Como muchos ya sabréis Black Hat USA 2014 se celebró la semana pasada, 2-7 agosto, como de costumbre en Las Vegas. Para los que no tuvieran la fortuna de haber asistido a esta conferencia, al menos podréis disfrutar del material que se presentó en las charlas, y que os enlazo a continuación:

• Cybersecurity as Realpolitik geer.blackhat.6viii14.txt
• 48 Dirty Little Secrets Cryptographers Don't Want You To Know
• 802.1x and Beyond!
• A Journey to Protect Points-of-Sale us-14-Valtman-A-Journey-To-Protect-Point-Of-Sale.pdf
• A Practical Attack Against VDI Solutions us-14-Brodie-A-Practical-Attack-Against-VDI-Solutions-WP.pdf
• A Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks Over Millions of Malicious Binaries us-14-Saxe.pdf us-14-Saxe-Tool.zip
• A Survey of Remote Automotive Attack Surfaces
• Abuse of CPE Devices and Recommended Fixes us-14-Spring-Abuse-Of-CPE-Devices-And-Recommended-Fixes-WP.pdf us-14-Spring-Abuse-Of-CPE-Devices-And-Recommended-Fixes.pdf
• Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
• Abusing Performance Optimization Weaknesses to Bypass ASLR
• Android FakeID Vulnerability Walkthrough us-14-Forristal-Android-FakeID-Vulnerability-Walkthrough.pdf
• APT Attribution and DNS Profiling us-14-Li-APT-Attribution-And-DNS-Profiling-WP.pdf us-14-Li-APT-Attribution-And-DNS-Profiling.pdf
• Attacking Mobile Broadband Modems Like a Criminal Would us-14-Lindh-Attacking-Mobile-Broadband-Modems-Like-A-Criminal-Would-WP.pdf us-14-Lindh-Attacking-Mobile-Broadband-Modems-Like-A-Criminal-Would.pdf
• Babar-ians at the Gate: Data Protection at Massive Scale
• Badger - The Networked Security State Estimation Toolkit us-14-Rogers-Badger-The-Networked-Security-State-Estimation-Toolkit.pdf
• BadUSB - On Accessories that Turn Evil
• Bitcoin Transaction Malleability Theory in Practice us-14-Chechik-Bitcoin-Transaction-Malleability-Theory-In-Practice.pdf us-14-Chechik-Malleability-Tool-Tool.zip
• Breaking the Security of Physical Devices
• Bringing Software Defined Radio to the Penetration Testing Community us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community-WP.pdf us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community.pdf
• Building Safe Systems at Scale - Lessons from Six Months at Yahoo
• Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering-WP.pdf us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering.pdf
• Capstone: Next Generation Disassembly Framework
• Catching Malware En Masse: DNS and IP Style us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style-WP.pdf us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style.pdf
• Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol
• CloudBots: Harvesting Crypto Coins Like a Botnet Farmer
• Computrace Backdoor Revisited us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf
• Contemporary Automatic Program Analysis
• Creating a Spider Goat: Using Transactional Memory Support for Security us-14-Muttik-Creating-A-Spider-Goat-Using-Transactional-Memory-Support-For-Securitypdf.pdf
• Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8.1 us-14-Tarakanov-Data-Only-Pwning-Microsoft-Windows-Kernel-Exploitation-Of-Kernel-Pool-Overflows-On-Microsoft-Windows-8.1.pdf
• Defeating the Transparency Feature of DBI us-14-Li-Defeating-The-Transparency-Feature-Of-DBI.pdf
• Digging for IE11 Sandbox Escapes us-14-Forshaw-Digging-For_IE11-Sandbox-Escapes.pdf us-14-Forshaw-Digging-For-IE11-Sandbox-Escapes-Tool.zip
• Dynamic Flash Instrumentation for Fun and Profit
• Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread
• Evasion of High-End IPS Devices in the Age of IPv6 us-14-Atlasis-Evasion-Of-HighEnd-IPS-Devices-In-The-Age-Of-IPv6-WP.pdf us-14-Atlasis-Evasion-Of-HighEnd-IPS-Devices-In-The-Age-Of-IPv6.pdf
• Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
• Exposing Bootkits with BIOS Emulation us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation-WP.pdf us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation.pdf
• Extreme Privilege Escalation on Windows 8/UEFI Systems us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems-WP.pdf us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems.pdf
• Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfacess-WP.pdf us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfaces.pdf us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfaces-Tool.zip
• Fingerprinting Web Application Platforms by Variations in PNG Implementations us-14-Bongard-Fingerprinting-Web-Application-Platforms-By-Variations-In-PNG-Implementations-WP.pdf us-14-Bongard-Fingerprinting-Web-Application-Platforms-By-Variations-In-PNG-Implementations.pdf
• From Attacks to Action - Building a Usable Threat Model to Drive Defensive Choices
• Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware us-14-Kruegel-Full-System-Emulation-Achieving-Successful-Automated-Dynamic-Analysis-Of-Evasive-Malware-WP.pdf us-14-Kruegel-Full-System-Emulation-Achieving-Successful-Automated-Dynamic-Analysis-Of-Evasive-Malware.pdf
• Governments As Malware Authors: The Next Generation us-14-Hypponen-Goverments-As-Malware-Authors.pdf
• GRR: Find All the Badness, Collect All the Things us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things-WP.pdf us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things.pdf
• Hacking the Wireless World with Software Defined Radio - 2.0 us-14-Seeber-Hacking-The-Wireless-World-With-Software-Defined-Radio-2.0.pdf
• How Smartcard Payment Systems Fail us-14-Anderson-How_Smartcard-Payment-Systems-Fail.pdf
• How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on Oauth and API Design in Online Social Networks us-14-Hu-How-To-Leak-A100-Million-Node-Social-Graph-In-Just-One-Week-WP.pdf us-14-Hu-How-To-Leak-A100-Million-Node-Social-Graph-In-Just-One-Week.pdf
• How to Wear Your Password us-14-Jakobsson-How-To-Wear-Your-Password-WP.pdf us-14-Jakobsson-How-To-Wear-Your-Password.pdf
• I Know Your Filtering Policy Better than You Do: External Enumeration and Exploitation of Email and Web Security Solutions us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do-WP.pdf us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do.pdf
• ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop-WP.pdf us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop.pdf
• Internet Scanning - Current State and Lessons Learned us-14-Schloesser-Internet-Scanning-Current-State-And-Lessons-Learned.pdf
• Investigating PowerShell Attacks us-14-Kazanciyan-Investigating-Powershell-Attacks-WP.pdf us-14-Kazanciyan-Investigating-Powershell-Attacks.pdf
• It Just (Net)works: The Truth About iOS 7's Multipeer Connectivity Framework
• Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment
• Leviathan: Command and Control Communications on Planet Earth us-14-Geers-Leviathan-Command-And-Control-Communications-On-Planet-Earth-WP.pdf us-14-Geers-Leviathan-Command-And-Control-Communications-On-Planet-Earth.pdf
• Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies us-14-Balasubramaniyan-Lifecycle-Of-A-Phone-Fraudster-WP.pdf us-14-Balasubramaniyan-Lifecycle-Of-A-Phone-Fraudster.pdf
• Miniaturization us-14-Larsen-Miniturization-WP.pdf us-14-Larsen-Miniturization.pdf
• Mission mPOSsible
• Mobile Device Mismanagement
• MoRE Shadow Walker: The Progression of TLB-Splitting on x86 us-14-Torrey-MoRE-Shadow-Walker-The-Progression-Of-TLB-Splitting-On-x86-WP.pdf us-14-Torrey-MoRE-Shadow-Walker-The-Progression-Of-TLB-Splitting-On-x86.pdf
• Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols-WP.pdf us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols.pdf us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols-Tool.zip
• My Google Glass Sees Your Passwords! us-14-Fu-My-Google-Glass-Sees-Your-Passwords-WP.pdf us-14-Fu-My-Google-Glass-Sees-Your-Passwords.pdf
• Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
• "Nobody is Listening to Your Phone Calls." Really? A Debate and Discussion on the NSA's Activities
• One Packer to Rule Them All: Empirical Identification, Comparison, and Circumvention of Current Antivirus Detection Techniques us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf us-14-Mesbahi-One-Packer-To-Rule-Them-All.pdf
• OpenStack Cloud at Yahoo Scale: How to Avoid Disaster
• Oracle Data Redaction is Broken
• Pivoting in Amazon Clouds us-14-Riancho-Pivoting-In-Amazon-Clouds-WP.pdf us-14-Riancho-Pivoting-In-Amazon-Clouds.pdf us-14-Riancho-Nimbostratus-Target-Tool.zip us-14-Riancho-Nimbostratus-Tool.zip
• Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors us-14-Wojtczuk-Poacher-Turned-Gamekeeper-Lessons_Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf
• Point of Sale System Architecture and Security us-14-Zaichkowsky-Point-Of-Sale System-Architecture-And-Security.pdf
• Prevalent Characteristics in Modern Malware us-14-Branco-Prevalent-Characteristics-In-Modern-Malware.pdf
• Probabilistic Spying on Encrypted Tunnels us-14-Niemczyk-Probabilist-Spying-On-Encrypted-Tunnels.pdf us-14-Niemczyk-Pacumen.tar-Tool.gz
• Protecting Data In-Use from Firmware and Physical Attacks us-14-Weis-Protecting-Data-In-Use-From-Firmware-And-Physical-Attacks-WP.pdf us-14-Weis-Protecting-Data-In-Use-From-Firmware-And-Physical-Attacks.pdf
• Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA? us-14-Rios-Pulling-Back-The-Curtain-On-Airport-Security.pdf
• RAVAGE - Runtime Analysis of Vulnerabilities and Generation of Exploits us-14-Wang-RAVAGE-Runtime-Analysis-Of-Vulnerabilities-And-Generation-Of-Exploits.pdf
• Reflections on Trusting TrustZone us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP.pdf us-14-Rosenberg-Reflections-on-Trusting-TrustZone.pdf
• Researching Android Device Security with the Help of a Droid Army
• Reverse Engineering Flash Memory for Fun and Benefit us-14-Oh-Reverse-Engineering-Flash-Memory-For-Fun-And-Benefit-WP.pdf us-14-Oh-Reverse-Engineering-Flash-Memory-For-Fun-And-Benefit.pdf
• Reverse-Engineering the Supra iBox: Exploitation of a Hardened MSP430-Based Device
• SAP, Credit Cards, and the Bird that Talks Too Much us-14-Arsal-SAP-Credit-Cards-And-The-Bird-That-Talks-Too-Much.pdf
• SATCOM Terminals: Hacking by Air, Sea, and Land us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land-WP.pdf us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land.pdf
• Saving Cyberspace us-14-Healey-Saving-Cyberspace-WP.pdf us-14-Healey-Saving-Cyberspace.pdf
• SecSi Product Development: Techniques for Ensuring Secure Silicon Applied to Open-Source Verilog Projects us-14-FitzPatrick-SecSi-Product-Development-WP.pdf us-14-FitzPatrick-SecSi-Product-Development.pdf
• Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring us-14-Pinto-Secure-Because-Math-A-Deep-Dive-On-Machine-Learning-Based-Monitoring-WP.pdf
• Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs us-14-Wei-Sidewinder-Targeted-Attack-Against-Android-In-The-Golden-Age-Of-Ad-Libs.pdf
• Smart Nest Thermostat: A Smart Spy in Your Home us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home-WP.pdf us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf
• Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications
• Stay Out of the Kitchen: A DLP Security Bake-Off
• SVG: Exploiting Browsers without Image Parsing Bugs
• The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques
• The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP
• The Big Chill: Legal Landmines that Stifle Security Research and How to Disarm Them
• The Devil Does Not Exist - The Role of Deception in Cyber us-14-Mateski-The-Devil-Does-Not-Exist-The-Role-Of-Deception-In-Cyber.pdf
• The Library of Sparta us-14-Raymond-The-Library-Of-Sparta-WP.pdf us-14-Raymond-The-Library-Of-Sparta.pdf
• The New Page of Injections Book: Memcached Injections us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf
• The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends
• The State of Incident Response
• Thinking Outside the Sandbox - Violating Trust Boundaries in Uncommon Ways us-14-Gorenc-Thinking-Outside-The-Sandbox-Violating-Trust-Boundaries-In-Uncommon-Ways-WP.pdf us-14-Gorenc-Thinking-Outside-The-Sandbox-Violating-Trust-Boundaries-In-Uncommon-Ways.pdf
• Threat Intelligence Library - A New Revolutionary Technology to Enhance the SOC Battle Rhythm!
• Time Trial: Racing Towards Practical Timing Attacks us-14-Mayer-Time-Trial-Racing-Towards-Practical-Timing-Attacks-WP.pdf us-14-Mayer-Time-Trial-Racing-Towards-Practical-Timing-Attackss.pdf
• Understanding IMSI Privacy
• Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
• Unveiling the Open Source Visualization Engine for Busy Hackers us-14-Hay-Unveiling-The-Open-Source-Visualization-Engine-For-Busy-Hackers-WP.pdf us-14-Hay-Unveiling-The-Open-Source-Visualization-Engine-For-Busy-Hackers.pdf us-14-Hay-OpenGraphiti-Black-Hat-2014-Release-Tool.zip
• Unwrapping the Truth: Analysis of Mobile Application Wrapping Solutions
• VoIP Wars: Attack of the Cisco Phones us-14-Ozavci-VoIP-Wars-Attack-Of-The-Cisco-Phones.pdf us-14-Ozavci-Viproy-1.9.0-Tool.zip
• What Goes Around Comes Back Around - Exploiting Fundamental Weaknesses in Botnet C&C Panels! us-14-Sood-What-Goes-Around-Comes-Back-Around-Exploiting-Fundamental-Weaknesses-In-Botnet-C&C-Panels-WP.pdf us-14-Sood-What-Goes-Around-Comes-Back-Around-Exploiting-Fundamental-Weaknesses-In-Botnet-C&C-Panels.pdf
• When the Lights Go Out: Hacking Cisco EnergyWise us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise-WP.pdf us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise.pdf us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise-Tool.zip
• Why Control System Cyber-Security Sucks... us-14-Luders-Why-Control-System-Cyber-Security-Sucks.pdf
• Why You Need to Detect More Than PtH us-14-Hathaway-Why-You-Need-To-Detect-More-Than-PtH-WP.pdf us-14-Hathaway-Why-You-Need-To-Detect-More-Than-PtH.pdf
• Windows Kernel Graphics Driver Attack Surface us-14-vanSprundel-Windows-Kernel-Graphics-Driver-Attack-Surface.pdf
• Write Once, Pwn Anywhere

Otro año, otra DEF CON, más música, más hacking, más, más… La DEF CON 22 ya tiene banda sonora, disponible de forma totalmente gratuita como en años anteriores, aunque siempre puedes ponerle precio y así reconocer y agradecer el trabajo a sus autores.

Las pistas están disponibles en Gravitas Recordings. Puedes escuchar las canciones online o bien descargarlas para poder escucharlas en cualquier momento sin tener que estar conectado a internet. Esta la lista de las pistas:

Si no has visto la serie Halt and Catch Fire, deja todo lo que estés haciendo y busca la manera de verla, te aseguro que no te arrepentirás.

Parte del argumento principal está basado en un hecho real, la ingeniería inversa realizada por los chicos de Compaq (Cardif en la serie) para clonar la BIOS del IBM PC (en nuestro libro tenemos todo un capítulo dedicado a esta espectacular historia de la informática), hecho que fue la clave para la situación actual del mercado de ordenadores. Sí,sí, ese es el argumento ... ¿qué más necesitas?

REMath es un repositorio en Github que contiene una gran lista de recursos relacionados con el análisis de código binario o máquina.

Dicha lista es bastante amplia, y contiene desde documentos académicos con lo último en investigaciones en este campo, hasta herramientas bien conocidas. Para que tengas una idea de lo que puedes encontrar en el mismo, os dejo las secciones en las que se divide la lista:

Hemos visto en otras ocasiones desensambladores y ensambladores online que no permiten tanto escribir nuestro código como el subir un fichero binario y obtener el resultado. En este caso la herramienta de la que os hablo, por ahora, sólo nos permite escribir código en hexadecimal (opcodes - códigos de operación), y ésta la convierte a las instrucciones ensamblador a las que dichos códigos corresponden.

La herramienta se llama CEnigma y usa el framework de desensamblado quizás más moderno, Capstone. Gracias a ello, CEnigma es capaz de convertir nuestra entrada a 8 arquitecturas distintas: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & Intel, con distintos modos dependiendo de la arquitectura elegida.

Ya se encuentran disponibles los vídeos de las charlas dadas en la conferencia sobre seguridad informática Hack In Paris 2014.

La lista es la siguiente:

• Breaking through the bottleneck : mobile malware is outbreak spreading like wildfire
• ARM AARCH64 writing exploits for the new arm architecture
• Splinter the rat attack: create your own botnet to exploit the network
• C+11 metaprogramming technics applied to software obduscation
• Digital Energy - BPT
• To sternly look at JavaScript MVC and templating frameworks
• Bitting into the forbidden fruit.Lessons froms trusting JavaScript crypto
• Defeating UEFI/WIN8 secureboot
• KEYNOTE: Around the world in 80 cons!
• Pentesting NoSQL exploitation framework
• Energy fraud and orchestrated blackouts/issues with wireless metering protocols(Wm-Bus)
• Extreme forensics reloaded 2Q/2014
• KEYNOTE: Beyond information ware; hacking the future of security
• Fuzzing reversing and maths
• Plunder,pillage and print

Si te interesaron las charlas de la SyScan+360 de este año 2014, ya las puedes descargar desde su web. No están todas, pero las que están tienen buena pinta (parece que sólo faltan 3).

Esta es la lista de las que están disponibles:

• CloudBots: Harvesting Crypto Coins like a Botnet Farmer
• Hack Your Car and I’ll Drive You Crazy: the Design of Hack-proof CAN-based Automotive System
• Program Analysis and Constraint Solvers 
• Advanced Bootkit Techniques on Android
• Using and Abusing Microsoft’s Fix It Patches
• Browser fuzzing in 2014 - David vs Goliath (a.k.a. learn where to throw your stones)
• Mobile Browsers Security: iOS
• Click and Dagger: Denial and Deception on Android Smartphones
• Breaking Antivirus Software
• F**k you Hacking Team! From Portugal, with Love

x64_dbg es un depurador o debugger para arquitecturas Intel de 32 y 64 bits para sistemas Windows. La interfaz es muy parecida a la del archiconocido OllyDbg, por lo que si estás familiarizado con éste, te resultará muy fácil usar x64_dbg. También provee de varias características que podemos encontrar en IDA Pro, buque insignia en este campo.

En resumidas cuentas, las características que x64_dbg nos ofrece en este momento son: