Mikko from F-Secure was in my training class.
Some briefings I really liked:
- New Viral Threats of PDF Language
Good overview of the format of PDF files, and the inherent security issues. Good demos (like rewriting the Acrobat reader alert dialog box to mislead the user) and interesting insights (a PDF has a logical and physical structure, changing the physical structure doesn’t change the content of the document: this is polymorphism). The speaker confirmed that his exploits don’t affect Foxit reader. But the slides don’t to this justice, let’s hope they publish more details. And it was fun to see some French military lingo popping up in a BH presentation.
- Intercepting Mobile Phone/GSM Traffic
THC explained how they cracked GSM A5/1 encryption, FPGA style and with 2 TB of rainbow tables. Interesting tidbits: mobile operators don’t provide the strongest available encryption A5/3 (my guess as to why: cost), and the GSM status channel will carry permanent subscriber IDs, although the protocol only foresees temporary IDs.
- Mobile Phone Spying Tools
Tools mainly used by untrusting spouses, but I see potential uses for industrial espionage: sales man leaves company for competition, installs mobile phone spying tool on his corporate mobile phone just before handing it back.
- DTRACE: The Reverse Engineer’s Unexpected Swiss Army Knife
Looks really powerful and flexible, let’s hope someone is brave enough to attempt a Windows port.
And the networking was great, shout-out to Malta Info Security.