I'm in

We have Richard Atelby with us and he's going to present. I'm in. Thank you, Richard. >> Thank you. >> All right. So, this is probably the least serious talk of the conference. I don't expect anyone to be going back to their boss tonight and saying, "I learned something amazing in this talk." So, uh uh let's just have a bit of fun. Um I'm going to talk about four films. Um and I'm just going to get straight into it. So, the first film I'm going to talk about is Hackers, uh, released in 1995. I've had a special request, uh, to find out how many people here have actually seen Hackers. >> Oh, I reckon that's less than 50%. Uh,

spoiler warning, there's going to be some spoilers in here and for a few other films as well. So, I'm going to plot summarize it real quick. Um, this guy is Dade Murphy. He's recently been uh got off of his probation uh 7-year probation for hacking as an 11-year-old. Uh and he's moved to New York City. He meets a bunch of people who he needs to prove he's an elite hacker to. Um and one of those people is also trying to pro prove the fact that he's an elite hacker and he's broken into the Gibson. You've probably heard that one before. Um and pulled out a garbage file. Um, unfortunately only halfway through his copying of the garbage file, his uh mom

turns off his computer and so he's only got half of it. The bad guy in this uh in this film called The Plague happens to be the system administrator of the company he was stealing the garbage file from, and he's noticed this intrusion. Um, so he gets quite upset about this because it turns out that garbage file that was copied is where he's storing his secret code to steal all the money. So he writes a virus uh and blames it on the hackers and the virus is supposed to sink some ships. So that sets the secret service off on on in after the hackers and in order to prevent the secret service from um harassing all of their friends, they

decide to do lots of kind of crazy hygiene hacks on the secret service. at the same time they need to reverse engineer the half of a garbage file that they have. So in an amazing montage um of reverse engineering they managed to do that and naturally what you do after that is go rollerb blading. Uh so they rollerblade down to the public payones call all their hacker friends um hit the Gibson which you can see here represented as a whole bunch of blocks. the red bits of the hackers. Um, they collect a whole bunch of hackers from all over the world to slow down the Gibson so that they've got time to navigate a file system that looks like a

city, find the garbage file, take over the airwaves, and tell the world how bad this bad guy is. So, there's a plot summary of hackers. Now, this is the supercomput. Now, this is the Gibson. It has a giant screen in the middle of the server room. These two guys are looking at it and they're watching a login. And I think password security in 1995 may have been a little bit different because this is the password. At no point in this film does anyone refer to the user by a username. It's always just referred to by their password. So you're wondering how did this hacker get in? How did he guess this amazing password? well used exactly

the same techniques as we use today but instead of using rocku they've used this password list very effective but not all of hackers is completely ridiculous um this is young Dade as an 11year-old um and he according to the film crashed u 157 systems in in 1998 um quite an achievement but this is actually based on a real guy. This is Robert Morris. Uh he wasn't 11 when he did it. He was 23. But in 1998, he released a worm called the Morris worm and crashed 6 to 10,000 systems. Um so they based it in reality and that continues throughout the film. This is a character called Serial Killer. Um that's his handle, but his real name in

the film, his character's name is Emanuel Goldstein. But where did he get his name from? He got it from this box of cereal. This Captain Crunch box of cereal. Why is this box of serial significant? Because it came with this toy whistle. And this toy whistle happens to emit a 2600 Hz tone. This is a a tone that can be used um in this phone system at the time in order to disconnect calls. And that inspired this magazine, 2600 magazine. You may have heard of it. The guy that started the magazine, his name's Eric Cley, but his handle was Emanuel Goldstein. A complete circle. And this bit of hacking, um, he's making a longdistance phone call and the

operator asked him to put some coins into the machine and instead he just plays some coins. Um, recorded previously, dropping into the machine and makes his longdistance phone call. This is a legitimate technique. Um, not always done with a recorder. There was a thing called a red box back in the day. Um, you could build it yourself. It emitted the tones that represented the coins dropping into the machine and you just press buttons and put coins in. And so this actually happened. This is a day proving to his friends that he's elite. Um and they're trying to assess his elite status by pulling out books of different colors. He identifies the colors of the books and

the titles uh because he has he is elite and he's read them all. And this is an actual series of books. This is called the rainbow series uh released by the United States government. It's all the security standards and guidelines um before Google uh because Google didn't exist before the internet cuz the internet kind of almost didn't exist. Um, this was how hackers had to had to learn how to do stuff. Uh, the knowledge was power and the ability to read the books um was really important. The hacking scene where all of the hackers hacked the Gibson has a whole bunch of graphics pointed up on it. And it seems completely ridiculous. There's this this screen up here. I want a

cookie. Give me a cookie now. Like why is this there? This is an actual DOSs virus. Um, in here we can see it's in uh infected the format command. So now instead of formatting stuff when you type format, it just prints out give me a cookie, give me a cookie, and it won't go away until you type cookie. Um, you will be very happy. This also does the annoying terminal beep every time it prints one of those strings. So I decided not to run it here. Uh, and similarly, there's another um screen up there. A off we've got you. That came from an actual real piece of malware um that deleted your file systems. Um, and it had that phrase in

it in there as well. So hackers, while it used the stylized visuals flying through cities uh to get code over the realism, it really was rooted in real hacks and real people. Um the people who wrote the script um had a lot of consultation with actual hackers at the time. Um it's a really is a homage to hacker identity um and has used pop culture and really elevated form of hacking and made it a little bit more glamorous than it probably should be. So, let's talk about the next film. I can tell people have seen this one. All right, quick plot summary. Aliens are coming. Uh, so the TVs don't work. And the TVs don't work cuz there's

something wrong with the satellite feed. Turns out there's a binary code in the satellite feed. Almost everyone prints out their binary, right? That binary code t apparently is a countdown. Um, so our amazing uh hacker, his name's David Levenstein, takes his countdown to the president, manages to save the president um from the White House as it gets blown up, and they end up in Area 51, where it turns out they've had one of these alien spaceships for the past 40 years or so, but it's only just turned on. Luckily, he's managed to engineer a virus to turn the shields on the spaceship off. Flies up to the spaceship, talks to it, furiously types in some code,

uploads the virus to the spaceship, throws up a Jolly Roger on their screens for no apparent reason, and then nukes them, thus saving the world. So, I bet you want to see what an an alien virus looks like. Well, here it is. Uh, it's a lot of things. It looks like there's a bit of assembler in there. Could be a bit of Python. Could a bit of JavaScript. Could a bit could be a lot of random words. But my favorite bit are these numbers where someone has clearly just bashed the number row on the keyboard. Just consecutive numbers everywhere. And the Jolly Rodger code. Bet you'd like to see how to throw up a Jolly

Roger on an alien spaceship. There you go. You just load it. But maybe this is doing him a disservice because you can see in the top corner here, before he did this, he had to select 127,000 arguments. >> So maybe it was harder than it looked. But it's okay. It's okay. One of the screenwriters explained what's going on. It was a binary code and all he did was flip the ones and zeros. I'm like, how easy is this? I'm going to try it. So, I built a web server with an API. I turn the shields on. I turn the shields off. And then here we go. Burp plugin. Intercept the request. Let's flip the bits and see what happens.

There's the bits flipped. No more status on. Just asky stuff. Uh, it didn't work. I was as surprised as you guys. I really was. But then I remembered this. I can't read this meme out cuz if you read it read it out, it ruins it. But it gave me an idea. Here's my API. Now we turn the shields on with a one. Now we flip ASKI character one into ASI character zero.

Yes, it works. They were right all along. All right. But I want to give David Levenson some credit here cuz he really has done an amazing job. This is the timeline for Independence Day. Somewhere after 9:00. It seems he arrives a bit late at work that day. He gets a message to say, "Look, there's something wrong with the satellites." Sometime around lunchtime, he's figured out that there's some kind of binary code in there, printed it out, and worked out that it's a countdown. So, in less than one day, he solved the satellite problem. The next day, he ends up at Area 51, sees this spacecraft for the first time, loses hope, gets outrageously drunk. So

drunk that he's falling down. I'm being generous here. The in the film, July 4th flashes up, and then this scene happens. So, I'm going to assume that it happened at 12:01, okay, midnight, when he's outrageously drunk. While he's drunk, he deci decides that he needs to up to write a virus in order to save the day. writes the virus. I'm going to guess this happens somewhere before 3:00 a.m. Why? Because at 3:10, according to this watch, he was at a wedding being a witness. And at dawn, he launched. So, it wasn't 3:10 in the afternoon. It must have been 3:10 in the morning. And he did the co virus demonstration before that, which means he did the entire thing in less than 3

hours. What a champ. So, yeah, Independence Day, completely implausible hacking. I did have a slide in here originally where I kind of defended it. Uh, and I threw it out cuz it was just it it was impossible. There's nonsense code and interfaces everywhere. There's an unrealistic time timeline, but the plot device really works. It's it's a really entertaining movie. All right, Matrix Reloaded. This was this was a turning point I feel. Uh so instead of we don't need the whole plot here uh because there's only really one hacking scene in it. And I'm going to show you the hacking scene, but I'm going to set it up first. So in this uh Trinity has just found out that a a

group that was supposed to take down a power station has failed to do so. Uh and they uh they really need it done right now. So, she has 314 seconds to get in there and shut down a power station. Uh, she jumps into the power station off of the ne the nearby building on a motorcycle, explodes it, and gets in. And let's see what happens next. >> Operator, >> I'm in. >> Keep moving. 65th floor.

1 minute. Come on. Come on. Please.

All good. So, let's have a look at what she did. She she ran NMAP. Um there's it's a question as why she ran NMAT, but we'll get to that in a sec. Um so, NMAP was an actual real tool. Uh if you didn't know that, that is is legit. And this was the first time, especially for me, I'd ever seen someone use a real tool in a hacking movie. Um, so I thought that was pretty good. Um, but I looked a bit closer and it turns out it's MAPAP version 2.54. Uh, and we can see that MAT 2.53 was released in 2000 and MAP 3 was released in 2002. And this movie is set in approximately the year

2001, so it kind of fits. That was slightly impressive. We see that it's not all completely impressive though. There's a spelling error in the returned bit of end map. So, someone's feudal there. But also, there's the question of why anyone bothered to run end map on a single IP address to find a service that they probably knew was there on the port that it normally runs on. Especially if you see that switch, they just looked at all the default ports. So they probably scanned like a thousand of them or something like that. Um they also used an exploit that called SSH nuke and there's a screenshot there in the background. Maybe she typed it in

then. Maybe she typed in an assembler. Maybe she edited the assembler afterwards. It's hard to tell. But SSH nuke is not an actual uh exploit. It it doesn't exist. Um, but she uses it here to change a root password. And we can see that exploiting SSHV1, the CRC32. This turns out to be an actual exploit again from 2001. So, actually period correct. Um, and given the movie was probably filmed in 2002, uh, it's actually like a pretty good effort there. Um, and we can see that it the exploit actually covers what the CVA covers. Um, so that's pretty impressive. Um, she changes the root password here to uh Zion. If you remember, Zion is the city of the humans

in the film. Um, I probably would have changed it to like a or something cuz the whole point was I had to do this really quickly. Um, but Z and then we get some more Hollywood magic with a a password popup which obviously wouldn't exist. And then she types in the disable notes command clearly pressing the H key here manages to type command with no H's in it and saves the day. So this one was grounded in real exploits. So that was really good um and represented a shift in portrayal. You could actually show someone doing something properly. Um and that was something that continued in with Black Hat um in 2015. Now, this this I assume

most people have not seen because this this film did very badly at the box office. It did so badly it was pulled from a release from a whole bunch of theaters. Um and the director later apologized saying we hadn't really finished the script yet. Uh he actually re-released I think this year or last year there's a director's cut which moves a whole bunch of stuff around. Um I'm not going to spoil the plot on this one. Um but basically uh this guy in the picture here um gets broken down to prison to help track uh track down a hacker. Um but in the technical community was actually really well wellreceived in terms of what it

got right. We'll see. Um perhaps it was wellreceived because they didn't shy away from hex dumps. Um this is a guy presenting to highlevel people like the CIA um and upper levels of defense and he doesn't bring a PowerPoint presentation. No, he just uses the output from his debugger to prove what he's doing. I don't suggest doing this. I suggest conveying your information slightly more easily. There's hex dumps all over the place. Uh some of them are so good that we can actually pull the text out of them and see what's in there. So, we've reverse engineered this one and we can see some um uh some assembler. Have a look at it. We can even turn it into a C function.

And that's when we get disappointed like why is he looking at this particular function that all it seems to do is multiply one of its arguments by a constant. This is probably not the bit of code that we need to be looking at. Similarly, here we've got um a DLL entry point um and and the start of a function. But there's nothing interesting in here. The interesting bits in here, can we see these bits? These are the bits that are getting called to find out what to do with some file. But these are left behind. And then there's this bit here. We've got a Python script with for some reason a dash f on the end of the the pie.

No idea. Um, and they're running on a memory dump. This memory dump he obtained by going into a melted down nuclear reactor in a hazmat suit and pulling the memory out of a out of a machine that was in there. And then they're searching with this IP address. And we can see, oh, they got a partial match on the IP address here. I don't know how they managed to match on the other two hits there. There doesn't seem to be anything that looks at all like an IP address. So, I don't know how you get a hit on that. Um, but here's another shot from a different binary somewhere else in the film. And there's the IP

address they were looking for. So really, you didn't know need to go into a nuclear nuclear reactor in order to find this IP address. You just could have looked in the binary that you had sitting there on your desktop the entire time. And it does some stuff super weirdly. Like here's some Python that is just syntactically incorrect. Like there's there was no reason to make this syntactically. You could you could have run it run it normally. Here's someone failing to use the copy command. This is this is our elite hacker, the main character of the the movie. This is obviously intentional missing out of a space here. Like it is under here. He fails to use the right command. Um he

gets he gets the command right, but then he just enters his uh his message into the command prompt and then when someone write writes back, he just types his hand in the command command prompt. And here we have a binary that they had managed to pull off something that has source code comments in it like this would just never happen. Um so it's intentionally weird the way they they broke some stuff. This one gets a bit pedantic but I'm going to talk about anyway. Um this is the classic malicious USB drive. So the mill the uh the setup here is the USB drive has been delivered um to a bank and the security guard at the front desk

has plugged this in in order to print out the document um for the lady who's asking for it. So he plugs the USB drive in and it auto runs and we get a popup on our hero hacker's computer. Um, but we get a blank command prompt pop up and then he types his netcat command so he can do the listening for the thing that's already happened. Then he gets his shell and he decides to launch a browser. So he's got his reverse shell and he launches a browser which somehow manages to pop up on his machine instead of on the machine that it's supposed to be running on. And then this security guard at the

front desk of a bank somehow has unauthenticated access to all financial transactions within the bank. So he can just transfer funds wherever he wants. Perfect. All right. This this is the last one. This is the end of the talk. And this one's a doozy. This is I'm going to call it a Linux system. Does anyone does anyone want to argue with me? Does anyone recognize this as not a Linux system? Okay good. On this Linux system, uh, we we've got a a USB drive. Um, and this is the target of an auto run. Now, this auto run is for a Windows system. Anyone going to argue with that? So, we've got some incomp incompatibilities here.

So, Windows. Now this magic number, this is the start of, believe it or not, an Apple binary. Yeah, this is 64-bit macro. We have three levels of failure all in one. It gets better. Here's some text in the in the ASI here. We can see some text. It looks a bit weird, but what looks even weirder is it doesn't match the hex. They're definitely all zeros and that's definitely text. And if you look at this string, it kind of looks like it might be words, but you can't read it. But if you read it in reverse, you get a phrase. That's a kind of weird phrase to find in your malicious binary. So, I Googled it. Oh, an extract from a book.

What book could possibly be in this malicious binary? It's called The Story of O. Written in 1954 originally in French and translated into English. It has been described as 50 Shades of Gray before 50 Shades of Gray. So, that's Black Hat. Uh a big thanks to Silent Grid for um the guys there for enduring an early presentation of this. Um uh it was really good um putting out to you guys and getting your feedback. So thank you very much. Uh and I'm just going to leave you with my favorite and most represent representative scene from a movie of pentesting and hacking in general. This is from the original Matrix. Uh and we call this one Waiting

for Creds. Thank you.

>> Awesome presentation. Thank you for that. Richard, does anyone have any questions? >> There better not be questions. >> Do you know him? >> No, I don't know. No questions from the background.

I'll just presentation. I missed the start though. Were you talking about swordfish at the start? I'm just wondering when the sword >> I I skipped I skipped short swordfish. Sorry. >> Maybe if I do another one uh a 55minute one I can add in >> next year. Yeah. Yeah. Sure. >> Anyone else? >> Anybody else? Awesome. Thank you again. That was fantastic.