[Plug-security] June Planning
Lisa Kachold
lisakachold at obnosis.com
Tue May 14 13:35:42 MST 2013
I am planning IPv6 as the Subject for June 2013 Hackfest. THIS IS A HUGE
SUBJECT; so important and far reaching, the IPV6 RFC is included on the
current version of the Hackfest Graphic (used on our promotional shirts
http://www.ietf.org/rfc/rfc2461.txt).
I will give a short presentation with a high level overview of the current
and potential available for IPV6 hacking of misconfigured systems. Since
this is such a HUGE SUBJECT, I will devise some easier flags all
documented online. I would hope that anyone who can, might be prepared
and attend to support; although this is not going to require much in the
way of actual preparation, instead discussion (as IPv6 can be hard to
grasp) - so David will certainly apply his Academic skills as usual.
Anyone else feel free to chime in.
Here's a rough idea of the full content available to cover IPv6
SEC(includes MAC OS, Windows [Teredo tunneling [available since early
1990's]), As of 2009/2010, IPv6 Protected Mode was patched in [due to
extensive security underground engineering proving RFC as written was
unacceptable. Many firewalls still don't have IPv6 protected mode turned
on either by default or post installation for IPV6.. The protocol/RFC &
hardware device ramifications of IPv6 protected mode are huge; the full
list of potential security issues with IPv6 are also daunting:: (but I will
compress it into a good simple 45 - 1 hour presentation.
DNS & IPv6 Interrelationships: http://www.youtube.com/watch?v=8Zj9ypEVL20
http://www.thc.org/thc-ipv6/
http://www.uninformed.org/?a=3
http://resources.infosecinstitute.com/slaac-attack/
http://www.infosecisland.com/blogview/12798-MITM-Attack-Exploits-Windows-IPv6-Protocols.html
http://www.linux-magazine.com/Online/Features/IPv6-Penetration-Testing
https://blogs.akamai.com/index10.html
http://www.akamai.com/stateoftheinternet/
Of course this just going to barely scrape the surface. There's compound
exploits across IPv6 for things like SQL Injection, even using torrent.
I will be using some of the demonstrations shown in these videos for the
"Flag" or practical (exploit) part of this deep dive security analysis of
IPv6. I will have the whole process documented via an online web resource,
so we don't futz around at the time of the hackfest, we just announce the
URL with the directions.
I will be giving out a DefCon 20 Badge as 1 Flag (others are 2B Announced -
since we only have like 3 tee shirts left 2XL and DefCon is our next
Teeshirt release (if I can't get the funding together).
Not that anyone cares about the prizes. Laugh! It's the hackfesting fun!
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com <http://it-clowns.com/c/index.php>
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20130514/2f53c282/attachment.html>
More information about the Plug-security
mailing list