cover of episode Ryan Lackey & Marc Rogers & theGrugq - Masquerade - How a Helpful Man-in-the-Middle Can Help You Evade Monitoring

Ryan Lackey & Marc Rogers & theGrugq - Masquerade - How a Helpful Man-in-the-Middle Can Help You Evade Monitoring

2014/12/14
logo of podcast DEF CON 22 [Materials] Speeches from the Hacker Convention.

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Frequently requested episodes will be transcribed first

Shownotes Transcript

Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. Ryan Lackey Founder, CryptoSeal, Inc. Marc Rogers Principal Security Researcher, Lookout The Grugq Information Security Researcher

Sometimes, hiding the existence of a communication is as important as hiding the contents of that communication. While simple network tunneling such as Tor or a VPN can keep the contents of communications confidential, under active network monitoring or a restrictive IDS such tunnels are red flags which can subject the user to extreme scrutiny.Format-Transforming Encryption (FTE) can be used to tunnel traffic within otherwise innocuous protocols, keeping both the contents and existence of the sensitive traffic hidden.

However, more advanced automated intrusion detection, or moderately sophisticated manual inspection, raise other red flags when a host reporting to be a laser printer starts browsing the web or opening IM sessions, or when a machine which appears to be a Mac laptop sends network traffic using Windows-specific network settings.

We present Masquerade: a system which combines FTE and host OS profile selection to allow the user to emulate a user-selected operating system and application-set in network traffic and settings, evading both automated detection and frustrating after-the-fact analysis.

Ryan Lackey, Founder of CryptoSeal, founded HavenCo, the world’s first offshore datahaven, and has worked as a defense contractor in Iraq and Afghanistan, at various technology startups, and is currently working on a secure hardware-based router for business travelers.

Marc Rogers is an English hacker, Director of SecOps for DEF CON, and works as Principal Security Researcher for Lookout.

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq's professional career has included Fortune 100 companies, leading information security firms and innovative start-ups. Claims to fame:

  • pioneered anti-forensics
  • developed "userland exec"
  • released voip attack software
  • decade of experience in infosec
  • long term liaison w/ digital underground
  • described as "extremely handsome" [by his mom]
  • 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.