At Shakacon 2009 in sunny hawaii, i released iKAT v2.0, - The Interactive Kiosk Attack Tool ,v2!. Now with support for Linux, Firefox based Kiosks and more Windows tricks. Hope you enjoy it.
I also made my first attempt at reporting on the event through the Risky.Biz security podcast! Was a great chance to ask some of the other speakers a few more tricky questions,
If you have never been to hawaii you should really go to Shakacon, great confrence, very nice atmosphere and some very solid presnetations.
I will be speaking at the FST Media Internet Banking confrence in Sydney and Melbourne in late March. My talk is on "Gaining value From Penetration Testing", a slightly more buisness focused talk, compared to my usual 'shell-popping-madness' talks. If any .AU hackers want to catch up, drop me a line.
Bugs, bugs, more bloody bugs. Multiple Flash CS3 and MX2004 heap overflows in malformed SWF files. Multiple vulnearbilities were discovered which ONLY effect the Flash authoring products from Adobe, NOT the Flash player. The player seems to use a completly diffrent memory allocation routine, compared to Flash authoring applications. You can find the offical advisory here and the Adobe advisory here.
My talk from Kiwicon 08 ("The Paul Craig Omnibus") was been pod-casted by Patrick Gray at RiskyBuisness, you can download the entire talk here. The talk includes the Moth trojan release (well worth hearing), and my adventures of stealing information for botnets for fun (not profit).For those of you who didnt venture to Kiwicon '08, i would highly suggest it for next years con, Kiwicon is by far one of the best security confrences in the world..
Plus we got sheep.
I will be speaking at Hack.Lu (OCT 22-24) and Hack In The Box Malay (OCT 27-28th). My talk is on Hacking Internet Kiosks, and demonstrating my tool iKAT (Interactive Kiosk Attack Tool) in action.
If i am in your part of the world, i highly reccomend you pop by, say hi and watch the show. Otherwise checkout iKAT under the projects section.
The Moth trojan is a POC trojan which is implements WMI event consumers as a unique method of malicious code deployment. The trojan itself is a party trick, and uses the Microsoft Text To Speech API to verbally abuse you as you try and find it. The trojan is a real gimmic and is not a serious peice of malicious code, but a demonstration of a new method of hiding code inside native Windows functionality.
The Moth was offically released at Kiwicon 08 (what a party..).
For more information check the projects page!
At Defcon 16 i offically released iKAT - The Interactive Kiosk Attack Tool. iKAT was designed to hack Kiosks in a fast and easy manor, and it works! I released the tool, along with a lengthy talk on Kiosk security and was astounded by the response. iKAT was capable of poping shell anywhere in Las Vegas in less than 10 seconds. Needless to say iKAT saw alot of action at Defcon, as you can see from the photo on the right (The Kiosk at the Riverra, see the shell?).
iKAT should (obviously) only be used by security consultants, security professionals or by people who have authorisation.