Orange County Chapter

Program, February 2009


Monday, February 9, 7-9 pm

Todd has provided a copy of his slides. We also have an audio recording of this presentation.

This month, Todd Jackson will present an overview and demo of the Scapy packet manipulation and construction toolkit. Scapy helps you to build delicious, hand crafted packets, just like the ones your mother used to make. Todd's last presentation was in January 2007 when the topic was automated build management tools.

Todd will touch on the basics of using Scapy in an interactive fashion. He will give an outline of the architecture of the Scapy prodct and the Python classes defined in Scapy. He will descibe the relation of these classes to the network layers that they represent.

Todd will compare the strengths and weaknesses of the Scapy toolkit relative to some other packet generating tools. Finally, he will present a demo of Scapy generating network traffic that will be used to test for a server vulnerability.

Todd is the Senior Systems Engineer at Marshal8e6, where he is responsible for the OS and hardware platforms used in Marshal8e6 Linux-based products.

Back to the UUASC Orange County overview UUASC Program, December 2008

Orange County Chapter

Program, December 2008

Discovering and exploiting 0-day vulnerabilities on Linux

Monday, December 8, 7-9 pm

Kristian has provided a copy of his slides and an archive of his examples. We also have an audio recording of his presentation.

Have you ever wondered how vulnerabilities are found by security researchers? Would you like to understand the process that a researcher goes through once a bug has been identified? At the UUASC OC December meeting, member Kristian Erik Hermansen will help us understand a bit more about these topics.

Kristian will take us on a journey through a few specific vulnerabilities and how he exploited them. One of the bugs is in a simple cross-platform C application with some protection mechanisms in place. The C source code will be provided to the audience for review. After mulling over the possible attack surfaces of this application, he will then walk through some example exploit scenarios. This will cover exactly each step along the way that may trip up the exploiter and how to circumvent each obstacle. This is not going to be a straight buffer overflow attack in a C application. The method of exploitation will be semi-advanced and will not include overwriting of stack/heap pointers.

The second vulnerability will be in a web application. Kristian will walk through how he discovered and exploited the Google cookie stealing issue published in June of 2008. He will give his thoughts on manual testing versus some of the free webapp security tools available for Linux. He will touch on well-known techniques like XSS, CSRF, and SQL injection.

Finally, Kristian will briefly discuss how he discovered and exploited a file format bug via fuzzing and was able to verify that Google's GMail attachment malware scanner was vulnerable to my crafted concoction.

Kristian is an occasional security dude aged 0x1A. He got into "hacking" in his early teen years by messing around with video game cheats. He extended that interest into software cracking on Windows and network security. Things just seemed to balloon out from there. He started work in the Fortune 500 at seventeen years old, right out of high school, and has since worked for IBM, Cisco Systems, EMC, and others. Now he enjoys riding bicycles long distances, hiking, and playing music. He also needs to fill his time outside of work with intellectual stimulation and gets that done by breaking systems. His day job involves playing defense. He says he is not as smart as most of the famous security guys you have heard about from Black Hat and other places, so you can just imagine what his skills indicate about what the people you don't hear about can do via the Internet :-)

Back to the UUASC Orange County overview