Announcement

Collapse
No announcement yet.

DefCon First and Foremost by base64xor (@Steve12238317)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DefCon First and Foremost by base64xor (@Steve12238317)

    DefCon First and Foremost
    by base64xor (@Steve12238317)

    My lifelong dream had been to attend DefCon, and I would annually concoct schemes to get out to Vegas for the largest hacker con of all, but had yet to succeed. I learned from watching many hours of DefCon videos, DefCon is where the 31337 h4x0rs presented talks. All in large, lofty rooms, with thousands of hackers present, it seemed so grand, if not imposing. My annual DefCon submission, in response to the DefCon Call for Papers (CFP), fell short of an invitation once again.

    This was the second DefCon held since the inaugural announcement by the Federal Trade Commission (FTC) of the Organized User Cloud Hosting (OUCH) program. The stated goal of the OUCH program was to provide the same quality of Cloud access across all walks of life. The standard OUCH tablet and phone stored and accessed everything Cyber in the user’s personal cloud drive.

    Fewer people used a legacy desktop or laptop computer as the OUCH devices were heavily subsidized. The few remaining independent PC sellers had little inventory. With the storied history of DefCon, it was one of the last bastions of hope for those who risked using legacy computers instead of the OUCH devices.

    My most recent idea for a DefCon presentation covered the legacy disk forensics program Foremost. Even with the latest DefCon rejection, I planned on gaining needed experience on the uses of Foremost by helping others recover deleted files from legacy devices--for a fee, of course. Since the inception of the OUCH program, there were but a few places to look for file recovery assistance involving legacy devices. So in those times, people quickly became desperate when they were unable to recover a most precious deleted file. These people were willing to separate themselves from a few greenbacks for my services, which I had hoped would finance my trip to Vegas.

    Unfortunately, I had only managed to fund my transportation to Vegas, and still, I had no bed to sleep on for a few hours each night. It seemed that I may join the others sleeping in the chairs spread around the convention hotels as seen in social media. DefCon was during the hottest time of the year in Vegas, and ample social feeds attested to the stench from the hallway chair crew by Day Two. As observed in Youtube videos, the chair crew enjoyed the respect of their personal space while they waited in the crowded hallways until the DefCon Goons (aka staff) allowed entrance into the best talks.

    As DefCon drew near, a friend of mine, Cleo, texted that she needed help to recover an accidentally deleted term paper that was due the next day. From the street address provided, I knew this endeavor held the potential to pay for a night at the best hotel in Vegas. I hopped on my ten speed for the three-mile trek to Cleo’s side of town. Along the way, I stopped to pick up my favorite snack, consisting of an extra large caffeinated frozen slush drink and a chocolate bar. My new cup holder on the handlebars held the drink snuggly.

    Cleo opened the front door just as I reached for the door knocker, so my hand hung mid-air in front of her for a few seconds before I managed to return my arm to my side. From the anxious look on her face, I envisioned a second hotel night is possible if I played this right. I followed her into her room which was decorated with a Unicorn theme. As I moved the one-horned mouse across the screen to log onto her legacy desktop, I already had possible passwords going through my mind.

    Next to the computer, was a small pastel-colored note with Un1c0rns4ever written on it in. I thought to myself, “A little on-the-nose, but an A for eff0rt”. After Cleo logged in, I brought out the necessary hardware from my patch-covered backpack. I located an electrical wall outlet, and I plugged in the surge protector for my setup which provided a number of electrical and USB outlets. I remarked to Cleo that the room was decorated very tastefully, and she replied that she had a few remaining packs of decorations that I was free to take.

    My standard tactical assortment of hardware included an almost obsolete Mac Mini originally purchased when I was still sleeping in a crib, a USB universal hard drive cable adapter, video cable adapters, and other odds and ends. As I surveyed her setup, I spotted an external legacy hard drive where I hoped that she had stored her precious term paper before she accidentally deleted the file. As I clicked on the list of recent documents, I saw a possible listing for the term paper, but the program complained that the file was not found in a folder on the external drive.

    When Cleo verified that filename was correct, I learned the theme of the paper to help identify the file later on. As I assembled my hardware, Cleo received a text and was off to the living room. She was unlikely to return quickly since she was embroiled in the latest party planning for the summer.

    The external drive was easily unmounted and removed from her desktop in a few steps. I disconnected her desktop from the monitor and connected my Mac Mini which I booted into Ubuntu Mate. After Ubuntu mounted the external drive, I browsed the directories to make sure the lost paper truly was missing. No paper was found, it was truly gone. At a terminal window, I unmounted the external drive before using Foremost.

    As I ran a Foremost command to locate deleted OLE (Object Linking and Embedding) files on the external drive, I sat back with my frozen drink and reread Death Note Vol. I & II. When I was halfway into Vol. I, Cleo returned briefly to see what was happening. I summarized the current status that many sectors were searched but the long line of asterisks meant nothing was found yet. A sad look returned to her face, and I did not expect her back soon.

    Well into Vol. 2, I noticed the external drive had located deleted objects, which meant that I had some files to review when Foremost was finished. Finally, as I took the last sip from my drink, Foremost completed. It reported that 35 files were recovered. Evidently, my client was not the most prolific writer, which meant I had fewer files to possibly review.

    I scanned the folder where Foremost saved the recovered objects, and I began to view the files with OpenOffice. The first 15 files were from an application installation. But the 16th file was indeed the lost paper and appeared to be a recent version according to OpenOffice. I returned to Vol. 2 for the conclusion, since I did not want it to appear that the job had been as easy as it truly was.

    I also searched the Internet to see what the going price was for a prepared original last minute term paper in order to set my fee accordingly to the value of said paper. I deduced this job was worth two hotel nights, but I also needed the DefCon registration fee. That meant more jobs were needed yet.

    As we haggled over my fee, Cleo’s father walked in the front door as he had returned home from work. She had explained to him earlier in the day about the need for my services, and he had been rather distressed over the possibility that her paper was lost.

    Given the news that Cleo's paper was recovered, he opened his wallet and handed over enough cash for a two-night stay and the registration fee! With such a generous payment, I understood to not discuss the family's reluctance to adopt OUCH devices. It was fortunate for me that I had delayed the payment until her father had arrived home.

    As the funding situation for DefCon looked much better, I relaxed and finished out my freshman college year focused on the mundane tasks at hand until I departed for Vegas. I had established a hacker persona with social media accounts only accessed from an older, less capable, non-OUCH smartphone for use at DefCon.

    I intended to use the older phone at DefCon without worry since the older phone itself, and any associated cloud drives held nothing associated with my true self. I ensured that I followed all of the coolest presenters’ social media accounts from accounts on the old phone.

    When the big day arrived, I used a taxi app on my non-OUCH phone to call for a self-driving taxi for a ride to the airport. The packed flight to Vegas was fairly uneventful and was rather normal but for the array of hacker caps and hats visible throughout the cabin. Though there was a bit of commotion when a guy clumsily stored his Safari hat decorated with many lights and indistinguishable objects in the overhead bin.

    The driverless airport shuttle ride to the hotel was quiet as the riders busily announced to social media that DefCon was on. Selfies and pics of the slot machines at the airport were the first to go up. This group was virtually assured that mostly their moms were the only ones to like their OUCH uploads.
    After I arrived at the hotel, I headed over to the long line for my first DefCon Human (aka non-staff) badge. I read the messages sent out from DefCon to the world reporting on the latest game in which some object was tossed around while we waited to register. While in line, we stared at others as they started the first hacking opportunity of DefCon, the hacking of the coolest hackable con badge of all.

    As I walked away with the prized Human badge, I read social media accounts which announced that the Demo Village opened in a few minutes. With a chance to get actual hands-on time at the select demos of DefCon, I quickly made my way over to the Demo Village. There were lines at all the tables, except for one. Naturally, I headed over to the table without a line. A rather distraught woman was frantically typing away at her OUCH-less system as I approached.

    She looked up with an angry, stressed out expression, and I quickly turned away. She called out to me and asked me over. Maria introduced herself as the Team Lead for an open source mobile application which provided social media public assistance during Disaster Recovery. Maria went on to say that her application demo was missing a few key files. After she explained her predicament, I asked her if she had heard of the program Foremost. She replied that she had not, to which I fist-pumped in excitement.

    After Maria verified that the missing files had resided on her external legacy hard drive before deletion, I explained the use of Foremost in the recovery of the deleted files. I assured her that the program accessed the external drive as read-only and the rest of the drive would remain exactly as it was. With nothing to lose and only deleted files to gain, she watched as I ran a demo of the Foremost program with a drive from the tactical assortment of hardware in my backpack.

    For the next hour, Maria and I enjoyed select beverages at the hotel bar as we planned the recovery of the deleted files. With a few energy drinks under our belts, we set up my tactical hardware in a side room off from the Demo Village. As Maria and I nervously waited for the Foremost program to finish, we saw that files were recovered from her drive onto my drive. A few hundred files, including the important key files, were recovered as Maria had used the drive extensively during the last few weeks after recently purchasing the drive at a small local computer store.

    A crowd gathered during the file recovery operation, and among the observers was a DefCon Goon dressed in mainly red. After Maria’s Disaster Recovery Demo was all up and running, the Goon made an offer for me to host a Foremost Lab in exchange for a Human badge to the next DefCon.

    When my tactical hardware was in place for the Foremost Lab, I hung a few of Cleo’s Unicorn decorations to liven up the area. The first crowd of onlookers gathered as I, Fiona, demonstrated the forensic capabilities of the Foremost program. My lifelong dream had become a reality beyond my wildest dreams!
    Last edited by Dark Tangent; June 27, 2019, 18:22.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X