[Edited 2011-08-11] The code is now available. It should be fairly well-commented, and include links to everything you’ll need to get the exploit up and running in a local test environment, if you’re so inclined.

In addition, as I mentioned, this bug was found by a simple KVM fuzzer I wrote. I’m also going to clean that up and release it, but don’t expect it too soon.

I had a great time meeting lots of interesting people at BlackHat and DEFCON, some that I’d met online and others I hadn’t. If any of you are ever in Boston, drop me a note and we can grab a beer or something.

Very few of the talks were as technical as I was hoping — they were almost universally broad overviews of an area, with lots of introduction, and relatively little, to my eye, technical meat. Jim informs me this is fairly typical, and it makes sense, but it was disappointing for me. I was really hoping to find more talks that I would have to stretch to understand, or look at the slides later over Wikipedia and some code samples to figure out what was going on, but everything I saw felt kinda dumbed-down. It’s probably realistically all I can expect from a con of that size, but it’s not what I was hoping for.

I felt like I was disappointed at the amount of cool random hacker energy from the attendants, as well. DEF CON seems to be universally characterized as “hardk0re”, but it didn’t always feel like it to me. There was a “Øwn the box, Own the box” contest, where about a dozen boxes were put on the network at published IPs, and if you compromised one of them, you would walk away with it. Not one of them got owned, even ones running known-vulnerable services (albeit protected by ASLR and some form of W^X). Maybe the boxes actually were just really secure, but I had hoped that at the place with a reputation for “The world’s most hostile network,” one of them would have gotten cracked. It seems like people — at least the people with real skill and experience — probably just weren’t trying. Obviously a crappy PIII isn’t worth the time you’re going to spend cracking it, but I would hope people would do it for the fun and the challenge.

Maybe part of the problem is that no one wanted to take much time out of the talks to work on other stuff. I think that if I go back, I’ll probably punt most of the talks, and spend my time at the contests, learning to pick locks better, or participating in aCTF or attacking the ØtB/OtB boxes myself. I severely doubt I would have won anything, but I think I would have learned more, and met more cool people, than I did at the talks.

I am glad I went, despite the disappointment. It was fun, some of the talks were pretty cool, the DEF CON badge is totally fucking awesome (I think I’m going to try to get the technology and time to hack at it over the year), the NBC Dateline reporter getting outed was fucking hilarious, and it was a really interesting experience. I’m not yet sure whether or not I’ll go back again, though.

I might follow up this post with a more specific one about things that were cool.