OATv2.0 in FRHACK 01
At last, after a loooong time, i got some time to breathe and the first thing i wanted to do is write post about my FRHACK experience.
FRHACK is an International IT Security conference by Hackers, for Hackers 
It is organized by Jerome Athias, a well known hacker from france. First edition of FRHACK was held in a small beautiful town Besancon.
As it was my first talk in an International Security Conference, I was amazed to see hackers around the world sharing their ideas and research work. I got chance to meet IT security gurus, hackers like David Hulton ( A well known crypto guy), Vlatko Kosturjak ( OpenVAS team member), Philippe Oechslin ( Author of Rainbow Tables),Richard Stallman ( Founder of GNU project).
David Hulton, Me and Blake Cornell
And security consultants and Penetration Testers like Andres Raincho ( Author of W3af tool),jon Rose , Blake Cornell ( One of my good friends and share the good name space in VoIP Security) , Nicolas Thill ( With amazing hair and co-author of HostilWRT)
Me, Jon Rose and Andres Riancho
Conference was running in 2 tracks, it was difficult to attend all the talks. I attended some interesting talks including OpenVAS, The good, bad and ugly of crypto where david showed how easy it is to steal passwords from ASTRA VoIP phones, HostileWRT where Nicolas Thill and Philippe Langlois showed how HostileWRT can be used to turn friendly Wireless Access Point into an Autonomous, Curious, Standalone, Malicious & Really Annoying Device.
Me speaking 
My talk was on Unified Communication Security with Microsoft Office Communication Server R1/R2 and was scheduled on second day of the conference. The sole purpose of the talk was to educate and create awareness about UC security around MS OCS R1/R2. At the end of the talk, I released a free source security assessment tool for MS OCS – OATv2.0 which stands for OCS Assessment Tool
OATv2.0
Previous release of OAT was result of some of our integration work and hence had some limitations on Authentication and Transportation protocol front. OAT v2.0 introduces new attack vectors against MS OCS server R1/R2 over TLS and NTLM/Kerberose Authentication protocols.
OAT v2.0 was officially presented and released in my talk at FRHACK 01 with demonstrations of attacks and usage in various penetration testing topologies. I am planning to upload OAT v2.0 along with documentation on its official website soon. As there is no tool available for assessing Microsoft OCS servers, i hope OAT will help to improve security posture of OCS deployments.
I am sharing my slides, for those who missed FRHACK.
Also See :
FRHACK
Conferences
NOW SHOWING
Can’t come to FRHACK? Don’t worry, we are providing LIVE STREAMS for you. + DVDs
Fuzzing the brain : applied social and cognitive psychology
Historically, cunnings and stratagems have been applied to battle plans, social promotion and money making. Sun Tzu, Machiavelli and many others have popularized such uses, but discoveries of the twenthieth century in the field of social psychology, coupled with inovations designed to convince consumers of the interest to buy, allowed a better undersranding of the dynamics of persuasion. The behavior of the humain being is ultimately predictable when certain stimuli are applied, which enables people who have mastered those principles to win the game.
- Bruno Kerouanton (Switzerland)
Reverse engineering and cryptographic errors
- Philippe Oechslin (Objectif Sécurité) (Switzerland)
Because any programmer can use a good crypto library to write crypto software it is often easier to crack a system by finding programming errors through reverse engineering rather than to cryptanalyse the algorithms used. We show this with three compelling examples:
- The MXI-stealth FIPS 140-3 level 2 certified key, were a poorly implemented “enterprise” feature allowed to extract unsalted hashes prior to authentication, before it got patched.
- A version of the E-capsule Private Safe software, where the manipulation of two bytes allows to use any of the admin, public, private or even panic password to access all data.
- The DataBecker PrivateSafe software, where a checksum ruins all the efforts of the blowfish key setup algorithm
All browsers MITM keylogging on remote
- p3lo (France)
Identification & Exploitation of Business Logic Flaws in Web Applications
- Georgiadis Filippos (Greece)
The talk will include an introduction into business logic and some theory on the identification and exploitation of business logic flaws for malicious purposes. Real life examples and scenarios (collected from my experience as penetration tester) will be presented. It will include a theoretical approach on the automation of the identification of business logic flaws and a presentation of BLe (A custom automated tool capable of detecting business logic flaws in web applications). Finally guidelines for safeguarding the applications against business logic flaws will be presented.
Open Source tools like Nikto, Wapiti, Pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Comercial products have the features, but also have high product costs and are almost impossible to customize.
w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project’s main objective is to become an open platform where anyone can contribute with new techniques and code to identify and exploit vulnerabilities. w3af’s core and plugins are fully written in Python and right now the project has more than 130 plugins and 60K lines of code!
My talk will introduce this tool to new users, while showing it’s features and the new GUI which was created during the last OWASP SoC. During the talk, I’ll perform a couple of demos of the main features and explain how the advanced exploitation features work.
- Andres Riancho (Argentine)
Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Lockpicking
- Alexandre Triffault (France)
Wireless Sensor Networking as an Asset and a Liability
- Travis Goodspeed (USA)
HostileWRT – Abusing Embedded Hardware Platforms for Covert Operations
October 7th, 2009 at 5:09 pm
Could you say more about how it is possible to steal passwords from ASTRA VoIP phones? I didn’t find the presentation about this topic from FRhack.org/slides/
October 10th, 2009 at 8:06 pm
Its not actually password cracking, instead a crypto attack using which you can decrypt the ASTRA config file which stores the password for the phone. I think David has not uploaded the slide yet, let me find out other location for you…
November 19th, 2009 at 4:01 am
OAT works great for internal users..however I was having some problems to make it work with the edge servers…the access edge is configured to listen at port 443 for remote user and I see that OAT utilizes destination port 5061.Is there a way to configure the tool for 443 instead from the UI
Thanks much
November 22nd, 2009 at 11:38 pm
@Dragon: As of now you can not choose custom port..I am in the middle of OAT v2.10 with some kewl conference Hijack attacks..choosing custom port will be provided in v2.10.
Thanks for using OAT.
November 24th, 2009 at 9:52 pm
Great …looking forward to it..