« Summary of Google+ browser security protections | Main | Security Industry Plagiarism: Finding 3 examples in 5 minutes with Google »

Quick defcon/blackhat preparation list

 

A couple of people had asked me what are some things that you can do prior to attending hacker cons such as Blackhat and Defcon. Kurt Cobain said it best "Just because you're paranoid, doesn't mean they're not after you'. Here's a short list (albeit not complete as I don't plan to publish all of my paranoid behaviors :) of activities/things to keep in mind when walking into the war zone that is defcon/blackhat.

Fair warning that this list *IS* for the paranoid :)

Laptops and internet access

  • Do not bring a laptop that contains anything important on it. Assume that whatever is on it could be stolen and think about what that would/could mean.
  • Ensure your OS is patched up to date (Windows Instructions | Mac OS X instructions
  • Install a firewall, block all incoming ports. Verify this by nmapping yourself from another machine for all open ports. Firewalls such as zonealarm (windows) and LittleSnitch (Mac OS) support the ability to prompt on outgoing application access. If you're really paranoid (like me) configure it in advance to disallow everything outgoing, and require 'prompts' to allow outbound internet per application. This way if you are somehow owned, it will prevent/reduce the chance of downloading of additional badness/exporting of data on your machine. 
  • Ensure your firewall is patched up to date.
  • Ensure your browser is patched up to date, as well as all utilized plugins. If you use firefox be sure to visit http://www.mozilla.com/en-US/plugincheck/ and patch everything before arriving in vegas
  • Ensure Java is patched up to date by visiting http://www.java.com/en/download/
  • Ensure antivirus is installed and up to date. While antivirus doesn't catch much, it will prevent some obvious stuff.
  • Ensure Flash is patched up to date by visiting http://get.adobe.com/flashplayer/completion/activex/ and downloading the latest version
  • Ensure adobe reader is patch up to date by visiting http://get.adobe.com/reader/
  • Disable Bluetooth as there may be malicious bluetooth devices around
  • Buy a laptop privacy screen to prevent people looking over your shoulder.
  • Clear your browser history, including all cookies before arriving.
  • For the VERY Paranoid: Do not use wireless. Period :)
  • For the mostly paranoid: Do not use the internet unless you have safe VPN/SSH tunnels setup in advance. If you're unsure if all traffic is tunneled through this tunnel, be sure to verify using a sniffer like tcpdump or wireshark before arriving at the conference. Be sure to initiate a connect to from the device you plan on using to ensure you have the keys cached/saved. Of course if you get certificate warnings at the conference do not connect.
  • For the UBER Paranoid: Never leave your laptop out of your sight and carry it with you 24/7.
  • Consider using a OS liveboot CD, this way if it gets owned it will not persist. Be sure to grab the latest version of a liveboot CD should you choose to go this route.

Phones

  • Patch them up to date (google your particular phone OS for instructions how)
  • Disable bluetooth
  • Disable 802.11
  • Do not use your cell within 500-1000 feet of the hotel for either conference. People are known to setup fake cell phone towers and have the ability to hijack your calls/SMS messages, possibly internet.

Conference SWAG

  • If you find a USB/CD on a vendor table, on the ground, or somewhere else. Assume it is probably malicious. Be sure to disable autorun before plugging in anything to your machine. Instructions for Windows and Mac OS X.

Hotel Cards and RFID enabled devices

  • People at both events (and other related security events during this time for that matter) will have RFID readers. This will allow for the theft of the data within your RFID enabled device. 
  • Hotel cards/Newer Credit Cards/Other RFID devices: Some of the newer vegas hotels use RFID in the room keys, which means you'll want an RFID blocking wallet, sleeve for them. Otherwise people may be able to copy your room key and get access.
  • Passports: If you bring a passport be sure to also bring a passport RFID blocker.

In closing this isn't a complete list but should provide some decent guidance. Last but not least remember that you can still get owned even if you do all these things. Remember, zero day happens.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!



"Do not bring a laptop that contains anything important on it. Assume that whatever is on it could be stolen and think about what that would/could mean."

A corollary: Don't login to anything important from your laptop without an out-of-band second factor (we saw free signups for Duo Security jump just ahead of DEFCON, actually :-)

Assume any endpoint compromise will involve a remote access trojan granting full insider access in real-time... because these days, that's what endpoint compromise means.

Your laptop isn't the target. It's everything else you have access to.


Dug,
Indeed.