Defcon 14

[hokatichenci]

Theres been a lot of good stuff so far here at Defcon. Thought I would keep the [h] people informed of the latest tricks and traps. First and foremost, the coolest thing I've seen so far at defcon would have to be an advanced NTFS filesystem called FragFS or something like that, basically what it does is stores data in a non-indexed (read: slow) in slack data in the master file table (mft). In a typical system it'll yield like 10-60mb of usable space, which isn't much to hide your porn, but is plenty to hide any nefarious source code or other executables. The guys from lockheed martin that developed it released them as well as a linkable API that gives you full access to read/write/execute permissions just as if you were using the normal windows fs api. Next up would probably be some magstripe craziness from major malfunction (a goon), who basically was able to tear apart a tape player and use a shitty sound card to make a magstripe reader/writer. In short, this guy can duplicate your credit card completely in a heartbeat and in a live format. The live demo where one of the goons donated their credit card (FOR SCIENCE!) was amazing, he on the spot changed the name on the credit card thats stored in the magstripe, and used his own code to play back the new magstripe to one of the magstripe readers, which read it just as he had edited it. All in all, I am once again afraid to put any system on the internet

 

[Stang Man]

wait, are you posting FROM defcon???

 

[hokatichenci]

I am indeed posting from Defcon, thank god for encryption or I'd be pretty screwed Today has been fairly mild so far, theres some really cool binary diff visualization stuff going on, I also checked out a presentation on FreeBSD jails but I don't run any BSD so it didn't make a whole lot of sense beyond that its a tightly knit chroot. I'm looking forward to the set of presentations today.

 

[lozaning]

when is the wifi distence contest?