[EN] NDH2011: Bilan
Hi folks!
NDH2011 is over! It was awesome, there were more girls, more people, more talks, new sex toys (have you seen the crazy CTF machines? :)), etc.
The talks
There weren’t that many technical conferences this year, some were refreshing, others almost killed me (especially the one on “Social security”).
I’ve seen the following conferences:
- Hacking android for fun and profit - Damien Cauquil: Too bad they changed the planning and didn’t update the website. I’ve seen only a part of it but it was really good, it went about Android security functionalities, etc, and a demo on a homemade tracking spyware.
- Reinventing Old School Security - Bruno Kerouanto: Wow! Refreshing! Awesome history of hacking stuffs :). Bluebox, démos, Apple II, etc. It would be awesome to have that kind of old school devices at NDH.
- Recherche de vulnérabilités en kernel Windows - Stéfan Le Berr: This one was pretty good actually. Stéfan talked about finding Windows kernel vulnerabilities using a fuzzing tool he created. His tool, “Zero Fuzz” was able to hook syscalls in order to fuzz them in parallel. Anyway, not a bad name for that kind of tools: ring 0 afterall.
I missed most of the “Hacking girls” talk :(. Hope there will be some videos posted somewhere.
This year I gave 2 conferences. One about an ISP and another about exploitation. It was quite an interesting experience.
I was quite stressed at the beginning of the first talk then afterward you get to like being on stage.
Being a speaker is about preparation after all, talking to a public, nothing more nothing less.
In the end, talking to 50 or 1000 people is mostly the same.
Just so you know if you want to do a talk: prepare a backup like a video! Yeah my demo failed :p. I checked and it was metasploit having some kind of dependency problem (netcat did receive my connection afterall ;)). If you are looking for my slides, here they are: Exploitation in a hostile world.
I just hope not being busted for the ISP conference, we do not and did not intend to do any harm. Our goal was to get it fix and nothing less, nothing more.
The CTF
After the conference we were greeted by some lateness for the CTF. We waited over 6 hours just to know that the last 2 teams last in rank in the prequals were disqualified due to technical problems.
Around midnight we were starting to get prepared to start the CTF … which was cancelled. There were some teams (as ours) who did not get any DHCP or any connection at all.
In the end, it even demotivated us to play the public CTF (we did not even have to inject anything in the public WiFi since someone was pawning it …). I’ve just looked a bit into the Crackme, it was about unpacking it using OEP (which was around PUSH OEP | RET) and then reversing the obfuscating function (XOR) to bruteforce the key to find what was the PNG image about. I didn’t do the bruteforce part.
Too bad for the CTF, but well … it happens. Computers are either working or not, we all know that. Best luck next year I hope :).
The rest
There were a lot of interesting workshops. There was lockpicking, console hacking, msf, etc.
For those who could not get one, there were around 120 electronic badges such as those (the black one with the LEDs):
The goal is to decode the messages sent by the LEDs and it can be reprogrammed at will. It is using an Atmel ATtiny2313V-10SU which is a nice little micro-controller with 2KB of memory and running at 10MHz. There is 7 red LEDs (why not 8? It would have been 1 byte), a small battery and a 6 PINs connector to reprogram it. I’m waiting to get my ATTiny programmer before playing with it :).
Conclusion
Well, I really enjoyed it, really awesome that it was at one of Disney convention center! We had more room, more talks, more people, and most of all it was fun.
Thanks folks for feedback (and help, Latzaf, etc) on my exploitation conference,
Thanks to my team mates for the ISP conference :).
Thanks to the organisators (Heurs, Virtualabs, Trance, CrashFr, Olive, and all Sysdream/HZV people :)),
If you are looking for photos, I took some: Night Da Hack 2011 Photos .
See you next year,
m_101