champaign Industry Certifications: Microsoft Certified Professional, Microsoft Certified Desktop Support Technician, Network+, Security+, Certified Fiber Optic Technician Sam Bowne has been teaching at CCSF since 2000.

Entropy-based data organization tricks for log and packet capture browsing

Sergey Bratus Department of Computer Science, Institute for Security Technology Studies, Dartmouth College

I will show how entropy, a measure of information content defined by Shannon in 1948, can provide useful ways of organizing and analyzing log data.

In particular, we use entropy and mutual information heuristics to group syslog records and packet captures in such a way as to bring

out anomalies and summarize the overall structure in each particular data set. I will show a modification of Ethereal that is based on these heuristics, and a separate tool for browsing syslogs.

Our data organization heuristics produce decision trees that can be saved and applied to building views of other data sets. Our tools also allow the user to mark records based on relevance, and use this feedback to improve the data views.

Our tools and algorithm descriptions can be found at

Sergey Bratus: For the past five years, my research at Dartmouth's Institute for Security Technology Studies was related to application of information theory and machine learning to log analysis and other security topics. Before that, I worked as a research scientist at BBN Technologies on applications of similar techniques to Natural Language Processing, English text and speech.

Intranet Invasion With Anti-DNS Pinning

David Byrne EchoStar Satellite

Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not. DNS-pinning is a technique web browsers use to prevent a malicious server from hijacking HTTP sessions. Anti-DNS pinning is a newly recognized threat that, while not well understood by most security professionals, is far from theoretical.

This presentation will focus on a live demonstration using anti-DNS pinning techniques to interact with internal servers through a victim web browser, completely bypassing perimeter firewalls. In essence, the victim browser becomes a proxy server for the external attacker. No browser bugs or plug-ins are required to accomplish this, only JavaScript, and untrusted Java applets for more advanced features.

If anyone still thought that perimeter firewalls could protect their intranet servers, this presentation will convince them otherwise.

David Byrne: Specializing in web application security, David Byrne is a seven year veteran of the Information Security industry. He is currently the Security Architect for EchoStar Satellite, owner of Dish Network. David is also the founder and current leader of the Denver chapter of the Open Web Application Security Project (OWASP).

Virtualization: Enough holes to work Vegas

D.J. Capelis University of California, San Diego

Have you tried to firewall a machine from itself? Have you ever tried to protect a machine with a multi-personality disorder? These questions are brought to us by the wonderful technology of virtualization. Though the technology is clearly sexy, security has clearly been an afterthought.

While every product claims isolation, it seems that's only when you don't have an attacker involved. Despite what the press releases say, it's not free to put all your machines on the same hardware. We'll be brushing aside the dust and trying to figure out part of the cost.

D.J. Capelis is a student and researcher at the University of California, San Diego. He does research on processor design, secure systems and dabbles in cryptography. For a "real job" he is an active member of UCSD's Data Security Team teaching computers how to tell when users are being mean. D.J. also maintains the team's virtualized testing and development environment. In his free time, he tends to show up at 2600 meetings and other food-related events where he plays with his OLPC development board and does platform-related work on Blender.

Panel 1: Meet the Fed

Jim Christy DoD

Jerry Dixon DHS

Tim Fowler NCIS

Andy Fried IRS

Barry Gundy NASA

Bob Hopper NW3C

Jon Iadonisi DoD

Mike Jacobs SRA

Tim Koshiba FBI

Bob Lentz DoD

Kevin Manson DHS FLETC

Rich Marshall NSA

Ken Privette Postal IG

Keith Rhodes GAO

Linton Wells NDU

This year we will have so many feds representing their federal agencies that we will have to break it up into two separate panels:

IA Panel: Information Assurance, CERTS, first responder's organizations from agencies including DC3, DHS, SOCOM, NSA, OSD, NDU, and GAO.

LE Panel: and Law Enforcement, Counterintelligence agencies including DC3, FBI, IRS, NCIS, NASA, NWC3, US Postal IG, FLETC, and RCMP.

Each of the agency reps will make an opening statement regarding their agencies role, and then open it up to the audience for questions.

Agencies that will have representatives include: Defense Cyber Crime Center (DC3), FBI, IRS, NCIS, NASA, DHS, National White Collar Crime Center (NWC3), Special Operations Command (SOCOM), NSA, US Postal IG, Office of the Secretary of Defense, National Defense University, Federal Law Enforcement Training Center (FLETC), and the Government Accountability Office (GAO). For the third year in a row, the "Meet the Feds" panel has gone international. We will have a rep from the Royal Canadian Mounted Police.

For years Defcon participants have played "Spot the Fed" For the 2nd year, the feds will play "Spot the Lamer" Come watch the feds burn another lamer.

Jim Christy, FX/DC3

* Dir of Futures Exploration

* Dir the Defense Cyber Crime Institute

* R&D of digital forensic tools and processes

* T&Validation of tools both Hardware & software used in an accredited digital forensics lab

* Dir of Ops for Defense Computer Forensics Lab

* LE/CI Liaison to OSD IA

* DoD Rep to President's Infrastructure Protection Task Force

* US Senate Investigator ­ Perm Sub of Invest

* 11 years Dir of AF OSI Computer Crime Investigations

Jerry Dixon, DHS

As Director of National Cyber Security Division (NCSD) of the Department of Homeland Security, Jerry Dixon leads the national effort to protect America's cyber infrastructure and identify cyber threats. He works collaboratively and facilitates strategic partnerships with stakeholders in the public sector, private industry, and the international arena. Mr. Dixon was appointed Director of the NCSD on January 7, 2006.

Prior to being chosen to lead NCSD, Mr. Dixon served as the Deputy Director of Operations for the U.S. Computer Emergency Readiness Team (US-CERT), where he was responsible for coordinating incident response activities across federal, state, local government agencies, and private sector organizations. Mr. Dixon was instrumental in creating US-CERT, which serves America as the 24x7x365 cyber watch, warning, and incident response center that protects the cyber infrastructure by coordinating defense against and response to cyber attacks. Mr. Dixon led the initial development of US-CERT's capabilities for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities across federal, state, local government agencies, and private sector organizations, making it Homeland Security's primary element of cyber preparedness and response.

Before joining NCSD, Mr. Dixon was the founding director of the Internal Revenue Service's (IRS) Computer Security Incident Response Capability. In this role, Mr. Dixon led their operational cyber security capability for the IRS and developed their ability to detect and respond to protect American taxpayer's private information from security attacks. Mr. Dixon has also served as Director of Information Security for Marriott International, a global private sector company, where he led cyber security planning, security architecture, and security operations.

Tim Fowler, NCIS

Tim is an active duty Marine Special Agent who has worked as a Cyber Agent for the NCIS Cyber Department in Washington, DC, for the last six years. Tim has 19 years of active duty service in the U.S. Marine Corps working in the fields of military police, polygraph, criminal investigations and computer crime investigations and operations. While working as a Cyber Agent for NCIS, Tim specializes in conducting criminal, counterintelligence and counter-terrorism computer crime investigations and operations. Tim also has extensive knowledge and experience conducting media exploitation operations in hostile environments. In 2004, Tim was awarded the Bronze Star with combat Valor device by the Secretary of the Navy for his media exploitation efforts in Iraq.

Barry J. Grundy, NASA

Barry J. Grundy has worked as a Special Agent for the NASA Office of Inspector General (OIG), Computer Crimes Division (CCD) for the past six years. In that time he has been responsible for conducting computer intrusion investigations related to NASA systems. In 2005, SA Grundy received the annual Inspector General's award for his investigative efforts. He currently serves as the Resident Agent in Charge of the Eastern Region of the NASA OIG CCD, responsible for the supervision of criminal investigations related to cyber events at eight NASA Centers. Before working for the NASA OIG, SA Grundy was employed as a Special Agent for the Ohio Attorney General's Office, Health Care Fraud Unit, where he was responsible for the computer seizure and forensic media analysis support for the unit in addition to maintaining a normal health care fraud case load.

Prior to his law enforcement career, Grundy served for six years in the United States Marine Corps. All of his active duty service was spent in Reconnaissance Battalions, eventually as a Recon Team Leader, Scout/Sniper, and Combat Diver.

SA Grundy currently lives in Maryland with his wife, Jo Ann and son, Patrick. Hobbies include motorcycles, computers, and outdoor activities.

Andrew Fried, IRS

Andrew Fried is a Senior Special Agent with the Treasury Inspector General for Tax Administration's System Intrusion and Network Attach Response Team (SINART). His organization is responsible for investigating computer security incidents involving the Internal Revenue Service.

During his 17 year career with Treasury, he is credited with developing his agency's Computer Investigative Specialist (CIS) program, whose members are responsible for analyzing seized computers, as well as the SINART program, whose mission is to investigate computer intrusions and conduct pro-active network penetration testing.

In 1986, while working at the Kennedy Space Center, he developed one of the first suites of software programs specifically designed for analyzing seized computers. His software was distributed, free of charge, to law enforcement agencies throughout the world.

Bob Hopper, NW3C

Mr. Hopper manages NW3C Computer Crimes instructor cadre who provide computer forensics training to state and local Law Enforcement throughout the United States. The Computer Crimes Section offers basic, intermediate and advance training in computer forensics and computer crimes as well as provides technical assistance and research and development for computer forensic examiners.

Mr. Hopper retired with nearly thirty years service with the Arizona Department of Public Safety and thirty seven years in Law Enforcement. Mr. Hopper's Law Enforcement career included assignments in Narcotics, Air Smuggling, White Collar Crime and Organized Crime. Mr. Hopper also developed and managed the Arizona DPS Regional Computer Forensic Lab. This computer forensic lab grew from a two man unit in 1998 to a state of the art computer forensic lab that, in 2005 when he retired, had grown to seven state, local and federal agencies and nearly twenty five computer forensic examiners.

Michael J. Jacobs, SRA International, Inc.

Michael Jacobs joined SRA in October 2002 as a Senior Advisor following his retirement from the Federal Government after 38 years of service. In March 2003 he was appointed Director of SRA's Cyber and National Security Program. Prior to SRA, Mr. Jacobs was the Information Assurance (IA) Director at the National Security Agency (NSA). Under his leadership, NSA began implementing an Information Assurance strategy to protect the Defense Information Infrastructure and as appropriate, the National Information Infrastructure. He was responsible for overseeing the evolution of security products, services, and operations to ensure that the Federal Government's national security information was free-flowing, unobstructed and uncorrupted.

Mr. Jacobs had a long and distinguished career at the National Security Agency where he served in key management positions in both the Intelligence and IA mission areas. He served as the Deputy Associate Director for Operations, Military Support where he was responsible for developing a single, coherent military support strategy for NSA. During his 38 years of NSA service, Jacobs was a leader in Information Systems Security production and control, policy and doctrine and customer relations. He has testified before Congress on defense issues and has spoken widely on topics ranging from IA to cultural diversity. For his vision, dedication, and accomplishments, he has been recognized by the Department of Defense with the Distinguished Civilian Service Medal; by the Director Central Intelligence with the Intelligence Community's Distinguished Service Award; and by NSA with the Exceptional Civilian Service Award. In addition, he has been awarded the National Intelligence Medal of Achievement and was twice awarded the Presidential Rank Award for Meritorious Achievement.

He earned his B.S. degree in Business Administration from King's College and completed the Senior Managers in Government Program at Harvard University's Kennedy School.

Mr. Jacobs resides in College Park, Maryland with his wife Ethel and their five children. From 1997 through 2001 he served as the City's elected Mayor following fourteen years as an elected member of the City Council.

Timothy Kosiba, FBI

Timothy Kosiba has been a Forensic Examiner with the FBI CART Program for 12 years, and managing the CART-BWI Laboratory in Linthicum, Maryland for the last 6 years. Mr. Kosiba has a B.S. in Management Information Systems from the University of Baltimore, and M.S. in Forensic Science from George Washington University. Currently, he is also the Program Manager for the Forensic Networks Program within CART, and is responsible for managing the deployment of 25 Storage Area Networks around the country, for use in examining and reviewing digital evidence. Mr. Kosiba is also a Certified ASCLD/LAB Inspector in the discipline of Digital Forensics.

Robert F. Lentz, OSD

Mr. Lentz is the Director for Information Assurance (IA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer. He is the Chief Information Assurance Officer (CIAO) for the Department of Defense (DoD) and oversees the Defense-wide IA Program, which plans, monitors, coordinates, and integrates IA activities across DoD. Mr. Lentz is also the Chairman of the National Space INFOSEC Steering Council (NSISC), a member of the Presidential Sub-Committee on National Security Systems (CNSS), the Manager of the DoD IA Steering Council, and the IA Domain Owner of the Global Information Grid Enterprise Information Management Mission Area. In his capacity of IA Domain Owner, Mr. Lentz is a member of the DoD CIO Executive Council. He also reports to the Deputy Undersecretary for Security and Counter-Intelligence and is a member of the Information Operations (IO) Steering Council. Mr. Lentz represents DoD on several private sector boards, including the Center for Internet Security (CIS) Strategic Advisory Council, the Common Vulnerabilities & Exposures (CVE) Senior Advisory Council, and the Federal Electronic Commerce Coalition (FECC).

Mr. Lentz has over 26 years of experience with the National Security Agency (NSA) in the areas of financial management and technical program management. He has served as Chief of the Space and Networks IA Office, Chief Financial Officer of the NSA IA Directorate, Executive Assistant to the NSA SIGINT Collections and Operations Group and Field Chief of the Finksburg National Public Key Infrastructure / Key Management Infrastructure Operations Center. He has also served on several strategic planning and acquisition reform panels. Mr. Lentz has received the NSA Resource Manager of the Year Award, the Defense Meritorious Service Award, the 2003 Presidential Rank Award and the 2004 ≥Federal 100≤ award. In 2004, Mr. Lentz also received the highest-level honorary award the Department can bestow on a civilian employee, the prestigious Secretary of Defense Distinguished Civilian Service Award. Mr. Lentz is a graduate of the National Senior Cryptologic Course at the National Cryptologic School, Federal Executive Institute (FEI) and the Resource Management Course at the Naval Postgraduate School. He earned a Bachelor of Science Degree with a double major in History and Political Science from Saint Mary's College of Maryland and a Masters Degree in National Security Strategy from the National War College. While attending the National War College in 1999, Mr. Lentz's primary focus was on Homeland Security.

Richard Marshall, NSA

Mr. Richard H. L. Marshall is the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA). NSA's Legislative Affairs Office is the Agency's point of contact for all NSA matters concerning Congress and is committed to maintaining a relationship with Congress built on trust, candor, completeness, correctness, consistency, and corporateness. Mr. Marshall has been instrumental in framing critical appreciation by key Senators and Representatives on Information Assurance and its impact on helping to protect the nation's critical infrastructures. As an additional duty, Mr. Marshall also represents NSA in the National Centers of Academic Excellence in Information Assurance Program in Boston, Massachusetts and the Detroit, Michigan areas where he led the effort to establish an International Consortium on Information Assurance.

Mr. Marshall was selected by Dick Clarke, the Cyber Advisor to the President to serve as the Principal Deputy Director, Critical Infrastructure Assurance Office (CIAO), Bureau of Industry and Security, Department of Commerce where he led a team of 40 dedicated professionals in coordinating and implementing the Administration's National Security for Critical Infrastructure Protection initiative to address potential threats to the nation's critical infrastructures. He persuasively articulated the business case for enhancing information assurance in government and private sectors, and championed national outreach and awareness of information assurance issues to key stakeholders such as owners and operators of critical infrastructures, opinion influencers, business leaders, and government officials.

Before being nominated by the DIRNSA and approved by the SECDEF to serve in an Executive Development assignment to help lead the CIAO, Mr. Marshall served with distinction as the Associate General Counsel for Information Systems Security/Information Assurance, Office of the General Counsel, National Security Agency for over eight years. In that capacity, Mr. Marshall provided advice and counsel on national security telecommunications and technology transfer policies and programs, the National Information Assurance Partnership, the Common Criteria Mutual Recognition Arrangement, legislative initiatives and international law. Mr. Marshall was the legal architect for the Joint Chiefs of Staff directed exercise ≥Eligible Receiver 97≤ that spotlighted many of the cyber-vulnerabilities of our nation's critical infrastructures and helped bring focus on this issue at the national leadership level.

Mr. Marshall graduated from The Citadel with a B.A. in Political Science; Creighton University School of Law with a J.D. in Jurisprudence; Georgetown School of Law with an LL.M. in International and Comparative Law; was a Fellow at the National Security Law Institute, University of Virginia School of Law in National Security Law; attended the Harvard School of Law Summer Program for Lawyers; the Georgetown University Government Affairs Institute on Advanced Legislative Strategies and participated in the Information Society Project at Yale Law School and in the Privacy, Security and Technology in the 21st Century program at Georgetown University School of Law.

Ken Privette, USPS

Ken works as the Special Agent in Charge of the Computer Crimes Unit (CCU) at the United States Postal Service Office of Inspector General. His Unit conducts computer crime investigations and provides computer forensics support to a force of over 650 agents who conduct fraud and internal crime investigations for the U. S. Postal Service. Over the past two years Ken's team has doubled in size, now managing a computer forensics workload of more than 900 requests per year.

Ken spent much of his professional life as a Special Agent with the Naval Criminal Investigative Service both overseas and state-side where he conducted investigations involving computer crime, terrorism, and counterintelligence matters.

Keith Rhodes, GSA

Keith Rhodes is currently the Chief Technologist of the U. S. Government Accountability Office and Director of the Center for Technology & Engineering. He provides assistance throughout the Legislative Branch on computer and telecommunications issues and leads reviews requiring significant technical expertise. He has been the senior advisor on a range of assignments covering continuity of government & operations, export control, computer security & privacy, e-commerce & e-government, voting systems, and various unconventional weapons systems. He has served as a Commissioner on the Independent Review of the National Imagery and Mapping Agency. Before joining GAO, he was a supervisory scientist at the Lawrence Livermore National Laboratory. His other work experience includes computer and telecommunications projects at Northrop Corporation and Ohio State.

Linton Wells II, Principal Deputy Assistant Secretary of Defense, Networks and Information Integration

Dr. Linton Wells II serves as the Principal Deputy Assistant Secretary of Defense (Networks and Information Integration). He resumed these duties on November 14, 2005 after serving as the Acting Assistant Secretary and DoD Chief Information Officer from March 8, 2004. He became the Principal Deputy Assistant Secretary of Defense (Command, Control, Communications and Intelligence) on August 20, 1998 which became Networks and Information Integration in 2003. Prior to this assignment, he had served in the Office of the Under Secretary of Defense (Policy) from 1991 to 1998, most recently as the Deputy Under Secretary of Defense (Policy Support).

In twenty-six years of naval service, Dr. Wells served in a variety of surface ships, including command of a destroyer squadron and guided missile destroyer. In addition, he acquired a wide range of experience in operations analysis; Pacific, Indian Ocean and Middle East affairs; C3I; and special access program oversight.

Dr. Wells was born in Luanda, Angola, in 1946. He was graduated from the United States Naval Academy in 1967 and holds a Bachelor of Science degree in physics and oceanography. He attended graduate school at The Johns Hopkins University, receiving a Master of Science in Engineering degree in mathematical sciences and a PhD in international relations. He is also a 1983 graduate of the Japanese National Institute for Defense Studies in Tokyo, the first U.S. naval officer to attend there.

Dr. Wells has written widely on security studies in English and Japanese journals. He co-authored Japanese Cruisers of the Pacific War, which was published in 1997. His hobbies include history, the relationship between policy and technology, scuba diving, and flying.

Panel 2: Meet the VCs

Paul Proctor, Moderator VP, Gartner

Patrick Chung Partner, NEA

Maria Cirino Co-Founder and Managing Director, .406 Ventures

Mark McGovern Tech Lead, In-Q-Tel

Dov Yoran Partner, Security Growth Partners

2007 held numerous watershed events for the security industry. Innovation is needed and the money is there. Come to this session and meet the VCs actively investing in security, web, and mobile applications. Learn how VCs see the future, what they are looking for, and how best to utilize them to further your innovations. This session will conclude with a announcement about the Black Hat/DEFCON Open, a business plan competition focused on innovations in security; winners will be announced at Black Hat 2008 and DEFCON XVI.

Patrick Chung, Partner, NEA

Patrick joined NEA as an Associate in 2004 and became Partner in 2007. Patrick focuses on venture growth equity, consumer, Internet, and mobile investments. He is a director of Loopt and Realtime Worlds, and is actively involved with 23andMe, Xoom and the firm's venture growth activities. Prior to joining NEA, Patrick helped to grow ZEFER, an Internet services firm (acquired by NEC) to more than $100 million in annual revenues and more than 700 people across six global offices. The company attracted over $100 million in venture capital financing. Prior to ZEFER, Patrick was with McKinsey & Company, where he specialized in hardware, software, and services companies. Patrick received a joint JD-MBA degree from Harvard Law School and Harvard Business School, where he was the only candidate in his year to earn honors at both. He also served as an Editor of the Harvard Law Review. Patrick was one of only nine Canadian citizens to be elected a Commonwealth Scholar to study at Oxford University, where he earned a Master of Science degree and won both class prizes for Best Dissertation and Best Overall Performance. Patrick earned his A.B. degree at Harvard University in Environmental Science. He is a member of the New York and Massachusetts bars.

Maria Cirino, Co-Founder and Managing Director, .406 Ventures

Maria is co-founder and managing director of .406 Ventures, a new VC Firm focused on early stage investments in information security, IT, and technology driven services. She currently serves as an active investor, director and/or chairman in four venture-backed companies including Veracode, Memento, NameMedia and Bit9. Maria brings 21 years of entrepreneurial, operating and senior management experience in venture-backed technology companies. Most recently, she served as an SVP of VeriSign following its 2005 $142 million acquisition of Guardent -- a Sequoia, Charles River and NEA backed IT security company that she co-founded and led as CEO and Chairman. In this role, Maria received several industry honors and awards, including "Ernst & Young Entrepreneur of the Year in 2003." Prior to Guardent, Maria was Senior Vice President responsible for sales and marketing at i-Cube, an IT services company, Which was acquired in 1999 by Razorfish for $1.8 billion. Prior to Razorfish, she was responsible for North American sales at Shiva, the category creating remote access company from 1993 to 1997 and prior to Shiva Cirino held various management positions at Lotus Development Corporation.

Paul Proctor, Vice President, Security and Risk Practice, Gartner Research

Mr. Proctor has been involved in information security since 1985. He was founder and CTO of two security technology companies and developed both first- and second-generation, host-based intrusion-detection technologies. Mr. Proctor is a recognized expert in the field of information security and associated regulatory compliance issues surrounding the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, and the Gramm-Leach-Bliley Act (GLBA). He has authored two Prentice Hall books and many white papers and articles. Mr. Proctor is an accomplished public speaker and was recognized for his expertise by being appointed to the original Telecommunications Infrastructure Protection working group used by Congress to understand critical infrastructure protection issues prior to the terrorist attack of Sept. 11. Previously, he worked for SAIC, Centrax, CyberSafe, Network Flight Recorder and Practical Security.

Mark McGovern, Tech Lead, In-Q-Tel

Mark McGovern leads the communications and infrastructure practice for In-Q-Tel, the strategic investment firm that supports the U.S. Intelligence Community. He has extensive experience developing, securing and deploying data systems. Prior to joining In-Q-Tel, Mr. McGovern was Director of Technology for Cigital Inc. He led Cigital's software security group and supported a Fortune 100 clientele that included Microsoft, MasterCard International, CitiBank, Symantec, CheckFree, the UK National Lottery and the Federal Reserve Banks of Richmond, New York and Boston. Earlier in his career, Mr. McGovern worked for the Central Intelligence Agency. Mr. McGovern holds a B.S. in Electrical Engineering from Worcester Polytechnic Institute and an M.S. in Systems Engineering from Virginia Polytechnic Institute.

Dov Yoran, Partner, Security Growth Partners

Dov Yoran is a Partner at Security Growth Partners (SGP). Prior to joining SGP, Mr. Yoran was Vice President for Strategic Alliances at Solutionary, Inc. a leading Managed Security Services Provider. He was responsible for all partnerships, global channel revenue and marketing efforts.

Previously, at Symantec Corporation, Mr. Yoran managed the Services Partner Program, having global responsibility for creating, launching and managing the partner re-seller program. This program generated over 50% of Symantec Services revenue, with a partner base expanding across six continents.

Mr. Yoran came to Symantec as part of the Riptech, Inc. acquisition, in a $145 Million transaction that ranked in the top 2% of all technology mergers in 2002. Riptech was the leading managed security services firm that monitored and protected its client base on a 24x7 basis. At Riptech, he spearheaded the channel strategy, marketing and sales operations, growing the reseller program to over 50% of the company's revenue.

Prior to that, Mr. Yoran has worked in several technology start-ups as well as Accenture (formerly Anderson Consulting) where he focused on technology and strategy engagements in the Financial Services Industry.

Mr. Yoran has also written and lectured on several Information Security topics. He holds a Masters of Science in Engineering Management and Systems Engineering with a concentration in Information Security Management from the George Washington University and is a cum laude Bachelor of Science in Chemistry graduate from Tufts University.

Computer and Internet Security Law - A Year in Review 2006 - 2007

Robert W. Clark Counsel, Dept of Navy Office of General Counsel

This presentation reviews the important prosecutions, precedents and legal opinions of the last year that affect internet and computer security. We will discuss the differences between legal decisions from criminal cases and civil lawsuits and what that means to the security professional. Additionally, we look at topics such as: email retention and discovery; active response; use of CFAA as non-competition methods; identity theft and notification issues; legal aspects of emerging technologies; lawsuits involving IT corporations (Google, Yahoo, Apple, Microsoft); and of course, the NSA surveillance litigation. As always, this presentation is strongly audience driven and it quickly becomes an open forum for questions and debate.

Mr. Robert Clark is the principal point of contact in the Department of the Navy Secretariat and the Office of the General Counsel for legal issues regarding information management/information technology. As such he is responsible for advising on critical infrastructure protection; information assurance; FISMA; privacy; electronic government; identity management; spectrum management; records management; information collection; Open Source Software; and, infrastructure protection program both physical and cyber assets. Prior to this position Mr. Clark was the legal advisor on computer network operations to the Army Computer Emergency Response Team. Both these positions require coordination and consulting with the DoD Office of General Counsel, NSA, and DoJ Computer Crime and Intellectual Property Section. He is a previous Black Hat lecturer and lectures at Def Con, the Army's Intelligence Law Conference and the DoD's Cybercrimes Conference.

Satellite Imagery Analysis

Greg Conti Lieutenant Colonel, United States Military Academy

Satellite imagery was once restricted to organizations like CTU, but now it is freely available to us all via powerful free online tools and commercial services. In this talk we will look at commercial collection platforms and capabilities, orbital mechanics and a variety of imagery analysis techniques. We will analyze examples from interesting places around the world and explore issues surrounding the future of satellite surveillance.

Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. His research includes security data visualization and web-based information disclosure. He is the author of Security Data Visualization by No Starch Press. His work can be found at

Securing Linux Applications With AppArmor

Crispin Cowan Director of Software Engineering, SUSE/Novell

The core of the security problem is that most software contains latent bugs, and many of these bug can be exploited by attackers to cause the software to do something undesirable to the victim's computer. To block this threat, one can either use only perfect software (of which there is a shortage :) or use a security system to control what software may and may not do. The problem is that such systems are historically very difficult to use.

AppArmor is an application security system that directly attacks the ease of use problem, making it possible for widespread adoption by developers, system administrators, and users. AppArmor provides for security profiles (policies) that specify the the files that a given program may read, write, and execute, and provides tools to quickly and automatically generate these profiles.

This presentation will briefly introduce the AppArmor system, and then spend much of the time showing how to best use AppArmor to confine applications and protect systems. AppArmor is pure GPL software, and is available for SUSE, Slackware, Ubuntu, Gentoo, and Red Hat Linux.

Crispin Cowan has been in the computer business for 25 years, and security for 10 years. He was the CTO and founder of Immunix, Inc., acquired by Novell in 2005. Dr. Cowan is now the Security Architect for SUSE Linux, and applications that Novell offers for Linux. Dr. Cowan developed several host security technologies under DARPA funding, including prominent technologies like the StackGuard compiler defense against buffer overflows, and the LSM (Linux Security Modules) interface in Linux 2.6. Dr. Cowan also co-invented the "time-to-patch" method of assessing when it is safe to apply a security patch. Prior to founding Immunix, he was a professor with the Oregon Graduate Institute. He is the program co-chair for the 2007 and 2008 Network and Distributed System Security conferences. He holds a Ph.D. from the University of Western Ontario and a Masters of Mathematics from the University of Waterloo.

LAN Protocol Attacks Part 1 - Arp Reloaded

Jesse "x30n" D'Aguanno Praetorian Global & Digital Revelation

Ever wanted to hijack a connection between machines on a LAN, deny service between a host you're attacking and a log server or intrusion detection system, or maybe wanted to sniff traffic on a switched network? Now you can! Er, wait... You already could with the ARP attacks we all know and love.

While these network attacks are quite effective, they do have their weaknesses, as well as security controls to help prevent them. In this talk I will build on the previous research in this field and introduce new, more reliable attacks against the ARP protocol which are much less identifiable and able to protect against.

Jesse "x30n" D'Aguanno is a security researcher and software engineer who has been involved in the security industry and "underground" for over 10 years. As a software engineer he has contributed to numerous opensource and commercial projects. As a researcher, he has written and published many papers and proof of concept tools. His current research interests are primarily focused on binary reverse engineering, anti-forensics, exploit development and network attack. He is a frequent presenter at different industry conferences and events. By day he works as the Director of Professional Services and Research for Praetorian Global, a security services company in California. In his "spare" time, he is the team captain for Digital Revelation, a security think tank most known as the two time winners (And almost annual participants) of Defcon CTF.


The Dark Tangent

Dark Tangent never speaks at DEF CON because he thinks it is cheating.. but not for the 15th anniversary! Come listen to a behind the scenes account of what really happened during the "Cisco/ISS Gate" fiasco from 2005. Throughout the talk the audience will be asked what they would have done at key points and then learn what I chose to do. A cautionary and comical tale of what happens when communication breaks down.

The Dark Tangent started DEF CON 15 years ago when his $2,000 1gig hard drive let the smoke out, eating his world known BBS system A Dark Tangent System, and forcing him to come up with new ways to be involved in the underground scene. He is constantly amazed that something that was his hobby and a passion early on in life has turned into a career and a lifestyle.

Hacking Social Lives:

Rick Deacon IT Specialist

This presentation will discuss how to hack using web application hacking methods implementing minimal tools outside of the internet, a text editor, and a cookie editor. How to find exploits will be discussed, as well as what to do with the exploits. Multiple exploits will be revealed and broken down. MySpace XSS filter evasion will be discussed. Session hijacking using cookies provided from MySpace will be proven and shown using patched exploits.

The live demonstration (with audience participation) will be using a 0-Day MySpace exploit! The methodology and practices used in the presentation will always be relevant to MySpace as well as many other sites containing Cross Site Scripting holes. MySpace is filled with hundreds of unattended and undiscovered Cross Site Scripting exploits. Discussion on how to prevent these attacks and secure sites using web applications will also be touched upon. Also, tips on how to mess with your friends :) . Questions and volunteers are encouraged!

Now everyone can have a crack at their friend's MySpace! Just don't ruin anyone's precious social life.

Rick Deacon is a full-time IT Specialist at an established CPA firm in Cleveland, Ohio. Rick is also a part-time student working to achieve a Bachelor's degree in Networking through the University of Akron. Rick has been involved in multiple web application attacks that have been reported and fixed. Rick has been involved in information systems security for a few years and continues to discover and learn in order pursue a career involving such.

Picking up the Zero Day; An Everyones Guide to Unexpected Disclosures

Dead Addict

Security researchers around the world have been SLAPPed (strategic lawsuits against public participation) across the face by vulnerable software vendors. Bogus legal threats intended to intimidate and prevent public exposure of vulnerabilities are becoming increasingly common. If the software industry succeeds at silencing these researchers the public, governments, global industries, and end user customers are ill served and increasingly vulnerable. Successful silencing of research does not stop it, this merely drives it into private and underground economies.

While private commercial exploit economies are being launched, and underground exploit economies are flourishing, the independent researchers (including small security shops) are increasingly the source of open and honest security information. Corporate security researchers often have contractual relationships with vendors preventing the public disclosure of critical security vulnerabilities.

It is in this context that vulnerable software vendors attempt (often successfully) to silence hackers through bogus legal threats.

While the debate regarding appropriate disclosure protocols is interesting (although seemingly unending), I'm not going to talk about it. This isn't about designing a disclosure utopia, but how to deal with disclosure as it stands today.

Confrontational approaches serve no one (except perhaps aggressive attorneys increasing their billable hours), and legal threats are demonstrably counterproductive.

I'm going to tell everyone what to do: vendors, customers, hackers, and the press. I'll tell vendors how to handle any disclosure with integrity and their best interests in mind; an admittedly tricky task. I'll remind customers that they have the choice in the products they purchase, and it may be wise to reward those that address security issues responsibly. I'll then give some friendly advice to hackers (no legal advice will be given). Finally I'll address the role of the press and how their reporting can ensure the public interest is served.

If everyone starts playing nicely together, we'll all be better off.

Dead Addict helped found DEFCON 14 years ago. He has been DEFCON staff since then, has spoken at 7 DEFCONs, the Black Hat Briefings, Rubicon, as well as invitational security conferences. Professionally his employers have included a dominant operating system manufacturer, a respected computer security think tank, an internationally recognized financial infrastructure company, a popular telecommunications hardware and infrastructure company, as well as other smaller security and software firms. He lives in a strange foreign land with a beautiful intelligent creative mischievous DEFCON speaker as well as two affectionate rats. His credentials do not ensure the value of his words; analyze and determine their usefulness for yourself.

Revolutionizing the Field of Grey-box Attack

Surface Testing with Evolutionary Fuzzing

Jared DeMott Vulnerability Researcher

Dr. Richard Enbody Associate Professor, Michigan State University

Dr. Bill Punch Associate Professor, Michigan State University

Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing is more effective at finding bugs than RFC compliant or capture-replay mutation black-box tools. This research is focused on building a better/new breed of fuzzer. The impact of which is the discovery of difficult to find bugs in real world applications which are accessible (not theoretical).

We have successfully combined an evolutionary approach with a debugged target to get real-time grey-box code coverage (CC) fitness data. We build upon existing test tool General Purpose Fuzzer (GPF) [8], and existing reverse engineering and debugging framework PaiMei [10] to accomplish this. We call our new tool the Evolutionary Fuzzing System (EFS).

We have shown that it is possible for our system to learn the targets language (protocol) as target communication sessions become more fit over time. We have also shown that this technique works to find bugs in a real world application. Initial results are promising though further testing is still underway.

This talk will explain EFS, describing its unique features, and present preliminary results for one test case. We will also discuss future research efforts.

Jared DeMott is a vulnerability researcher, with a passion for hunting down and exploiting bugs in software. Mr. DeMott is the president of and is pursuing a PhD from Michigan State University, with dissertation work to be done on fuzzing. Mr. DeMott is a past DEFCON speaker.

Unraveling SCADA Protocols: Using Sulley Fuzzer

Ganesh Devarajan Security Researcher Tipping Point Inc.

Firstly, I will be covering the basics of SCADA networks and give a general overview of the SCADA protocols namely Modbus, DNP3, ICCP and IEC standards. North America mainly uses Modbus, DNP3 and to an extent ICCP, the European countries use the IEC standards. After the basics I will be getting into the finer details of the protocols as to what function code, internal indication flags does what and how that can be used to attack or take down the SCADA system. I shall as well discuss and demonstrate the current level of security implementation that these sites have.

After enumerating all those I will talk about the SCADA Fuzzer and the framework that has been worked on and how that can be used to determine the flaws in the implementation of various software. This tool can be used to assess the software out there by various vendors and a brief analysis of some of the software out there will be shown. Even though some of the attacks can be detected by the inline devices today, they are more prone to false positives.

I am using the Sulley Framework to fuzz the various protocol implementations. I basically use Sulley to fuzz all the header fields of the various protocols. Sulley is equipped with some of the protocol specific CRC generators (CRC-DNP) apart from the regular ones. I have as well generated various test cases to fuzz the data sections of the protocols, unlike most other fuzzers.

Once the test cases are developed, the tool will be used to determine the vulnerabilities in various implementations and these vulnerabilities will be presented in Defcon. A case study of the various software implementations will as well be presented showing where they are normally vulnerable.

Ganesh Devarajan Ganesh Devarajan currently works as a Security Researcher for TippingPoint Inc., a division of 3Com. currently he focuses on SCADA Securities and other Application based securities. Prior to this, he worked as a Security Researcher for the CASE Research Center Syracuse , NY.

4 ratings


Displaying 1 comment:

Cheediash wrote 10 years ago.
Hi Everyone! Just wanted to drop in to say hi and also to
introduce myself here! The Boards look very interesting and
i cant wait to become a member of the community!

  Post comment as a guest user.
Click to login or register:
Your name:
Your email:
(will not appear)
Your comment:
(max. 1000 characters)
Are you human? (Sorry)
CosmoLearning is promoting these materials solely for nonprofit educational purposes, and to recognize contributions made by DEFCON (DEFCON) to online education. We do not host or upload any copyrighted materials, including videos hosted on video websites like YouTube*, unless with explicit permission from the author(s). All intellectual property rights are reserved to DEFCON and involved parties. CosmoLearning is not endorsed by DEFCON, and we are not affiliated with them, unless otherwise specified. Any questions, claims or concerns regarding this content should be directed to their creator(s).

*If any embedded videos constitute copyright infringement, we strictly recommend contacting the website hosts directly to have such videos taken down. In such an event, these videos will no longer be playable on CosmoLearning or other websites.