Embed Size (px)
Citation preview
APraiseforHackersRodrigoRubiraBranco(BSDaemon)
rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon
“Astheareaofourknowledgegrows,sotoodoestheperimeterofour
ignorance”NeildeGrasseTyson
Whythisisdangerous• Thiswillbeoneofthethingswewilldiscuss:– DoestheposiJonofsomeonereallyma?ers??– Shouldwetrusteveryone?– Judgetheidea,nottheperson.Refutewhatsomeonesays,notwhoheis.
CorporateDisclaimer
• Idon’tspeakformyemployer.AlltheopinionsandinformaJonherearemyresponsibility
• InterruptmeifyouhavequesJonsorimportantcommentsatanypoint.• IMPORTANT:No,I’mnotpartoftheIntelSecurityGroup(McAfee)
PersonalDisclaimer• Idonotrepresentthehackingcommunity.Idonotrepresent
anyone,butmyself
• Inmyopinion,noonecanactuallyrepresentthehackingcommunity,notevenasubsetofit(likeforexample,hackersfromagivenlocaJon)
• WhatIcando,istogiveMYopinionsonit,basedonmyobservaJons.Thatmeans,averylimited,narrowedviewofwhathackingisandrepresents
• Giventhesizeoftheaudienceandvarietyofprofiles,itishardformetodefinetherightmessage(tootechnical,notechnicalatall,career,olderpeoplethanme,youngerpeoplethanme…)->ForgivemeinadvanceifyoufeelunderesJmatedornotvalued
Sotrue…
• “NoChessGrandmasterisnormal;theyonlydifferintheextentoftheirmadness”– ViktorKorchnoi
• “Nohackerisnormal;theyonlydifferintheextentoftheirmadness”– BSDaemon
ObjecJves
• Theworldchanged,wemustchangeaswell
• Tryanddisseminatewhat/howpeoplecandotocontributetothehackingcommunitythatIknow
• Praisetheworkofhackerschangingtheworld,theirimportanceandproposeotherareastoresearch
Whyarewehere?
Source:Tweetby@dotMudge
1/3ofGovernmentSystemsVulnsisintheSecuritySoaware
TostarttheconversaJon
• Whenyoureceiveanidea,Jp,recommendaJonremembertoevaluateitinyourowncontexttoseeifitappliestoyou->Yourdecisions,yourimpacts(posiJveandnegaJveones)
• Behonestatleasttoyourself(trytobemorecriJcaltoyourselfthanyouaretoothers,evenifyoudon’tshareyourfindings)– Thiswillhelpyou,andonlyyou
Whyakeynoteisalwaysdifficult• ShowsthatwegecngoldJAndasso,wehavelotsofhistoriestoshare
• Weneedtobalancethecontent,wecan’tbetechnical,butweareinatechnicaleventaaerall:/
• Reemphasizingthatifyoudon’tagreewithwhatIsay,justdon’tfollow.Ifyoudo,follow,changeJtheconsequencesareonyoueitherway.
ThreePointstoTakeOut• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?
InformaJonorjustdata?
• WhenyoureceiveaninformaJon,treatisasjustdata(unprocessed),doyourownanalysisandcriJcismbeforeconsideringitaninformaJon– Deepnessoftheanalysisdependsontheimportance/impactofthatinformaJon
Howtostudy?Howdoyoulearn?• Whenyouwanttostudyapaper,understandwhatareyourexpectaJonoflearn(forexample,youwanttolearnanewexploiJngtechnique)
• Startreading,andforeachitemyouknownothingabout,createaniteminatree->leamostifitaffectsthelearningofthesubjectma?er;rightifitdoesnot
• Godeep,ontopicsfirst.
Source:Adaptedfromthebook“Thinklikeagrandmaster”–AlexanderKotov
StudyTreeI’mbadwithgraphics,butitisnotbinary
StarJngPaperA
B SubjectessenJaltounderstandpaper
C SubjectessenJaltounderstandB
D SubjectinteresJng,butnotessenJal,visitlater
Great,butwhattoprioriJze?• MikhailBotvinnikwasathree-JmesworldchampionofchessandhadaspupilsAnatolyKarpov,GarryKasparovandVladimirKramnik
• Evenaaerthat,itwassaidthathelistenedtobasicchesslessonsintheradio.Thereason:Toalwaysremindofthefundamentals.Keepthemsharp
• NOTE:I’venotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmasters.Ifyouhaveareferenceonthat,pleasesenditmywayJ
TheFundamentals
• TheessencebehindcomputaJondidnotchange:– TheTuringMachinemodelofcomputableproblemsexistsevenbeforedigitalcomputers(1936)
– Chomskyworkonlanguagehierarchyworkisfrom1950’s
– TCP/IPisfrom1980– TheessenceofPCarchitecturetooJ
LearningxMemorizing
• “Memoriza=onofvaria=onscouldbeevenworsethanplayinginatournamentwithoutlookinginthebooksatall.”
– MikhailBotvinnik
• “Nevermemorizesomethingyoucanlookupinabook”
– AlbertEinstein
LearningPlan?• OnceinachesscompeJJon,grandmasterswereanalyzing
aposiJon->Theymostlyagreedagivensidehadadvantage(let’ssaywhite)
• Capablancawaspassingbyandwasaskedtogivean
opinion:hesaidblackhadaclearadvantage(!)• Whentoldtodemonstrateit,insteadofdoingmoves,he
justchangedtheenJreposiJontosomethingnew->Tothesurpriseofthegrandmasters,therewerenothingwhitecoulddotoavoidthegametogetintothatposiJon
• NOTE:I’vealsonotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmaster.Ifyouhaveareferenceonthat,pleasesenditmywayJ
Didyoureallylearntothepointthatyoucanextend?
• “Chessbooksshouldbeusedasweuseglasses:toassistthesight,althoughsomeplayersmakeuseofthemasiftheythoughttheyconferredsight”– JoseRaulCapablanca
• “Ifyoureallyknow,youcanhack”– BSDaemon
“SharingisCaring”ornot
• WeareintheinformaJonage.Butmostofwhatwereceiveisactuallytrash
• Beforesharingsomethingyousaw,whataboutread,understand,think?Somehowpeoplehidebehindthe‘sharingisnotendorsementmantra’.IcanshareinteresJngthingsthatIdonotendorse(forexample,tostartdiscussions,todemonstrateanotherviewpoint)
• Peoplethatreadwhatyousharetrustyou,areyoureallyhelpingthemsharingwhateveryouseejustbecauseitisnew?Thatishowhoaxesspread.Youarealsojudgedbythat(aaerall,doyouhavetheJmetoreadeverythingyoujustforwardingornot?OrallyourJmeisspentfindingthingstoshare,butyouneveractuallystudythem?)
“Publishfast”• Peoplemistakehelpingthecommunitywithpublishingwhatevercrappycomestotheirminds
• Thiscanbea?ributedtothemisunderstandingoftheopen-sourcecommunityofpublishitfast– Butyoudon’tdiscussthingswithpeoplefirst?– Beforeyoupublishsomething,thinkifyouarereallyhelpingthecommunityorifyou’remakingpeoplewastetheirJmes:Becausethatdamagesthecommunity,itdoesnothelpanybody!• SothinkaboutyourobjecJves:Doyoujustwanttoshow-offoryoureallybelieveyoucontribuJngtothecommunity?Thereisahugedifferencethere!
NewgeneraJons• NewgeneraJonscomenaturallytoreplaceandbesuperiortothe
previousones(ifyoubelieveinevoluJon)• Probablyintheaudiencetherearealreadymany(ormost)people
thataremuchbe?erthanme(notthatdifficult).Andthatisnatural!
• Therewillbealwaysacollisionofideas,andtheprevious
generaJonsobviouslydon’twanttolosetheirimportance!Thedifferenceonthatnaturalcollisionisthewayyouchallenge:– Isthatthrutechnicalsuperiorityor;– Personalthings?WhichinpracJceshouldbeconsideredirrelevant(I
reallydon’tcarewhichcaryoudrive,howmuchmoneyyouhaveortowhomyoudidablo****togetallthatJ)
Thenewspeed?
• “Halfthevaria=onswhicharecalculatedinatournamentgameturnouttobecompletelysuperfluous.Unfortunately,nooneknowsinadvancewhichhalf”– JanTinman
• Wesomehownowadaysexpectresultsbeforethe‘a**-workingJme’
ConstrucJveCriJcism• Ithinkthisisbull****
• GeneraJonswillconflictandideaswillbechallenged:– Butchallengetheidea,nottheperson(whythepersonma?ers?Ishe
rich,tall,fat,weird…)– TransformgarbageinchocolateJ->Ifyouactuallyrefutetheidea,or
demonstrateitwrong,thanthefieldevolves
• Thereisnosuchathingasjunkhacking– Weshouldhackbecauseitiscoolandwehavefun– Anythingelseisnothacking(evenifitisagreattechnical
accomplishment)– Iprefersimple,buttruethanveryhard/complexbutmoney-moved– Andbtw,sincewhenthemediacoverageofsomethingshowsits
importance??
Trust
• Trustisgiven,notdeserved
• Itisthewaythathumansare,that’swhysocialengineeringworks!
• Thisisalsowhatgeneratestheproblem,becausesecurityissomethingcounter-natural,andpeopleseehackersasparanoids– TrustshouldnotbetransiKveeither
Ishackinggrowing?OristheSceneDead?
• FXforesaw“TheexJncJonofhackers”inapaperfrom2005(whichbythewaychangedmycareerandideas)
• Butishackingdead?Howcomeifweseemoreandmorehacking-relatedthings?LookintothesizeofthisconferenceJ
• Thema?erishackingusedtobeanundergroundculture(orsub-culture)andnowitismainstream– PeoplegetconfusedbetweentechnicalexperJseandhackingmentality(from
theoriginalsub-culture)– Corporateinterestsandintelligenceagenciesinfluencethehacking
communiJes,sharing,publicaJonsandothers
• InthepastEVERYcomputeruserwasaprogrammer.Don’tyoumiss“whenmenweremenandwrotetheirowndevicedrivers”?
• Quote:LinusTorvalds,1991.
Thesceneisdead…?
• “Chessisnotlikelife...ithasrules!”– MarkPasternak
• “andsodoesCTFs”– BSDaemon
LearningfromOthersRussiaxBrasil
• BothcountrieshaveconJnentalsizes
• Bothcountrieshavestrongwilledpeople,whichcanbedemonstratedbythemilitaryhistoryofRussiaandbytheeconomicgrowthofBrazil(ok,notthatmuchlately)
• SharecommonvocabularywordsJ
• BothseemstoberelevantinthemalwarecreaJonarena->Okthatisnotreallyimportantfortheargument
• SowhyweseemuchmoreRussianresearchers??– RussiansareproudofRussians– Theyhelpeachother,theypromoteeachother– Theysupportotherresearchers,insteadofpointfingers,insteadofsupporKngforeignones
Evolvingthecommunity?
• “Somepartofamistakeisalwayscorrect”– SaviellyTartakover
• “anaccumula=onofsmalladvantagesleadstoasupremeadvantage.”– WilhelmSteinitz
Hackersarechangingtheworld
• LotsofhackerscurrentlyworkforbigcorporaJonsand/orindependently
• Theyworkingonpushingdefensivetechnologiesinhardware,operaJngsystemsandmanydifferentsoaware
• TheyalsoworkingonfindingandpatchingsecurityvulnerabiliJes
ArtxExploiJng• “Chessistheartwhichexpressesthescienceoflogic.”– MikhailBotvinnik
• “ExploitaKonistheartwhichexpressesthescienceoflogic”– BSDaemon
• “IfexploiKngisanart,wehavepoeKclicense”– BSDaemon
Yourcareer,yourchoice(s)
• ItispossibletodointeresJngandimportantresearchindifferentscenarios,eachwithitsownchallenges:– Independently(usingpersonalJme,ormakingthatyourowncompany)
– Inasmallcompany(eitheronethatoffersprimeservicesoronethatgivesplentyoffreeJme)
– InabigcorporaJon(inresearchorproductsecurityteams)
OffensiveandDefensiveResearchareImportant
• Offensiveresearchisimportanttokeepthestate-of-the-artknowledgeandunderstandingofoffensivestrategies
• Defensiveresearchisextremelyimportanttobesustainable(justfixingbugsisnotenoughasadurablestrategythatdealswithmoderndevelopmentgrowthandsoawaredependency)
“Therewillbealwaysbugs”
• Engineeringprocesstriestocatchandfixthose
• Thatdonotmeanwecan’tworkonmiJgaJonsofcapabiliJesoncethosebugsexist– Andtheperformancetrade-offofcurrent/exisJngmiJgaJngtechniquesdemonstratetheyarereal/pracJcal
DefensiveResearch
• Thereisaclearneedfordefensiveresearchandprojectslikegrsecurity/PaXneedtobepraised,helped,admired,learnedfrom
• Theyadvancedthefield,createdtheideasthatcamemanyyearslatertomodernhardwareandOSes
• TheyareSTILLyearsahead!
Open-sourcexHackingLinusxResearchers
• Disclaimer:IhavenothingagainstLinus,IactuallyappreciatehisworkandfindhiscommunicaJonstylequitefunny(btw,whatistheproblemwiththemonkeys?Penguinsdoittoo)
• TheproblemisnotonlyLinus,buthowweseesecurityresearchingeneralaswell– Offensiveiscool– Defensiveisboring,useless
CreaJveAcJvity
• “Chess,likeanycrea=veac=vity,canexistonlythroughthecombinedeffortsofthosewhohavecrea=vetalent,andthosewhohavetheabilitytoorganizetheircrea=vework.”– MikhailBotvinnik
AmessagetoLinuxDevelopers• InsteadoftryingcriJcizingthelackofengineering
knowledge,whydon’tyoutrytoseeifmaybeyoudon’thavealackofunderstandingoverthecompleteproblem?(thesecurityproblems)
• WhynotgivetheopJontoyouruserstousethebest
securitypossibleatleast?• Rememberthatmostbigareamaintainersareactually
employeesofbigcorporaJonsandmaybetheyarenotreallydoingwhatisbestforthecommunitybutwhattheyaretoldto(see,everyoneactuallymighthaveahiddenagenda,socarefulwithhoaxesandwhatyoubelieve)
PsychologicallyBrutal
• “Fewthingsareaspsychologicallybrutalaschess”–GarryKasparov->HeclearlynevercontributedtotheLinuxkernelJ
Whatcanweimprove?
• Weresearchersareculpabletoo:– EveryJmewedemonstrateabypassofsomething,weforgettomenJonthemanyJmesthatsomethingisactuallyuseful
– WealsoforgettomenJonwhatistheactualstateoftheartforthegiventechnologywebypassing,andwhichmistakesweremadeinthespecificimplementaJonwetargeJngJ
Sources:h?p://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/h?ps://forums.grsecurity.net/viewtopic.php?f=7&t=4309
Egobreakage
• “IlikethemomentwhenIbreakaman’sego”– BobbyFischer
Whatthefutureholds?
• Understandwhatsecurityisreallyaboutandwhataretherealsecurityaspectsofasystem:– Complexityisbad;– AssumpJonsaredangerous;– ComposiJonofsystems!=thesecurityofeachelementofthatsystem
– Whatisformallyprovenisnotnecessarilycorrectifthepre-requirementsandsimplificaJonsofthecompuJngmodelarenotcorrectaswell(iftheylosepower)
Conclusions• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?
Theend!!Reallyis!?RodrigoRubiraBranco(BSDaemon)
rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon
“Astheareaofourknowledgegrows,sotoodoestheperimeterofour
ignorance”NeildeGrasseTyson
Conclusions• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?
