Abuse of Blind Automation in Security Tools

DEF CON 22

Presented by: Ruben Alejandro (chap0), Eric Davisson (XlogicX)
Date: Friday August 08, 2014
Time: 11:00 - 11:50
Location: Track 3

It is impossibly overwhelming for security personnel to manually analyze all of the data that comes to them in a meaningful way. Intelligent scripting and automation is key. This talk aims to be a humorous reminder of why the word “intelligent” really matters; your security devices might start doing some stupid things when we feed them.

This talk is about abusing signature detection systems and confusing or saturating the tool or analyst. Some technologies you can expect to see trolled are anti-virus, intrusion detection, forensic file carving, PirateEye (yep), grocery store loyalty cards (huh?), and anything we can think of abusing.

Expect to see some new open-source scripts that you can all use. The presenters don't often live in the high-level, so you may see the terminal, some hex and bitwise maths, raw signatures, and demonstrations of these wacky concepts in action. We don't intend to present dry slides on “hacker magic” just to look 1337. We want to show you cool stuff that we are passionate about, stuff we encourage everyone to try themselves, and maybe inspire new ideas (even if they're just pranks...especially).

Eric Davisson

Eric has obtained degrees in computer engineering, business, and criminal justice. He has SANS certifications for GCIH, GCIA and is currently studying for GREM. This isn't so important to Eric, however, this is the type of thing we like seeing in bios. His interest is in the obscure. While having a basic grip on the general XSS, SQLi, Buffer Overflow (OWASP top whatever), he finds obscurity much more interesting; it's true adventure to him. He enjoys all things low level (and would argue all hackers should), this means he has an “amateur” background in embedded/assembly and does some ignorant EE stuff. He also tries to replace every script with a well crafted regular expression. Eric currently resides in Phoenix Arizona. He is active in his local 2600 community. Finally, he has fond memories of DEFCON at Alexis Park. Twitter: @XlogicX

Ruben Alejandro

Ruben Alejandro has professional experience in security along with some of the certifications that come with it. His interests a geared to the offensive side of security; he's made some contributions to metasploit and exploitdb. He is really into the community and doesn't want to bore anyone with anymore InfoSec in this bio, he just looks forward to chatting with everyone at the con and having a good time. Twitter: @_chap0


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats