geekEleet

I think that my life might have been re-purposed.

I can has hacking?

Wow.  I just got back from two days of mayhem at SecTor 2008.  If I said I was impressed, I would be understating my impressions by about 1000x.  Imagine being at the happiest and scariest place on earth, all at the same time.  Impossible?  I think not.  For those of you that are unfamiliar, SecTor 2008 was the 2nd annual Security Education Conference brought to us by Black Arts Illuminated Inc.  They cover everything from physical security (such as lock picking) to electronic security (such as wireless security). 

[more]

Unfortunately I missed the first day which included some very focused training.  I’m actually quite pissed about that since one of the training sessions was delivered by Johnny Long (of Hackers for Charity).  It followed in the footsteps of his book - No-Tech Hacking - which I intend to purchase tonight.  Day two was packed full of great sessions.  In fact, there were three streams of sessions and I often found it difficult to choose which session to attend.

Day two actually started with a keynote from David Black, a Manager with the Cyber Infrastructure Protection Section of the RCMP.  That was a mouthful.  And about as lame as his speech.  He might as well been giving it to 5th graders and his message was clear.  It basically goes like this - the RCMP needs the hacker community to help them because they can’t help themselves.  He seemed all nervous and jittery too.  Do you think that being the lone law officer amongst 400 - 600 criminal minds would freak you out too?  Thankfully that ended before we all drank the Kool-aid and onto the sessions we went.

First I attended “Network Security Stripped: From layered technologies to the bare essentials” given by Jennifer Jabbusch.  This chick knew her stuff.  Every geek’s dream woman - blonde, attractive, turn-on’s include 802.1x IEEE standards.  She dazzled the audience with a fairly technical discussion on network security.  I followed that session up with “Owning the Users with the Middler” by Jay Beale.  This guy was very energetic and easy to listen to.  He explained his open-source exploit tool - the Middler - and how man-in-the-middle attacks work.  It was great seeing how easy it is to hijack someone’s GMail, LinkedIn, or even FaceBook sessions and pretend to be that user. 

The final two sessions that I attended were awful and I am only mentioning them so that you can avoid them in the future.  Christian Heinrich presenting “Googless” and Jamie Gamble & Tom Aratyn presenting “Exploit-Me for Fun and Profit”.  Exploit-Me is another great open-source product, but the presenters were simply awful.  We ended up skipping out early from the last session and visiting the Lock Pick Village hosted by Deviant Ollam.  He basically had a pile of different types of locks and taught you how to compromise all of them.  More on that in the next post.  I also visited Renderman (Brad Haines) at the WiFi Clinic where he loaded BackTrack 3 onto my USB Drive/Attendee Badge.  Super cool and a very nice guy to boot.  He pretty much knows more about WiFi hacking than anyone I have ever met.

The event was sponsored by some of the biggest names in the business like Microsoft TechNet, Telus, BlackBerry, NCI, and Cisco.  That’s just to name a few.  Microsoft kept surprisingly low profile - they were one of the only vendors without a booth.  That doesn’t mean they didn’t deliver the best swag.  It wasn’t a pen, or a copy of some software either…  it was an OPEN BAR!  Beat that other sponsors.  Later, we made our way down to the Bier Market for some late night mingling with the SecTor eleet.  Enter super secret, unofficial, after party.

Read Part 2 of my Sector Adventures