The Grugq (Independent Network Security Researcher)
Presentation Title: Meta Anti Forensics : The HASH Hacking Harness
Presentation Details:
For the last decade buffer overflows and memory corruption exploits have been the main focus of hacking tool development. The actual hacking environment has received little attention. Indeed, most hackers still hack directly within a vanilla shell, using their tools straight off the command line. No public tools have emerged to change the methodologies of the command line hacker.
This talk presents a new penetration testing assistance tool to bridge the gap between vanilla command line hacking and graphical exploit environments such as Impact and CANVAS. At its simplest this new tool provides programmatic control to normal shell interactions. Utilising this powerful building block, based on Python and incorporating Expect-like functionality, this tool enables numberous new capabilities for today’s systems security analyst. Several bundled modules exist, including:
* Anti forensic trace-free remote execution of scripts and binaries
* Inline safe file transfer (no more uuencode + cat!)
* Aliases for common post-login commands (e.g. ‘unset HISTFILE’)
* Sanity checks for $PATH and $LD_PRELOAD
The basic functionality is impressive in itself, and it can be easily extended via the plugin system.
About The Grugq
The Grugq is a domain expert consultant on VoIP security, digital forensic analysis and reverse engineering. The Grugq has spent 7 years working with all aspects of information security, from penetration testing to solutions and product development. The Grugq�s career has seen him working for financials, security consulting companies, start-ups and, most recently, founding his own information security company.
The Grugq�s information security expertise ranges from penetration testing and source code auditting, through to rootkit technologies and advanced digital forensic analysis and investigation. Since 2001 the Grugq has been involved in active Voice over IP security research, recently completing successful audits for major European and Asian telcos.
The Grugq�s domain expertise in VoIP security has seen him present at conferences, release advisories and complete assessments for national European and major Asian telcos. Additionally, he has developed strategic whitepapers for enterprise VoIP deployments. Based on his experiences with numerous audits, the Grugq has developed a VoIP security assessment tool suite to facilitate more accurate, effective and rapid VoIP centric penetration testing.