the nmrc warez 2005 extravaganza n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The NMRC Warez 2005 Extravaganza PowerPoint Presentation
Download Presentation
The NMRC Warez 2005 Extravaganza

Loading in 2 Seconds...

play fullscreen
1 / 15

The NMRC Warez 2005 Extravaganza - PowerPoint PPT Presentation


  • 364 Views
  • Uploaded on

The NMRC Warez 2005 Extravaganza. DefCon 2005 n omad m obile r esearch c entre. “With just a few keystrokes, cybercriminals around the world can disrupt our economy.” - Ralph Basham, Director of the U.S. Secret Service at RSA 2005.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The NMRC Warez 2005 Extravaganza' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the nmrc warez 2005 extravaganza
The NMRC Warez 2005 Extravaganza

DefCon 2005

nomad mobile research centre

slide2

“With just a few keystrokes, cybercriminals around the world

can disrupt our economy.” - Ralph Basham, Director of the

U.S. Secret Service at RSA 2005.

“With just a few keystrokes, pundits can disrupt our freedoms.”

- Daaih Liuh, NMRC, 2005

“With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005

updated ncrypt
Updated Ncrypt
  • New features and bug fixes
    • Includes Todd MacDermind’s nrm, a drop-in replacement for rm for secure file erasure
    • More features for script integration (the users demanded it!)
nmap tools
Nmap Tools
  • nmap-report
    • Generate a list of IPs from your run of Nmap
  • nmap-diff
    • Diff on 2 days of nmap runs
  • nmap-wrapper
    • Nmap lots of hosts quickly
slide7
SPA
  • SPA is Single Packet Authentication, a single packet that can authenticate a user to a system
  • It is a protocol for allowing a remote user to authenticate securely on a “closed” system (limited or no open services)
  • Uses GPG to sign/encrypt a message to a sniffing server in a single TCP, UDP, or ICMP packet
  • Work across NAT
  • Free
visual representation

TCP, UDP, or ICMP Packet

Encrypted for 0xdeadbeef

Signed with 0x12345678

ID,session keys,

Timestamp,

Command and control info

Visual Representation

Client

0x12345678

Server

0xdeadbeef

sample code layout
Sample Code Layout

spa_client.pl

spad

GPG

spa_client.pl

spa_engine.pl

spa_client.pl

User

Configs

Firewall

State

the scanner http scan pl
The Scanner – http-scan.pl
  • The beauty of a CLI
  • Easy to change XML config file
  • HTTP, some FTP (anon access and writability), some SQL (finds Slammer-vuln boxen)
  • Very fast, will fork off children (default 32) and will only scan systems that have been “identified” (this can be overridden)
  • Very few false positives
  • Free
route detector
Route Detector
  • Detect Multihomed Boxes and Misconfigured Network Devices
  • Scan Large Networks Quickly
  • Client Forges ICMP Echo Request with Signed Payload using Share Key
  • Server Sniffs ICMP, Compares Payload with Expected
slide12
NPC
  • NPC is Nearly Perfect Crypto. Seriously….
  • It includes a utility for creating large one time pads (using the PRNG ISAAC)
  • Fast, simple and quick
  • If you can manage the key exchange, it is nearly the most perfect and unbreakable crypto you can get (one time pads are considered the ultimate crypto)
    • Key management is a bitch, and may render this impractical for modern humans
why npc is so fast and secure
Why NPC Is So Fast and Secure

/* main "crypto" loop */

while(1)

{

guaranteed_memset(iblock, 0, 16);

guaranteed_memset(kblock, 0, 16);

guaranteed_memset(oblock, 0, 16);

isize = fread(iblock, 1, 16, ifp);  Read in a block of plaintext

ksize = fread(kblock, 1, 16, kfp);  Read in a block of the key (remember, key mgmt is hard...)

if(isize <=0)

{

fprintf(stderr,"%s: === Unable to read data: %s\n",PACKAGE,ifile);

exit(-1);

}

if(ksize <=0)

{

fprintf(stderr,"%s: === Unable to read data: %s\n",PACKAGE,kfile);

exit(-1);

}

for(i = 0; i < isize; i++)

oblock[i] = iblock[i] ^ kblock[i];  wicked crypto (XOR! Fast!)

osize = fwrite(oblock,isize,1,ofp);  write out the ciphertext

if(osize <= 0)

{

fprintf(stderr,"%s: === unable to write data: %s\n",PACKAGE,ofile);

exit(-1);

}

if(ofilesize<17) break;

ofilesize -= isize;

}

slide14
Q & A
  • We will spank audience members during the Q & A
  • You must sign our Ass Release Form before you can be spanked
  • You may choose any NMRC member to spank you
  • If you do not choose a particular NMRC hacker to spank you, the NMRC hacker answering the question will spank you while giving the answer
fin biatchez
Thanks to CAU, DC214, Jon Callas for SPA ideas, and the rest of NMRC

Shouts – Mike Rash (fwknop)

Photo session by Duy Nguyen and Amy Lee Muir

Art Manipulation by Weasel

NMRC Fetish Model – Bethany

FIN, Biatchez

Images © 2005 NMRC www.nmrc.org