"Secure Exploit Payload Staging…or how we did not kill an 0day at Defcon"

11 Jan 2013 Sjur Usken georg honeynet oxff workshop

We have interviewed Georg Wicherski, who is one of the speakers for the Honeynet Workshop in Dubai 10-12 of February. Georg will give a briefing about “Secure Exploit Payload Staging…or how we did not kill an 0day at Defcon”

So Georg, why did you become a security expert?

Pathos: Hacking is my second love after my family and working as a security person allows me to live my passion every day.

And what will you talk about?

When my team was preparing for the Defcon 2011 CTF – one of the hardest hacking challenges in the world, consisting only of binary exploitation – a teammate discovered a local 0day in the FreeBSD kernel. Since we knew that the Defcon CTF organizers are running the vulnerable servers on FreeBSD, this gave us a potential advantage during the game. But we did not want to leak our sacred exploit to the Defcon organizers or other teams. I therefore developed a methodology to deploy the local exploit as a second stage to a remote exploit without leaving a forensic trace. The disk won’t be touched at all and all network communication is encrypted using strong asymmetric cryptology primitives. The general technique will be presented at the workshop, motivating to think about potential introspection techniques to even track these lightweight intrusions.

What do you love the most being a security expert?

It is a very challenging, very technical environment that keeps pushing my brain to its limits. Unfortunately there is also a plethora of charlatans in this business, selling snake oil. This motivates me to work even harder and create legitimate elite awesome sauce.

What do you think the future security threats will be like?

Most future predictions in the security industry are marketing focused and do not turn true, so I try to stay away from this. A trend I personally observed over the last years is that we are starting to see more and more targeted intrusions instead of mass malware – but this might well be due to increasing visibility, a fair bunch of actors seem to have a history of many years, where they were simply not spotted.

What is your best tip for security professionals today?

Binary exploitation ever going away is a lie, it’s just getting harder. Ditch the SQL injections, XSS, CSRF, …; better spice up your binary ninja skills! Choosing the cheapest path for intrusion is great for economically motivated people but security should be about passion.

You can hear more about this and other great talks and workshops at The Honeynet Project event in Dubai 10-12th of February. Check it out at http://dubai2013.honeynet.org