• My Euro Trip 1: BlackHat Europe Experiences.




    I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures .


    I was in Europe twice this year , in March for BlackHat Presenting on IVR Security: Internal Network Attack via Phone Lines. And in May for HITB presenting on "CXML VXML Auditing" . Both the events were fun and met lot of Hacker Ninjas, and that boomed my confidence a lot. Proud thing is, I was the youngest speaker at both the Cons . So now many months since these conferences have ended and I finally got some time, I have managed to write up my thoughts on them.

    Current bad news is I got selected for BlackHat US arsenal as well for presenting on my Php GDFuzzer , but my Visa got rejected , thanks to US Embassy . Any way back to BlackHat Europe.

    BlackHat [EU] :


    I boarded a Delta flight to Amsterdam[Schipol], and landed exhausted and upset, and swore never to fly with Delta Airlines again.

    BlackHat was a three day event. The conference venu was at the heart of the city , one of the leading hotels in Amsterdam [GRAND KRASNAPOLSKY HOTEL] . I arrived a day before conference, and Mr Pallav Khandhar , one of my seniors at work came to receive me from airport , many thanks to him, else would have had a though time reaching the venu.

    At the registration desk we met Don Bailey, he was presenting the next day on War Texting: Weaponizing Machine to Machine Systems. Later in the evening met Nikhil @nikhil_mitt another garage member, he was conducting a workshop on Teensy . We went out for dinner and had some interesting discussions.


    Day 1:
    Things started off for me at 7.30 clock, got up early than my nature permits , so that I could do the registration. After being in the queue for a while I got done with the procedures and got my, Black Hat Speaker Badge .

    Talks started with WHITFIELD DIFFIE Keynote. He had a very interesting talk on how the entire security hacking industry evolved. After his talk I get to meet him and had a nice chit chat.

    The technical talks for the day started with Don Baileys talk and Sreeraj Shas talk in parallel . Since that I din't wann to miss the talk from "Lord of Machines" nor from the "Lord or WebApps" , I went running from one Hall to another and attended both the talks.

    People started flowing in and Nikhil was the one who introduced me to many people, even though I knew many of them , I never remembered there real name, I had this thing for online Handles, that those were the only names I remembered. So when I was introduced to some famous Ninjas , I din't really knew I was meeting so and so "1337god" or "B1nary Hex" or what ever. Many thanks to Nikhil for helping me get familiar with things and great advises.

    The next day I had an Interview with Javed Maik on behalf of Infosec Isalnd Black Hat Europe 2012 - Rahul Sasi interview on Vimeo .

    BlackHat Europe event are small, cute and convenient , so it was easy to sit ,dine, have b33r [juice] with lot of people.We had two parties at Blackhat venu, one hosted by Ioactive, another by Isight Partners. Few good men I was excited to meet were SUMIT SIDDHARTH
    www.notsosecure.com, Peter Van Eeckhoutte (aka corelancoder)
    , Shree Raj Sha.

    Chan Lee Yee
    Xavier Mertens (aka @xme)

    Alexey Sintsov


    David Litchfield
    TOM FORBES
    Guillaume Lovet + Zhenhua Liu
    Krister Hedfors
    Owasp Greece Team,
    Codenomicon Team

    Me with c0relancoder [Peter van]



    After my talk , Felix 'FX' Lindner
    caught me on the way and gave few good feedbacks and improvement suggestion, and explained what they were able to achieve in the past.


    Currently I am in the process of making a check list and an Audit standard for IVR Pentest| and PCI Audits. Since as of now there is no proces oriented documentation available for IVRs.

    We are also waiting to release a detailed paper explaining the Architecture | Code | and Attacks on the same, but it might take a lil longer, as we are planning to deal responsibly to the current situation, so that no existing infrastructure is harmed.

    You can view few attack Videos from here Internal Attacks vai IVR systems [ Security Vulnerabilities in IVR Applications] - Blogs - Garage4hackers Forum.


    Any way Blackhat Was a good experience and after the conference I stayed back in Amsterdam for a month working form our EU office and had some fun time.



    Cheers.
    This article was originally published in blog: My Euro Trip 1: BlackHat Europe Experiences. started by fb1h2s
  • G4H Facebook

  • G4H Twitter