Woot! I got to speak @ DefCon-CryptoVillage

defconamandaI’ve been to DefCon a few times now, and this was the first I got to give back to the community by speaking. I really like the idea of DefCon, which is hacking to make the world a better place. In comparison,BlackHat is basically corporate “one-upping” and BSides is a fledgling conference. Anyways, I always saw this week in Vegas as a time to catch up with former coworkers and friends in the infosec community.

My Experience

YFItx8zcWow, I was definitely nervous speaking in front of a varied audience of strangers and friends. The subject of the talk is a light-hearted project that wasn’t so philosophically as heavy as the previous talks. I speak at a very low volume and very fast so I apologize for my nervousness. Overall, the whole experience was really awesome and I got to sync up with the Apple security team afterwards.

 

Instegogram

Exploiting Instagram for C2 via Image Steganography

HYRUM ANDESRON + DANIEL GRANT + AMANDA ROUSSEAU

So I planned on posting the slides as soon as I get the go-ahead. In the mean time I’ll just have my malware POC diagram for your viewing pleasure.

AttackFlowInstego

 

Apple Disclosure

So the cool thing about this project is that I discovered a gatekeeper bypass while trying to get my  malicious app to run. I sent an email to Apple 2 weeks prior to my talk and also redacted the specifics as per their request. I’m really happy they are supportive in fixing it, however I wish I waited for their Bug Bounty program. I wouldn’t mind a sweet Apple MacPro trashcan.

Anyways, we are here to hack for good.