Day 4 @ DEFCON 26

Last day of Defcon!

Today was the last day of Defcon and we focused mainly on visiting “villages”. These are smaller and more intimate talks where you are able to get a bit closer to the presenters.

Here are our top pics of the day:

One of the first Village talks was about stalking and specifically on Twitter. The presenter showed how to stalk “indirectly” by following the followers of the stalker victim. By doing this you get all the updates, check ins and tags automatically without interacting directly. Social media is public by default and following people are usually unrestrictive making the stalking really easy.

Shortly after we attended a talk regarding social media phishing and how automated tools can be used to collect all pictures and information for specific people. “Social mapper” is a open source tool and searches for target accounts in LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.

The tool is intended for ethical hacking in penetration testing and red teams/blue teams.

Image from iOS.jpg

Android has been known for returning malicious apps, and it seems that is for a good reason. The “Man in the disk” talk showed how easy it is to create a malicoius Android app by exploiting the write to external storage function. The malicious apps can detect whenever the phone writes to external storage. Then the app can replace the data with whatever you want as there are no write protection to the storage. This external storage is used to share files between applications or between a PC. Needless to say, inputting malicious data here could be extremely damaging.

 

The day ended with Defcon closing ceremony where among others the CTF winners was announced. The conference keeps growing with another all time high attendance of about 25 000 (not confirmed).

We have thoroughly enjoyed this week and are already looking forward to next years event. They will move the conference to Bally’s to make the sessions a bit closer to each other. This years talks where split between the Flamingo and Caesars Palace making it difficult to reach each session as it was a 15 minute walk between the hotels.

See you next year at bally’s!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: