Bishop Fox Does Vegas: 2014 Style

By Bishop Fox

140801-blog-post-vegas

Each summer, the most innovative minds in the infosec industry gather in Las Vegas to discuss new findings, research, and tools. They appear at conferences like Black Hat USA and Security B-Sides Las Vegas. What transpires at these events often makes headlines and stays in people’s minds long after the summer has ended.

Bishop Fox has sent some of its best and brightest to present at these conferences. Partner Fran Brown gave a landmark talk on RFID hacking in 2013, “RFID Hacking: Live Free or RFID Hard.” The talk was one of the most buzzed-about Bishop Fox events at last year’s show.

2014 will be no different for Bishop Fox. In fact, it might be our most memorable year in Vegas yet.

Let’s Do the ... Untwister?

“Untwisting the Mersenne Twister: How I Killed the PRNG”

It all starts at Security B-Sides on Tuesday, Aug. 5 at 3 pm. Bishop Fox Senior Security Associate Joe DeMesy and Senior Security Analyst Dan Petro discuss “Untwisting the Mersenne Twister: How I Killed the PRNG.”

Their presentation focuses on how “random number generators” usually aren’t as random as people think. Pentesters have understood this concept for decades, but Joe and Dan are the first to transform the idea into a tangible penetration testing tool.

Where?: Tuscany Suites & Casino

Hey, Bot, Get Off of My Cloud!

“CloudBots: Harvesting Crypto Coins Like a Botnet Farmer”

The first Bishop Fox Black Hat briefing is on Wednesday, Aug. 6 at 11:45 am presented by Senior Security Associates Rob Ragan and Oscar Salazar. They’ll speak about the dangers of anti-anti-automation in their presentation, “CloudBots: Harvesting Crypto Coins Like a Botnet Farmer.”

“Online services should consider insufficient anti-automation a high-risk threat to their bottom line,” said Ragan.

Where?: Level 3 Rooms; South Seas E @ Mandalay Bay Convention Center

Never Gonna Give You Up, Never Gonna Let You Down

“Rickrolling Your Neighbors With Google Chromecast”

Dan Petro’s Rickmote Controller makes an appearance at the Black Hat USA 2014’s Tools Arsenal. The tool previously was the subject of a Hope X presentation in July 2014.

The Rickmote has enjoyed some viral notoriety; it’s even been the focus of a Wired article. Rick Astley has yet to comment on the device; however, we’ll keep waiting.

You can see the Rickmote in action on Aug. 6 at 12:45 pm. The presentation is called “Rickrolling Your Neighbors With Google Chromecast.”

Where?: Breakers JK @ Mandalay Bay Convention Center

Note: The Rickmote will also be the subject of an Arsenal Turbo Talk on Aug. 6 at 10:15 am.

With My Little Eye

“iSPY”

In addition to B-Sides, Joe DeMesy will be at the Tools Arsenal presenting his toolkit for advanced iOS hacking, reversing, and debugging, “iSPY.” His presentation will start on Aug. 7 at 12:45 pm.

iSPY includes a “reverse sandbox” for running iOS apps on jail-broken devices. As well, it also has features that can easily provide data, making reporting (somewhat) less painless.

Where?: Breakers JK @ Mandalay Bay Convention Center

Return of the RFID

“Oops, I RFIDED It Again”

Fran Brown has another RFID hacking talk up his sleeve for 2014. At the Tools Arsenal on Aug. 6, Fran will present “Oops, I RFIDED It Again” at 3:30 pm.

RFID chips are in numerous everyday items: credit cards, public transit passes, enhanced driver’s licenses. The potential for stealing and using RFID information is huge, and Fran’s presentation will be full of new — and free — RFID hacking tools for penetration testers, some of which will be made using Raspberry Pis and 3D printing.

Where?: Breakers JK @ Mandalay Bay Convention Center

Everybody Talks

“The Future of Responsible Disclosure”

Bishop Fox Partner Vinnie Liu is participating in the Dark Reading-sponsored “The Future of Responsible Disclosure” at 2:15 pm on Thursday, Aug. 7. The panel examines ethics in today’s fast-paced world of bug bounties, vulnerability marketplaces, and government acquisitions.

If you have the chance, stop by and listen. It’ll be one of the most relevant events at Black Hat this year.

Where: Mandalay Bay K @ Mandalay Bay Convention Center

Viva Las Vegas!

There are no shortage of Bishop Fox-related Vegas events for 2014. If you’re attending Black Hat, B-Sides or both, check out one — or more — of the presentations, talks or panel discussions we’re involved in. From Rick Astley to random number generation, there is something to satisfy nearly every infosec palate.

 

Note: The Bishop Fox team will be in Vegas throughout the week. We’re hiring for several positions including project management, assessment & penetration testing, and enterprise security. If you’d like to chat with us about career opportunities, you can keep tabs on our Vegas whereabouts via Twitter.