Even though I missed some of the great presentations at Defcon I had a chance to see quite a few. Here is a brief summary of the most inspiring.
“MQ Jumping” by Martyn Ruks. This was a great presentation of IBM Websphere MQ and some of it’s security problems. Martyn presented a number of ways to remotely own the system of an unhardened MQ installation using some in-house developed tools. He mentioned publishing the python classes and some sample code once he got back. So keep an eye out for that.
“HoneyJax (AKA Web Security Monitoring and Intelligence 2.0)” by Dan Hubbard. A very entertaining talk on deployment of bots in web communities which aid in identifying and tracking of malicious code. The audience was introduced to both passive and active bots which were both used in order to collect data in the environment and alert in case of suspicious activity. A talk on a very interesting topic delivered by a great speaker with the right amount of humor.