 So, how many people have been to the Defcon Comedy Jam before? Any repeat customers? All right! How many of you are sober? The rest of you did not learn anything. If you're sober and you're in this panel, you're doing it wrong. Fail number one for the day. So this is an interesting year. We've had a couple of unusual failures. First of all, normally David Mortman is the person who is our emcee for the event. He coordinated this. He was the speaker proctor for all of Black Hat and apparently he's still home in Ohio because, or I think he's in Boulder right now because his boss would not let him come. So this is now rebranded the David Mortman Memorial Fail Panel. So am I to understand that the fail in that was that he lives in Ohio? Oh, that poor boy is going to be crying that he missed this one or something. So we don't have David, which means we don't have any preparatory slides. We don't have any introductory slides. None of us have talked to each other about what we're going to do here today yet. We're going to figure it out as we go. I know at least my presentation, including a live demo, was coded yesterday in the speaker's room. I can't speak for anybody. You just did yours, right? Like this week? Yeah, on the airplane. On the airplane. David? I did mine about an hour and a half ago. Jamie? Airplane. Yeah. So we have no idea if anything we're going to do is going to work, and yeah. So that's it. But we're going to drink heavily, and I really suggest you do the same. So just have your friend reserve your seat. It'll be cool. Nobody else will take it. Coming up here, we have our chef on the left, Christopher Hoff, with his assistant. Are you going by Jack Daniels today? Whatever. Okay. With his assistant, Jack Daniels. It's Jack Daniels beard. I hope you're making Jesus or Osama. Fresh gourmet waffles, and you guys will be doing things to obtain said waffles. Yeah. And we'll be doing taking donations for the EFF in exchange for waffles as well, and the waffle irons, which we will autograph after the panel. Next to them is David Maynard. I'm just telling them your name. Oh, no, not me. Yeah. No, I'm not here. James Arlen, Larry Pesci, myself, Rich Mogel. I don't know why Martin McKay is standing there. He said something about being our beer bitch, and he wants to be closer to our beer. Well, we're going to have a little bit of something later, which is a preview for what Martin and I are doing later today. So, and if you guys in the audience want beer and we don't know you, an ID. That's all right. Fuck you. And if it gets to the point where you, we don't know you and we're about to hand you a beer, we probably should look in an ID so we don't go to jail because I don't like it. I have a nice ass. I'm a little pretty. And I'm not the biggest guy. They're there and they like the little white boys with red hair and blue eyes and everything else. It's just not again. So with that, Mr. Big Bad Larry Pesci from thepaul.com security broad. And I don't know actually how he makes money. Fail number two. Don't fall. Careful. Careful. Hold on a second. Can I just ask for a request here? Yeah. What am I doing? I'm going to interview with Greg Evans that's going to be played. Could we go ahead and get that out of the way? I want to hear that. There may be an interview with Gregory Evans. Is Gregory Evans here? He's been tweeting that he's here. Somebody told me. Is he in the room? We have an honest to goodness for real interview. Parts of which will be played a little bit later. Let me break this down for you. If Gregory Evans is here, I'll give you a hundred dollars if somebody can get a picture of him. It's spot Gregory Evans. No. No, this is us talking about fail. This panel isn't about us failing. You know what? You got me there. All right. So let's get this started. So my role every year that I've come to the fail panel, I've talked about failures for someone else's stuff. This year I didn't have a lot of fail and it literally fell into my lap at the last minute. It fell into my lap about last week. I knew what I wanted to talk about. It was a matter of finding time to write the slides. And it wasn't fail about somebody else's stuff. It was fail about me. So we're going to have some hopefully humor at my expense today. Woo-hoo! If you can't laugh at yourself, who can you laugh at? So welcome to my presentation for the DEF CON Comedy Jam 4, a new hope for the fail whale. Okay. Entitled, is it hot in here or is it just me? Okay. So for those of you who don't know me, I'm a senior security consultant with NWN Corporation's star team, the co-host of Paul.com Security Weekly and an author with Singers Publishing. I do all sorts of fun stuff, wireless, ZigBee, hardware hacking. I'm a firm believer in if the fact that if you bought it, you own it, you take it apart. Make it do something else. Yeah. Let's make it better. So my co-host on the podcast, Paul hates me. He often buys a device. And when I show up at his house Thursday to record the podcast, he's like, dude, check this out and hands me some sort of blinky light thing. And the Leatherman immediately comes out, he turns around, and he turns back around and it's in pieces on the desk. And it's usually met with, dude, I haven't even gotten that out of the box yet, or you just avoided the warranty and I've never turned it on. Okay. So I had two great tastes that taste great together, and not marijuana and kids peeing off of carts. I shouldn't show this to my three-year-old because you know what will happen. So the two great tastes that taste great together, I love wireless and I love embedded stuff. So I find these Wi-Fi thermostats from Filtreet, they're touchscreen, they're Wi-Fi or ZigBee, they also make the plug-in use-nap modules for ZigBee. They're web programmable. You can get an interface through the Filtreet website and reprogram your thermostat while you're on vacation through the Internet. This will never go wrong, will it? Never. And yeah, there's an app for that. You can get an app for your iPhone so you can change the thermostat while you're not at home over a 3G edge, whichever. That won't go wrong, will it? No. No. So fail number one. Start of project price when I picked up the first one, $110. Today's price, $74.91 from Home Depot.com. So I spent $110 for something eight months ago and now it's a lot cheaper. So great, I've got this now device with the use-nap module, I get it hooked up and yes those are fire engines in front of my house. That was not in fact the fail. This is the fail. So truth be told it was all planned. We're actually demoed the house to build a new one and we actually donated the house to the fire department to come do training exercises in. So all right, worked for effect, right? I really can hook up wires from time to time without burning the house down. Okay, so all right, I've got this deal. Now I've got to get the hell out of my house, salvage a whole bunch of parts, move and well, yeah, reset the stuff all back up again and well now we have a new house and got to do it all over again. So fail number two, burn the candle at both ends and well why don't you just burn it in the middle too? I just had way too much on my plate. Work a day job, move in with your mom at 36-year-old, 36-year-old with your wife, three-year-old daughter and eight cats and leave in two rooms for four months. So you live with your mom. What's that? So you live with your mom. Not anymore, but I did. No, it wasn't in the basement. How about yes? We have eight cats. She has two. So would it be accurate to say you took the pussy to your mom's house? And I couldn't stop stroking it. Was she watching? Sometimes she helped. Did she have shots? Every Friday night? Nice. Okay, so I've got the device, we set it back up on a piece of plywood at my mom's house in the basement with the cats and rubbed my pussy or something. So all right, let's go do some device analysis. Let's gather some public info, get some documentation, set up the iPhone app so I can control it and turn the thing on and say, do you want to update? Yeah? Of course I do. I want to take the latest software they've got and want to make sure I'm evaluating the latest and the greatest. I am so screwed. So fail number three, I should learn, nobody updates this stuff. We have a hard time getting folks to update their computers, let alone their embedded devices. So the updates from filtrate actually remove some of the features that I wanted to use that were in the documentation. So this is the absolute failure of Star Wars toys that didn't work out so well. It's Uncle Lars and Aunt Brew, the charred edition. It's a pile of burnt arms and legs. So the first hack of this device was really easy. Yay, a well-documented API. Thanks. And of course they give all of the programming examples in C and I hate C. So fail number four is give a good hacker an object that will work. Is that because you're live with your mom? Yeah. Yeah, it does. So give a good hacker something that doesn't involve programming. They tell you how to use the API with curl. Oh my God. Why? I like how this is going. Okay, so what can I find out with the API? Well thanks for documenting all the depreciated features that might have some interesting stuff that, well, I don't have on a thing that I can test. So how about that? We can get the wireless network key off the device via API with curl or with a web browser without authentication. Nice. So let's see what we get. If I have terminal, whip out curl and point at my thermostat that was newly upgraded and guess what? It doesn't work. Yeah, guess what features they depreciated in the version I upgraded to. Okay, so this is going to get really uncomfortable. Oh no. Are you serious? Wait, wait, I didn't see it. Why are you so interested in it? Ready? Okay, Darren, where are you? Oh, come on up. Show everybody your boner. Come get a beer. Free beer. Come on. If you show your boner on the screen you get to get a beer. Not you, Mike. You don't drink beer. So wait, by doing this are you admitting that you did in fact have a boner? That's not like a phone or something? It's the jeans. Where can I get me a pair of jeans like that? Oh, ain't you cute. Okay, so are we all awake now? Okay. I can do this all day. Okay. All right, so now what? I've got a device that I can't do shit with because all the stuff I wanted to get, those API, using the API to get some wireless keys off the devices, doesn't work. So what do I do? Go buy two new ones to put in the new house, right? All right. Now I'm out $330. Okay. So fail number six. Guess what came from the store with the firmware already upgraded. Yep. And let's add fail number seven to that. Guess who spent four hours in a house in March without heat? Hooking these fucking things up. Damn! That's got to stink. That's because all pimps live on Coruscant and only little girls live on Alderaan. Nice. Nice. By the way, there was also no electricity in the house. So I had to put the power converter in the basement, hook them all up, and well run 400 feet of extension cords to our barn that was on a separate meter. Yeah. Fail. Okay. Fail number eight. You're 3,800 miles away when your wife moves in and says, how the fuck do I use this thing? I'm not really sure who the fail is for that because well, I'm safely 3,800 miles away. If men stop bullshitting women, it'd be the end of all of us. So fail number nine. Oh, and you know what? I forgot to add the picture. So I have a picture of my wife standing in the hallway next to the thermostat doing to me. So what's that? Fail 8a. Fail 8a, sure. Yes, fail 8a for getting to add the picture. So fail number nine, having to wait for three days so I can take the picture of my wife giving me the finger. You know, the excuses I got, can we do it tomorrow? Can I have a shower first? Can I do my hair? I'm busy. Let's go have sex instead. That one works. All right. Yeah. All right. So I've got these devices that I can't do shit with, right? So let's go see if I can find one. Yeah, maybe not so much. Show Dan certainly can. So everybody, this is Isabella. This is Isabella's first def con. She didn't actually know I was going to do this. I just thought you should all say hi, Isabella. This is everybody. Everybody, this is Isabella. Thank you. Yes, yes it is. Oh, no, that did not just happen. They're going to get ugly. Wait, wait, going to get ugly? Oh, you just as cute as a box of kittens, aren't you? All right, so show Dan can certainly find these devices for me because I've got one. I can figure out what the headers are for the HTTP session. So now I can search for this stuff. Great. Yay, 10 results. It's not very many. So how many of them work? Turns out of the 10, Bob can connect to two. One of them not very reliably, but one of them like a freaking boss all day long, right? Tor, who heard of it? You know, just go connect there, right? Okay, so guess who doesn't update? The same dude that connects the Wi-Fi thermostat directly to the internet. Yeah, winning. Okay, so now we can get his wireless network key, right? Okay, I just wanted to put tentacle porn in here, that's all. It was seriously just an excuse to put tentacle porn in. Last year you guys got pterodactyl porn. This year tentacle porn, okay? So now we can get the wireless network key via the API or via web browser. So how do we make sure it's a key that works? Okay, well let's just make that thermostat connect to the same network it's already connected to, right? Okay, search wiggle, see if we can find out where it is because the network is named Mark Lark. It's pretty unique, okay? It doesn't show up on wiggle, unfortunately. Okay, the key looks like it's in hex. Who's brave and hungry? Waffles! Waffles are a lie. Okay. Yes. Alright, so the key looks like hex. No problem, we can use that. So great, scan connect, paste the key, and well, hmm, fail number 10. Setting up a wireless network device on these deals requires you to read numbers off the front of the LCD panel to confirm. I have no freaking idea where this thing is, let alone see the numbers on the front panel. Guess what, I just knocked off the internet. So let's see if I can find some more, right? So let's go fire up a couple of Amazon web instances and break out Nmap, and well, turns out fail number 11 is scanning the entire internet looking for specific HTTP headers is really effing hard. So, what, three days ago, Michael Sutter spoke at Black Hat about his new bruise tool, Bruise Scanner, looking specifically for embedded devices for something like this. So yay for someone coding a tool that I didn't have time to write. Yay! Of course, not in time for this talk, so maybe that's fail 11a. Okay. Okay. Alright, so great. I'm kind of dead in the water, so let's change some directions. Let's go analyze the firmware directly. Right? Okay, so you gotta get a copy of the firmware so we can do some analysis to it. We can't get it from the Filtrete website, but we can capture it off the wire, right? Let's go initiate it down, an upgrade, and capture it with Wireshark and then dump the binary out and start looking at it, right? So then once we have it, we can start looking for strings, we can mount the file system, so forth and so on. We did, I did something very similar to an Insignia Blu-ray player that I got for Christmas and find out that they violate the GPL. Yeah. And aren't responding to any of my requests. Okay, so fail zero, okay. Yeah, go to Best Buy, yeah, go Best Buy. So fail number 12, hey dumbass, guess what doesn't need upgrades. Yeah, so you click on the button and it doesn't do anything, so there's no firmware for me to capture. Okay, so how about I just extract it from the device instead? Okay, let's pop it open, connect all of our stuff up, and see if we can pull it from the flash chips, right? Okay, start it open, figure out what chips we've got. Um, problem is, guess where all of my electronics tools are. You see that box way back there? Yeah, no, you can't see it because it's buried under all that crap. Uh-huh. And no, not this one. Oh, well maybe this one, and started digging through storage and trying to find the stuff, and this is last week. Okay, okay. Alright, so fine. Let's go for something else. There's another, right? Sister. Let's see what we can find out for undocumented API features on the web server. They're all IP address forward slash filename and or directory. Return something. Okay, so let's, Jack, go ahead. We are trying to make some money here. That is without a doubt the most promised idea ever. Alright, so we've all got filename or directory structure for the web server. So let's out, bust out a wasp dirbuster and see if we can find something that's not documented. So, fail number 13. Um, even throttled as much as possible, dirbuster topples over the device. In about 10 seconds. Uh, one thread, one request per second, that's the absolute lowest limit I could make dirbuster do. Takes the device out. Fail. Yeah, so inaccurate results are good as no results. So, how many fails can I have for one simple project? Yeah. Really? Yeah, those were the droids I was looking for. Okay. Good. Next time, find the tech writer and buy him a beer. That's not a bad idea. Alright. Alright. I'm almost done. Um, so yeah, sometimes this stuff turns into a load of crap. It isn't much fun getting frustrated and having to take steps back and spending lots of money and find out you can't do shit. Um, and yeah, sometimes life just gets in the way of doing fun things. Um, but I got a new house out of the deal. So, cool. And a nice big mortgage payment to go along with it. And you got to have sex in your mom's bed. Wow. To make matters worse, not only was it mom's bed, mom's bed used to belong to grandma. Oh. At least mom wasn't in it, but grandma was. It's probably best if we don't just do things when we're nearly. Okay. So yeah, I still want to pursue this one, but I want to do more fail, make this thing work. Um, I've got to get the firmware, so stay tuned. I just have to wait for them to come up with a new release so I can actually upgrade the damn thing and capture it. Um, I want to get a copy, or I get ahold of one of the ZigBee uh, use-nap modules and see if there's anything that we can do there. Um, one of the other things that's documented in the API and the documentation is called yeah, nothing could possibly go wrong with UPNP, right? No. So let's figure that out. So, fail number 14. I've got nothing but fail on this whole project and it ended up falling in my lap and I actually was very disturbed that I didn't think I was going to have anything to talk about. So, alright. I hope you at least enjoyed my fail and uh, have some waffles and uh, Chris is over there whacking his batter right now. You got good, you got good wrist action there, buddy. What do you do? What do you do in your spare time? Ha ha ha. Alright, so I am in fact all out of fail. This is how you can get ahold of me. Cool. No, no nude pictures. Why is it that most nudists are people you don't want to see naked? What he said. Actually, Martin, we were hoping for no nude pictures. We were just going to get you naked. Do you have a display court? Money to the EFF to get Martin naked. This only has Thunderbolt. No, Thunderbolt will work. I mean, it just stays over there. Oh, will it? Yeah. Money to the EFF to get Rich Mogul naked. Get me what? Money to the EFF to get Rich Mogul naked. Ha ha ha. You can keep trying when you were in here. Actually, I may be the only person in history you have dropped his pants at DEF CON and the RSA Security Conference on stage at both. Yeah. Six more though, maybe. Ha ha ha. Seriously, do you want to throw those at us? You do see those two boxes in the corner? There's 750 of these balls on stage. And if you throw them at us, those boxes will stay more closed than my high school girlfriend's legs. So we're going to save them for later. We are going to save them for later because quite honestly, we don't want beer in our laptops. Don't worry. You know what, I have a plastic cover. Let's break out of balls and do this. My laptop condom will be fine. Nice. Nice. All right. Who's up? Riches. So we're going to get to the next session in just a moment. First I need to bring somebody up, Josh Abraham. Otherwise known as Jabra. He's been in my section before. He has to leave to go somewhere else. But the story we'll get to is he is my fucking hero. So I showed up at DEF CON with nothing. Absolutely nothing for the panel this year. For reasons I'll go into later. I said, hey Josh, I have this cool idea for something. It's going to take me like a week or two or something else to program it. And he's like, no dude. Just tell me what to do. And yeah, you'll see it later. To speak any words on the fail panel. There's only a thousand people here. How's it going, DEF CON? Kind of sad I can't stay because this is pretty awesome. But yeah, I got to go do some wireless stuff. Richard, Rich has some cool stuff. You guys will love the demo. I'm sure he turned it into a lot of wind. Yeah, just hanging out. Thanks, like, I just had to do this because I would have absolutely nothing if it wasn't for Josh. I cannot do what he did as fast as he did. No way, shape, and form. So that was just awesome of him. He's the guy I talk right now. This is the only time during the show you're allowed to leave without being penalized. So. All right, so next, who's going next? Jamie? I guess. Mr. James Arlen, now in terms of fail, Jamie has done how many sessions is this up for you today? Plus running hacker pyramid, plus death, black hat, plus... Could I take a second real quick? I have a friend named Sean Hunt right here in a green shirt. And his doppelganger, he's literally standing right there. Could you come over here? This isn't often that you get to see this. Sean, could you come up here? Could you guys stand next to each other? Could you hug each other? Could somebody give a hand job to each other? Simon says, give a hand job to each other? No? All right. Well, I noticed this because I kept looking over there and I always wanted to see twins. There's a guy in line for waffles that looks just like Sean. I was like, well, you know what, this isn't itself as fail. Thank you. Maynard says he wants balls. About time. You know, Mortman sent me an email and said, hey, you want to be on the fail panel? And I said, why? I said Mortman. Oh, my God. Why? There you go. One of my all-time favorite pictures doesn't he have the cutest, sweetest little face? How many times did you buy this waffle iron, Chris? You're not talking to us. I think Chris bought this waffle iron about four times. You know what? Of all the people I know in the world, you are definitely one of them. So give the EFF some fucking money already. Yes, please don't throw balls at me. I don't have really good dexterity anymore. He doesn't like balls flying in his face. This is not fooling about, by the way, peripheral nervous disease. I'm losing my hands. Quit hitting people with those things, Martin. Shit. You don't have to talk. He's all the entertainment. I'm employed. I want to stay employed. I'm going to talk smack about shit stuff like a boss. You've all seen this shit before. You know who I am. Don't throw a ball at me, man. There will be a quiz at the end. Game show host. Yeah. You can see me on this stage tonight. It's just sort of the way it is. Well, that wasn't Phil right there. This is worth two CPEs. Two. Because APTs, SCADA, stuff. You know, this might be a good segue moment. How many CISSPs do we have in the room? Are you serious? You're associating with Hacker. Are you serious? I'm going to screw your session up for a moment. Oh, now I can spot a Fed. Who said that? I am the Fed, David. Am I the Fed? Oh, am you the Fed? No. No, you're not. So we all know we all know that if you have a CISSP, they ask you, what is it? Do you consort? Do you associate with hackers? How many CISSPs in the room associate with hackers? All right. So give me one moment. Three strikes. No, I'm not going to take a picture. I'm going to show a picture. The thing is, I don't have my CISSP. I just retarded or something. Yeah, I couldn't pass the test or whatever. Determined that it was completely unnecessary for anything in the face of the planet. So let me pull up here. But I do have a picture here of a happy CISSP. Now the problem is, is I took this picture where? At DEF CON. What is DEF CON? It's a fucking hacker conference. Do you associate with hackers? Okay, so I am very much a law abiding citizen of the United States. That's not true. There's that thing with the goat. I believe she consented. She never said nay. So I found this poor CISSP running around around DEF CON. And as a law abiding citizen, somebody who believes in ethics, who believes in the oaths of office that we take or some of you took or something, I felt that it was my civic duty to remedy that situation. Me. And I have here the official CISSP certificate of that individual. So I need someone to go ahead and confirm this, Martin. Don't read the name, but anybody else want to come validate that this is an authentic CISSP certificate? Yeah, yeah. Ah, fuck you. This is a real deal. So what do you think we should do with it? BANA! So here's the thing. I used to be a firefighter so I know a little bit about certain regulations. So... SISPI WAFUL! What? So, um, we have officially rescinded a CISSP at DEF CON. It's a civic action. It's a protest. Now what are some of the other restrictions? Aren't you not supposed to can sort with, like, help people who aren't CISSP? Aren't you supposed to defend the profession? This is kind of lame. This is fucking pathetic, but it's the closest we can get to burning a CISSP. This is high-quality paper. No, seriously, look at this. It's like... Yeah, I could heat my house. All right. Okay, back to you, Jamie. So in the 11 seconds that I have left... It smells like security. Damn it, Rich pulled his iPhone. Shit. My brain is like all the time and you lucky bitches get to listen to it for a while. Guess what InfoSec does all the fucking time? We fail. I like to fail on my pants. InfoSec sucks to the point of incredible suck at not being able to talk about crazy simple shit. They just talk about it in a safe way. We'll talk about information handling. How many people are experts in information handling? I like to handle my information if you know what I mean. It's a corpus. Mainer is so sick. Information is toxic waste. Doesn't that make it all easy? You can just snuggle right up to that and say, I don't want toxic waste in my life. Classification... I'm actually trying to teach you guys and this is not the correct time. Keep it in your family. Don't tell kids. So basically we should live in West Virginia. You know... This one's your line, dude. The orange jumpsuit. I said, don't make fun of West Virginia. You have some hot fucking cousins. Works well the way he's dressed today. I'm just going to keep advancing slides while they yammer on about shit. Push the button, man. It's kind of painful, isn't it? It's kind of really... What are you, a fucking mime? These slides are like a story that tells itself, really. What type of solution should we offer? Martin. Martin McKay. Martin McKay. We're going to offer Martin McKay. Is it a solution? What's the problem? PCI. Everybody, let's bow our heads for a second for PCI. It's officially dead and everybody acknowledges including Martin, now that he's left Verizon. PCI does not work. Oh shit, it's what this is. Just give it a shot. I'm sure we'll get through this eventually. Should have gone into baseball. You know what? Hey, I need to be able to check Facebook at work. Jamie, we stop fucking with you. You can talk again. Oh, you stop fucking with me now? Okay. Do InfoSec right. Please. Can we start this? How about we make it the uncertification? Fuck it, we're just going to do it right for a change. Are those more balls? It comes with stickers. See me later. Everybody knows how to talk business? Yeah. Yeah. Everybody loves using all the effects they've gotten keynote. Is that the blink tag? Yes. It's the Apple version though. It softly blinks at you while it caresses you. The ten ways of the douchebag. Catastrophically true. Unrelentingly true. Verbing nouns? Yeah. Cyber douching? No, we're going to solution that. We're going to action that. You want to know how many meetings we had before this panel? Zero. That's why it's awesome. It's just this simple. A game invented by men chasing sheep around fields. The only addition that modern man has provided is they now use carts instead of walking. Spent time recently in a very large institution. No one needs that many fucking emails in one day about shit they don't care about. Requirements? What the fuck are requirements? Why should we use those things? Just build shit and hope it fits. The bike shed will be blue. How many people have ever said their performance assessment period that they're evaluating their options? To like a woman? No. To maybe a guy? No, more like I'm the only person in Infosec who hasn't changed jobs in the last month and a half. I'm a little bitter about that shit. That's the word for rather security. You're still in Infosec? Yeah. Barely though. Would you like to re-vector the build effort? No, I don't know what that means. How about the market forces? Is the market force a penis? No. The disclaimer I didn't include the last time I was standing up here yammering at you poor pathetic bastards. I'm not the reason why the Toronto Stock Exchange was reading a negative number for an hour and a half yesterday. I've heard this shit in a meeting and I'm getting really good at saying it. Paradigm shifting while opening the kimono net on solutioning the opportunity space for capitalization and really market trailing leads looking for leverage advantage post web 2.0. I don't know what that means. This gets you so much venture capital money you've got no idea. It worked on the go. Stop with the shit please. We need you to. Could we get like a anti-cyber deuchery certification? Basically it comes down to this. Those of you who've been around long enough to remember what cybering means see I met my wife on the internet back when that was still Jerry Springer story. She's right there. 1996 IRC I know what cybering means. Every time I see a multi-star general saying the word cyber all I can think about. Wait that's your kid too isn't it? My stepdaughter is in the crowd too. His stepdaughter and his wife are right there. His. Wow. So when you see four star generals talking about cybering each other. Don't throw him at Jamie please. We'll make it easy. Activism and risk taking. This is like the temporarily very very important that you bastards all listen to me. We're talking about taking real risks. Anybody recognize this guy? You fucking should. His name is Byron. He decided to do something that could be described most easily as being a little bit bat shit. A little while ago about a year and a bit we had this thing called the G20 G8 summit happening in Canada. They decided to hold the G20 summit in the middle of Toronto. Right smack in the middle of downtown. There's no good way to build walls around this stuff. I mean they held it at the same place that sector happens every year. There's no security going on there. So they spent 1.2 billion dollars trying to secure the downtown financial core of a major city. The funniest part is the guy who just yelled out it's hard to secure an igloo works downtown fucking Toronto. Max come get a moose head. Byron started pointing things out on the internet. He said you know what? This CCTV camera is pointed at a wall. I'm going to take a picture of it and post it on Twitter. This CCTV camera has its cables not run through the inside of the arm that it's hanging on but rather looped on the outside making them oh so what's the word I'm looking for? Vulnerable? Yeah. Pointed out places where there were gaps in the fence. These guys are fucking crazy. The most important thing is unfortunately he got nailed. They threw him in jail for 11 months without bail. Yeah. So anytime you think that just poking fun at the system or having some stuff in your house that's highly questionable like a disassembled potato gun in the basement of your parents cottage 500 miles away you're starting to understand that the situation is not all it seems to be. I am so screwed. Yes. In fact when Byron was arrested I actually thought of you and thought I'm glad you live in the land of the free and home of papers please. There's a publication ban on Byron's case. The trial is November 7th. The reason for the publication ban is actually kind of important. It was asked for by the defense because in Canada as much as the United States prosecution by the media happens all the fucking time. Ask any person who worked as a high school teacher who was accused of fooling about with a high school student. They don't get to be a teacher anymore. Fuck it if the accusation was completely false. There's a front page story about how they were playing with a student and several years later there's a minor retraction printed on page 87. Pay attention to this stuff because it's real. You can think that you're doing something that's just kind of comedic and you can end up in jail because the world's gotten a little fucking funny these days. You can help out. Guys, legal bills are over 100 grand to get through his bail hearing. Canadian? Yeah. That means it's 105,000 US dollars. You got no idea how much I'm loving this moment of superiority for like just two seconds. Currency jokes are funny. Do they take credit? This is just to get through bail. This is crazy shit. The government needs a scapegoat for why they spent $1.2 billion. The Toronto Waterborne Police Forces have one of those sound cannon things for doing crowd control. You think I'm kidding? Yeah. Sound control cannon mounted on a boat in Toronto Harbor because you know we needed one of those. We have two others in Toronto that we bought as part of the G20. You know, so you have three crowd control sound cannons in fucking Toronto. Three million people in Canada. Wow. There's a lot of money on the table but we need a lot more. Oh yeah. You saw the first slide about raising money for EFF so that Chris can hug the waffle iron. He's going to buy three more times. How come there's no one lining up for waffles? They're Guinness waffles. There is beer in the waffles. Of course that means you're giving us money and we're giving you alcohol which could probably lead us in jail. We have permits. Thank you. This is the shit we're talking about. I mean this is Canada, right? Apart from being able to blame us for everything that woes you. Canada's the tolerant place and we're throwing people in jail about bail hearings because we're kind of scared that they might understand how, you know, fences work. The reason, ultimately, that they picked them off came down to a papers please kind of moment. I'm old enough that I remember hiding under my desk during the air raid drills. Many of you are not. The Cold War was kind of really real when I was a kid and the biggest jokes in the world were papers please. You cannot pass. Kind of shit. You guys are living with that. Day in and fucking day out. And you're all apparently okay with it. And I don't understand. Well, if you're not, why the hell... Jump on stage and take a beer. Yeah, there we go. If you're critical of the powers that be, you're gonna get noticed. More than ever before, the surveillance society is here. You thought the Stasi had a lot of files. You gotta have a look at what your own government has these days. You are guilty until proven innocent. On so many other topics, you know, fuck what's in the Constitution. Here's yet another example. Remember that whole innocent until proven guilty? You know what? Pre-trial custody has fewer rights and privileges than post-trial custody. You get daylight for less than an hour. You're not allowed access to the library, the gym, the common areas. It's kind of... What's the word? Is it insane? And remember that hackers are scary. You're only one step away from being a scapegoat and vilified in the media. Because, you know, you understand how the internets work. And you know why you don't always need to turn it off and then back on again. And... Would this include the tubes? This is also, yes, with the tubes. All right. And it's crazy simple things like, how many people... who are female hackers and or male hackers who have a female that lives in a house with them? Which is about five of you. Does my mom count? Unfortunately, yes. How many of you do you think have peroxide and acetone in your bathrooms? That's a nail polish remover and your first aid kit. Guess what? That's bomb-making materials. Yeah, that's Mr. Underwear Bonner. Why do you think we need the water? Well, see, the why you think you keep them, that's why they're going to throw you in fucking jail. They're going to line us all up and they're going to toss us out. I need to talk to all of you about this shit because it's important for a change. Just because you can doesn't mean you should. You lost your beer. We came up on stage and you stole a beer that wasn't open and now you lost your beer. And now you're fighting. These kids today, I'm telling you, it's like being hacker dad. Do a better job of presentation. I've sat through DEF CON presentations where people are reading, not even just reading their slides, they're reading off sheets of paper because they don't actually have their topic that well in hand. Tell the story for Christ's sake. Get a little bit of investment in you as speaker because you are a person, a true special snowflake too. I think because I just got the get the fuck off the stage signal, I'm going to go to get in the fuck off the stage directly with, hey, these are all the peeps I care about. Thanks. And you're back in here at 8 o'clock, right? I'm done. Thanks. So Jamie, what do you feel about and people this free Byron shit is real? So you definitely, even though we're down here in the states we're supposed to have freedom of speech as long as we don't fuck up. So before we go with our next session, this person has a actually history. So is Gregory D. Evans here? Really? Yeah. So we were offered the opportunity to do an interview. Martin and myself. Most of the interview is going to be played this afternoon when we do the, we have the network security podcast live with all the other podcasters here. Yeah, no. So let me go ahead and I'm going to give you a bit of a sampling and I honestly don't need to put it. Here we go. Chris, do you have actually the pictures? No. Okay. We were supposed to have a nice pretty power point slide here but somebody failed because he spent $450 so you could have fucking waffles. So you brought up a bunch of interesting issues and one of the things that I can't we're very interested in is what's your end game here? What's the overall goal? You've talked about a lot of the issues related to the security industry and the people that come into the industry as well as how security is perceived by just average folks over at Barnes & Noble. What's the end of the goal here? What do you personally hope to do with your involvement with the industry? Is it to build a successful business? Is it to go out there and actually help people become more secure? For you, what would be the end game? There's a couple things. One, I want to change the game because right now everybody out there has this idea in their head that Hollywood has put out there that all computer nerds, all computer hackers are some fat little kid with coke bottle glasses with the tape in the middle who is in his mom's basement playing on the computer, never got the girl, never got a picture of the basketball team, and that's not true. Computer hackers carry just as much power as anybody else in the world and can be just as dangerous as anybody else in the world. I recently did an article where I was speaking to someone Okay, I'm going to pause here. Who doesn't know who Gregory Evans is? Alright. It's a fair number of people. So this is somebody who wrote a book about how to become the world's number one hacker. He's involved in a number of lawsuits with various legitimate people within the security industry. Is that a head-to-head with attrition? And well Dave, what are some of the other things he's involved with that you're at least allowed to talk about without being subpoenaed? He registered the domain name for a, oh that's just not good right there, but he registered I can't believe that he was on my screen I feel dirty. He registered the domain for a lot of employees of my company because apparently he thinks that attrition.org slash errata and errata security are the same thing. So he literally registered domain names and Dave's name and other people's names for his company because he was a little confused about who I was what. So let's go back to the interview. One about how dangerous hackers are compared to El Qaeda. With El Qaeda, you know who your enemy is. You've got people in the field. They don't see them. They can see you. Wait, did he just say you can keep them in the fields? When it comes to computer hacking, there's no face. It's like the boogeyman. It's like there's no face. And you have to find out. You know a crime's been committed, but how do you catch it? So my whole end game is is to bring more light to light. Look, computer hacking is here. It's here to stay. And you guys, all you guys who went around and picked on those computer nerds in high school, they'll need guys to have power. So now, not just hackers, but just computer people, period. So, I want to turn around and change the whole game and bring more knowledge to everything that's happening out there in addition to that, make it more of almost like a lifestyle. When some of my friends were entertainers, such as Russell Simmons or even Puffy, P.D. or whatever you want to call them these days. He popped positive for a second. I like to point out that as a hacker, it's important that you hang out with Puffy. I only do my best hacking when Jessica Alba is in the room. Hanging out with celebrities. Is that what you call it? Yeah, no, it's exactly what I call it. On the fail panel, it's called turning batter, but back home it's called hacking. I only do my best work when a celebrity is in the room. Right, so I like to go around the room. I'll talk to Matt Damon and Ben Affleck because they're great writers and I like to ask them, what kind of payload should I be writing? Strangely, they're often having sex with each other, so the payload talk it gets a little weird. The best person, I'm not even joking, but the best person to help you with the payloads? Jerry Busey. We bring food to see. All you got crimes been committed, but how do you catch them? So my whole engagement is to bring more light to the light. Computer hacking is here. It's here to stay. All you guys who went around and picked on those computer nerds in high school, they'll need guys have power. So now, not just hackers, but just computer people, period. So I want to turn around and change the whole game and bring more knowledge to everything that's happening out there in addition to that, make it more of almost like a lifestyle. When some of my friends were entertainers, such as Russell Simmons or even Pussy, Pete Eddie or whatever you want to call them these days, when I'm sitting back and I'm talking to them years ago and they were coming out with the clothing line and they were sitting back telling me one time we were at a club and well, we were at dinner before we went to the club, I should say, and we were sitting back talking at the table and he was saying how hip-hop has become more of a lifestyle. The way people dress, the way people talk is more than people picking up a microphone and just rapping. You don't have to be a rapper to be part of hip-hop. Whereas in security, when it comes to computer hacking, it has become a lifestyle of its own. So the hacker community is a group of people and it's a close-knit community too. Spoken by a man who is not a deaf con but telling people he is. So it's a group of people but this is their life. This is their lifestyle. So and it's not going away. So when I'm doing an interview like 20 minutes ago, the Hollywood reporter, I'm on the phone with him and he's asking me about Sega and certain things or I'm doing entertainment tonight or I'm doing CNN and Fox News networks all within an hour of each other which is funny because they're both competing stations is because I'm trying to show the whole world that there's a lot of dangers out there that we don't think about and there's nobody out there to protect you. So that's my end game. Great, well we and that's the end of that. Alright, so Mr. Maynard Dave, you gonna talk? No, I'm still trying to imagine my Hollywood reporter. So when I do hacking, I like to wear a monocle, I got roller blades on some ski pants and I don't wear a shirt because my nipples are fucking awesome. So I just like to sit there and think about what Hollywood reporters are going to say to me. I imagine we go something like this. Yeah, we just lost video, we lost power up front, so. AB people. Did you kick the switch? It's on. It's coming back. It's coming back. That means he kicked the switch. So I imagine that any conversation with a Hollywood reporter about hacking would end with utter disgust when they look and see that he haven't moved in three days nor taking a shower and you don't have a Vindi bag. So I don't quite know why Hollywood reporters would talk about hacking. Any thoughts, anybody? Anybody? Bueller? This is the part where he wastes time until he can show his slides. I'd like to waste time by talking about something that's very near and dear to my heart. Let's make off talk, he's funny. Breast cancer. If you have a chance, please donate. Stop breast cancer, because I love boobs. Save second base? That is awesome. You're back. So last year and fail. I'm going to start this off. I kind of ruined it. It's kind of funny. I really don't have anything else to say about it. Pretty much just fail. Fail all around. Fail, fail, fail. Move on. If you remember one thing from this panel would be this picture and the word fail. So I'd like to sit, pontificate on this for a minute. I'm going to drink a beer and then I want you to all to say on the count of three, fail. All right, ready? Now this isn't hard. When I say three, you say fail. All right? One, two, three. He lives in the south. I live in the deep south. I got my boots on. I got a cowboy hat back in the room and I got a steer I done fucked earlier. Squeal like a democrat. We've gone sideways. So last year these fuckers tried to get me married off. How many people were here for the panel last year? Right? Does everybody remember me having to go to the bathroom in the middle of the panel? It's the only time I've ever done that in a presentation. That's mostly because Larry here had just said and do you know what? I am now an ordained minister in Nevada. I can marry you. His fiance was here. And usually you don't leave the stage to go to the bathroom during a presentation. You just go right there. Good waffle. So that wasn't cool and I love the fact that I misspelled wasn't. That's pretty awesome. Look, there was a girl in front of me earlier with a beard and she was like, you know what? Oh my God, I don't know what that is. It looks weird. Let's move on but remember the word thunderbolt. Let's move on. Now I invest in hookers and blow because this year at DEF CON I don't have a pretty redheaded fiance with me. And it's thanks to these assholes. So everybody let's clap for the guys who stopped me from getting late at DEF CON. Everybody. I wasn't on the panel last year just for the record. He was not. So when I say these guys, I mostly mean the two right here on the end. Rich could be your pretty little redhead. Rich could be my pretty little redhead. Hey Rich, Rich do you want to sit on my knee? Not again. That only works once. So now you're supposed to applause because I like hookers and blow, but you already did that. See you're smarter than me because I actually originally created this slide and was like, oh I have to use spell check now. That tag is illegal, it's not closed. I literally could not spell applause. Oh my God, what is that? I don't know why these things keep showing up in my presentation. That looks like Ida Pro. Are there any reverse engineering experts here? Is that Ida Pro? Is that what that is? Are we looking at an Apple Thunderbolt driver? Are we looking at an Apple Thunderbolt driver? Are we looking at something Apple? Yes, just going. Rich, Rich are we looking at something from Apple? Yes. Right, alright. I literally was driving on Sunday and saw that and thought I would put it in the presentation. People from the south. Dave, is this the new woman? No, actually it's funny you mentioned that. That's the new woman. As we can tell I don't have the same tan she does. I do have ten thong lines though. Thong lines. Dave, it's still hard for me to tell because the picture is mostly the bottom. You came to Defconn and you get the hot buttery nipples. Alright, who now wants to leak the butter off my nipples? But it's not butter. One of the few times in my life when I've actually felt sexier than everyone else on stage. Alright, there's error messages about fonts and Apple. I don't know what this is going on. What is going on here? Oh, did I get my beer back? Thank you. Alright, well aside from the fact I have a Halo ODST tattoo on my chest, let's move on. Oh my god, I have a program called Thundercock. Can anybody actually see me as the white too much? Am I being washed out here? That's Steve, the AV guy, fricking rocks. Alright, so basically do you know that there's been some speculation recently about whether DMA attacks would work on Apple Thunderbolt? Yeah, well they do, so there's no more speculation. I feel kind of weird now that I'm not wearing a shirt anymore. It was a great idea at the time. So the DVD will be available after this event. Now, the worst part of this is there's a dollar bill on my ass. Some poor waitress in Las Vegas is going to get tonight as a tip. So impossible. Impossible. I'll go ahead. You want me to give my ass dollar to the EFF? Okay, I'll give my ass dollar to the EFF. Hey, hey Jack. Jack, I have a dollar for you for the EFF. Mindy Fresh. What? Anybody else ever wonder where the ass based ATMs were? Turns out it's Dave's ass. What he won't tell you is there's $300 they're waiting for you. So, back to my plight of not getting laid and my fiance. I was just talking about that. She didn't actually dump me. I'm still engaged. But no thanks to these two assholes. Three assholes. No, she's actually not here because last year I had a shit scared out of her. Because believe it or not, I'm going to go into a little bit of a personal story here. I'm not the one that's holding up the wedding. So, she was actually scared she was going to have to wake up next to me every day for her life. Lord knows I'd be scared. Put it in his ear. Put it in his ear. We mean Mortman. We are in this club. I like yum. If you know what I mean. I also like Debian's app yet. I'm a fan of port for Mac OSX. And occasionally I like to have sex in alleys. I'm amused that this dude is dropping O-Day and we just want to take his fucking pants off. And that is the fail panel. Alright, who would pay me money to take my pants off? You can donate it to the EFF. See, this is why men make crappy lovers because after you've seen it you don't want anything to do with it anymore. Rich. Take your pants off, Rich. Come on, Rich. Can't follow that show. Hey, Rich. Rich. Take your pants off. Who knew that not- I got the moving on hat. Hey, Rich, you've done it before. Just do it again. That's no big deal. Just close your eyes. It'll be over in like two minutes. Okay. So I'm going to point out there was some discussion earlier in the week about how there were booth babes at the McAfee booth at Black Hat and that was wrong. And women didn't really like that. Let's take a poll, women. Did you like to see Rich in his underwear? Did you like to see me in my underwear? You, sir, have failed epically. I'm going to go home and get a fiery tonight that I took my pants off on stage and nobody liked it. True story. I once went to a gay club and no one hit on me. I felt bad about that. Now I've been in Vegas for a week and not a single prostitute has propositioned me. I'm starting to get a complex about this, guys. Better than the simplex. And on that note, we shall all get Martin to take off his pants. Yeah. Oh! Dude, have you seen him? Oh, shit, he's stealing it. All right, well, I don't know what to talk about anymore. I'll go to talk more. But at this point, I'm somewhat embarrassed that I'm sure there's going to be my business partner will be like, why are there pictures of you on the internet in your underwear? And you didn't bother to have a six-pack like a vampire teenager or something. You wear sparkly, though. I can't believe it's not butter. Well, on that note, is that it? I was going to talk more about it. That's what she said. Wait a minute, we got Thundercock and not Thundercock, and that's it? It's no problem. You know, at this point, we should see if we can get Christopher Hoff out of his pants. No? So I'm going to tell you all a true story about Christopher Hoff and myself. We were in Washington, D.C. And after we were... we served a sex toys from some senators. Oh, oh. Oh, we went to... we went to Pizza Hut and we got the buffet. And it was delicious. They had... they had thin crust pizza. They had regular hand-tossed. They had deep dish. The deep dish was deaf. So I'm going to say... Yeah, that was not a good... That was actually fucking awesome, right? I'm not going to talk about it. Yeah, so, um... Cloud! Who here has heard of the cloud? Don't believe it! Don't worry, there's only nine slides. Ran out of fingers. So, um... Alright, harvesting the cloud. So, okay, I've been spending a whole lot of time doing... Oh, wow, CISSP. Um... I've been spending a whole lot of time doing cloud security stuff lately. And just playing around with that. And the man actually was last week over in China teaching a cloud security course. So this is kind of interesting. So, you might be shocked. I don't really speak Chinese. There you go. Okay, we got some shock out of the crowd. I don't really speak Chinese. And so I went over there. I was like, oh no, there'll only be 15 people in the class. They all speak fluent English. Yeah, I got pwned by China. So, um... Go over and I'm in the classroom. Things are actually going okay. We go to the lecture, get to the legal regulatory part. I go, who's heard of PCI? Nobody. Who's heard of SAS 70? Nobody. We don't talk to the government. Oh, okay. So, um, well, we changed that section. Then we get to the part where we're all building our virtual instances and doing all this stuff and setting up all this security. And all of a sudden, nobody can SSH connect to their instances. And I'm getting pissed off and I'm blaming the local network. No, no, the web interface, everything else works fine. And then I thought for a moment, I'm in China. I have 25 students each spinning up multiple virtual machines. 50 virtual machines being created by China on Amazon all from the same IP address with 25 people trying to SSH in. And so I realized at that moment that I should go to my video backup slides. And I got to give Amazon credit where we were only knocked off for about 45 minutes. So that was pretty good. So how many people here know how like Amazon and that stuff works? Only a couple of people. So it's pretty straight forward. When you sign up and everything you go in, what you do is you launch your virtual machine or recall an instance when it's running on Amazon. And basically what that is is, um, literally normal virtual machine with all the sort of cloud stuff around it. And the process for doing that is pretty interesting. And so that's what this slide is for here. Uh, the, when you go to launch, so there's two things. There is an image which is like the stored version of the operating system you want to run. And then there's the instance which is your running virtual machine that's running in Amazon's environment. And this works for most infrastructure as a service. At least for what we call compute. So compute is when you're running systems and you're running a virtual machine or you're running an instance on Amazon, you know, you sign up, you type in and you say, I want to launch this instance, this image which could be Ubuntu, it could be Windows. It could be a totally preconfigured stack of whatever you want. Uh, there's a lot of different ways. You can actually take like the equivalent of a running server and sort of mark basically save it down into an image that other people can run. And that is stored in something called object storage, which is Amazon S3 even though you can't access it normally through the S3 interface. And so you take that, it's going to go ahead. Rich Rich Rich Rich Rich Rich Rich Can I jump in here for a minute? Yeah. This is boring. No, there's a penis later. Right, right. Could you talk, could you pretend that that it's something exciting? Like could you do this in like a a known voice? So, Jessica Alba and Dave Mainer Damon are the compute nodes. Yeah so anyway what happens is when you go to run something it basically pulls it out of storage figures out where to throw it throws it in runs it as a virtual machine and then it has what's known as this pulls out a volume from the storage post you get a volume. There's cool stuff you can do like snapshots and everything which is almost an instantaneous backup in that environment it's not quite instantaneous but that's the way it works and there's some cool things about how cloud is different because all this can be managed to API's instead of just a web interface. So when you go to use something like Amazon just a little bit of background before we get to like you know the exploit tool we're gonna show. You have things like access keys. Access keys are the way that you connect over the API if that API is REST or web base. You have host keys which is the SSH keys to get into your host. You have location zones we won't go into or network zones which is basically you get kind of these firewalling really basic like 1995 sort of firewalling capabilities. Now the cool thing is you can manage this all through API's. So you don't have to go into like a VMware user interface and like you know define I want this virtual machine to run in this place in this area or I want to change these firewall rules or anything along those lines. You can literally do everything with API calls we're gonna see what a bunch of those are. Things like EC2 dash run dash instance and then some info about how you would actually go ahead and run your instance. What did I do? A girl drinking a beer. Yeah we're at DEF CON that gets a woo. You know you're in Vegas you can see a lot of that for a price. A sweaty ass dollar. Yeah so when you use the API's you find out it's kind of interesting how this works because I fuck if I know. So there's API calls there's all sorts of different ways you can access these things and then oh no that was a girl coming up. Oh no that's good. Yeah I'm not gonna give you a beer but somebody else might. Yeah there's an X. There's two different kinds of credentials you have. Access keys for REST calls or XSOP 509 certificates used for host calls. What the summary of all of this is is almost every developer or administrator who uses Amazon EC2 or OpenStack or Eucalyptus or any of the other private clouds does not do this through the web interface that we all tend to use. They do all of this through API calls and they manage it all on their desktop and they do it all through a command line interface and so what's interesting is is that the credentials to access so that the command line interface can work all of your access credentials are set as environment variables. All of this stuff runs in user land you don't need root you don't need anything and you don't have to know those at the time you set the call. It's all loaded up as environment variables that most admins that I know most developers that I know set this so that these environment variables are set on boot time so when they go ahead and boot their systems and once you get those you can do pretty much anything. So what we did is Josh Abraham who is out here helping me before our Jabra we actually wrote a script we call Hoover. So we did it a couple of hours yesterday. It checks for the environment settings and if those environment settings exist then it's going to run everything else in here. It takes snapshots of all of your volumes, makes those snapshots public and then sets the description as Defcon hacked me. It opens every port and every protocol for every security group. So with Amazon you can do cool things you have all these security groups to isolate off your virtual machines here from here from here so you can have one that has like no public access back here so that only this other security group can access that security group. It's all the really cool stuff we teach you how to do in this cloud security class and we just turn off the firewalls. I like to call that function shields down. Then we need to know what to attack. Hey Rich, Rich, Rich you didn't know you're on a fail panel right? Yeah. All right. It actually works. No, I will hold on a second. Okay. If it's on a fail panel and it works then. I'm doing it wrong. Yeah. I'm the guy who had the fucking retarded robot run off stage two years ago because I couldn't yeah. Get my robot to work. Sounds like a personal problem. Just inform me that we're out of fruit but we have quote nuts up the ass. So if you guys want toppings I suggest nuts. I'll make a joke about it. So hey Rich, what if you had to sum this presentation up and something was really kick ass like like like a Camaro driving through like an elephant on fire. What would it be? It would be a rocket go running up your ass. So it's Tuesday night at the mogul house. Bacon flavored pudding in a boot. Bacon flavored pudding in a boot. And then so what it does is actually launches a virtual instance and it starts all the DNS names so you know which systems to attack. Now the cool thing about this is that it runs in New Zealand. You don't need to have any route to do it. Right now it's just a it's just a pearl script basically. We'll do a little bit more with it later. The network traffic looks totally normal. I mean if somebody hacks and gets onto a developer's laptop in some cases, there's no outside calls to your like hacker systems or anything else. All the calls go straight back to Amazon and there's no command and control. Yeah, I mean not me but some people. I'm trying not to be a cyber douchebag right now. All right, do you want to see me try and make it work? Before I do that, I need to talk about how hippies suck. I don't like hippies. Because why don't you like rich hippies rich? What's that hippies what why do you hate them? Everybody take a picture. I want a picture of an analyst on some have been How many dead heads does it take to change a light bulb? How many Jack? About a quarter of a million and one one that can figure out how to do it and a quarter of a million to follow it around the fucking country after it's burned out. I don't know about that. I like rich and rich is an analyst. He's probably the smartest analyst I know rich met his wife in Margaritaville and the fact that he has a fucking slide that they says why hippies suck confounds me paradise ain't hippies. Dude, that's about so holy crap. That's not a hippie. No, no, this is this is why hippies suck. So let's start with like a hacker. So let's take that hacker. Let's go ahead and hey, wait, wait, wait, wait, wait, rich rich rich rich. Did you see that presentation about not being a cyber douchebag? Yeah, but look at all these animations, man. Okay, so I'm a douche. Fuck it. Um, I don't care. I'm a def con. I'm on a stage. People are there. So then we add in heavy amounts of drugs. Then we put in really crappy music. I'd use the other band, but they're dead. Then we pull out any brain cells. And what do you get people a fucking hippie? And that rich rich rich, hey, can I interrupt you? Why would be suck rich could go back to that picture again? What can you about that picture? How many how many beers would it take rich? That was a no comment. I'd like you all to record that. Yeah, yeah. Alright, so we have here assuming this shit works because we're doing live demo on stage. Oh, okay, so this is the tool. Let's do a quick look at the code here. And yeah, I don't have a connection. Thank God, I was really worried your demo was gonna succeed. Fuck you, Chris. Make maples. I still smell butter on my nipples. I'm getting hungry. I have to go to wash my hands. I touched your ass dollar for breeze is not going to make it and my ass. You had to put it in there. I'm a fruit. I'm a vegetable. I don't know what that means actually. It sounded good at the time in my head. The voices and manors head are telling me to do stuff. Who thinks this is going to end well? Oh, Martin McKay. I'm gonna say your name really slowly again. Martin McKay. You know, you're right. I am thinking I'm I'm trying to think of a comeback right now. I've got nothing. However, I'll have lots of groupies now that will want to smell my butter nipples. And you'll stay you have to you'll stay married. I mean, the groupie line forms to the left. Right there we have Christopher off first in line. It doesn't matter which way you look. There's nothing. Unfortunately, I'm no longer failing. So I'm here. We've got the code. We just checked to make sure that they exist. We went through. We describe all the volumes list them all out. We take snapshots of every single volume. We list the volumes. We make all of those snapshots public. That's great. We got waffles. Then we do a thing where we launch our instance. Rich, is that a ZAC IP address right there? You got 169? How? That's an internal deal. That's how you actually get your real publicly accessible IP address from Amazon. Really? Yeah. So then you go ahead, you describe all the instances, you dump it all the output files, and then blah, blah, blah. Okay, let's get out of that. Hey, wait, wait, go back. Was that rich muggle key I saw? Yes, it was. Can you go ahead and cat dot ssh slash authorized keys? For us? Or no keys? New? Could you just take it to a cat house? Yeah. So what this is doing now first to check that the environment variables are going ahead and working. It's fucking slow piece of shit. Okay, then it's going ahead and creating snapshots of all my running instances. Now I'm only running a few, but imagine this, if you're attacking an enterprise, and they've got something running on EC2, and even if they're running it on VPC, the same thing will work or OpenStack or Eucalyptus, whatever you want to do, although those won't be as publicly accessible. It'll go ahead, create snapshots of everything in there, it enumerates the entire environment, then it's weights, because Amazon's really fucking slow. So anybody have a joke? This summer from new wine pictures comes, which muggle in the cloudinator. Yeah, so this is kind of interesting runs wild. Well, this is running in one man. So if anyone is interested, apparently there's a lull sec party. These have been left. I'm not, I'm not kidding. Somebody else can verify this. These have been left all over the place around Defcon. Tonight at 2300, there is an information line that's going to be opening up so you can get information about the party. Now, admittedly, Martin got this because somebody went up to him goes, Are you on the internet? Yeah, I mean, not like right now, but yeah. Alright, so pull out your pens and pencils kids. Here is the number that is listed. Hey, rich, I can't help but notice you're opening all these ports. Does that make your image a slight? Yeah, we sort of just opened up. Yeah, all of the ports. So yeah, that would make us a bit of a slide. So your image is good to go is what you're saying. Just for now. So the number is plus one, 402. Six. What's what was that all fuck about? Nine. That's an Alaska number? We were kind of wondering. You know who it is. Get up here. There's a beer for you. Maybe if you tell us who it is. That by the way, this is the guy wearing the am I the fed shirt? Okay, plus one, 402 6728571. I'm suspecting this is somebody's home phone number. And they're going to be fucking piss. Your script is done. Your script is done. Your script is done. It's done. What's done? Your script. Your script is done. I saw that. You know what? I don't care about her IQ. As long as she's got a 36 double D, which is all I really look for in a president. That's probably why our current one's not doing well. He's like, what? Like a 32 a 36 C, baby. Well, butter is wasn't butter. I can't believe it wasn't butter. So every year I'm used EC two before. Should I tell that story that Maynard was alluding to the one with the pizza hut? No, my kids are asleep. Should I tell the story? All right. So I used to work in Hollywood. Sorry, rich, because your show script was boring as fuck. So I used to work in Hollywood. And not on Hollywood and Vine, but actual Hollywood movies and stuff. Oh, that must be my wife paging me telling me my kids are watching. Hang on. So I was on the show with Marley Matlin. You know Marley Matlin, the Children of Lesser God Academy Award winning actress and some of the dude's name from fucking CSI. What? No, you know, I'm trying. So that he also knows rich mogul. Yeah. So anyway, Marley Matlin comes up to me during a set break. And she starts drawing on my arm with a sharpie with a big heart and an arrow through it. And she says to me with no exaggeration, are you single? And I'm like, what? I'm you single? And I got I. Yes. So she sets me up on a date with this assistant director, this Cuban girl, very nice. But after about three dates, she tries to introduce me to her mother, get married, this whole thing. So I didn't work out so well. So I decided that I would not continue with with this dating process. Anyway, so I'm telling Dave this story at Schmucon in Vegas, as we Schmucon in DC, DC, Vegas, they moved it that they did. This wasn't Schmucon. I rented a Chris, Chris Gartner Security Conference. So I rented a limo Gartner Security Con. I rented a limo and I piled all these I piled all these people in it. And we were chasing certain individuals around and we ended up in a sushi restaurant. Wait, as I as I recall, there was a bunch of marketing girls from that's a real sign. So bear sign, they were from bear sign. Right. That was after we started a a sword fight with a feather duster, a can of pledge and a lighter next to that, that butter statue of the White House, a butter statue is pretty awesome of the White House. Yeah, this gets better. Trust me. So we got a restaurant with the girls went that they sent us downstairs to what we were told was a bar, a reputable establishment for gentlemen. And it, it, it, I don't know where the reputable part came from, because but the last part was true. So we spent the evening reputably. Is that a word? It is now. And at the end of the evening, after, after certain dancing services were provided, this woman, the noise is kind of dying down. And I said, Hey, you know, thank you. And some somebody basically wait, I'm getting so basically somebody, somebody starts making noises on the stage. Now I should back up a little bit because when I dumped that girl, I was walking down the back a lot of Warner Brothers and out of nowhere, somebody hit me in the arm. And it was Marley Matlin, who basically said, you fucked her over. And I what she starts screaming at me in this Children of a lesser God enlightenment shit. And just angry. And I ran away. So I told Dave this story. Fast forward to the end of the dancing routine. He literally told me this story for at the same hotel that Schmuckam was at before the feather duster. That's right. Right before we got the limo to go chase down some girls from Verisign. That's true. So we're at the bar and I'm saying thank you very much. And at the end, I said, thank you. And the girl said, I can't hear you. And I said, thank you. And she goes, no, I can't hear you. So I I ended up with the only deaf stripper in DC, which was a lot funnier when when you and I were laughing about it than Dave. So Larry's about the story is the question of well, if you can't hear the music, how do you how do you dance? That was the question. Anybody know the answer to that question? You don't want to feel the beat around these simple, simple answer to our deep, deep question, Dave. Doesn't matter how smart they are. Thank you. You may continue with your fucking boring cloud presentation now. No, I'm almost done. Unless when you were drunk, I fucking have I mean, seriously, yeah, who cares now? So we have this, these are public snapshots of all the instances I had running. You can go and steal those if you want before I delete them. Anybody have all you have to do is search on Defcon hack to me and you can find this. When we release the script, you can change it to whatever you want. You'll be able to go ahead and if you run this on someone's system, who is a developer or something for Amazon, it'll go ahead and zoom all their stuff up. And then you need to know what targets to attack. So for that part, we go back over to the instances. What we actually did is we launched another instance as well. We didn't give it a name or anything else. Come catch an egg. Catch an egg. This is going to go well. Office children are watching them. No one's watching to cares about me. So rich. Yeah, so we haven't watched another. What do you think about the proliferation of cloud in the enterprise and do you think it's going to change the security paradigm? Do you think that we'll have to re vector our attempts to secure the enterprise now? I'll circle back and ping you on that later on the golf horse. What the fuck is wrong with this guy? I'm going to touch the keyboard and then walk away. I'm done. So that's the special instance we created that actually pings out so you know it exists, so you can go in connect to it. Now right now it's only set with my SSH keys. We're going to adjust that so you can set it for your own SSH keys. And then that's the listing of your targets that now have no firewalls on top of them. So that's it. Thank you. It was kind of cool, but this is not the right place for it. And I believe Jack Daniels has a religious message and we're going to close out. I have a quick comment for anybody that doesn't know me who might think this is making fun of Arab culture or his culture. Listen, I have to I have to interrupt you for a second. There's souvenirs on this table except for the waffle makers. Anyone who wants a souvenir come grab it right now except for the waffle maker. We have Wesson Oil. We have Vitamin D milk. We have eggs. I can't believe it's not you. Yes. We have starphone plates. We have chocolate sauce, maple syrup, sprinklies, lots of nuts as you can tell. Measuring cups. Knives. All right, so let me sprinkle sprinkles over there. Ladles. Chris just bought a new. Throw money in the pile. Throw money in the pile. Paper towels. I have a hand mixer. Half a box of Biscuit Mix. I have two waffles. Did I mention Wesson Oil? I could come in handy later. There are two waffles left. Oh, and tongs. Hey, we have less than a minute. Please donate to the EFF. The EFF requires your money as do we all. And remember laughing at deaf people isn't funny unless you do it at this this this conference. I haven't crashed the panel. I haven't crashed the panel. I have one thing to say. Thank you, everyone, for coming. Yep. No, not, no, not with that. If you think I'm making fun of Arab culture, I have one comment. If you get your news and believe the situation in the Middle East based on Western media, you fail.