Thursday, February 11, 2010

The Goan NullCon Hangover

Just back from NullCon 2010 which happened in Goa. Can’t say which was better the conference or the beaches. It was a very relaxed affair with plenty of familiar faces. My talk was on Imposter, the idea was to explain how it works and what its various features are and also announce the public release of the tool. But my talk had to be cut short because the Gears database stealing attack didn’t work onstage. Not wanting to miss out this part I decided to go backstage and fix the bug and then continue my talk later in the day. Turned out that some insignificant change that I made in code before the talk broke the Gears stealing feature, never expected that. Got it fixed in about 15 minutes but unfortunately I could not continue with my talk, the other talks were already running late and there was no slot available. I was disappointed but hey, atleast I announced the release of the tool. Coming to the other talks, there was a very interesting talk from Veysel Ozer, it was on how the update feature of softwares can be comprised by an attacker. I had read about this attack in the past but it was really interesting to see it in action. He has discovered vulnerabilities in the update feature of different software and has extended karmetasploit with exploits to attack these vulnerable software. Interestingly he also spoke about instances where he was not successful in compromising the update feature and explained why. I met him backstage, showed him a demo of Imposter and explained how the attack modules from Imposter can fit in to Karmetasploit and how his update attack can fit in to Imposter. He liked the idea, so we exchanged code. Hopefully he will find time to build this in to Karmetasploit, that must be pretty cool. Until then Imposter remains the best browser phishing tool ;)