Connecting communities

Connecting communities
PoC||GTFO
Ange Albertini - RMLLSec 2016/7/4
This may not be a standard file. Congratulations for opening it.
Any crash or unexpected behavior is purely accidental - trust me!

Ange Albertini
reverse engineering &
visual documentation
@angealbertini
ange@corkami.com
http://www.corkami.comWelcome to my talk!

LEVERAGING COMMITMENT ~ AGILE
MAXIMIZING SYNERGIES
INSPIRING SUCCESS
FOSTERING ACHIEVEMENTS
RED OCEAN STRATEGY
DISRUPTIVE ~ OUTSTANDING
"OUT OF THE BOX" THINKING
GOAL-ORIENTED ~ USER-FOCUSED
UNCONVENTIONAL ~ INNOVATIVE
KEYNOTE

TL;DR
1. Hackers are very conventional in the way they
share knowledge
2. I contribute to the journal of PoC||GTFO
○ It's a different way to share knowledge.
3. Try your own way too:
We need more PXE, more PoC||GTFO!

● Blog
○ no lower bar
○ no preservation
● Academic
○ No source or data
○ Difficult to write papers. LaTeX & PDF are still the best...
● Conference
○ Diluted content: 1h for 10 mins of interesting content
OR "it should be a paper anyway"
○ Short talks are the underdogs
○ Entertainment over real impact:
■ Stars: disperse a lot of energy to shine, get bigger, very visible.
versus
■ Blackholes: attract everything around them - it's their nature.
Sharing knowledge

Why are hackers so
convention-al
for sharing knowledge?

Too many conferences.
Little impact.

Too often the same.
No expected impact
anymore.

medias say jump,
infosec say how high?
Rage against the Infosec Circus
cyber
APT

Why let medias
decide how
we communicate ?
What's next: movies & trailers?

http://theoatmeal.com/comics/exposure
You're doing it for
the exposure?
So all
this standardization
only benefits
...your ego?

Advice:
maybe not
http://phdcomics.com/comics/archive.php?comicid=1871

Make me stop use
pink Comic Sans!
⇒ try something
really different!

http://myjetpack.tumblr.com/post/134283180448/a-recent-cartoon-for-new-scientist

Remember:
stop having ideas,
try something!

http://theoatmeal.com/comics/exposure
</rant>

http://ph-neutral.darklab.org/PXE5.txt

https://www.youtube.com/watch?v=Tzmp8T2xX2A

“Proof of Concept”
"Proof of Concept or Get The F*ck Out": Prove it or shut up
not “Picture of Cat” or “Person of Colour”

0x00:2 2 Ipod Antiforensics [Travis Goodspeed]
0x00:3 4 ELFs are dorky, elves are cool [Sergey Bratus] [Julian Bangert]
0x00:4 9 The Pastor Manul Laphroaig's First Epistle to Hacker Preachers of All Hats, in the sincerest hope that we might shut up about hats, and get back
to hacking.
0x00:5 10 Returning from ELF to Libc [Rebecca "Bx" Shapiro]
0x00:6 12 GTFO or #FAIL [FX of Phenoelit]
0x00:7 13 A Call for PoC [Rt. Revd. Pastor Manul Laphroaig]
0x01:2 2 Four Lines of Javascript that Can’t Possibly Work So why do they? [Dan Kaminsky]
0x01:3 5 Weird Machines from Serena Butler’s TV Typewriter [Travis Goodspeed]
0x01:4 9 Making a Multi-Windows PE [Ange Albertini]
0x01:5 11 This ZIP is also a PDF [Julia Wolf]
0x01:6 13 Burning a Phone [Josh “@m0nk” Thomas]
0x01:7 15 A Sermon concerning the Divinity of Languages; or, Dijkstra considered Racist [Rt. Rvd. Pastor Manul Laphroaig]
0x01:8 17 A Call for PoC [Rt. Revd. Preacherman Pastor Manul Laphroaig]
0x02:2 3 A Parable on the Importance of Tools; or, Build your own fucking birdfeeder. [Rt. Rvd. Pastor Manul Laphroaig]
0x02:3 5 A PGP Matryoshka Doll [Brother Myron Aub]
0x02:4 7 Reliable Code Execution on a Tamagotchi [Natalie Silvanovich]
0x02:5 10 Some Shellcode Tips for MSP430 and Related MCUs [Travis Goodspeed]
0x02:6 14 Calling putchar() from an ELF Weird Machine. [Rebecca .Bx Shapiro]
0x02:7 19 POKE of Death for the TRS 80 Model 100 [Dave Weinstein]
0x02:8 21 This OS is also a PDF [Ange Albertini]
0x02:9 25 A Vulnerability in Reduced Dakarand from PoC||GTFO 01:02 [joernchen of Phenoelit]
0x02:10 30 Juggernauty [Ben Nagy]
0x03:2 5 Greybeard’s Luck [Rt. Revd. Dr. Pastor Manul Laphroaig]
0x03:3 8 This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats [Ange Albertini]
0x03:4 10 NetWatch: System Management Mode is not just for Governments. [Joshua Wise] [Jacob Potter]
0x03:5 15 An Advanced Mitigation Bypass for Packet-in-Packet; or, I’m burning 0day to use the phrase ‘eighth of a nybble’ in print. [Travis Goodspeed]
0x03:6 18 Prototyping an RDRAND Backdoor in Bochs [Taylor Hornby]
0x03:7 22 Patching Kosher Firmware for Nokia 2720 [Assaf Nativ] [Anonymous]
0x03:8 30 Tetranglix: This Tetris is a Boot Sector [Juhani Haverinen] [Owen Shepherd] [Shikhin Sethi]
0x03:9 33 Defusing the Qualcomm Dragon [Josh “m0nk” Thomas]
0x03:10 35 Tales of Python’s Encoding [Frederik Braun]
0x03:11 37 A Binary Magic Trick, Angecryption [Ange Albertini] [Jean-Philippe Aumasson]
0x04:2 4 First Epistle Concerning the Bountiful Seeds of 0Day [Manul Laphroaig]
0x04:3 5 This OS is a Boot Sector [Shikhin Sethi]
0x04:4 12 Prince of PoC; or, A 16-sector version of Prince of Persia for the Apple ][. [Peter Ferrie]
0x04:5 16 A Quick Introduction to the New Facedancer Framework [gil]
0x04:6 19 Dumping Firmware from Tamagotchi Friends by Power Glitching [Natalie Silvanovich]
0x04:7 22 Lenticrypt: a Provably Plausibly Deniable Cryptosystem; or, This Picture of Cats is Also a Picture of Dogs [Evan Sultanik]
0x04:8 27 Hardening Pin Tumbler Locks against Myriad Attacks for Less Than a Sawbuck [Deviant Ollam]
0x04:9 32 Introduction to Reflux Decapsulation and Chip Photography [Travis Goodspeed]
0x04:10 37 Forget Not the Humble Timing Attack [Colin O’Flynn]
0x04:11 42 This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection [Ange Albertini]
0x04:12 44 How to Manually Attach a File to a PDF [Ange Albertini]
0x04:13 46 Ode to ECB [Ben Nagy]
0x04:14 48 A Call for PoC [Pastor Manul Laphroaig]
0x05:2 4 Stuff is broken, and only you know how [Rvd. Dr. Manul Laphroaig]
0x05:3 7 ECB as an Electronic Coloring Book [Philippe Teuwen]
0x05:4 11 An Easter Egg in PCI Express [Jacob Torrey]
0x05:5 15 A Flash PDF Polyglot [Alex Inführ]
0x05:6 17 These Philosophers Stuff on 512 Bytes; or, This Multiprocessing OS is a Boot Sector. [Shikhin Sethi]
0x05:7 23 A Breakout Board for Mini-PCIe; or, My Intel Galileo has less RAM than its Video Card! [Joe FitzPatrick]
0x05:8 27 Prototyping a generic x86 backdoor in Bochs; or, I’ll see your RDRAND backdoor and raise you a covert channel! [Matilda]
0x05:9 35 From Protocol to PoC; or, Your Cisco blade is booting PoC||GTFO. [Mik]
0x05:10 40 i386 Shellcode for Lazy Neighbors; or, I am my own NOP Sled. [Brainsmoke]
0x05:11 42 Abusing JSONP with Rosetta Flash [Michele Spagnuolo]
0x05:12 48 A cryptographer and a binarista walk into a bar [Ange Albertini] [Maria Eichlseder]
0x05:13 54 Ancestral Voices Or, a vision in a nightmare. [Ben Nagy]
0x06:1 3 Sacrament of Communion with the Weird Machines
0x06:2 4 On Giving Thanks [Pastor Manul Laphoraig]
0x06:3 6 Gekko the Dolphin [Fiora]
0x06:4 15 This TAR archive is a PDF! (as well as a ZIP, but you are probably used to it by now) [Ange Albertini]
0x06:5 17 x86 Alchemy and Smuggling with Metalkit [Micah Elizabeth Scott]
0x06:6 25 Detecting MIPS Emulation [Craig Heffner]
0x06:7 29 More Cryptographic Coloring Books [Philippe Teuwen]
0x06:8 37 Introduction to Delayering and Reversing PCBs [Joe Grand]
0x06:9 41 Davinci Seal: Self-decrypting Executables [Ryan elfmaster O’Neill]
0x06:10 50 Observable Metrics [Don A. Bailey] [Tamara L. Rhoads] [Jaime Cochran]
0x07:1 3 With what shall we commune this evening?
0x07:2 4 AA55, the Magic Number [Morgan Reece Phillips]
0x07:3 5 Laser robots! [icah Elizabeth Scott]
0x07:4 10 A Story of Settled Science [Pastor Manul Laphroaig]
0x07:5 13 Scapy is for Script Kiddies [Eric Davisson]
0x07:6 18 Funky Files, the Novella! [Ange Albertini]
0x07:7 42 Extending AES-NI Backdoors [BSDaemon] [Pirata]
0x07:8 49 Innovations with Core Files [Ryan elfmaster O’Neill]
0x07:9 58 Bambaata on NASCAR [Count Bambaata]
0x07:10 61 Public Service Announcement
0x07:11 62 A Modern Cybercriminal [Ben Nagy]
0x07:12 64 Fast Cash for Bugs! [Pastor Manul Laphroaig]
0x08:2 4 Witches, Warlocks, and Wassenaar; or, On the Internet, no one knows you are a witch.
0x08:3 7 Backdoors from Compiler Bugs [Scott Bauer] [Pascal Cuoq] [John Regehr]
0x08:4 10 A Protocol for Leibowitz [Travis Goodspeed] [Muur P.]
0x08:5 20 Reprogramming a Mouse Jiggler [Mickey Shkatov]
0x08:6 24 Exploiting an Academic Hypervisor [DJ Capelis] [Daniel Bittman]
0x08:7 27 Weaponized Polyglots as Browser Exploits [Stegosploit]
0x08:8 45 On Error Resume Next for Unix [Jeffball]
0x08:9 47 Sing Along with Toni Brixton [EVM] [Tommy Brixton]
0x08:10 48 Backdooring Nothing-Up-My-Sleeve Numbers [Jean-Philippe Aumasson]
0x08:11 55 Building a Wireless CTF [Russell Handorf]
0x08:12 60 Grammatically Correct Encryption [Philippe Teuwen]
0x08:13 64 Fast Cash for Cyber Munitions! [Pastor Manul Laphroaig]
0x09:2 4 A Sermon on Newton and Turing
0x09:3 7 Globalstar Satellite Communications [Colby Moore]
0x09:4 12 Keenly Spraying the Kernel Pools [Peter Hlavaty of Keen Team]
0x09:5 19 The Second Underhanded Crypto Contest [Taylor Hornby]
0x09:6 21 Cross VM Communications [Sophia D’Antoine]
0x09:7 26 Antivirus Tumors [Eric Davisson]
0x09:8 28 A Recipe for TCP/IPA [Ron Fabela of Binary Brew Works]
0x09:9 34 Mischief with AX.25 and APRS [Vogelfrei]
0x09:10 40 Napravi i ti Racunar „Galaksija“ [Voja Antonic]
0x09:11 60 Root Rights are a Grrl’s Best Friend! [Fbz]
0x09:12 61 What If You Could Listen to This PDF? [Philippe Teuwen]
0x09:13 62 Oona’s Puzzle Corner! [Oona Räisänen]
0x09:14 64 Fast Cash for Cyber Munitions! [Pastor Manul Laphroaig]
10:2 4 The Small Brown Dog and the Three Ghosts [Pastor Manul Laphroaig]
10:3 7 Exploiting Pokémon in a Super GameBoy [Allan Cecil (dwangoAC)] [Ilari Liusvaa
10:4 24 Pokéglot! [Allan Cecil (dwangoAC)] [Ilari Liusvaara (Ilari)] [Jordan Potter (p4plus
10:5 26 Cortex M0 Marionettes with SWD [Micah Elizabeth Scott]
10:6 32 Reversing a Pregnancy Test [Amanda Wozniak]
10:7 39 Apple ][ Copy Protections [Peter Ferrie (qkumba, san inc)]
10:8 76 Jailbreaking the TYT MD380 DMR Handheld [Travis Goodspeed KK4VCZ] [DD4
11:2 4 In Praise of Junk Hacking [Pastor Manul Laphroaig]
11:3 6 Emulating Star Wars on a Vector Display [Trammell Hudson]
11:4 9 One Boot Sector PoC Deserves Another [Eric Davisson]
11:5 15 Defeating E7 Protection on the Apple ][ Platform [Peter Ferrie (qkumba, san in
11:6 20 Tourist's Phrasebook for the ARM Cortex M [Travis Goodspeed] [Ryan Speer
11:7 24 Ghetto CFI for X86 [Jeffrey Crowell]
11:8 28 Tourist's Guide to the MSP430 [Ryan Speers] [Travis Goodspeed]
11:9 33 The Treachery of Files [Evan Sultanik]
11:10 38 Ben "bushing" Byer Memorial [fail0verflow]
12:1 Lisez moi! [Rt. Revd. Pastor Manul Laphroaig]
12:2 Surviving the Computation Bomb [Rt. Revd. Pastor Manul Laphroaig]
12:3 A Z-Wave Carol [Chris Badenhop] [Ben Ramsey]
12:4 Comma Chameleon [Krzysztof Kotowicz] [Gábor Molnár]
12:5 Putting the VM in M/o/Vfuscator [Chris Domas]
12:6 A JCL Adventure with Network Job Entries [Soldier of Fortran]
12:7 Shellcode Hash Collisions [Mike Myers] [Evan Sultanik]
12:8 UMPOwn; A Symphony of Win10 Privilege [Alex Ionescu]
12:9 VIM Execution Engine [Chris Domas]
12:10 Doing Right by Neighbor O'Hara [Andreas Bogk]
12:11 Are Androids Polyglots? [Philippe Teuwen]
12:12 Tithe us your Alms of 0day! [Rt. Revd. Pastor Manul Laphroaig]
It’s a journal with technical articles...

Apple II
ELF
PE
PGP
JPEG
PCIe
GameBoy
Super NES
WavPack
Nokia 2720
MBR
MD380
Cortex M
MSP430
AX 25
PDF
ZIP
Python
MIPS
Crypto
Tar
BluRay
TRS80
Lock Picking
Cortex M0
Pregnancy
Test
Tamagotchi Flash
PowerPC
...spanning over different themes.

printed first:
⇒ hard deadline
⇒ get things done

Efficient against:
"I did X but never
took the time
to finish it"

One issue per quarter:
⇒ no rush to miss one
And no "I reserve this research for <1 time/year> event..."

Good for quality:
"Take your time" or
"Can you elaborate?"

No smaller margin:
just 1 clever trick
is enough

Good for non-
mainstream content.

One's triviality/stunt
could be another's
solutions.

We reject,
enforce quality,
trim down.
Issue 10: 88 pages (cut)
Issue 11: 40 pages
Issue 12: 80 pages

An active
bi-directional
collaboration.

Don't
submit & forget!
You have your own blog for that :)

When both sides
are interested,
everybody wins.
And especially our audience.

Submitted pictures:
bad lighting,
blurry, grainy
bad angle,
scratches, folds.

Vectors are optimal for
visual information.

Original drafts:
on a napkin,
on a tablet,
in a shaky bus...

Official PDFs:
broken encoding,
broken font,
or even errors!

We extract and fix PDF data
from external sources.
Text should be extractable.

Challenge ⇒ solution ⇒ preservation
Puzzle ⇒ Github ⇒ Archive.org

Space saving, the
PoC||GTFO way :)

Of course, it's not just
a fancy document :)

The electronic release
comes a few days after
the print.

No official website, but some very fancy mirrors

Archive.org, awesome as usual.

Each issue
has attached
feelies (PDF/ZIP)

Preserved
external research.
(blog ⇒ PDF)

$ tar -tvf pocorgtfo06.pdf
-rw-r--r-- Manul/Laphroaig 0 2014-10-06 21:33 %PDF-1.5
-rw-r--r-- Manul/Laphroaig 525849 2014-10-06 21:33 1.png
-rw-r--r-- Manul/Laphroaig 273658 2014-10-06 21:33 2.bmp
$ echo "terrible raccoons achieve their escapades" | ./pocorgtfo08.pdf -d 4321
good neighbors secure their communications
Each issue is a PoC itself

Compatibility is critical:
our QA is extensive.

Adobe Reader
blacklists many formats.

Regarding compatibility:
weird files structures
triggers weird bugs!
The first picture is missing
for no good reason?
Insert a 1x1 picture first!

If you archive a PDF
inside the attached ZIP:
it might encode PDF keywords
and break the outer PDF!

BTW:
Not all secrets have been found.
Any weird pattern is purely
coincidental ;)

PoC||GTFO helped
to share research
in a better way.

None of this
Is required*.
But... *for a hacker publication.

Keep trying
⇒ optimize your
workflow

My current plan:
2016: experiment to make
PoC||GTFO better
2017: publish methods & tools

Please provide feedback.
Please submit
(articles, ads, polyglots,
puzzles, poems...)

To be published soon:
The PoC||GTFO bible
Tome I
@ NoStarch

I'll let you decide whether
PoC||GTFO is good, but…

We're exploring
better ways
to share knowledge.

We need more people trying
new ways to share knowledge.
PeX, PoC||GTFO…
but more importantly:
yours !

Ack
Phil Travis Evan Sergey Jacob
Micah Michael Allan Peter
4am Chris Kurt...

corkami.com
@angealbertini
Hail to the king, baby!
Connecting
Communities

Connecting communities

More Related Content

Similar to Connecting communities (20)

More from Ange Albertini (20)

Recently uploaded (20)

Connecting communities