DEF CON に参加できることになったので事前調査をしてみる
DEF CON® Hacking Conference(以下DEFCON) は世界的なハッカーイベントの一つです。 DEFCONには様々な催し物があり、日本人よく知られているのは世界最高峰のハッキングコンテスト「DEFCON CTF」でしょう。 2018年に開催されたDEFCON26では、日本人チームとして「binja」が参戦し、586チーム中8位という成績を収めています。
2019年8月開催のDEF CONに参加できる(CTFではない)ことになったので、事前調査として、 この記事では、あまり知られていない、それ以外の催しを紹介していきたいと思います。 (記事は適宜修正予定)
詳細なスケジュールを確認したい場合は DEF CON® 27 Hacking Conference Schedule から。
Village
各テーマ毎に集まり、アクティビティを行うのがVillage(ビレッジ)です。
ブロックチェーンに関する集まり(Blockchain Village)や、 自動車セキュリティに特化した集まり(Car Hacking Village)など、 全29のVillageがあります。
- AI Village
- AppSec Village
- Aviation Village
- BioHacking Village
- Bits & Blocks (Monero Village)
- Blockchain Village
- Blue Team Village
- Car Hacking Village
- Cloud Village
- Crypto & Privacy Village
- Data Duplication Village
- Drone Wars
- Ethics Village
- Hack the Sea Village
- Ham Radio Village
- Hardware Hacking Village
- ICS Village
- IOT Village
- Lockpick Village
- Packet Hacking Village
- Queercon
- Recon Village
- Red Team Village
- r00tz
- 303 Skytalks
- Social Engineer Village
- Voting Village
- VX (Chip-off) Village
- Wireless Village
Main Tracks
様々なテーマについて発表される、講演形式の催し。 95もの発表が予定されています。
https://www.defcon.org/html/defcon-27/dc-27-speakers.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-speakers.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+details[i] }).join("\n")
- HTTP Desync Attacks: Smashing into the Cell Next Door
- albinowaxHead of Research, PortSwigger
- Sunday at 12:00 in Track 3 | 45 minutes | Demo, Tool
- Want Strong Isolation? Just Reset Your Processor
- Anish AthalyePhD student at MIT
- Sunday at 13:00 in Track 4 | 45 minutes | Demo, Tool
- HackPac: Hacking Pointer Authentication in iOS User Space
- Xiaolong Bai
- Friday at 13:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Help Me, Vulnerabilities. You're My Only Hope
- Min (Spark) Zheng
- Sunday at 12:00 in Track 4 | 45 minutes | Tool, Exploit
- Hacking WebAssembly Games with Binary Instrumentation
- Jacob BainesResearch Engineer, Tenable
- Sunday at 10:00 in Track 3 | 45 minutes | Demo, Tool
- The ABC of Next-Gen Shellcoding
- Jack Baker
- Sunday at 11:00 in Track 1 | 45 minutes | Demo, Tool
- Are Quantum Computers Really A Threat To Cryptography? A Practical Overview Of Current State-Of-The-Art Techniques With Some Interesting Surprises
- Hadrien BarralHacker
- Thursday at 12:00 in DC101, Paris Theatre | 45 minutes | Demo
- Backdooring Hardware Devices By Injecting Malicious Payloads On Microcontrollers
- Rémi Géraud-StewartHacker
- Sunday at 10:00 in Track 1 | 45 minutes | Demo, Tool
- Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
- Georges-Axel JaloyanPhD Student at ENS
- Friday at 10:00 in Track 3 | 45 minutes
- .NET Malware Threats: Internals And Reversing
- Andreas BaumhofVice President Quantum Technologies, QuintessenceLabs Inc.
- Saturday at 15:00 in Track 4 | 45 minutes
- The JOP ROCKET: A Supremely Wicked Tool for JOP Gadget Discovery, or What to Do If ROP Is Too Easy
- Sheila Ayelen BertaSecurity Researcher
- Friday at 16:00 in Track 4 | 20 minutes | Demo, Tool
- How Deep Learning Is Revolutionizing Side-Channel Cryptanalysis
- Olivier BilodeauCybersecurity Research Lead at GoSecure
- Friday at 14:00 in Track 3 | 45 minutes | Demo, Tool
- SDR Against Smart TVs: URL and Channel Injection Attacks
- Masarah Paquet-CloustonCybersecurity Researcher at GoSecure
- Sunday at 11:00 in Track 2 | 45 minutes | Demo, Tool
- Defeating Bluetooth Low Energy 5 PRNG for Fun and Jamming
- Alexandre BorgesSecurity Researcher at Blackstorm Security
- Saturday at 12:00 in Track 2 | 45 minutes | Demo, Tool
- Malproxying: Leave Your Malware at Home
- Dr. Bramwell BrizendineAssistant Professor of Computer and Cyber Sciences, Dakota State University
- Sunday at 12:00 in Track 2 | 45 minutes | Demo, Tool
- Contests Awards Ceremony
- Dr. Joshua StroschienAssistant Professor of Cyber Security/Network & Security Administration, Dakota State University
- Sunday at 14:00 in Track 4 | 90 minutes
- Closing Ceremonies
- Elie BurszteinGoogle
- Sunday at 16:00 in Paris Ballroom | 120 minutes
- How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market
- Jean Michel PicodGoogle
- Saturday at 12:00 in Track 1 | 45 minutes
- Practical Key Search Attacks Against Modern Symmetric Ciphers
- Pedro Cabrera CamaraFounder, Ethon Shield
- Friday at 14:00 in Track 4 | 45 minutes | Demo
- I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON
- Damien Cauquil (virtualabs)Senior Security Researcher @ Econocom Digital.Security
- Friday at 16:00 in Track 2 | 20 minutes | Demo, Tool
- D0 N0 H4RM: A Healthcare Security Conversation
- Hila CohenSecurity Researcher, XM Cyber
- Friday at 20:00 in Firesides Lounge | 120 minutes
- DEF CON 101 Panel
- Amit WaiselSenior Technical Leader, XM Cyber
- Thursday at 15:00 in DC101, Paris Theatre | 105 minutes
- Panel: DEF CON Groups
- Contests & Events Goons
- Friday at 22:15 in Firesides Lounge | 45 minutes
- Are Your Child's Records at Risk? The Current State of School Infosec
- The Dark Tangent & Goons
- Friday at 14:00 in Track 2 | 45 minutes
- Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime
- Joseph CoxSenior Staff Writer, Motherboard
- Friday at 11:00 in Track 4 | 45 minutes | Demo, Exploit
- The Tor Censorship Arms Race: The Next Chapter
- Daniel "ufurnace" CrowleyResearch Baron, X-Force Red
- Friday at 11:00 in Track 2 | 45 minutes | Tool
- Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks
- Daniel PaganStudent, Georgia Tech
- Sunday at 14:00 in Track 2 | 45 minutes | Demo, Tool
- State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin
- d4rkm4tter (Mike Spicer)Hacker
- Saturday at 15:00 in Track 3 | 45 minutes | Demo, Tool
- Go NULL Yourself or: How I Learned to Start Worrying While Getting Fined for Other’s Auto Infractions
- Christian “quaddi” DameffMedical Director of Security at The University of California San Diego
- Saturday at 16:30 in Track 3 | 20 minutes
- Meet the EFF - Meetup Panel
- Jeff “r3plicant” Tully MDAnesthesiologist at The University of California Davis
- Saturday at 20:00 in Firesides Lounge | 120 minutes
- Rise of the Hypebots: Scripting Streetwear
- Suzanne Schwartz MDAssociate Director for Science and Strategic Partnerships at the US Food and Drug Administration FDA
- Saturday at 10:00 in Track 2 | 45 minutes | Demo
- Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss
- Marie Moe PhDResearcher and Hacker
- Saturday at 15:00 in Track 2 | 45 minutes | Demo, Tool
- We Hacked Twitter… And the World Lost Their Sh*t Over It!
- Billy RiosFounder of Whitescope
- Saturday at 22:15 in Firesides Lounge | 45 minutes
- Exploiting Qualcomm WLAN and Modem Over The Air
- Jay RadcliffeSecurity Researcher at Thermo Fisher Scientific
- Sunday at 11:00 in Track 3 | 45 minutes | Demo, Exploit
- MOSE: Using Configuration Management for Evil
- Highwiz
- Friday at 15:00 in Track 1 | 45 minutes | Demo, Tool
- Behind the Scenes of the DEF CON 27 Badge
- Nikita
- Friday at 10:00 in Track 1 | 45 minutes | Tool
- Unpacking Pkgs: A Look Inside Macos Installer Packages And Common Security Flaws
- Will
- Saturday at 16:30 in Track 1 | 20 minutes | Demo
- Duplicating Restricted Mechanical Keys
- n00bz
- Friday at 10:00 in Track 4 | 45 minutes | Exploit
- SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database
- Shaggy
- Saturday at 14:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Next Generation Process Emulation with Binee
- SecBarbie
- Saturday at 14:00 in Track 4 | 45 minutes | Demo, Tool
- Hacking Congress: The Enemy Of My Enemy Is My Friend
- Tottenkoph
- Friday at 10:00 in Track 2 | 45 minutes
- Don't Red-Team AI Like a Chump
- Brent White / B1TK1LL3RGlobal Coordinator
- Friday at 11:00 in Track 1 | 45 minutes | Demo, Tool
- I'm on your phone, listening - Attacking VoIP Configuration Interfaces
- Jayson E. StreetAmbassador
- Saturday at 14:00 in Track 2 | 45 minutes | Demo, Tool, Exploit
- Weaponizing Hypervisors to Fight and Beat Car and Medical Devices Attacks
- DaringtonWeb Master
- Saturday at 10:00 in Track 1 | 45 minutes | Demo, Tool
- Say Cheese - How I Ransomwared Your DSLR Camera
- April WrightWelcoming Committee & Liaison
- Sunday at 11:00 in Track 4 | 45 minutes | Demo, Exploit
- Meticulously Modern Mobile Manipulations
- Tim Roberts (byt3boy)Volunteer
- Saturday at 11:00 in Track 4 | 45 minutes | Demo
- Vacuum Cleaning Security—Pinky and the Brain Edition
- Casey BourbonnaisVolunteer
- Saturday at 16:00 in Track 4 | 20 minutes | Exploit
- Your Car is My Car
- s0upsSocial media
- Saturday at 11:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- Surveillance Detection Scout - Your Lookout on Autopilot
- Bill DemirkapiIndependent Security Researcher
- Friday at 16:00 in Track 3 | 20 minutes | Demo, Tool
- 100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans
- Jeff DileoResearch Director, NCC Group
- Friday at 15:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud
- Roger DingledineThe Tor Project
- Saturday at 16:00 in Track 3 | 20 minutes
- Process Injection Techniques - Gotta Catch Them All
- Brad DixonSecurity Consultant, Carve Systems
- Friday at 12:00 in Track 1 | 45 minutes | Tool
- Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.
- Gerald DoussotPrincipal Security Consultant, NCC Group
- Thursday at 13:00 in DC101, Paris Theatre | 45 minutes | Demo, Exploit
- EDR Is Coming; Hide Yo Sh!t
- Roger MeyerPrincipal Security Consultant, NCC Group
- Saturday at 10:00 in Track 4 | 45 minutes | Demo, Tool
- API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web
- droogieSecurity Consultant at IOActive
- Friday at 12:00 in Track 4 | 45 minutes | Demo, Exploit
- HVACking: Understand the Difference Between Security and Reality!
- Kurt OpsahlDeputy Executive Director And General Counsel, EFF
- Friday at 13:00 in Track 2 | 45 minutes | Demo
- Change the World, cDc Style: Cow tips from the first 35 years
- Camille FischerFrank Stanton Fellow, EFF
- Friday at 15:00 in Track 2 | 45 minutes
- Get off the Kernel if you can’t Drive
- Bennett CyphersStaff Technologist, EFF
- Saturday at 15:00 in Track 1 | 45 minutes | Demo. Tool, Exploit
- RACE - Minimal Rights and ACE for Active Directory Dominance
- Nathan 'nash' SheardGrassroots Advocacy Organizer, EFF
- Saturday at 13:00 in Track 1 | 45 minutes | Demo, Tool
- I'm In Your Cloud... Pwning Your Azure Environement
- Shahid ButtarPanel Host and Director of Grassroots Advocacy, EFF
- Sunday at 12:00 in Track 1 | 45 minutes | Demo, Tool, Exploit
- More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes
- finalphoenixEngineer & Hypebae
- Friday at 13:00 in Track 4 | 45 minutes | Demo, Tool
- The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum
- g richterSenior Researcher, Pen Test Partners LLP
- Sunday at 14:00 in Track 3 | 45 minutes | Demo, Tool
- SSO Wars: The Token Menace
- Mike GodfreyPenetration Tester, INSINIA Security
- Saturday at 13:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption
- Matthew CarrPenetration Tester, INSINIA Security
- Friday at 16:30 in Track 4 | 20 minutes | Demo, Exploit
- GSM: We Can Hear Everyone Now!
- Xiling GongConsultant, NCC Group
- Saturday at 13:00 in Track 2 | 45 minutes | Demo, Exploit
- NOC NOC. Who's there? All. All who? All the things you wanted to know about the DEF CON NOC and we won't tell you about
- Peter PiSenior Security Researcher of Tencent Blade Team
- Saturday at 16:00 in Track 2 | 105 minutes
- Poking the S in SD cards
- Jayson GracePenetration Tester, Splunk
- Friday at 16:30 in Track 1 | 20 minutes | Demo, Tool, Exploit
- No Mas – How One Side-Channel Flaw Opens Atm, Pharmacies and Government Secrets Up to Attack
- Joe Grand (Kingpin)
- Friday at 13:00 in Track 3 | 45 minutes | Demo, Exploit
- Breaking The Back End! It Is Not Always A Bug. Sometimes, It Is Just Bad Design!
- Andy GrantTechnical Vice President, NCC Group
- Friday at 16:30 in Track 3 | 20 minutes | Demo, Exploit
- Hacking Your Thoughts - Batman Forever meets Black Mirror
- Bill GraydonPresident and Principal, Physical Security Analytics
- Saturday at 11:00 in Track 3 | 45 minutes
- Breaking Google Home: Exploit It with SQLite(Magellan)
- Robert GraydonPrincipal, GGR Security
- Thursday at 11:00 in DC101, Paris Theatre | 45 minutes | Demo, Exploit
- Firmware Slap: Automating Discovery of Exploitable Vulnerabilities in Firmware
- Omer GullSecurity Researcher at Check Point Software Technologies
- Sunday at 14:00 in Track 1 | 45 minutes | Demo, Tool
- Why You Should Fear Your “mundane” Office Equipment
- Kyle GwinnupSenior Threat Researcher, Carbon Black
- Saturday at 12:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Owning The Clout Through Server-Side Request Forgery
- John HolowczakThreat Researcher
- Sunday at 13:00 in Track 3 | 45 minutes | Demo, Tool
- Information Security in the Public Interest
- Former Rep. Jane HarmanPresident, The Wilson Center, Former Rep. (D-CA), aka Surfer Jane
- Saturday at 10:00 in Track 3 | 45 minutes
- Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets
- Rep. James Langevin(D-RI)
- Saturday at 14:00 in Track 3 | 45 minutes | Demo, Tool, Exploit
- Relaying Credentials Has Never Been Easier: How to Easily Bypass the Latest NTLM Relay Mitigations
- Jen EllisDirector of Public Affairs, Rapid 7
- Friday at 15:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Adventures In Smart Buttplug Penetration (testing)
- Zombie Ant Farm: Practical Tips for Playing Hide and Seek with Linux EDRs
- Rep. Ted Lieu(D-CA)
- Saturday at 12:00 in Track 4 | 45 minutes | Demo, Tool
- Apache Solr Injection
- Ariel Herbert-VossPhD student, Harvard University
- Saturday at 16:30 in Track 4 | 20 minutes | Demo, Exploit
- Reverse Engineering 17+ Cars in Less Than 10 Minutes
- Stephan HuberFraunhofer SIT
- Saturday at 16:00 in Track 1 | 20 minutes | Demo, Tool
- HAKC THE POLICE
- Philipp Roskosch
- Saturday at 11:00 in Track 2 | 45 minutes | Demo, Tool
- [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1
- Ali IslamCEO, Numen Inc.
- Sunday at 13:00 in Track 1 | 45 minutes | Demo, Tool
- Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs
- Dan Regalado (DanuX)CTO, Numen Inc
- Friday at 12:00 in Track 3 | 45 minutes | Demo, Exploit
- Tag-side attacks against NFC
- Eyal ItkinVulnerability Researcher at Check Point Software Technologies
- Saturday at 13:00 in Track 3 | 45 minutes | Demo, Tool
- Harnessing Weapons of Mac Destruction
- Leon JacobsResearcher - SensePost
- Friday at 14:00 in Track 1 | 45 minutes | Demo, Exploit
- Please Inject Me, a x64 Code Injection
- jiskaTU Darmstadt, Secure Mobile Networking Lab
- Friday at 16:00 in Track 1 | 20 minutes | Demo
- Phreaking Elevators
- clou (Fabian Ullrich)
- Friday at 12:00 in Track 2 | 45 minutes | Demo
- Sound Effects: Exploring Acoustic Cyber-weapons
- Jmaxxz
- Sunday at 13:00 in Track 2 | 45 minutes | Tool
- Can You Track Me Now? Why The Phone Companies Are Such A Privacy Disaster
- Truman KainSr. Information Security Analyst at Tevora
- Friday at 16:30 in Track 2 | 20 minutes
- All the 4G modules Could be Hacked
- Jatin KatariaPrincipal Scientist, Red Balloon Security
- Friday at 11:00 in Track 3 | 45 minutes | Exploit
- Exploiting Windows Exploit Mitigation for ROP Exploits
- Rick HousleyResearch Scientist, Red Balloon Security
- Thursday at 10:00 in DC101, Paris Theatre | 45 minutes | Demo
- Your Secret Files Are Mine: Bug Finding And Exploit Techniques On File Transfer App Of All Top Android Vendors
- Ang CuiChief Scientist, Red Balloon Security
- Sunday at 10:00 in Track 4 | 45 minutes | Demo, Tool, Exploit
- Web2Own: Attacking Desktop Apps From Web Security's Perspective
- Nina KollarsAssociate Professor Naval War College Strategic and Operational Research Department
- Thursday at 14:00 in DC101, Paris Theatre | 45 minutes
- "First-try" DNS Cache Poisoning with IPv4 and IPv6 Fragmentation
- Kitty Hegemon
- | 45 minutes | Demo, Exploit
Demo Labs
自作ツールのデモや、ハッキングテクニックの解説などが行われます。
https://www.defcon.org/html/defcon-27/dc-27-demolabs.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-demolabs.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+details[i] }).join("\n")
- Antennas for Surveillance applications
- Kent Britain & Alexander Zakharov
- Friday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood | Audience: All
- bedr
- Mark Ignacio
- Saturday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood | Audience: Defense, Linux
- BEEMKA – Electron Post-Exploitation Framework
- Pavel Tsakalidis
- Friday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: Offense – Especially red teamers that want to establish persistence and egress data.
- Burpsuite Team Server for Collaborative Web App Testing
- Tanner Barnes
- Saturday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood | Audience: Offense, AppSec
- Chaos Drive, because USB is still too trustworthy
- Mike Rich
- Friday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Social Engineers, Hardware, Privacy
- CIRCO: Cisco Implant Raspberry Controlled Operations
- Emilio Couto
- Saturday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood | Audience: Offense, Hardware
- Combo Password
- Fabian Obermaier
- Friday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- Cotopaxi: IoT Protocols Security Testing Toolkit
- Jakub Botwicz
- Saturday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: IoT, AppSec
- Burp Plugin: Cyber Security Transformation Chef (CSTC)
- Ralf Almon & Sebastian Puttkammer
- Saturday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood | Audience: Offense, Defense, AppSec, Mobile.
- Dr.ROBOT: Organized Chaos and the Shotgun Approach
- Aleksandar Straumann & Jayson Grace
- Saturday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood | Audience: Defense/Offense
- EAPHammer
- Gabriel Ryan
- Friday from 12:00 – 13:50 in Sunset 1 at Planet Hollywood | Audience: Offensive security professionals, security analysts and network administrators, executive leadership, end-users
- EXPLIoT - IoT Security Testing and Exploitation Framework
- Aseem Jakhar & Murtuja Bharmal
- Friday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood | Audience: Offense, Hardware, IoT, Pentesters
- Flatline
- East
- Friday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood | Audience: Hardware and OpSec.
- Go Reverse Engineering Tool Kit
- Joakim Kennedy
- Saturday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- Hachi: An Intelligent threat mapper
- Parmanand Mishra
- Friday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Defense, Malware, Threat Intelligence
- Browser extension to hunt low hanging fruits (Hacking by just browsing)
- Rewanth Cool
- Friday from 14:00 – 15:50 in Sunset 1 at Planet Hollywood | Audience: Bug bounty hunters, Penetration testers, developers, open source contributors
- ioc2rpz
- Vadim Pavlov
- Saturday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood | Audience: Defense
- Let's Map Your Network
- Pramod Rana
- Friday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood | Audience: Defense, Monitoring
- Local Sheriff
- Konark Modi
- Saturday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood | Audience: AppSec, Code Assesments, and privacy researchers
- Memhunter - Automated hunting of memory resident malware at scale
- Marcos Oviedo
- Saturday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Defense
- OSfooler-NG: Next Generation of OS fingerprinting fooler
- Jaime Sanchez
- Friday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood | Audience: Defense
- OWASP Amass
- Jeff Foley & Anthony Rhodes
- Saturday from 14:00 – 15:50 in Sunset 2 at Planet Hollywood | Audience: Red Team, Blue Team, Bug Bounty Hunters, Penetration Testers
- PcapXray
- Srinivas Piskala Ganesh Babu
- Friday from 12:00 – 13:50 in Sunset 2 at Planet Hollywood | Audience: Defense, Forensics, Networks
- PCILeech and MemProcFS
- Ulf Frisk & Ian Vitek
- Saturday from 12:00 – 13:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense, Forensics, Hardware
- PhanTap (Phantom Tap)
- Diana Dragusin & Etienne Champetier
- Friday from 10:00 – 11:50 in Sunset 2 at Planet Hollywood | Audience: Red Teams, it could also be used by Blue Teams.
- Phishing Simulation
- Jyoti Raval
- Friday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood | Audience: Defense
- PivotSuite: Hack The Hidden Network - A Network Pivoting Toolkit
- Manish Gupta
- Saturday from 14:00 – 15:50 in Sunset 3 at Planet Hollywood | Audience: Offense (Red Teamers / Penetration Testers)
- QiLing
- KaiJern, Lau & Dr. Nguyen Anh Quynh
- Sunday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Reverse Engineers, Hardware (IoT) Hackers
- Reverse Engineering Embedded ARM with Ghidra
- Max Compston
- Friday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense, AppSec, Mobile, Hardware
- Rhodiola
- Utku Sen
- Sunday from 10:00 – 11:50 in Sunset 5 at Planet Hollywood | Audience: Offense
- Shadow Workers: Backdooring with Service Workers
- Emmanuel Law & Claudio Contin
- Saturday from 14:00 – 15:50 in Sunset 6 at Planet Hollywood | Audience: Offensive Security, AppSec
- Shellcode Compiler
- Ionut Popescu
- Saturday from 14:00 – 15:50 in Sunset 5 at Planet Hollywood | Audience: Anyone interested in shellcode development
- SILENTTRINITY
- Marcello Salvati
- Saturday from 14:00 – 15:50 in Sunset 4 at Planet Hollywood | Audience: Offense
- soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend
- Hyunjun Park & Soyeon Kim
- Friday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood | Audience: Offense: Mobile Application Pentesters, Hackers Defense: Cloud Backend Operators Mobile Application Developers who use cloud SDK
- Spartacus as a Service (SaaS)
- Mike Kiser
- Friday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood | Audience: Offense for the end user
- Srujan: Safer Networks for Smart Homes
- Sanket Karpe & Parmanand Mishra
- Saturday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Defense, Network, Hardware, IOT Security
- TaintedLove
- Benoit Côté-Jodoin
- Friday from 12:00 – 13:50 in Sunset 6 at Planet Hollywood | Audience: AppSec
- USB-Bootkit – New Bookit via USB Interface in Supply Chain Attacks
- Haowen Bai
- Sunday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood | Audience: Offense, Defense and Hardware.
- Vulmap: Online Local Vulnerability Scanners Project
- Yavuz Atlas & Fatih Ozel
- Sunday from 10:00 – 11:50 in Sunset 3 at Planet Hollywood | Audience: Offense, Defense
- WiFi Kraken – Scalable Wireless Monitoring
- Mike Spicer
- Saturday from 10:00 – 11:50 in Sunset 1 at Planet Hollywood | Audience: Offense, Defense, Hardware
- Zigbee Hacking: Smarter Home Invasion with ZigDiggity
Workshop
様々なテーマをワークショップ形式で、手を動かしながら学べる催し。 しばらく休止をしていたが、DEFCON27(2019年)で復活したらしい? 各ワークショップともに人数制限(40名など)があり、募集開始とともにすぐ予約に空きがなくなる模様。 バックレを防止するために2,500円かかりますが、内容を考えるとこんな価格で受講できるとは驚きです。
https://www.defcon.org/html/defcon-27/dc-27-workshops.html ids = Array.from(document.querySelectorAll('article.talk')).map((e)=>{return e.id}) titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) abstracts = Array.from(document.querySelectorAll('h3.talkTitle+p.abstract')).map((e)=>{return e.innerText.replace('\n', ' | ')}) speakers = Array.from(document.querySelectorAll('h4.speaker')).map((e)=>{return e.innerText}) titles.map((e,i)=>{ return '* <a href="https://www.defcon.org/html/defcon-27/dc-27-workshops.html#'+ids[i]+'">'+e+'</a>\n'+ ' * '+speakers[i]+'\n'+ ' * '+abstracts[i] }).join("\n")
- Breaking and Pwning Docker Containers and Kubernetes Clusters
- Madhu Akula
- Friday, 1430-1830 in Red Rock II
- Modern DebuggingHWarfare with WinDbg Preview
- Chris AlladoumSecurity Researcher, Sophos Labs
- Saturday, 1430-1830 in Flamingo, Lake Mead II
- Advanced Wireless Exploitation for Red Team and Blue Team
- Axel SouchetHacker
- Thursday, 1430-1830 in Flamingo, Red Rock II
- Pwning Serverless Applications
- Besim AltinokFounder & CEO,Pentester Training
- Thursday, 1000-1400 in Flamingo, Red Rock V
- Reverse Engineering Android Apps
- Bahtiyar BircanSenior Consultant, Eurocontrol / EATM-CERT
- Friday, 1430-1830 in Flamingo, Red Rock III
- Purple Team CTF
- Abhay BhargavFounder, we45
- Thursday, 1430-1830 in Flamingo, Red Rock III
- Exploit Development for Beginners
- Nithin Jois
- Friday, 1000-1400 in Flamingo, Red Rock VII
- Understanding and Analyzing Weaponized Carrier Files
- Tilak Thimmappa
- Friday, 1000-1400 in Flamingo, Red Rock III
- Introduction to Cryptographic Attacks
- Sam BowneProprietor, Bowne Consulting
- Thursday, 1000-1400 in Flamingo, Red Rock VIII
- Hack to Basics - x86 Windows Based Buffer Overflows, an introduction to buffer overflows.
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Saturday, 1430-1830 in Flamingo, Valley of Fire I
- An Introduction to Deploying Red Team Infrastructure
- Sam BowneProprietor, Bowne Consulting
- Thursday, 1430-1830 in Flamingo, Red Rock I
- Hacking Wifi
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Thursday, 1430-1830 in Flamingo, Red Rock VIII
- Attacking Layer 2 Network Protocols
- Sam BowneProprietor, Bowne Consulting
- Friday, 1430-1830 in Flamingo, Red Rock I
- Functional Programming for the Blue Team
- Elizabeth BiddlecomeSenior Researcher, Bowne Consulting
- Saturday, 1000-1400 in Flamingo, Valley of Fire II
- Finding Vulnerabilities at Ecosystem-Scale
- Ryan ChapmanIncident Response Analyst
- Friday, 1000-1400 in Flamingo, Red Rock IV
- Malware Triage - Analyzing The Modern Malware Delivery Chain
- Matt CheungHacker
- Friday, 1000-1400 in Flamingo, Red Rock II
- Mind the Gap Between Attacking Windows and Mac: Breaking In and Out of Protected MacOS environments
- Dino CovotsosFounder & CEO, Telspace Systems
- Saturday, 1000-1400 in Flamingo, Lake Mead I
- Hacking Wi-Fi for Beginners
- Troy DeftyHacker
- Thursday, 1000-1400 in Flamingo, Red Rock III
- Learning to Hack Bluetooth Low Energy with BLE CTF
- Erik DulHacker
- Thursday, 1000-1400 in Flamingo, Red Rock IV
- Hacking the Android APK
- Philippe DelteilComputer Science Engineer
- Thursday, 1430-1830 in Flamingo, Red Rock V
- Introduction to Reverse Engineering With Ghidra
- Victor FaraggiStudent, University of Chile
- Friday, 1430-1830 in Flamingo, Red Rock V
- Hands on Adversarial Machine Learning
- Ilana Mergudich ThalStudent, University of Chile
- Friday, 1000-1400 in Flamingo, Red Rock VI
- Advanced Custom Network Protocol Fuzzing
- Erik DulHacker
- Friday, 1430-1830 in Flamingo, Red Rock VI
- Hacking Medical Devices
- Troy DeftyHacker
- Thursday, 1000-1400 in Flamingo, Red Rock II
- From EK to DEK: Analyzing Document Exploit Kits
- eigentouristSoftware Engineer, Data Scientist
- Thursday, 1000-1400 in Flamingo, Red Rock I
- Introduction to Sandbox Evasion and AMSI Bypasses
- Isaac EvansHacker
- Friday, 1430-1830 in Flamingo, Red Rock IV
- Defending environments and hunting malware with osquery
- Sergei FrankoffCo-Founder, Open Analysis
- Friday, 1430-1830 in Flamingo, Red Rock VII
- Constructing Kerberos Attacks with Delegation Primitives
- Sean WilsonCo-Founder, Open Analysis
- Thursday, 1000-1400 in Flamingo, Red Rock VII
- Evil Mainframe Jr: Mainframe hacking from recon to privesc
- Richard GoldHacker
- Friday, 1000-1400 in Flamingo, Red Rock I
- Advanced Wireless Attacks Against Enterprise Networks
- Alex HammerHacker
- Thursday, 1430-1830 in Flamingo, Red Rock VII
- Hacking ICS: From Open Source Tools to Custom Scripts
- Penelope 'Pip' Pinkerton
- Friday, 1000-1400 in Flamingo, Red Rock V
- Red Teaming Techniques for Electronic Physical Security Systems
- Ryan HolemanGlobal Security Overlord, Atlassian
- Saturday, 1000-1400 in Flamingo, Valley of Fire I
- Pentesting ICS 102
- Ben HughesHacker
- Saturday, 1430-1830 in Flamingo, Valley of Fire II
- scapy_dojo_v_1
- Liana ParakesyanHacker
- Saturday, 1430-1830 in Flamingo, Lake Mead I
- Writing custom backdoor payloads using C#
- Mattia CampagnanoHacker
- Saturday, 1000-1400 in Flamingo, Lake Mead II
- Analysis 101 for Hackers and Incident Responders
- Wesley McGrewHacker
- Thursday, 1430-1830 in Flamingo, Red Rock IV
Contests & Events
DEFCON CTF本戦以外にも、様々なコンテストやCTFが開催されています。
https://www.defcon.org/html/defcon-27/dc-27-ce.html titles = Array.from(document.querySelectorAll('h3.talkTitle')).map((e)=>{return e.innerText}) details = Array.from(document.querySelectorAll('h3.talkTitle+p.details')).map((e)=>{return e.innerText.replace('\n', ' | ')}) titles.map((e,i)=>{ return '<a href="https://www.defcon.org/html/defcon-27/dc-27-ce.html">'+e+'</a>\n '+details[i] }).join("\n")
AI Village CTF Contest | Location: AI Village | Beverage Cooling Contraption Contest Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1300-1500 Car Hacking Village CTF Contest | Location: Car Hacking Village | CMD+CTRL CyberRange Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Coindroids Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Crack Me If You Can Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Creative Writing Short Story Contest Contest | Location: Online | DarkNet Project Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 DEF CON Beard Contest Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1300-1500 Defcon Ham Radio Fox Hunting Contest Contest | Location: HAM Radio Village (Flamingo) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Defcon Scavenger Hunt Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Drunk Hacker History Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 2200-2400 Dungeons@Defcon Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 10:00-20:00, Sunday: 1000-1200 EFF Tech Trivia Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1700-1900 Hack the Plan[e]t Contest | Location: ICS Village | Hacker Jeopardy Contest | Location: Contest Stage (PH Mezzanine) | Friday: 2000-2200, Saturday: 20:00-22:00 Hackfortress Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 H@ck3r Runw@y Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Homebrew Hardware Contest Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1500-1700 Hospital Under Siege Contest | Location: BioHacking Village | Maps of the Digital Lands Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 OpenCTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 OpenSOC Blue Team CTF Contest | Location: Blue Team Village | OSINT CTF for Missing Persons Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Red Alert ICS CTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Schemaverse Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 SECTF Contest | Location: SE Village | SECTF4Kids Contest | Location: SE Village | SECTF4Teens Contest | Location: SE Village | Secure Code Review Challenge Contest | Location: AppSec Village | SOHOpelessly Broken Contest | Location: IoT Village | SpellCheck: The Hacker Spelling Bee Contest | Location: Contest Stage (PH Mezzanine) | Friday: 1500-1700 Spy Contest (Who's the Best Social Engineer) Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 TD Francis X-hour Film Contest Contest | TeleChallenge Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 The d(struction)20 CTF Contest | Location: Contest Stage (PH Mezzanine) | Saturday: 1100-1300 The Gold Bug - Crypto & Privacy Village Puzzle Contest | Location: Crypto Village | Threat Modeling Challenge Contest | Location: AppSec Village | Tinfoil Hat Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 warl0ck gam3z CTF Contest | Location: Contest Floor (PH Celebrity Ballroom) | Friday: 1000-2100, Saturday: 1000-2100, Sunday: 1000-1200 Whose Slide Is It Anyway? Contest | Location: Contest Stage (PH Mezzanine) | Friday: 2200-2400 Wireless Capture the Flag Contest | Location: Wireless Village | 8th Annual DEF CON Bike Ride Event | Location: | Friday: 0600-0600 DEAF CON Meetup Event | Location: DEAF CON Village | Ham Radio Exams Event | Location: Ham Radio Village | Mohawk-Con Event | Location: Vendor Area | Toxic BBQ Event | Location: Sunset Park, Pavilion F | Thursday 1600-2200
MINI Hardening 3.2 に参加してみた
久しくブログは書いていなかったのですが、元気をもらったので書いてみようと思います。
4/21 に メルカリさんの会場を借りて開催された MINI Hardening Project #3.2 に参加してきました。
Hardeningとは
Hardening(ハードニング)とは、「衛る技術」の価値を最大化することを目指す、全く新しいセキュリティ・プロジェクト (Hardening Project 2019 | Web Application Security Forum - WASForum より)ということで、CTFとは異なった観点のセキュリティ技術を学べるイベントのことです。
脆弱性のあるアプリケーションやサーバーを渡され、競技時間の間、攻撃者(運営)からのアタックを防ぎ、可能な限りサービス継続を維持することが目標となります。 侵入されたり、攻撃を防げなかったらその場で終わり、ではなく、すぐにサーバープロセスを再起動させたり、不審なプロセスをkillしたり、バックアップからデーターを復旧させたりして、後手後手でもサービスを維持すれば点数は獲得できます。
CTFは攻撃者の視点でとよく言われますが、Hardeningは守る側の視点でといったイメージでしょうか。
メンバは4人で、参加者の中から事前に運営が「参加経験」「スキルセット?」などで割り振ってくれます。 自分たちのチームは社会人3名、高専生1名のチームでした。
本家Hardeningは8時間(場合によっては2日目にも)かけて行われるそうですが、今回のMINIバージョンでも3時間の競技時間でした。 それでも、一方的に攻撃されている状況をひたすら解析して対策を行う3時間は非常に精神的にきつかったです。
競技の内容
今回はバージョン3.2ということで、仮想通貨をメインテーマの一つとした内容でした。 仮想通貨に目を付けた社長が、脆弱なオレオレサービスを作ってしまい、我々はその運用を託されたという設定です。
メジャーバージョンごとにテーマを変えているそうで、マイナーバージョンごとでも攻撃の方法や数に変化を加えているそうです。
今回から?の試みとして、社長への報告が適切に行われているかどうかといった観点もポイントの対象になっています。
具体的な攻撃や脆弱性の内容は、この後に参加する方の楽しみを奪ってしまうので書けませんが、 一般的なことであれば書いてもよいということだったので、いくつか挙げてみます。(主観も含みます)
- 与えられた環境のアカウント情報はすでに洩れているものと思え。アカウントパスワードはすぐに変えよう。
- バックアップは重要。Webページを書き換えれたり削除されたりしても、バックアップがあればなんとかなる。document_rootのファイルだけではなく、ミドルのコンフィグ、DBのバックアップも徹底せよ
- 不審なプロセスがないか、常に確認せよ
- サーバーのアクセスログを見よ。攻撃の痕跡があるはずだ
- SQLi脆弱性があると思ったなら迷わずふさげ。ソースが読めないなどと言っている時間はない
- わからないことがあるならまずはググれ
- 社長への報告はこまめに的確に。社長に質問をするな。運用と判断を任されているのは自分たちである。
- 差し入れは必ず食せ。知的活動に必要なものは睡眠、時間、そして糖分である。さらに差し入れしてくれた方への感謝を忘れるな
というわけで、WAS Forumさん、Hardening Projectさんから、八天堂とチョコを差し入れいただきました。 とてもおいしかったです!ありがとうございます!
自分たちteam-hは、何度も侵入を許しながらも、プロセスの再起動や事前バックアップからの復旧などでサービス維持をそれなりに行い、 社長へのこまめな報告や「よいしょ」を駆使してポイントを稼ぎ、9チーム中3位の成績を取ることができました。 事前にSlackでスキルセットのメンバ間共有や、Googleスプレッドシートで、サーバー一覧やアカウント一覧、パスワード候補などを作成し、競技中も活用できたことも大きいかもしれません。
※「よいしょ」しても社長好感度ポイントには影響ありません
運営側のコンソール。各参加者チームの環境に自動化された攻撃を行っている様子(だとおもう)
いつものおねぇさんとご対面。うれしい反面、「Webサーバーが停止させられた」ということなので非常に困る。
感想
サーバー・インフラエンジニア歴10年以上ですが、想像していた以上に手が全く動きませんでした。 次々に発生するインシデントに翻弄され、順序だてて一つ一つ着実にやっていくということができませんでした。 いや、というよりもこれまで「比較的まともな」(?)ものしか扱う機会がなかったので、 攻撃されているという状況を認知する方法がわからなかったのかもしれません。
そんな本業経験なので、自分の感覚としては「現実には遭遇しなさそうな」状況でした。 こんな短時間でこんな多種類多頻度の攻撃に、ログ解析も追いつかない状況で一方的にやれらる。 最初からやばそうなプロセスがいくつも起動している。それでも社長は「売り上げが大事だ!サービス維持だ!」という。 非常に精神的にきつかったです。。。。 普通、リリース前にもうちょっとチェックするだろうし、サーバーのアカウント情報が洩れたら、被害拡大防止の観点でサービスを止めるのが普通でしょう。
しかし、このような制約を加えることで競技として成立させ、日常ではできないような経験を短い時間ですることができるよう、 とてもうまく設計されている競技だと感じました。 自分自身、得られた気づきは非常に多く、特に「できると思っているが、実際その時になるとできない」ことが改めて分かりました。 もっと精進したいです。
一つ残念なのは、「やりっぱなし」感があることです。 競技終了後の振り返り(Softeningソフトニングと呼ばれます)で、種明かしとして運営から攻撃の簡単な紹介がありましたが、 実際にどのような攻撃が行われていたのか、それの見つけ方、対応方法などを復習する機会がありませんでした。 イベントの中にこのような時間を設けることは難しいと思いますが、後日で自己学習できるような資料やモノがあればなぁと感じます。 イベントの主目的が「競技を通じて気付きを得てもらうためのイベント」なので、 具体的な攻撃の対策方法を身に付けるというコンセプトではないからかなと思ってはいますが。。。。
おまけ
懇親会ではたくさんの方とお話ができました。 ゆっくり動画を作っている人や歌ってみた&踊ってみたをやっているひと、うたスキ(?僕にはわからないのですが…)をやっている人。 セキュリティクラスタのはずなのに、ここは人種のるつぼかと思うようなユニークな方々がたくさんいて、びっくりしました。
そんな人たちと話して元気をもらうことができたので、この記事を書くモチベーションがわきました。ありがとうございます。 また、運営の方々、良質なイベントをありがとうございました。 CTFの問題を考えた経験のある立場からすると、このような問題の作成は非常に高度なスキルが必要だと感じています。 そして、前日の夜にイベント環境が全リセットになっても、文句も言わずしっかりと復旧させられる運営メンバのチームワークは素晴らしいと思います。
そして、このイベントへ一緒に参加してくれた同僚のFくん。ありがとう!
今後参加する人に向けて(追記)
過去の方のMINI Hardening参加報告を見ても、事前準備の情報があまりないので追記します。
その場で調べてもよいと思いますが、イベントをより楽しむために、最低限以下の準備をしていくとよいと思います。
- Linuxのユーザーアカウント作成、削除、パスワード変更方法
- Windowsローカルアカウントのパスワード変更方法(RDP接続なのでC-A-delは使えない)
- Windowsローカルアカウントの一覧表示方法 →変なアカウントがあったら削除します
- document_rootなどを、SSH経由で別のLinuxサーバにバックアップする方法(scpでもrsyncでも、ssh stdin/outでも)
- DB(MySQL,PostgreSQL)のdump、バックアップ、リストア方法
- Macユーザーの方は、RDPクライアントアプリ準備
- Windowsユーザーの方は、SSHクライアント準備(ppkファイル、pemファイルのどちらでも使えるように、最新版にしておく)
- SSHポートフォワーディングができるように理解しておく →踏み台Linuxサーバ経由で、Windowsリモートデスクトップにログインすることがある
- リッスンしているポートが何のプロセスで使われているのか調べる方法(lsof コマンドがなくても調査できるようにしておく)
- 今誰がログインしているのかを調べる方法 →使っていないアカウントでログインがある場合は要注意
- 事前に環境情報などの資料が配られるので、資料は読んでおく
- 当日、スムーズに環境に接続できるようにするための準備(ssh_configやputtyの接続設定を作っておくなど)
- SlackやGoogleスプレッドシートなどを駆使して、情報は集約、共有しやすいようにしておく
- WindowsUpdate は必ず済ませておく
- 電源タップとACアダプタと、できれば念のための自前Wifiを忘れない
- 前日は早めに寝る
- 名刺は持ってくる