November 1st, 2014

MRL Hacker Space is no more

I’m sad to report that due to circumstances outside of our control, the hacker space that we started up over a year ago had to close its doors recently. We’ll continue to exist as a group and publish new things, but it won’t be based around a physical space. We have people affiliated with the group from all over now, so I anticipate things starting to look more like the Shmoo group where people can contribute as much or little as they prefer from wherever they are located. I’m looking forward to whatever the next phases bring us, :).

(Photo from MRL sign at the space)

BlackHat 2010 Recap

Here are some of the interesting things that I encountered this year at BlackHat. These are mostly talks that I went to, but there are a few things that I just happened to run across in the course of the conference. Overall it was a good conference and similar to last year. One improvement was that we were able to get our Defcon badges at BlackHat after waiting in a huge line instead of a really really huge line at Defcon. :)

  • I had seen a talk and other information about BitBlaze before, but I mainly went to this talk to see security rockstar Charlie Miller. It ended up being a pretty interesting talk, and covered some of the ways that BitBlaze can help automate binary analysis. Among a lot of other things it has some neat features that allow you to do taint tracking and determine which registers are tainted from controlled input. There was also a white-paper released that has lots of details and examples.
  • I saw an interesting talk about a new routing protocol infrastructure attack tool called Loki. It’s written in python (yea), and covers many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. It takes some previously released tools, adds some new functionality and wraps it in a nice GUI. It has some functional similarities to yersinia, but covers some protocols
    that it doesn’t. The live demos were pretty convincing.

  • javasnoop is an neat looking new tool for tampering and interacting with the internals of java applications, including function hooking/tracing, debugging and instruction overwriting, etc. He made a good point in his talk that Java is easy to decompile (jad), but if you need to interact with the software after that, re-building the software is often prohibitive.
  • rejava — This came up in the course of the above presentation, and it looks pretty neat as well. It’s another Java decompiler, but this one allows you to interact directly with the byte code, rather than just getting static code dumps.
  • psudp — I didn’t see this talk, but the tool sounds interesting. It is a tool for passive network-wide covert communication and covert file exfiltration. The basic gist, it seems, is that it encodes data into unused DNS fields. Source and slides are available.
  • Taviso Ormandy and Julien Tinnes talk on kernel exploits was pretty mind-blowing. They walked through several very technical kernel exploits that they’ve worked on in recent history. It’s amazing that these guys have such a firm grasp on kernels in multiple operating systems.
  • virt-ice — This was an interesting talk about a virtualization based malware analysis tool. I was slightly more interested before I found out that the tool wasn’t going to be released any time soon though.
  • libscizzle — Library for quickly detecting shellcode in a large binary stream.

I was originally going to create just one BlackHat/Defcon post, but it took longer than expected, so I’ll be breaking it into two posts with the Defcon content tomorrow (maybe).

Meeting and presentation this Thursday

As part of trying to expand the group and recruit some more members for the hacker space near Boston, we’re going to start announcing more of our presentation style meetings. Hopefully we can get some more people interested in being part of the space this way. This month we’re pleased to have Oliver Day speaking to us about Einstein (a government run IDS/IPS).

Here is the talk information:

Meeting: 6/24/10

Title: Einstein 2/3

As our nation gears up for cyberwar (whose threats may or may not be
exaggerated) the federal government has started deployment of Einstein
3. The actual workings of this technology are shrouded in secrecy
however the White House has recently released a few deails. This talk
covers what we know and what we don’t know of the most expensive
IDS/IPS ever built.

If you’re interested in attending, or in general interested in the space, email info -at-

Defcon CTF pre-qual round

Backup your laptops, it’s already that time of the year again! As always we’ll be getting a few hackers together to play the pre-qualification round of the Defcon CTF game. Every year the competition gets even more fierce, but it’s always an amazing experience to play. If you’re interested in the MRL hacker-space near Boston, this would be a good time to drop in to see the space and meet some people. Email us at info -at- midnightresearch dot com for info.

Updates and changes

The site has had some recent hardware updates, so we should be able to run things a little more smoothly and hopefully also a little more stably now. We (still) have the hacker space near Boston, and so to help promote that we’re going to try to update and clean up the site a bit and post on some of the things that we have been working on. At one point we were keeping MRLB (Boston) separated from the main MRL site, but we realized that wasn’t a good idea, and so we merged everything into MRL. As part of starting to market a little more and try to recruit people, we’re also going to put up some more information and pictures of the space so that people can see what we’ve been up to and hopefully get involved a little more if you’re local.

MRL challenge coin

This post is long overdue since we’ve had these for at at least a couple months now, but I definitely wanted to give props to Jeremy for hooking us up with some cool MRL coins that he had created. He has a pretty good blog post on the process of how he created them. He also included a small QR code tag in the design. If you’re a MRLB member, hit me up, and I’ll give you one if you don’t have one already (as inventory allows).

Jeremy also has lots of other interesting laser/robotics/art/music projects on his site (who doesn’t love laser bacon), so check it out. Also, if like his work, or you’re feeling generous, consider donating or buying one of his Jansen walker robot kits. Especially since he just fried his laser’s power supply.

Here are some pictures of the process:

NAISG presentation

If you’re around Boston this Thursday night, definitely check this interesting presentation from Zach at the Boston NAISG (National Information Security Group) on “Disclosure Samsara” or “The Endless Responsible Vulnerability Disclosure Debate”. This is the official meeting page, and details for the time/location/RSVP can be found there. It will be held at the Microsoft building in Waltham, and chances are there will be some type of MRL caravan, so let us know if you’ll be heading out.

Here’s the full synopsis on the talk:

Vulnerability disclosure can help make software and hardware vendors and service providers accountable for shortcomings in their offerings; and full disclosure can give IT and information security professionals the information they need to validate the resilience and efficacy of their controls. Generally speaking, a happy balance is achieved when vulnerabilities are disclosed in a responsible manner. But what is “responsible?”

It’s been nearly a decade since the introduction of RFPolicy, a document often considered to be the basis for modern, responsible vulnerability disclosure, yet there still remains a significant division between the camps of “full disclosure,” “partial disclosure,” and “zero disclosure.” The “responsible disclosure” debate seems to be an endless cycle, coming back fully reconstituted just when we think it’s run dry.

Lawsuits, gag orders, and boatloads of drama are some of the negative points researchers have dealt with when disclosing a bug or flaw to a vendor. This type of reaction can be very discouraging for a security researcher, possibly resulting in them avoiding communication with the vendor in favor of disclosing it outright or even selling the details to the highest bidder.

With continued, accelerated awareness and discussion, the information security community can work toward solidifying an approach to responsible disclosure that, amongst other things:

* Facilitates interaction between the researcher and vendor or service provider
* Acknowledges the researcher’s work
* Provides adequate protection for the security researcher
* Builds a reasonable timeline and plan for a solution to the bug or flaw and its public disclosure (and keeps parties from stalling)

Zach Lanier is a New England-area security consultant and occasional security researcher. His areas of focus are network and application penetration testing, intrusion analysis, and general hackery. He’s the maintainer of the Security Twits list and one of the co-founders of Midnight Research Labs Boston, a local hackerspace.

Open Security Foundation Mangle-A-Thon

Midnight Research Labs Boston will be hosting the Open Security Foundation’s inaugural “Mangle-A-Thon” on September 19, 2009. This free event, broken up into two to three sessions, is a great opportunity to learn about and contribute to the Open Source Vulnerability Database (OSVDB), the DataLossDB, and more. As an added bonus, the OSF will be providing food and drinks.

Seats are limited, so register now!

Reposted from


After a hardware failure on our primary server the day after our secondary went away, we’re finally back! I’m hoping that’s the last of the fail for a while, :). We’ll still have a couple of infrastructure changes over the next couple weeks, but hopefully the website should be stable. Lots of things have been going on in the last month or so, and other new things should start to trickle out over the next few weeks. We’re starting to schedule events at our fledgling hacker space near Boston, and we also have a couple new tools we hope to release in the near future. Stay tuned and keep hacking.

Lots of new conference videos online

Here are a few sets of conference videos that are now online:

Hack in the box – Malaysia videos. Day1Day 2. Even though it’s a pirate bay link, the videos were linked from the main HITB page, so I’m assuming it’s legit, :).

Microsoft’s BlueHat 8 videos. Day 1Day 2.

Dojosec videos.

(edited to add) 25C3 videos are also now online. Awesome.

Happy torrenting.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS