a praise for hackers

APraiseforHackersRodrigoRubiraBranco(BSDaemon)

rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon

“Astheareaofourknowledgegrows,sotoodoestheperimeterofour

ignorance”NeildeGrasseTyson

Whythisisdangerous•   Thiswillbeoneofthethingswewilldiscuss:–  DoestheposiJonofsomeonereallyma?ers??–  Shouldwetrusteveryone?–   Judgetheidea,nottheperson.Refutewhatsomeonesays,notwhoheis.

CorporateDisclaimer

•   Idon’tspeakformyemployer.AlltheopinionsandinformaJonherearemyresponsibility

•   InterruptmeifyouhavequesJonsorimportantcommentsatanypoint.•  IMPORTANT:No,I’mnotpartoftheIntelSecurityGroup(McAfee)

PersonalDisclaimer•   Idonotrepresentthehackingcommunity.Idonotrepresent

anyone,butmyself

•   Inmyopinion,noonecanactuallyrepresentthehackingcommunity,notevenasubsetofit(likeforexample,hackersfromagivenlocaJon)

•   WhatIcando,istogiveMYopinionsonit,basedonmyobservaJons.Thatmeans,averylimited,narrowedviewofwhathackingisandrepresents

•   Giventhesizeoftheaudienceandvarietyofprofiles,itishardformetodefinetherightmessage(tootechnical,notechnicalatall,career,olderpeoplethanme,youngerpeoplethanme…)->ForgivemeinadvanceifyoufeelunderesJmatedornotvalued

Sotrue…

•   “NoChessGrandmasterisnormal;theyonlydifferintheextentoftheirmadness”–  ViktorKorchnoi

•   “Nohackerisnormal;theyonlydifferintheextentoftheirmadness”–  BSDaemon

ObjecJves

•   Theworldchanged,wemustchangeaswell

•   Tryanddisseminatewhat/howpeoplecandotocontributetothehackingcommunitythatIknow

•   Praisetheworkofhackerschangingtheworld,theirimportanceandproposeotherareastoresearch

Whyarewehere?

Source:Tweetby@dotMudge

1/3ofGovernmentSystemsVulnsisintheSecuritySoaware

TostarttheconversaJon

•   Whenyoureceiveanidea,Jp,recommendaJonremembertoevaluateitinyourowncontexttoseeifitappliestoyou->Yourdecisions,yourimpacts(posiJveandnegaJveones)

•   Behonestatleasttoyourself(trytobemorecriJcaltoyourselfthanyouaretoothers,evenifyoudon’tshareyourfindings)–   Thiswillhelpyou,andonlyyou

Whyakeynoteisalwaysdifficult•   ShowsthatwegecngoldJAndasso,wehavelotsofhistoriestoshare

•   Weneedtobalancethecontent,wecan’tbetechnical,butweareinatechnicaleventaaerall:/

•   Reemphasizingthatifyoudon’tagreewithwhatIsay,justdon’tfollow.Ifyoudo,follow,changeJtheconsequencesareonyoueitherway.

ThreePointstoTakeOut•   CaremoreaboutwhatYOUdothanwhatothersdo(unless

theyreallydamagingpeople)–   Researchersshouldhavefunandenjoywhattheydo–   Eveniftheyarecapableofmore,whyassumetheywanttodomore?

•   TreatinformaJonyoureceiveasdata,processandgetto

yourownconclusionsonit–   Deepnessofanalysisdependsonimportance

•   DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?

InformaJonorjustdata?

•   WhenyoureceiveaninformaJon,treatisasjustdata(unprocessed),doyourownanalysisandcriJcismbeforeconsideringitaninformaJon–  Deepnessoftheanalysisdependsontheimportance/impactofthatinformaJon

Howtostudy?Howdoyoulearn?•   Whenyouwanttostudyapaper,understandwhatareyourexpectaJonoflearn(forexample,youwanttolearnanewexploiJngtechnique)

•   Startreading,andforeachitemyouknownothingabout,createaniteminatree->leamostifitaffectsthelearningofthesubjectma?er;rightifitdoesnot

•   Godeep,ontopicsfirst.

Source:Adaptedfromthebook“Thinklikeagrandmaster”–AlexanderKotov

StudyTreeI’mbadwithgraphics,butitisnotbinary

StarJngPaperA

B SubjectessenJaltounderstandpaper

C SubjectessenJaltounderstandB

D SubjectinteresJng,butnotessenJal,visitlater

Great,butwhattoprioriJze?•   MikhailBotvinnikwasathree-JmesworldchampionofchessandhadaspupilsAnatolyKarpov,GarryKasparovandVladimirKramnik

•   Evenaaerthat,itwassaidthathelistenedtobasicchesslessonsintheradio.Thereason:Toalwaysremindofthefundamentals.Keepthemsharp

•   NOTE:I’venotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmasters.Ifyouhaveareferenceonthat,pleasesenditmywayJ

TheFundamentals

•   TheessencebehindcomputaJondidnotchange:–  TheTuringMachinemodelofcomputableproblemsexistsevenbeforedigitalcomputers(1936)

–  Chomskyworkonlanguagehierarchyworkisfrom1950’s

–  TCP/IPisfrom1980–  TheessenceofPCarchitecturetooJ

LearningxMemorizing

•   “Memoriza=onofvaria=onscouldbeevenworsethanplayinginatournamentwithoutlookinginthebooksatall.”

–  MikhailBotvinnik

•   “Nevermemorizesomethingyoucanlookupinabook”

–   AlbertEinstein

LearningPlan?•   OnceinachesscompeJJon,grandmasterswereanalyzing

aposiJon->Theymostlyagreedagivensidehadadvantage(let’ssaywhite)

•   Capablancawaspassingbyandwasaskedtogivean

opinion:hesaidblackhadaclearadvantage(!)•   Whentoldtodemonstrateit,insteadofdoingmoves,he

justchangedtheenJreposiJontosomethingnew->Tothesurpriseofthegrandmasters,therewerenothingwhitecoulddotoavoidthegametogetintothatposiJon

•   NOTE:I’vealsonotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmaster.Ifyouhaveareferenceonthat,pleasesenditmywayJ

Didyoureallylearntothepointthatyoucanextend?

•   “Chessbooksshouldbeusedasweuseglasses:toassistthesight,althoughsomeplayersmakeuseofthemasiftheythoughttheyconferredsight”–   JoseRaulCapablanca

•   “Ifyoureallyknow,youcanhack”–  BSDaemon

“SharingisCaring”ornot

•   WeareintheinformaJonage.Butmostofwhatwereceiveisactuallytrash

•   Beforesharingsomethingyousaw,whataboutread,understand,think?Somehowpeoplehidebehindthe‘sharingisnotendorsementmantra’.IcanshareinteresJngthingsthatIdonotendorse(forexample,tostartdiscussions,todemonstrateanotherviewpoint)

•   Peoplethatreadwhatyousharetrustyou,areyoureallyhelpingthemsharingwhateveryouseejustbecauseitisnew?Thatishowhoaxesspread.Youarealsojudgedbythat(aaerall,doyouhavetheJmetoreadeverythingyoujustforwardingornot?OrallyourJmeisspentfindingthingstoshare,butyouneveractuallystudythem?)

“Publishfast”•   Peoplemistakehelpingthecommunitywithpublishingwhatevercrappycomestotheirminds

•   Thiscanbea?ributedtothemisunderstandingoftheopen-sourcecommunityofpublishitfast–   Butyoudon’tdiscussthingswithpeoplefirst?–   Beforeyoupublishsomething,thinkifyouarereallyhelpingthecommunityorifyou’remakingpeoplewastetheirJmes:Becausethatdamagesthecommunity,itdoesnothelpanybody!•   SothinkaboutyourobjecJves:Doyoujustwanttoshow-offoryoureallybelieveyoucontribuJngtothecommunity?Thereisahugedifferencethere!

NewgeneraJons•   NewgeneraJonscomenaturallytoreplaceandbesuperiortothe

previousones(ifyoubelieveinevoluJon)•   Probablyintheaudiencetherearealreadymany(ormost)people

thataremuchbe?erthanme(notthatdifficult).Andthatisnatural!

•   Therewillbealwaysacollisionofideas,andtheprevious

generaJonsobviouslydon’twanttolosetheirimportance!Thedifferenceonthatnaturalcollisionisthewayyouchallenge:–   Isthatthrutechnicalsuperiorityor;–   Personalthings?WhichinpracJceshouldbeconsideredirrelevant(I

reallydon’tcarewhichcaryoudrive,howmuchmoneyyouhaveortowhomyoudidablo****togetallthatJ)

Thenewspeed?

•   “Halfthevaria=onswhicharecalculatedinatournamentgameturnouttobecompletelysuperfluous.Unfortunately,nooneknowsinadvancewhichhalf”–   JanTinman

•   Wesomehownowadaysexpectresultsbeforethe‘a**-workingJme’

ConstrucJveCriJcism•   Ithinkthisisbull****

•   GeneraJonswillconflictandideaswillbechallenged:–   Butchallengetheidea,nottheperson(whythepersonma?ers?Ishe

rich,tall,fat,weird…)–   TransformgarbageinchocolateJ->Ifyouactuallyrefutetheidea,or

demonstrateitwrong,thanthefieldevolves

•   Thereisnosuchathingasjunkhacking–   Weshouldhackbecauseitiscoolandwehavefun–   Anythingelseisnothacking(evenifitisagreattechnical

accomplishment)–   Iprefersimple,buttruethanveryhard/complexbutmoney-moved–   Andbtw,sincewhenthemediacoverageofsomethingshowsits

importance??

Trust

•   Trustisgiven,notdeserved

•   Itisthewaythathumansare,that’swhysocialengineeringworks!

•   Thisisalsowhatgeneratestheproblem,becausesecurityissomethingcounter-natural,andpeopleseehackersasparanoids–  TrustshouldnotbetransiKveeither

Ishackinggrowing?OristheSceneDead?

•   FXforesaw“TheexJncJonofhackers”inapaperfrom2005(whichbythewaychangedmycareerandideas)

•   Butishackingdead?Howcomeifweseemoreandmorehacking-relatedthings?LookintothesizeofthisconferenceJ

•   Thema?erishackingusedtobeanundergroundculture(orsub-culture)andnowitismainstream–   PeoplegetconfusedbetweentechnicalexperJseandhackingmentality(from

theoriginalsub-culture)–   Corporateinterestsandintelligenceagenciesinfluencethehacking

communiJes,sharing,publicaJonsandothers

•   InthepastEVERYcomputeruserwasaprogrammer.Don’tyoumiss“whenmenweremenandwrotetheirowndevicedrivers”?

•   Quote:LinusTorvalds,1991.

Thesceneisdead…?

•   “Chessisnotlikelife...ithasrules!”–  MarkPasternak

•   “andsodoesCTFs”–  BSDaemon

LearningfromOthersRussiaxBrasil

•   BothcountrieshaveconJnentalsizes

•   Bothcountrieshavestrongwilledpeople,whichcanbedemonstratedbythemilitaryhistoryofRussiaandbytheeconomicgrowthofBrazil(ok,notthatmuchlately)

•   SharecommonvocabularywordsJ

•   BothseemstoberelevantinthemalwarecreaJonarena->Okthatisnotreallyimportantfortheargument

•   SowhyweseemuchmoreRussianresearchers??–   RussiansareproudofRussians–   Theyhelpeachother,theypromoteeachother–   Theysupportotherresearchers,insteadofpointfingers,insteadofsupporKngforeignones

Evolvingthecommunity?

•   “Somepartofamistakeisalwayscorrect”–  SaviellyTartakover

•   “anaccumula=onofsmalladvantagesleadstoasupremeadvantage.”–  WilhelmSteinitz

Hackersarechangingtheworld

•   LotsofhackerscurrentlyworkforbigcorporaJonsand/orindependently

•   Theyworkingonpushingdefensivetechnologiesinhardware,operaJngsystemsandmanydifferentsoaware

•   TheyalsoworkingonfindingandpatchingsecurityvulnerabiliJes

ArtxExploiJng•   “Chessistheartwhichexpressesthescienceoflogic.”–  MikhailBotvinnik

•   “ExploitaKonistheartwhichexpressesthescienceoflogic”–   BSDaemon

•   “IfexploiKngisanart,wehavepoeKclicense”–   BSDaemon

Yourcareer,yourchoice(s)

•   ItispossibletodointeresJngandimportantresearchindifferentscenarios,eachwithitsownchallenges:–   Independently(usingpersonalJme,ormakingthatyourowncompany)

–   Inasmallcompany(eitheronethatoffersprimeservicesoronethatgivesplentyoffreeJme)

–   InabigcorporaJon(inresearchorproductsecurityteams)

OffensiveandDefensiveResearchareImportant

•   Offensiveresearchisimportanttokeepthestate-of-the-artknowledgeandunderstandingofoffensivestrategies

•   Defensiveresearchisextremelyimportanttobesustainable(justfixingbugsisnotenoughasadurablestrategythatdealswithmoderndevelopmentgrowthandsoawaredependency)

“Therewillbealwaysbugs”

•   Engineeringprocesstriestocatchandfixthose

•   Thatdonotmeanwecan’tworkonmiJgaJonsofcapabiliJesoncethosebugsexist–  Andtheperformancetrade-offofcurrent/exisJngmiJgaJngtechniquesdemonstratetheyarereal/pracJcal

DefensiveResearch

•   Thereisaclearneedfordefensiveresearchandprojectslikegrsecurity/PaXneedtobepraised,helped,admired,learnedfrom

•   Theyadvancedthefield,createdtheideasthatcamemanyyearslatertomodernhardwareandOSes

•   TheyareSTILLyearsahead!

Open-sourcexHackingLinusxResearchers

•   Disclaimer:IhavenothingagainstLinus,IactuallyappreciatehisworkandfindhiscommunicaJonstylequitefunny(btw,whatistheproblemwiththemonkeys?Penguinsdoittoo)

•   TheproblemisnotonlyLinus,buthowweseesecurityresearchingeneralaswell–  Offensiveiscool–  Defensiveisboring,useless

CreaJveAcJvity

•   “Chess,likeanycrea=veac=vity,canexistonlythroughthecombinedeffortsofthosewhohavecrea=vetalent,andthosewhohavetheabilitytoorganizetheircrea=vework.”–  MikhailBotvinnik

AmessagetoLinuxDevelopers•   InsteadoftryingcriJcizingthelackofengineering

knowledge,whydon’tyoutrytoseeifmaybeyoudon’thavealackofunderstandingoverthecompleteproblem?(thesecurityproblems)

•   WhynotgivetheopJontoyouruserstousethebest

securitypossibleatleast?•   Rememberthatmostbigareamaintainersareactually

employeesofbigcorporaJonsandmaybetheyarenotreallydoingwhatisbestforthecommunitybutwhattheyaretoldto(see,everyoneactuallymighthaveahiddenagenda,socarefulwithhoaxesandwhatyoubelieve)

PsychologicallyBrutal

•   “Fewthingsareaspsychologicallybrutalaschess”–GarryKasparov->HeclearlynevercontributedtotheLinuxkernelJ

Whatcanweimprove?

•   Weresearchersareculpabletoo:–  EveryJmewedemonstrateabypassofsomething,weforgettomenJonthemanyJmesthatsomethingisactuallyuseful

–  WealsoforgettomenJonwhatistheactualstateoftheartforthegiventechnologywebypassing,andwhichmistakesweremadeinthespecificimplementaJonwetargeJngJ

Sources:h?p://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/h?ps://forums.grsecurity.net/viewtopic.php?f=7&t=4309

Egobreakage

•   “IlikethemomentwhenIbreakaman’sego”–  BobbyFischer

Whatthefutureholds?

•   Understandwhatsecurityisreallyaboutandwhataretherealsecurityaspectsofasystem:–  Complexityisbad;–  AssumpJonsaredangerous;–  ComposiJonofsystems!=thesecurityofeachelementofthatsystem

–  Whatisformallyprovenisnotnecessarilycorrectifthepre-requirementsandsimplificaJonsofthecompuJngmodelarenotcorrectaswell(iftheylosepower)

Conclusions•   CaremoreaboutwhatYOUdothanwhatothersdo(unless

theyreallydamagingpeople)–   Researchersshouldhavefunandenjoywhattheydo–   Eveniftheyarecapableofmore,whyassumetheywanttodomore?

•   TreatinformaJonyoureceiveasdata,processandgetto

yourownconclusionsonit–   Deepnessofanalysisdependsonimportance

•   DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?

Theend!!Reallyis!?RodrigoRubiraBranco(BSDaemon)

rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon

“Astheareaofourknowledgegrows,sotoodoestheperimeterofour

ignorance”NeildeGrasseTyson

Conclusions•   CaremoreaboutwhatYOUdothanwhatothersdo(unless

theyreallydamagingpeople)–   Researchersshouldhavefunandenjoywhattheydo–   Eveniftheyarecapableofmore,whyassumetheywanttodomore?

•   TreatinformaJonyoureceiveasdata,processandgetto

yourownconclusionsonit–   Deepnessofanalysisdependsonimportance

•   DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?