Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Defcon 16 reflections - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Defcon 16 reflections

As promised I thought I would send up a post about Defcon, since it's fresh on alot of our minds.

Despite what people think, this is still a good con.  Still breakthrough talks happening, still "zero" days coming out.  Thousands of Thousands of people there. 

The Goons did a great job keeping everything flowing and organized.  (Although, could have ordered more badges on day 1?)  Even though the hotel posted guards around the ATMs, the Nevada Gaming Commission and some Cops were investigating a Horse Race Betting Machine (could have been totally legit, I didn't ask, I don't want to know.  It was just funny and coincidental), and various other interesting tidbits.

There were alot of interesting talks, obviously I couldn't attend them all, but from the ones that I heard were very interesting (BTW -- I am going to link to the presentations that I can, Click through AT YOUR OWN RISK :

Kaminsky -- Although I heard that there was basically nothing new posted, (I wasn't there, I was on a plane), it was interesting to hear him present about the vuln.

BGP Hack -- I did hear that this WAS the most interesting talk.  From what I heard/read, the guys that were presenting were able to successfully demonstrate how they changed the BGP routing at Defcon and sent everything through a box in New York, only to come back to Vegas.  Apparently they did this live.  Nice.

Snort plugin development -- Of personal interest to me, I sat in on this talk about Snort dynamic-preprocessor and rule development. 

(From an anonymous reader, i didn't see this one, nor hear about it.) -- The Medical Identity Theft talk at DC16 had an unannounced software release...  They wrote a tool to decrypt LWAPP packets and output a regular pcap file showing the unencrypted wireless client traffic.

Fyodor's Talk on Nmap -- Funny, excellent, interesting!

As always, the Capture the Flag contests were great and interesting.  Spot the fed was funny (as always), as were several of the other contests:

Sit through 30 hours of vendor presentations without sleeping to split US10k.

Automate a pellet/paintball gun to shoot targets.

Guitar Hero 3 (Holy cow, the guys that play this on Expert are CRAZY fast!)

The Freakshow party (as most the parties I went to were) on Saturday was awesome.  Props go to Sunshine and whomever was on her side for planning that one!  Great conference everyone.


-- Joel Esler


454 Posts
Aug 12th 2008
Is the tool you mentioned for LWAPP packets available to the public? Also, LWAPP packets have two forms: control traffic and data traffic. The control traffic is encrypted while the user data traffic is not encrypted, simply tunneled to the wireless controller with an additional header. I would assume this tool only strips the LWAPP header so that software such as Wireshark can interpret the packet correctly.


1 Posts
The links to Fyodor's talk is for Defcon 13 in 2005.

93 Posts

Sign Up for Free or Log In to start participating in the conversation!