Ah.....the week before an eruption of chaos in the desert. Not that having all of your favorite black t-shirts picked out isn't exciting enough, I figured now is as good a time as ever to stir up a little pre-Vegas excitement - Caitlin style.
For those of you familiar with Core Security, be it as a prospect, customer, or just as a security enthusiast, you may, or may not be aware of our CoreLabs research team. Led by Ariel Waissbein, CoreLabs is literally our central research hub. Expertise only exists when diversity is present, which is why they continue to delve into several critical areas of security, including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Aside from the regularly published security advisories, technical papers, project information, and open source tools for the entire infosec community to take advantage of, sometimes (like right now), you may have the chance to compete in one of their extreme challenges. This past ShmooCon a member of CoreLabs ventured up from (as John Strand would say) our "Mysterious Argentinean office" to unleash the Coretex competition. Unfortunately, he only witnessed what we Americans are far too familiar with, laziness. I mean, I get it, I really do - not everyone enjoys putting their skills to the test at a con, but, we have prizes...sweet, sweet prizes! If the mini-bug and hidden camera detectors we offered up at ShmooCon were not your cup of tea, this Coretex challenge offers an Openmoko phone to the first and second prize winners at both BlackHat and DEFCON! Winning!
Alex said it best in his pre-Shmoo blog, but basically the contest is played using specially crafted scanning software that we will have loaded on a central machine at each con. Every contestant will receive paper data matrix templates containing various clues toward scoring points (here’s an interactive version of the template). You’ll need to complete the matrices, attempting to use, and – um – overuse, the scanner functionality. In addition, you'll be able to audit portions of the scan software to try and execute certain functions, as well as exploiting bugs. To learn more (or to sign up!), go to this link right now.....I triple dog dare you!
Moving on, (but still maintaining the excitement), I want to take a minute for us all to appreciate the hard work, numerous Red Bull's, and determination it took for Matt "Boss Level" Bergin to drop a steamy pile of FTP heap overflow into the world before the holidays, quite possibly creating the most memorable holiday feast for those on the Microsoft SRT team that winter. This year, however, Matt's exploit (CVE-2010-3972), was nominated for a Pwnie Award. (Winning!) In the end it doesn't matter if he wins or loses, the fact that he is 22, blissfully employed, happily married to a beautiful biological anthropologist, and nominated for a Pwnie is quite the achievement....and something he, and all of us here at Core are very proud of. The world can expect great things from Boss Level....after all, isn't that what we all strive to reach anyway?
Following the theme of my oddly-timed holiday excitement, I'd like to paint a picture for you. A picture of warm feelings, presents, eggnog, giving, and Festivus poles. Now, I'd like you to keep all those things in mind, only this time, I want you to add the image of a plethora of prisoners running around all of those warm feelings, presents, eggnog, giving, and yes….even the Festivus poles. Maximum security, minimum security....any kind of prisoner will do! Picture a world where one Bad Santa could make all the wishes of freedom come true for those behind bars with the proverbial "flip of a switch". What if, over the years of Bad Santa scheming it up, he was being shady and surveying the very prisons and jails that confine these holiday wishes of freedom, ultimately leading to his discovery that all of these prisons and jails are using PLC ridden SCADA systems to open and close all the doors!?!?!
Bad Santa would know that he could easily get his mittens on publically available exploits, or write his own if necessary, combine that with the flaws he found in not only the electronic systems, but the numerous points of entry from a physical security front, and literally flip the switches to "open" or "lock" any, or all cell doors and gates in that facility. HO! HO! HO!
Scared? Well, "SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas" will be presented at DEFCON 19, August 7th at 5:00 pm (Track 4) by none other than Teague Newman, Tiffany Rad, and John Strauchs. In the meantime, check out the paper here. Don't let vulnerable SCADA systems with custom PLCs ruin your holiday season!
I feel like that just about wraps up my pre-Vegas blog. Really though, what else could I say that could be more interesting than those 3 topics?
So, until you spot me at BlackHat, BSides, DEFCON, or a training near you.....keep fighting the good fight!
Stay safe! Stay secure! PEN TEST!