Tag Archives: defcon

Picking up the glove – DC9723

Every time I get back from the annual DefCon/BlackHat/BSides conferences in Vegas, i usually run into some of the local security folks that managed to make the trip as well, and the plan ride home usually goes like this:”so, this year was pretty cool, huh?”, “yeah, funny how we only get to meet up so far away from home”, “right! Isn’t that a shame that we don’t have any local conferences back in Israel?…”.
You get the idea.
So, after many years of just complaining and saying that we suck, we decided to finally give it a go (we being my colleague Itzik Kotler and myself).
Ergo, DefCon group 9723 (or DC9723 for short).
We have bought the domain, set up a site, and called for the first meeting to be in Tel-Aviv on December 21st. Hope that this will finally bring this disjoint community together and will get us up to par with other communities all around the world.
See you there!

Updated speaking schedule!

As noted before, for some reason beyond my understanding I am going to be speaking at both SOURCE Barcelona and Brucon in September, as well as in Excaliburcon in China (you guys must really like this whole crime meets state thing huh?).

So, down to business, SOURCE Barcelona is going to be awesome – It’s going to be my first SOURCE I’m really looking forward to getting back together with some of my friends (Chris, Wim, Jayson… the old Wuxi pwnage team en-scale), and meet people I wanted to pick their brains in person (Brian Honan – especially because I’ll miss his talk…).

Next up is Brucon. I’ve said enough about Brucon in the last conference schedule update, nevertheless, it’s shaping up to beat it’s last years’ reputation. Expecting great talks, great crowd, and awesome beer! As far as talks I’m looking forward to – will definitely catch up with Joe which I missed at DefCon, Craig who’s Skylab is of a personal/professional interest to me, Dale with the HeadHacking talk, and Fabian’s GSM one. Obviously there are many more, but as I’ve learned over the years – don’t be greedy (especially not at conferences)…

Last but definitely not least, Excaliburcon is going to happen after all! This year the location is going to be just outside of Beijing. We will all miss Wuxi a lot, but I’m really looking forward to checking out more of China. It was a great experience last year and I’m setting up my hopes pretty high for December as the speaker list is getting pretty hot!

The common threat across these three conferences is that unlike the “big ones”, they all allow the attendants a very close interaction with the talks. This really enables more information sharing and knowledge transfer, and I’ve really learned a lot more from smaller conferences such as these than from the big ones that sport a dozen tracks at the same time (think RSA… you are not going there for the content anymore…).

If you happen to be at one of those, feel free to ping me (or even better – buy me a beer 🙂 )!

Upcoming Conference Schedule

I have been fortunate enough to be picked up by several CFP of great conferences, which basically gave me the opportunity to participate at conferences I wanted to go to anyway, as well as to present some of the research in the CyberCrime/CyberWar field.

After BlackHat Europe (see related post), I will be speaking at:

ph-neutral – Basically the real deal… If you are FoFX (Friends of FX) expect to rub shoulders with some of the world’s best security experts

AthCon – A new regional conference in Greece, close to home, sponsored by some great guys from encode, and a very interesting lineup of speakers.

FIRST Conference – If you have ever dealt with incident handling, CSIRT, CERT, and alike, this is the conference to be at. A whole day workshop, and 5 full days packed with great talks in sunny Miami. Can’t go wrong…

BruCON – Brussel’s local security conference. Last year has been EPIC (so I’ve heard from authoritative sources 🙂 ) and this year is shaping up to exceed the expectations!

These are the confirmed ones for now…

Also check out the following conferences which I plan to attend (i.e – are cool and have great content):

DefCon, BlackHat US, BSidesLV – you better know these by now…

ExcaliburCon – THE security conference in China. Held at WuXi (not far from Shanghai), and offers a great mixture of local (Chinese) hackers and international ones. Spoke there last year, if you are looking to expand to the Chinese market this is the conference to be at (and sponsor!).

It’s all about the money

In my recent coverage of CyberCrime and CyberWar, I have neglected my old “friends” at the criminal world and gave them a little less attention (at least on their consumer business). It’s time to take a look back and see what are they up to.

Well – it might seem as non-news for readers of this blog (or people who were in my presentations at BlackHat, DefCon, HackerHalted, ExcaliburCon, BlueHat, or in other venues), but a couple of interesting sound-bytes may catch your eye:

1. ZeuS (good ol’e friend, how I missed debugging thou) has implemented licensing schema. The schema enforces that the licensed software be only used on licensed machines. News? yes, kind’a. Remember Neosploit (another personal pet-peeves)? Then you must remember the licensing scheme there as well. Pretty close to what ZeuS just introduced. And they say that the world has stopped sharing. pffff. And you can quote me on that. As anyone who ever took more than a brief look at how these things operate, the only takeaway possible is simple: It’s all about the money (hence – license enforcement is key. Ask Microsoft 🙂 )

2. Staying with ZeuS, there has been quite a lot of effort in the past few months to take down one of the main autonomous systems providing upstream for some of the biggest C&C’s hosting ZeuS. You can read more about it here, and here. Notable effort indeed, as TORYAK-AS has been on the hit list for ZeuS tracking researchers for a long time. Only thing is – there’s money here again. Which means that even taking down the entire AS won’t really take down the botnet as it relies on bulletproof hosting which means that there will ALWAYS be alternate routes leading to it. That’s how things work. Just like trying to fight trafficking and drug trade. As long as there is demand, there will be supply. You dry out one supplier, the economy will just pop out another one. It’s all about the money.

So, I’ll finish up with a couple of reassuring words. We are not done yet. We like fighting the technical battle (I’ll admit that I had my fun doing so, and still have fun when called to duty), but the real battle won’t be won in that playing field. Remember Al (Capone) – it didn’t take the DEA or FBI to take him down. It was the IRS…

DefCon 17 talk video available!

For your viewing pleasure – if you happened to miss out on DefCon 17 earlier this year, the full video and slides of my talk “Down the Rabbit Hole – uncovering a criminal server” have been uploaded to the DefCon archive page.

The slides and audio are also available in my section on the DefCon17 archives: http://defcon.org/html/links/dc-archives/dc-17-archive.html#Amit

Have fun!