Recovering from Shmoocon 4 today.  Had a great time with everyone there, highlights include:

1. •Aruba wireless network ran flawlessly for the entire conference, thanks to the Shmoocon Labs people and especially Mike Kershaw who went above-and-beyond to get the network running and kept it stable despite catching the east-coast super-virus;
   

2. •H1kari did a talk about sniffing GSM networks, and his work in cracking the A5.1 protocol used to protect GSM.  Bottom line is that GSM security is weak, and can be broken by an attacker with a reasonable amount of money to spend on the problem, allowing them to intercept and decrypt phone calls and SMS messages.  Even without lots of equipment, an attacker can sniff IMEI numbers, which could contribute to phones being cloned;
   

3. •Sergey Bratus and his students delivered an awesome presentation about active 802.11 fingerprinting techniques, followed up by Larry Pesce and his AP hacking mischief;
   

4. •Isaac Mathis gave a fun presentation titled "Hacking the Samurai Spirit";
   

5. •Jason Ostrom and Jon Kindervag delivered a presentation about emerging attacks against infrastructure designed to support VoIP networks and demonstrated a new version of voiphopper designed for VLAN hopping attacks, sweet;
   

6. •Danny Quist and Valsmith delivered an awesome presentation about circumventing malware packing mechanisms with some novel techniques they have devised.  This was my favorite talk of Shmoocon, and a real eye-opener for me on what is possible for reverse-engineering and automated analysis techniques.  These guys are working hard on the Offensive Computing project, and it occurred to me that they are truly working for a greater good, not just a veiled attempt at greater good disguised as self-satisfying mischief.  Way to go guys!;
   

7. •In general, getting to see everyone and a little bit of social activity was really nice.  I can go back to my cave for another year now.
   

Brad Antoniewicz and I gave our presentation on Pwning PEAP and other EAP types which was pretty well received considering it was the last talk on Sunday.  Larry Pesce launched many a Shmoo Ball at me with his Shmoo Cannon, not the least interesting of which is when I got hit in the junk, despite Larry saying he would try not to do that.  I fully expect Larry to pay up in sushi later this week.

Added the Shmoocon presentation "PEAP: Pwned Extensible Authentication Protocol" in the Publications section, and added the FreeRADIUS Wireless Pwnage Edition (WPE) tools and updated Asleap and EAP-MD5 attack tools to the Offensive page.  I'll work on adding a page for accelerating MS-CHAPv1/LEAP attacks another time with a patch for RainbowCrack.

Thanks to the Shmoo group for another excellent conference, and thanks to my co-presenter Brad for working with me to deliver an awesome presentation.  Shmoocon is my favorite conference every year, and I enjoy saving up new attack tidbits and interesting research to share here.  Hopefully I'll have something exciting to share for Shmoocon 5 as well (those of you who know me know that I already do ;).

-Josh