I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures .
I was in Europe twice this year , in March for
BlackHat Presenting on IVR Security: Internal Network Attack via Phone Lines. And in May for HITB presenting on "CXML VXML Auditing" . Both the events were fun and met lot of Hacker Ninjas, and that boomed my confidence a lot. Proud thing is, I was the youngest speaker at both the Cons
. So now many months since these conferences have ended and I finally got some time, I have managed to write up my thoughts on them.
Current bad news is I got selected for
BlackHat US arsenal as well for presenting on my Php GDFuzzer , but my Visa got rejected , thanks to US Embassy . Any way back to BlackHat Europe.
BlackHat [EU] :
I boarded a Delta flight to Amsterdam[Schipol], and landed exhausted and upset, and swore never to fly with Delta Airlines again.
BlackHat was a three day event. The conference venu was at the heart of the city , one of the leading hotels in Amsterdam [GRAND KRASNAPOLSKY HOTEL] . I arrived a day before conference, and Mr
Pallav Khandhar , one of my seniors at work came to receive me from airport , many thanks to him, else would have had a though time reaching the venu.
At the registration desk we met Don Bailey, he was presenting the next day on War Texting: Weaponizing Machine to Machine Systems. Later in the evening met Nikhil @nikhil_mitt another garage member, he was conducting a workshop on Teensy . We went out for dinner and had some interesting discussions.
Day 1:
Things started off for me at 7.30 clock, got up early than my nature permits , so that I could do the registration. After being in the queue for a while I got done with the procedures and got my,
Black Hat Speaker Badge .
Talks started with
WHITFIELD DIFFIE Keynote. He had a very interesting talk on how the entire security hacking industry evolved. After his talk I get to meet him and had a nice chit chat.
The technical talks for the day started with Don Baileys talk and
Sreeraj Shas talk in parallel . Since that I din't wann to miss the talk from "Lord of Machines" nor from the "Lord or WebApps" , I went running from one Hall to another and attended both the talks.
People started flowing in and Nikhil was the one who introduced me to many people, even though I knew many of them , I never remembered there real name, I had this thing for online Handles, that those were the only names I remembered. So when I was introduced to some famous Ninjas , I din't really knew I was meeting so and so "1337god" or "B1nary Hex" or what ever. Many thanks to Nikhil for helping me get familiar with things and great advises.
The next day I had an Interview with
Javed Maik on behalf of Infosec Isalnd
Black Hat Europe 2012 - Rahul Sasi interview on Vimeo .
BlackHat Europe event are small, cute and convenient , so it was easy to sit ,dine, have b33r [juice] with lot of people.We had two parties at Blackhat venu, one hosted by Ioactive, another by Isight Partners. Few good men I was excited to meet were
SUMIT SIDDHARTH
www.notsosecure.com,
Peter Van Eeckhoutte (aka corelancoder)
, Shree Raj Sha.
Chan Lee Yee
Xavier Mertens (aka @xme)
Alexey Sintsov
David Litchfield
TOM FORBES
Guillaume Lovet + Zhenhua Liu
Krister Hedfors
Owasp Greece Team,
Codenomicon Team
Me with c0relancoder [Peter van]
After my talk ,
Felix 'FX' Lindner
caught me on the way and gave few good feedbacks and improvement suggestion, and explained what they were able to achieve in the past.
Currently I am in the process of making a check list and an Audit standard for IVR Pentest| and PCI Audits. Since as of now there is no proces oriented documentation available for IVRs.
We are also waiting to release a detailed paper explaining the Architecture | Code | and Attacks on the same, but it might take a lil longer, as we are planning to deal responsibly to the current situation, so that no existing infrastructure is harmed.
You can view few attack Videos from here
Internal Attacks vai IVR systems [ Security Vulnerabilities in IVR Applications] - Blogs - Garage4hackers Forum.
Any way Blackhat Was a good experience and after the conference I stayed back in Amsterdam for a month working form our EU office and had some fun time.
Cheers.