The Jay Beale talk entitled “Man in the Middling: Everything with the Middler” was a session not to be missed. As usual, most attendees were forced to stand because all of the seats were taken long before the talk actually began. While Beale’s talks are usually packed anyways, the rumblings on the web that he would be releasing the Middler while at ShmooCon definitely upped the ante.

Prior to Beale’s talk, the audience demanded that the Middler be released. Unexpectedly, Beale started tossing out USB sticks with the first released versions. Thankfully, those lucky recipients uploaded the program to the web within a few minutes.

The first part of Beale’s talk focused on shared networks as an attack vector. Whether wired or wireless, most of us use shared networks in some way, shape, or form. While most of us pay close attention to what happens on our home and work networks, it’s sometimes easy to forget that in-between these networks we use additional networks at coffee shops, bookstores, and anywhere else that has a wireless connection.

While it’s a subject that has been nearly beaten to death (hence why Beale didn’t spend too much time on it), Beale did remind his audience that using shared networks opens them up to proxy and DNS attacks, and that it’s DHCP and ARP spoofing attacks that make proxying possible. It is through using these methods that an attacker can tunnel all traffic through his machine fairly easily.

Building on the problems brought about by shared networks, Beale then discussed additional issues caused by sites that use mixed HTTP and HTTPS protocols. For the most part, many popular sites only use HTTPS during user login. After the user is logged in, all traffic is typically transferred in the clear. An attacker can easily grab the session ID to take over the user’s session.

After considering the weaknesses caused by shared networks and mixed HTTP/HTTPS, Beale came up with the simple attack scenario that the Middler is based on. From slide 8 of his talk, the detailed steps include directing a client to the attacker’s host with DNS, DHCP, or ARP spoofing and passing the HTTPS traffic through unmodified. (Note that there are a few exceptions to the HTTPS communication to make this work, as noted in the bullets below).

• Inject Javascript into a clear text response
• Store session keys and send attacker’s own requests in parallel
• Intercept any logout requests
• Replace HTTPS links in any proxied pages with HTTP links

Due to the initial barrage of ShmooBalls, Beale and his team skipped a few sections of his talk and jumped right into presenting the demo of the Middler. While the software is still in its beta phase, most of it works just fine.

As I mentioned before, the program is now available on the web after being uploaded by individuals who received a copy of it at the talk. It is also available on the InGuardians web site.

Overall, Beale’s talk was a very fun and entertaining session. He’s an excellent public speaker and really knows how to play the crowed. Oh, and did I mention that he released the Middler…

Did any of you attend the talk? If so, what did you think of it?

###

Was this post helpful? If so, consider passing it along to a friend or becoming a subscriber of our site. Or, you can always do both—we won’t complain.

Well people, it’s the final day of ShmooCon; for those of you who are still nursing hangovers and information overloads, you have my sympathies.

While none of the talks today will be providing alcohol (at least, not that I’m aware of), they will give you a final chance to cram your brain with some interesting information. As I tweeted about on Thursday, Chris Paget will be giving a talk about passport cloning at 11:00am.

While I’ll most likely be attending the talk by Paget, the “Bring It On” track, “Solve this Cipher and Win!” by Michael Schearer at 11:00am also looks interesting.

And if you’re one of the many professionals who’s wondering about what the economy means for people in the security field, check out the “Closing Plenary: Are Bad Times Good for Security Professionals?” at 1:30pm. With G. Mark Hardy, Bruce Potter, Peter Geura, Mark McGovern, and Jack Holleran as moderators, it promises to end ShmooCon with a bit of a controversial bang.

Well, I guess that’s all for now; check back later today and throughout the week for more ShmooCon summaries and discussions. You can also follow me @grecs to get updates throughout the conference today.

###

Was this post helpful? If so, consider passing it along to a friend or becoming a subscriber of our site. Or, you can always do both—we won’t complain.

In my last post (“Friday Recommendations“), I discussed some of the official and unofficial activities on Friday and summarized a few things that I’m going to focus on. There are some great planned talks as well as the Podcaster’s Meetup, the FireTalks, and a meetup party courtesy of HacDC.

In this post, I’m going to look at Saturday’s activities and give some recommendations.  As I mentioned previously, please be sure to review the full list of activities yourself just in case I’ve missed something that you might be interested in attending. I wouldn’t want to be blamed for you missing the talk of a lifetime due to my silly preferences.

Oh and before I get started, another ShmooCon ad has been released courtesy of the folks over at PSKL. This one is a hilarious Q&A … Matrix-style.

Saturday starts with the traditional “Built It!, Break It!,” and “Bring It On!” tracks. I’ve never been much of a “Bring It On!” type of person, so I’ll probably gravitate more towards the “Build It! and Break It!” tracks like I’ve done in previous years. Although I personally won’t be attending them, there are several topics in the “Bring It On!” track that really peaked my curiosity, and I’d definitely advise taking a closer look at them if the “Bring It On!” track is your type of thing. But now, back to the “Built It! and Break It!” tracks… 

Starting at 10:00am in the “Break It!” track, the “Exploring Novel Ways in Building Botnets” by Enno Rey and Daniel Mende would be my pick due to my fascination with botnets.  In the “Build It!” track, there seems to be a trend with wireless—another fascination of mine. Because of this fascination, I’ll probably head to Michael Ossmann’s and Dominic Spill’s talk on “Building an All-Channel Bluetooth Monitor” at 11:00am. Continuing on the wireless trend, Joshua Abraham’s and Ben Smith’s talk at noon—“Next Generation Wireless Recon – Visualizing the Airwaves”—looks interesting. Visualization seems to be big these days, especially with the amount of information we have to process to determine a true security event. While this talk focuses on a slightly different theme, it may provide some insights into other visualization techniques.

After a quick lunch at Harry’s Pub (if I can get a table), I’ll most likely be heading over to the must-not-miss Jay Beale talk on “Man in the Middling: Everything with the Middler” at 2:00pm. There has been a lot of talk on multiple mailing lists about the release of his tool, The Middler. So as usual, Jay’s session will probably be standing room only.

Continuing on the wireless trend, the “Building Wireless Sensor Hardware and Software” by Travis Goodspeed and Joshua Gourmeau may be a nice fit at 3:00pm. But the “Break It!” track also seems to include another interesting wireless talk called “802.11 ObgYn or ‘Spread Your Spectrum’” by Rick Farina (which will focus on the topic of tuning your wifi card to operate on licensed frequencies), making it a tough choice between the two. In my opinion, the one with the creative name may win out.

For the last two talks of the day, I’ll probably be focusing on the “Break It!” track. Ennoy Rey and Daniel Mende will be having a busy Saturday as they’ll also be presenting “All Your Packets are Belong to Us: Attacking Backbone Technologies” at 4:00pm.

At 5:00pm, David Kennedy’s talk “The Fast-Track Suite: Advanced Penetration Techniques Made Easy” looks fun. Who can pass up a session with pen testing in the name? Plus you get to learn about an interesting tool built into BackTrack 3.

As the main sessions wind down, the evening activities start to get going. Hack or Halo begins at 6:30pm, the Saturday night edition of FireTalks get going at 7:30pm, and the official ShmooCon party starts at 9:00pm. Hack or Halo consists of two challenges; the “Hack” portion involves teams solving a bunch of puzzles (from simple brainteasers to pwning a computer), and the “Halo” competition involves several rounds of people trying to get body counts as high as possible.  The top competitors from each round move forward until a winner is decided.

If Hack or Halo doesn’t interest you, then the FireTalks at 7:30pm provide another after-dinner option. The exact talks don’t look like they’re going to be decided until 7:30pm. Presentations will be determined on a first-come, first-serve basis. So the first four presenters to the person with the clipboard win! I assume the talks will take place around the press room as they did on Friday night.

If you’re not interested in the FireTalks or the Hack or Halo activities, you can check out PaulDotCom’s live podcast at 8:00pm. You can check out the post on his blog for more details, or you can listen in starting 7:45pm on the PaulDotCom UStream Channel or the PaulDotCom Radio on Icecast.  

But wait, there’s more! After Hack or Halo or the FireTalks, the official Saturday night ShmooCon Party will start at 9:00pm. You can also check out the DualCore DJing Party if you’re in the mood for some creative music. At this point, the location for both parties is still TBD, but be sure to keep up with the various Twitter feeds—@shmoocon, @podcastmeetup, @securitytwits, @novainfosec, @grecs—that I previously mentioned for updates.

In my next post, I’ll be discussing Sunday’s activities as well as our sad return to normal life. And if you’ve heard anything on the final location of the ShmooCon party, please let me and everyone else know in the comments below.

###

Was this post helpful? If so, consider passing it along to a friend or becoming a subscriber of our site. Or, you can always do both—we won’t complain.