Tried, Tested and Proven

Another year, another 44CON, a technical highlight in the security consultant’s calendar. Portcullis sent some of the Team to keep up to date on the latest attack vectors presented and to add to the pool of knowledge. Portcullis Penetration Tester James talks through his time at 44CON 2015.


One of the best aspects that surprised me was the sheer variety of talks, showcasing the ever growing nature of our industry!

The quality of the speakers was excellent at all of the talks I attended. They all provided a good introduction to the attack surface and intricacies of the subject matter before diving into the hard technical details.

This solid focus on the fundamentals, such as security boundaries and key architecture, opened up the field and gave a strong starting point for more of the audience to go away and conduct their own research, really hitting the ground running.

Some presentations covered standard reverse engineering processes to find weaknesses and then exploited them to gain access (albeit on interesting devices) and old technologies like JTAG which could be making a comeback with the internet of things.

Others were tutorial talks designed to open up areas of interest to more people such as the Kernel Drivers talk, by our own Graham, and Software Defined Networking talk. Also on the tutorial line, were talks that focused on the developments in common security tools and taking them to the next level, such as Metasploit and BeEF.

There were some great, thought-provoking talks, with some twisting your way of thinking. Take the reverse-reverse engineering talk as an example. Rather than simply trying to beat code obfuscation at the source level, this talk looked at instrumenting the virtual environment, in this case for Ruby, which runs and using the runtime execution of code to reverse it.

The growing popularity of virtualization technologies is something I think will be very interesting moving forward, building on the work that Shift presented on exploiting anti-virus that sits within the hypervisor.

Compromise at this level will not only give access to your host but potentially other virtual machines running alongside it. The more communication there is between a host machine and the hypervisor, the more there is to exploit.

Adding  further to the variety of the event was a defensive talk about Forensics and how a PowerShell tool, created by the presenter, can be used within a live environment to start the investigation with minimal impact on said environment. This presents interesting options for live reading of disk data without affecting the integrity of the read files and their attributes and allowing an earlier start date to forensics investigation.

Of course the bus was back and there was plenty of space for enjoying the bar and networking in the evening, with coffee on tap to help keep alert for the many detailed technical talks.

All in all a very worthwhile conference full of learning opportunities.