Nationally-know security researchers and white-hat hackers came to the
Ameristar conference center outside of St. Louis this week as part of the first
“TakeDownCon” conference, organized by computer security firm
Parameter Security along with Hacker U and EC-Council.org. I attended part of the first of
a two day event, along with about 200 others from around the region.
EC-Council and Hacker U both offer a large selection of security courses.
The conference included a keynote from Charlie Miller, who now works
for Twitter in their security department, talking about what he did to
hack near field communications (NFC) on two different smartphones.
Miller, who lives in the St. Louis area, has been known for his
exploits of the Mac OS and iOS and was probably the most engaging
speaker of the day. He showed us that hacking is a lot of preparation
and understanding the entire NFC protocol stack and how a phone
interacts with the radio tags and signals. The exploit also
demonstrated that even for a communications method that has relatively
low bandwidth of just a few hundred kilobits, it is possible to find a
way to control a phone’s Web browser by focusing on the interactions
of this protocol with the rest of the phone’s software.
Another presentation was from a very young Georgia Weidman who now has
her own firm Bulb Security. She was working for Neohaphsis but decided
to leave when she recently won a DARPA grant to build a new hacking
tool that she calls SPF for Smartphone Pentest Framework. This allows you to exploit smartphones that have been jailbroken by downloading special hacking code without the
phone owner’s knowledge, showing how a Bring Your Own Device policy
can backfire without proper controls.
Salvador Grec from NoVA Infosec spoke about the process he goes
through to analyze malware and presented dozens of different tools
that he uses to understand how malware operates to infect and take
over computer networks.
TakeDownCon was a solid collection of content and speakers and well
attended. You might want to put it on your calendar for next year.