Day one of SEC-T is over and done with with mixed feelings.
First of all I want to say that I think the organisation surrounding the conference is good so far. It’s quite obvious that this is the first SEC-T ever and there’s a lot to improve for the coming years but I’m still very satisfied with how the day turned out.
The speaker list for day 1didn’t lok that exciting to me at first glance and after the first session I wasn’t impressed. It was about VMWare’s VMSafe component which is used to make Virtual Machines more secure. All in all it was a topic that didn’t really intrest me and it somewhat felt like a sell pitch. I guess the lack of interest on the topic was the real downer for me on this one though. Oded Horovitz talked very fast but at least it seemed like he knew what he was going on about.
The next speaker, Mikko Hyppönen from F-Secure, was on Organized Online Crime. Again I wasn’t expecting much but it turned out I should have. This was a really intresting talk which focused on how hackers work and how they make their money. Ofcourse Mikko talked a lot about what F-Secure do and how they fight “the enemy” but even with the product pitch this was a very intresting and rewarding talk that really uncovered a lot of new information to me. Good job!
After lunch it was time for Bosse Norgren from the Swedish IT Crime Lab. His talk focused on how the police work and what they look for during IT-Forensics. This was very intresting as he went into details about Live Forensics (on site) and what precautions they have to take at all time to ensure that they don’t compromise the evidence. You almost felt like applying for a job when he was done
Next it was time for a real sales pitch from Outpost24 delivered by Robert E. Lee & Jack C. Louis. Surprisingly enough it was interesting. They started out by talking a bit about the TCP/IP protocol. Basically the good old stuff you learned in school but a nice re-cap of what has been and what still is. After this introduction it was time for them to show their application Sockstress. Unfortunately they couldn’t disclose any technical details about it but they ran two demos and it was quite amazing.
Exploiting a vulnerability they showed us how they brought down port 80 on a web server (or actually the presentation laptop) in a matter of seconds. A typical Denial of Service attack. The next demo was even better. The started playing music on the very same laptop and then started Sockstress. After about two minutes the music wouldn’t play the way it was supposed to. It was slowed down, the CPU was at 100% etc. They then stopped sockstress but the machine never came back. It kept misbehaving even though the attack was over. What was really interesting was that both these attacks only sent 4 packages each second to the server machine. That’s nothing and could be done on a 56k modem. Scary but cool
The fainl talk of the day came from Svante Nygren, KBM (KrisBeredskapsMyndigheten). He worked with Information Security. The talk could have been very interesting but only about 15 minutes of the hour really was. There was a bit too much about KBM and not enough about IS. He did talk about the incident in Estonia last year and the similar incident in Georgia last month and that was interesting.
Time for day 2 now. Currently listening to Torbjörn Pettersson who is talking about root-kits on MAC OSX.Good stuff but I’ll get back on that topic tomorrow.