Once again, Predatech’s technical team made the trip to DEF CON 32! DEF CON is the world’s largest annual gathering of hackers, researchers and security professionals, and this year it was hosted at the Las Vegas Convention Centre. Participants attend to share their knowledge and get hands on with the latest technologies and tools.
From physical security bypasses and emerging web application testing techniques to Bluetooth exploitation and car hacking; there were plenty of workshops and activities to get involved with this year.
In this blog, we round-up some of the team’s highlights from DEF CON 32.
The DEF CON 32 entry badge
Demo Labs
The Demo Labs contained some of the hottest industry tools such as Docker Exploitation Framework, Faction and Volatile Vault.
Docker Exploitation Framework is an open-source cross-platform framework that can be used as a post exploitation aid tool for compromised container environments such as Docker and Kubernetes. It helps to identify vulnerabilities, conduct container breakouts and escalate privileges. What’s great about the tool is that it streamlines a lot of actions that would otherwise need to be conducted manually or using multiple tools.
Faction is a security assessment tool that assists with report writing and work allocation. During the Demo Lab, we were given further insights into how this tool can be used to improve the team’s capability and streamline the overall reporting process.
The Docker Exploitation Framework team demonstrating the tool
Volatile Vault, one of my favourites from the Demo Labs, is a data exfiltration tool designed to evade Data Execution Prevention (DEP) detection. The tool encrypts data on the client-side and sends it to multiple endpoints to minimise the chance of detection. It also leverages various protocols, including HTTP over QUIC, to enhance its stealth.
Talks
With over 4 stages and a range of villages, there are several talks happening at once during DEF CON. Some of the talks and workshops we attended covered the latest attack surface mapping tools and techniques, web application account takeover and privilege escalation methods, and smuggling SQL injection queries at the protocol’s binary level.
Jason Haddix is a renowned bug bounty expert and his talk covered his methodology on how to map out an organisation’s attack surface and the tools that can be used to boost efficiency during the open-source intelligence gathering and vulnerability identification. Listening to his thought process and approach to web application testing and targeting large systems provided valuable insights into advanced techniques for identifying vulnerabilities and effectively navigating security environments.
Jason Haddix explaining his methodology
Paul Gerste’s presentation on smuggling SQL injection queries at the protocol’s binary level was also insightful. He demonstrated how vulnerabilities in certain database libraries can be leveraged by sending exceptionally large strings – up to 4GB or more – that trigger message size overflows. This overflow condition can then be exploited to craft and execute malicious SQL queries. It will be interesting to see how this research develops and whether payloads will be possible with smaller string sizes.
Paul Gerste’s talk ‘SQL Injection Isn’t Dead’
Villages
DEF CON is known for its villages; parts of the conference where you can get hands on tools and techniques in that field.
The physical security village demonstrated how a physical penetration tester can bypass specific locks and doors without triggering an alarm. Although some methods can be challenging, the simplicity of the tools and techniques used is often surprising, and it was good to see the newer members of the Predatech team getting involved and successfully managing some of these bypasses.
Several team members also attended a workshop at the Red Team Village focused on developing effective custom phishlets in Evilginx which allow the red team to spoof the look and functionality of a website. As a tool that we use frequently on red teaming engagements, it was great to take away some additional tips and techniques to bolster our phishing strategies.
Part of the AIxCC Event
At the AI Village, we got involved with workshops that took us through the enumeration and exploitation of vulnerabilities within large language models and generative AI tools.
The expert-led workshops allowed us to get hands on with cutting-edge tools and techniques being used in the field against emerging AI technologies which we have started to see appear in our testing engagements.
Personal Favourites
The Predatech team at DEF CON 32
Jason: “I enjoyed getting hands on with latest testing techniques in the AI village’s large language model workshop. It was great to further understand the potential security flaws arising in emerging technologies.”
Sean: “I personally got a lot out of the Demo Labs. Having the opportunity to speak with the developers of tools we may use going forward was invaluable.”
Nick: “I think the most fun I had was networking while participating in the villages and being able to share knowledge with likeminded people.”
Ross: “What I enjoyed about DEF CON was the diversity of the villages, with people sharing their knowledge across many different areas of security from blue teaming, red teaming and more. My favourite talk at DEF CON was on RFID Hacking from Iceman!”
Chris: “For me, it was definitely learning and meeting people who have influenced my career so far such as Jason Haddix, Ben Sadeghipour and John Hammond. They were all incredibly friendly, helpful and eager to share their knowledge with others.”
Predatech is a cyber security consultancy that offers a range of services including CREST accredited penetration testing, Cyber Essentials/Cyber Essentials Plus assessments and ISO 27001 consultancy. What makes us different? We combine expert cyber security with great customer service and value for money. If you’d like to better understand your security posture, and how to strengthen it from attacks, please contact us for a free consultation.