Forwarded from: <cfp2012 (at) recon.cx> `-,_ `. \ | | / .' _,-' ,,__ `-,_ `. \ | | / .' _,-' __,, ''--..__ `-,_.-"""""-._ ,-' __..--'' ...____ ''--..__.' `.__..--'' ___ """"----____/ \____....----"""" _________ ___________________ \_ ___ \ / _____/\______ \ / \ \/ \_____ \ | ___/ \ \____ / \ | | \______ //_______ / |____| \/ \/ C0UR1ER STR!KE PH0RCE ..pr3s3ntz.. THG -.- \ / \ / TRSi --o-- `\\ //' .____-/.\-____. FLT \\ // ~`-'~ \\. __-__ .// ___/-_.-.__`/~ ~\'__.-._-\___ .|. ___________.'__/__ ~-[ \.\'-----'/./ ]-~ __\__`.___________ .|. ~o~~~~~~~--------______-~~~~~-_/_/ | PWA | \_\_-~~~~~-______--------~~~~~~~o~ ' ` + + + (X)(X) ~--\__'__/--~ (X)(X) + + + ' ` (X) `/.\' `/.\' (X) "\_/" "\_/" ..t4rg3t l0ck3d.. nobody_at_mail:~$ uname -a Linux mail.recon.cx 2.6.39-smp #1 SMP Thu May 19 21:31:28 WIT 2011 i686 nobody_at_mail:~$ hostname mail.recon.cx nobody_at_mail:~$ pwd / nobody_at_mail:~$ cd /home ; ls -l total 36 drwxr-xr-x 3 cade cade 4096 Mar 6 2011 cade drwxr-xr-x 17 hfortier hfortier 4096 Jan 18 18:21 hfortier drwxr-xr-x 3 dma dma 4096 Feb 9 2011 dma drwxr-xr-x 3 jamie jamie 4096 Jan 18 23:12 jamie drwxr-xr-x 4 msf msf 4096 Aug 25 2010 msf drwxr-xr-x 4 tina tina 4096 Jun 6 2011 tina nobody_at_mail:/home$ ls -l hfortier total 12 drwx------ 2 hfortier hfortier 4096 Jan 5 cfpsubmission2012 -rw-r--r-- 1 hfortier hfortier 884 Jan 15 CFP_2012_v1 nobody_at_mail:/home$ cat hfortier/CFP_2012_v1 + + + + + + + + + \ / + _ - _+_ - ,__ _=. .:. /=\ _|===|_ ||::| | | _|. | | | | | | __===_ -=- ||::| |==| | | __ |.:.| /\| |:. | | | | .|| : |||::| | |- |.:|_|. :__ |.: |--|==| | .| |_ | ' |. ||. |||:.| __|. | |_|. | |.|...||---| |==| | | | |_--. || |||. | | | | |. | | |::.||: .| |==| | . : |=|===| :|| . ||| .| |:.| .| | | | |:.:|| . | |==| | |=|===| . |' | | | | | | | |' : . | ; ; ' | ' : ` : ' . ' . . : REC0N 2012 MONTREAL JUNE 14-16 + RECON returns for 2012 - Training sessions + conference - List of training sessions for Recon 2012: - Binary Literacy: Static Reverse Engineering by Rolf Rolles - Windows Internals for Reverse Engineers by Alex Ionescu - Bug Hunting and Analysis 0x65 by Aaron Portnoy and Zef Cekaj - The Exploit Laboratory 3 Day Recon Edition by Saumil Shah and Josh Ryder - Holistic NFC hacking - emulating the guts out of RFID by Milosch Meriac - Others to be announced as they are confirmed.. + We are accepting submissions - Single track - 45-60 minute presentations, or longer, we are flexible - There will be time for short, informal "lightning talks" + Especially on these topics - Reverse engineering - Software | Protocols | Hardware | Humans - Finding vulnerabilities and writing exploits - Novel data visualization for hackers and reverse engineers - Bypassing security and software protections - Crypto and anonymity - Physical security countermeasures - Techniques for any of the above on new or interesting architectures - Wireless ++ Anything else elite ++ + Please include - Speaker name(s) and/or handle - Contact information (e-mail and cell phone) - Brief biography - If available, some pesentation supporting materials (website, code, paper, slides, outline..) - And why it is cool, or why you want to present it + Get back to us soon - First round of CFP to end March 31 - First speakers/talks to be announced week of April 2 - CFP closes April 27, 2012, Recon 2012 speakers/talks announced May 5 - So please send the above information to: cfp2012 (at) recon.cx + Recon registration opens March 5 - http://recon.cx -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (Darwin) mQENBE9K0KIBCAD0FeGl+KL9VrqHMU2SNh7MA5RlyJ4Tn4fM3JjEWJh2Hu2NoERs gF+TrVvxIp8QXN9B9VibfZTY7OzQTZeEwb+u2MqjncIujmj/RIFICGIFNzpCN0mS 6YYnBt+6C2OF47ftyN2+azC3ulsrQJQmsOYVP/iEsB/iuEljB4zoDlg1/dazCS4y VUvuIvnWXGDmIM/HH79aUStttOVJ99DRCSHuYVctK5wO/YtMOtJPSy06t8L/ufSU 8ze2yOAp4xzyZaKpoefdcTn9poGzCTdUMwAa4LNPOnEbzS8xp3nPtsHxYSiNxYKx UT1ntOwYArYJqaaFTPQ/oTBwzjRs+zQjhoizABEBAAG0IVJlY29uIENGUCAyMDEy IDxjZnAyMDEyQHJlY29uLmN4PokBPgQTAQIAKAUCT0rQogIbAwUJAeEzgAYLCQgH AwIGFQgCCQoLBBYCAwECHgECF4AACgkQyKHCVdp5fZnfNQgArS4mYpZttzUK3asp ujpgI9rVKCgS9y+suo6ZSs8VGqg/Pw3j4i4WwnMrLJXSkS6hldQQqJelHYwixUws qqT70fqMfblZrlensP0e+Nd6BwSUxinGEPYil5vNuVdhv5H1OmtDMlU6J6Znwknc alOC9+Uy5yCx4AKDs/YsJjMHD0uGN7/cXlDsW/fdWXo3GMLxVwq9c3hFdxUTQvI3 7DWuY5qErfkM2mbJWyYb1U0ROgKM/PUR5la9/qYzvrsyME4rCs+6Ym0Iix1rKufi 1J2e46HwWL8BVJQQbKEToSm60bi7+8Cnxoj6g5dqaswdEZr8FFq2RtpCzESbR/nY R2lUDLkBDQRPStCiAQgAsn4Ve9rjebQBYI0Z4oO/nttOIZsTU74ppl/K61k0KvWW 6dD3ePEPfnoFUq5/4fBUhQW0F56sTDNQmjX/QwnRi9DpaOSEj+Urz1OwSYwEv8bI HlxJSmIn9IihXq4EL71VfO3dcGsb5On5L5GoVV1uNskL3H0lqHf6u6OMGqL91MEW TbRz9NuiEubjFwP4w3604pqdErpSAJpVxF/SCTPfVVxzOQrYRV5fAqEA7S/AXBkO o8WwIcQHx+PRfsIPvVQO6qZt3KY35eeyY26UlWd3ARFn1uxtSJSkUog9/v5w7KGj gIdMPDv816a6bhMbuFtPwgx+aYHMQso7Rb8HB9VdjwARAQABiQElBBgBAgAPBQJP StCiAhsMBQkB4TOAAAoJEMihwlXaeX2ZUXEH/0nSlGR+yyojhWab+xAuI2Y3b0nC H/do5IriVk0+Ft5VvUwDwBAIowl/iORz7Oko5RMeNpyvaZ8tVEigre70MUbWiUk9 QzXiib+vNq6zv+9CIenNYjt4CDUU4J+AxtT0JFgDp4HK3cGk4xiFcI7N8QuajUpf w1dAlMVhk+fqi+KS97sRh9xBUNW5K/4LT4AhtLGM5cOCbV3anUq2t9u+zDXwLayS DvEzy3hazliq58J0vRrcoJbhoj/tzsNRoTWEgYxIRNNX9inC9rYVg/RLu5OqxJHa yitlGtR1RleQk/SYih3mFtFsvKzbMqszfsZ6d7yObh4ll3ltcntZsze0Fa8= =b/Xc -----END PGP PUBLIC KEY BLOCK----- nobody_at_mail:/home$ ls -l dma -rw-r--r-- 1 dma dma 62231093 Feb 8 2011 recon2010.tgz -rw-rw-r-- 1 dma dma 2298 Jun 13 2011 binmail.sh drwx------ 2 dma dma 4096 Jan 15 2011 logs -rw-rw-r-- 1 dma dma 342432 May 21 2011 lrk.tar.gz -rw-rw-r-- 1 dma dma 3146 Aug 12 2011 Manifesto_theMentor.txt -rw-rw-r-- 1 dma dma 45354 Sep 11 2011 nfsshell.c -rw-r--r-- 1 dma dma 62231093 Feb 8 2011 recon2010.tgz drwx------ 2 dma dma 4096 Mar 11 2011 srctreez -rw-rw-r-- 1 dma dma 20518 Jun 13 2011 strobe.c -rw------- 1 dma dma 49239142 Oct 8 2009 stash-of-warez-stolen-from-rejected-bugtraq-posts.tgz.gpg -rw------- 1 dma dma 84450876 Jan 2 2011 subgraph2011.tgz -rw-rw-r-- 1 dma dma 12544 Jan 11 2011 sunsniffer.c -rw-rw-r-- 1 dma dma 321713 Apr 19 2011 tl110.zip -rw-rw-r-- 1 dma dma 19288 Jan 17 2011 UNIX-Guide_to_being_Sneaky.txt -rw-rw-r-- 1 dma dma 27542 Jan 11 2011 ypx.shar -rw-rw-r-- 1 dma dma 1995 May 21 2011 zap2.c nobody_at_mail:/home$ ls -l cade drwx------ 2 cade cade 4096 Jan 18 23:42 pics nobody_at_mail:/home$ ls -l cade/pics -rw-r--r-- 1 cade cade 44109 Mar 11 2011 park_squirrel.jpg -rw-r--r-- 1 cade cade 12690 Jun 17 2011 squirrel.jpg -rw-r--r-- 1 cade cade 226207 Jun 18 2011 tdz_beach.jpg nobody_at_mail:/home$ ls -l jamie -rw-r--r-- 1 jamie jamie 1244 Jan 18 23:05 shells nobody_at_mail:/home$ id uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) nobody_at_mail:/home$ /home/hfortier/cfpsubmission2012/poc/linuxkernel0day sh-3.2# id uid=0(root) gid=0(root) groups=0(root) [..] n0w ph0r th3 sp0olz [..] Return-Path: <hfortier_at_private> X-Original-To: info_at_private Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: hfortier) by mail.recon.cx (Postfix) with ESMTPSA id 24588D6170 Message-ID: <4F0C8FE0.4000508_at_private> Date: Tue, 10 Jan 2012 14:22:08 -0500 From: Hugo Fortier <hfortier_at_private> User-Agent: Unknown MIME-Version: 1.0 To: "info_at_private" <info_at_private> Subject: Yo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Who forgot to shut down the VAX VM? Return-Path: <jamie_at_private> Delivered-To: xxx_at_private Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: dma) by mail.recon.cx (Postfix) with ESMTPSA id 15D04D6170 Message-ID: <4F0CA7D9.1090608_at_private> Date: Tue, 10 Jan 2012 16:04:25 -0500 From: Jamie <jamie_at_private> User-Agent: Pine/4.44 (NetBSD) MIME-Version: 1.0 To: Hugo Fortier <hfortier_at_private> CC: "info_at_private" <info_at_private> Subject: Re: Yo In-Reply-To: <4F0CA313.7080107_at_private> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 12-01-10 2:22 PM, Hugo Fortier wrote: > Who forgot to shut down the VAX VM? > Uh oh. The process cratered at some point - the pid is still there, it's running, and it's got a TCP connection back to mail, but whatever is in memory doesn't look like the emulator anymore. Strange, but I doubt someone broke through the VM. Must be a ghost in the machine. Return-Path: <stagami_at_REDACTED> X-Original-To: info_at_private Delivered-To: xxx_at_private Received: from xxxx (xxx [x.x.x.x]) by mail.recon.cx (Postfix) with ESMTPS id 0D26DD6170 for <info_at_private>; Tue, 10 Jan 2012 23:11:03 -0500 Message-ID: <4E0A0AFD.80308FCX1aca.Gnus> Date: Tue, 10 Jan 2012 23:10:43 -0500 From: Stu Garbinsky User-Agent: Gnus/5.110018 (No Gnus v0.18) MIME-Version: 1.0 To: "info_at_private" <info_at_private> Subject: Available to speak at REcon Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hey guys, just thought I'd let you know that I am available to speak at REcon if you're interested -- but it will cost you 10k. Sorry, not trying to a jerk, I will be walking away from a consulting job and it comes out of my own pocket. Mo' money, mo' problems. You know how it is. Just let me know dudez, peace out. - Stu Return-Path: <dma_at_private> Delivered-To: jamie_at_private Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: dma) by mail.recon.cx (Postfix) with ESMTPSA id 21D2AF170 Message-ID: <1B0A205A.0432032_at_private> Date: Wed, 11 Jan 2012 3:24:25 -0500 From: David <dma_at_private> User-Agent: Mutt/1.5.4i (OpenBSD 3.2) MIME-Version: 1.0 To: Jamie <jamie_at_private> CC: "info_at_private" <info_at_private> Subject: Re: Re: Yo In-Reply-To: <4F0CA7D9.1090608_at_private> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 12-01-10 4:04 PM, Jamie wrote: > > Who forgot to shut down the VAX VM? > Uh oh. The process cratered at some point. The process is still running, and it's got a TCP connection back to mail. Strange, but I doubt someone broke through the VM. Yeah, wasn't that host running telnetd? The original BSD telnetd? Was that 20 year old bug in it exploitable? [ 0h kr4p!@# b3tt3r t4k3 h1m 0ut, 0n3 s3c ] sh-3.2# rm -rf /home/dma^H^H^H^H^H [ o w8 ] sh-3.2# cp /home/dma/stash-of-warez-stolen-from-rejected-bugtraq-posts.tgz.gpg /tmp/.sneaky/ sh-3.2# rm -rf /home/dma [ wh3w, th4t w4z kl0se! ] Return-Path: <noreply_at_reseausexycelibataires> Delivered-To: cairnsc_at_private Received: from reseausexy.spam (unknown [x.x.x.x]) by mail.recon.cx (Postfix) with ESMTP id E9F0ED6183 for <cairnsc_at_private>; Tue, 26 Jan 2012 23:13:16 -0500 message-id: <x29g7V050A6g4p77F3hGgJc_at_sexysexy> Date: Sun, 26 Jan 2012 23:13:24 -0500 From: Reseau Sexy Celibataires User-Agent: libspammer-1.0 MIME-Version: 1.0 To: Cade Cairns <cairnsc_at_private> Subject: Reseau Sexy Celibataires Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Vous avez recu un clin d'oeil à votre profile. Reseau Sexy Celibataires du Quebec +++ Recon 2012. Jun 14-16. Montreal. CFP closes April 27. Those ascii fighter jets are attributed to unknown. Thanks to whoever drew them. +++ The rest is silence. NO CARRIER ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill. It's that easy. http://www.expandingsecurity.com/PainPillReceived on Thu Mar 01 2012 - 22:42:51 PST
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 22:41:22 PST