![DEF CON 22 [Materials] Speeches from the Hacker Convention. - Zoz - Don't Fuck It Up!](https://www.defcon.org/images/podcast/defcon-22-logo.avif){kind=logo}
Zoz - Don't Fuck It Up!
12/14/14 • -1 min
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Zoz/DEFCON-22-Zoz-Dont-Fuck-It-Up-UPDATED.pdf
Don't Fuck It Up!
Zoz ROBOTICS ENGINEER
Online antics used to be all about the lulz; now they're all about the pervasive surveillance. Whether you're the director of a TLA just trying to make a booty call or an internet entrepreneur struggling to make your marketplace transactions as smooth as silk, getting up to any kind of mischief involving electronic communications now increasingly means going up against a nation-state adversary. And if even the people who most should know better keep fucking it up, what does that mean for the rest of us? What do the revelations about massive government eavesdropping and data ingestion mean for people who feel they have a right if not a duty to occasionally be disobedient?
It's time for a rant. Analyzing what is currently known or speculated about the state of online spying through the prism of some spectacular fuckups, this talk offers an amusing introduction to how you can maximize your chances of enduring your freedom while not fucking it up. Learn how not to fuck up covering your tracks on the internet, using burner phones, collaborating with other dissidents and more. If you have anything to hide, and all of us do, pay attention and Don't. Fuck. It. Up!
Zoz is a robotics engineer, prankster and general sneaky bastard. He has been pretty successful at pulling some cool subversive shit and not fucking it up and getting caught. He once faked a crop circle for the Discovery Channel and it was all uphill from there.
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Zoz/DEFCON-22-Zoz-Dont-Fuck-It-Up-UPDATED.pdf
Don't Fuck It Up!
Zoz ROBOTICS ENGINEER
Online antics used to be all about the lulz; now they're all about the pervasive surveillance. Whether you're the director of a TLA just trying to make a booty call or an internet entrepreneur struggling to make your marketplace transactions as smooth as silk, getting up to any kind of mischief involving electronic communications now increasingly means going up against a nation-state adversary. And if even the people who most should know better keep fucking it up, what does that mean for the rest of us? What do the revelations about massive government eavesdropping and data ingestion mean for people who feel they have a right if not a duty to occasionally be disobedient?
It's time for a rant. Analyzing what is currently known or speculated about the state of online spying through the prism of some spectacular fuckups, this talk offers an amusing introduction to how you can maximize your chances of enduring your freedom while not fucking it up. Learn how not to fuck up covering your tracks on the internet, using burner phones, collaborating with other dissidents and more. If you have anything to hide, and all of us do, pay attention and Don't. Fuck. It. Up!
Zoz is a robotics engineer, prankster and general sneaky bastard. He has been pretty successful at pulling some cool subversive shit and not fucking it up and getting caught. He once faked a crop circle for the Discovery Channel and it was all uphill from there.
Previous Episode
Zoltán Balázs - Bypass firewalls, application white lists, secure remote desktops under 20 seconds
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Balazs/DEFCON-22-Zoltan-Balazs-Bypass-firewalls-application-whitelists-in-20-seconds-UPDATED.pdf
Bypass firewalls, application white lists, secure remote desktops under 20 seconds
Zoltán Balázs CHIEF TECHNOLOGY OFFICER AT MRG EFFITAS
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Zoltan (@zh4ck) is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing.
Before MRG Effitas, he worked for 5 years in the financial industry as an IT Security expert, and for 2 years as a senior IT security consultant at one of the Big Four companies. His main expertise areas are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie browser tool, consisting of POC malicious browser extensions for Firefox, Chrome and Safari. He has been invited to present at information security conferences worldwide including Hacker Halted USA, OHM, Hacktivity, Ethical Hacking, Defcamp.
He is a proud member of the gula.sh team, 2nd runner up at global Cyberlympics 2012 hacking competition.
Next Episode
Brent White - Corporate Espionage - Gathering Actionable Intelligence Via Covert Operations
Brent White - Corporate Espionage - Gathering Actionable Intelligence Via Covert Operations
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/def-con-22-materials-speeches-from-the-hacker-convention-58084/zoz-dont-fuck-it-up-3014288"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to zoz - don't fuck it up! on goodpods" style="width: 225px" /> </a>
Copy