Chaos Communication Congress 25c3

The 25th Chaos Communication Congress is over and again has been a great success. About 5.000 people gathered in the Congress Center in the heart of Berlin. As usual, the event was a great mixture of lectures and workshops; serious and funny things around “hacking”. [25c3 wiki]

Down near the “Lounge” was the Hackcenter with its different projects. Here you could build your own quadrocopter [info] , extend your IXUS camera with additional features like adjustable shutter speed [info], have fun with microcontrollers [info] or relax while playing a round of 3d-pong in the blinkenarea. A complete list of all projects held at the 25c3 can be found here.

Dan Kaminsky‘s talk about DNS was very interesting, although there was nothing really new. Basically it was a summary with the most relevant information around the DNS bug which was published this year.

Jacob Appelbaum not only had his lecture about the Cold Boot Attacks [info] , but with Alexander Sotirov and his crew he also held the famous talk about creating a malicious root CA based on a MD5 collision attack. [S21sec blog] [slides] [info]

Thorsten Holz spoke about their attempt to analyze banking malware and find the related C&C servers in an automated way. Among other things they improved and extended – a binary analyzer like – being able to simulate user interaction in order to behave like a human and e.g. enter credentials into sensitive web sites. They also managed to find and identify lots of “Dropzones” – including full access to some of them. With statistic information about the gathered data of the last seven months he finished this very interesting talk. [slides] [info]

Felix Lindner aka FX had a very interesting speech about a new generation of Cisco exploits. His attempt was to find a generic and version independent way of exploiting Cisco routers. [slides]

These have only been some of my personal favorites, you can find an overview of all the talks at the following links. Some, but not all the slides and videos are published yet. If audio is enough for you, there you’ll find a few more. [talks] [slides] [videos]

Lets see if the coming 26c3 congress will again be placed in Berlin’s Congress Center since it was quite overcrowded and hard to get into some of the lectures.

Finally here you have some random and related links: [flickr] [youtube] [Dan Kaminsky’s Pics]

Clemens Kurtenbach
S21sec e-crime

Deja un comentario