Personal tools

Eth0:2015 winter talks

From Eth0Wiki

Revision as of 21:58, 24 February 2015 by FooBar (talk | contribs)
Jump to: navigation, search


Add Your Talk

14:30 - 15:30 - (Practical) Escapism for the Modern Rogue.

This will be an on-hands workshop, detailing several methods of escaping from commonly used restraints. The workshop will mostly focus on bypassing flaws or features and exploiting weaknesses in the used restraint or material.

There will be a short introduction and demonstration, then the floor is open for practical application... on you! Practice while supplies last. This workshop is bound to keep you on the edge of your seat, figuratively or otherwise.

15:30 - 16:30 - Building the led-ball

Brainsmoke will tell us what he did do build his awesome led ball, capable of animations, high-framerates and intense brightness. What problems he found during development, and what tools (both at the hackerspace, and in china) he used to get the physical parts ready for "production".

16:30 - 17:30 - Making money with just one webpage

Juerd will explain how his one website makes him a decent part of his income (No recording of this talk, for privacy reasons)

17:30 - 20:00 - Noms

Elmer will provide

20:00 - 20:45 - Buildlog - Frack lasercutter

Fugu and failbaitr will tell you what they did to build the Frack lasercutter. What do you need to pay attention to, what software options do you have, and what issues still remain. (Cancelled)

20:45 - 21:10 - Radio spectrum analysis

A short demonstration on using a radio spectrum analysis tools. (Cancelled)

Add Your Talk (sunday)

14:00 - 15:00 - NetBSD Security Advisory 2013-008: tcpdrop networking security vulnerability explained

In August 2013, I held a talk at OHM2013 presenting and publicly disclosing a security vulnerability bug within the NetBSD operating system's kernel authorization framework ("kauth").

The bug was trivially easy to exploit, had been in NetBSD for over 3.5 years, and allowed local attackers to hijack a host's networking facilities. It got fixed by NetBSD at the start of the talk, committing a patch I provided as part of my earlier disclosure to NetBSD.

Exploit scenarios included completely owning a host by denying all remote service to all users (including root), locking out specific users of the host, and exercising more fine-grained filtering power, resembling a host based firewall. The talk included a video demonstrating some of these exploitations, as well as inner details about the bug and the kauth framework in general.

A famous blog covered the talk. Also, in the months following the talk, quite some people within the German hacker scene expressed their personal interest in the talk to me. Unfortunately, the recording of the talk turned out not to have succeeded.

The above, combined with the bug being as peculiar as it is, led to the idea of redoing the talk at another conference, preferably (but not necessarily) in Germany. A talk proposal or two got rejected though, and with that, redoing the talk more or less became a long term personal wish as well -- after a year and a half now getting fulfilled at eth0.

This talk will be in English.

A video recording will be made by eth0. The speaker kindly requests the audience not to make any additional recordings or pictures of the talk without asking consent beforehand.

External links:

OHM2013 talk: https://program.ohm2013.org/event/252.html

NetBSD Security Advisory 2013-008 (note: contains talk spoiler details): http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-008.txt.asc

Sander Bos is a long term Unix and free software specialist, contributor to free software and related community projects, and occasional speaker at international software and computer security conferences. Sander's main focus points in the computing field include Unix and GNU/Linux system administration, free software, Internet technology, and overall computer security.

15:00-16:00 - Entering the vodafone modem

Failbaitr will explain how he and a friend entered the vodafone modems administrative backend. (Cancelled)

Your talk