Black Hat Workshop Survival Guide, Day Two (as related by Travis Carelock)
Travis here - can you tell I'm exhausted? Happy, but exhausted. Black Hat 2012 wraps tomorrow, so now we're in the final sprint. Tomorrow will bring our final four workshops, some of which have greater prerequisites (laptops, preinstalled environments) than others (clothing, bladder control, basic chair mastery). So, if you're headed to a workshop tomorrow, read on to find out what they'll expect you to show up with.
Lessons of Binary Analysis with Christien Rioux
Static binary analysis, C++ language element transformation - complicated stuff. Mr. Rioux plans to start his workshop with a high-level overview of how machines analyze code for security flaws, but that'll just be the start of your journey into the gritty details of the modeling process. Luckily, you won't need to bring much with you. Just be sure to have your sensory organs and brain in good working order (possibly challenging after a whole week of Black Hat 2012).
The Dark Art of iOS Application Hacking with Jonathan Zdziarski
When it comes to your most important info, are you ready to trust that iPhone app? Jonathan Zdziarski will show you how iOS apps are infected, logic checks are bypassed, and data is compromised. By hooking into apple's foundation classes and replacing various methods with malicious code, he'll demonstrate how to steal credentials from PayPal, Chase, and CapitalOne apps running on the device, without targeting any of them directly. Just bring a laptop, and if you like, a jailbroken iDevice.
Ruby for Pentesters: The Workshop with Cory Scott, Michael Tracy, & Timur Duehr
Having the right tool for a job is essential, so being able to create your own tools, as needed, is priceless. Scott, Tracy, and Duehr will show you how to rapidly prototype solutions for real-world problems by harnessing the power and flexibility of Ruby. At the beginning of the workshop the trio will distribute USB flash drives preloaded with the virtual test environment. Just be sure to bring:
- your laptop, installed with...
- an SSH client
- VMware (optional)
Mobile Network Forensics Workshop with Eric Fulton
Fact: Your phone leaks data to the world. So, what can you uncover from mobile network traffic? Fulton will show you how to dig through real-life Android packet captures to uncover the tender vittles within. Then you'll be primed to participate in a little forensics competition he's got planned for the second half. Everyone will get complimentary USB drives and DVDs with a virtual machine and all necessary tools. So, just bring:
- a laptop with at least 2GB of RAM and a DVD drive
- VMWare Workstation or Player, preinstalled and licensed
(evaluation licenses are available from
VMWare's site)
Or, if you'd like to use your own system rather than the virtual machine, make sure it has:
- Linux (Preferably Ubuntu or Backtrack5 r2)
- Wireshark, compiled with GnuTLS
- Tshark
- Bless (Or favorite hex editor)
Good? Good. Enjoy the workshops, and maybe I'll see you later, kicking back by the pool. (Just kidding, I'm not allowed in the sun.)