Archive for the ‘DEFCON 25’ Category

DEFCON 25 update: August 3, 2017.

Thursday, August 3rd, 2017

Mike the Musicologist tipped me off to this:

Marcus Hutchins, the guy who was in the news earlier this year for defusing the WCry malware, was detained in Las Vegas after DEFCON.

This is still an evolving story, but what I’ve seen from reliable sources (and CNN) is that Hutchins is under federal indictment and charged with creating another piece of malware: Kronos, described as a “banking Trojan”.

The best coverage I’ve seen of this so far is from TechDirt and ArsTechnica. I would keep an eye on those two sites for updates, as this story is still evolving.

DEFCON 25 updates: July 31, 2017.

Monday, July 31st, 2017

Things are going to be a little busy this week, but I do plan to keep an eye out for updates. In the meantime, please enjoy this latest set:

  • TJ Horner has a nice blog post up about his experiences hacking voting machines in DEFCON 25’s “Voting Village”.
  • “The Adventures of AV and the Leaky Sandbox” (Itzik Kotler and Amit Klein) didn’t catch my attention the first time around, but the abstract sounds intriguing: “In this presentation, we describe and demonstrate a novel technique for exfiltrating data from highly secure enterprises whose endpoints have no direct Internet connection, or whose endpoints’ connection to the Internet is restricted to hosts used by their legitimately installed software. Assuming the endpoint has a cloud-enhanced antivirus product installed, we show that if the anti-virus product employs an Internet-connected sandbox in its cloud, it in fact facilitates such exfiltration.” Slides. White paper. GitHub repo.
  • GitHub repo (including slides and white paper) for the Marc Newlin/Logan Lamb/Chris Grayson presentation, “CableTap: Wirelessly Tapping Your Home Network”.
  • Here’s some stuff from “Tracking Spies in the Skies” (Jason Hernandez, Sam Richards, Jerod MacDonald-Evoy): North Star Post summary of their presentation. GitHub repo.
  • Slides from the David Robinson talk, “Using GPS Spoofing to control time”, are here. Slides contain links to code, per Mr. Robinson. I’ve only had a chance to take a quick look at this, but I’m fascinated.

DEFCON 25 updates: July 29, 2017.

Saturday, July 29th, 2017

Third round. I’m not proud. Or tired.

DEFCON 25/Black Hat updates: July 28, 2017.

Friday, July 28th, 2017

Round 2:

  • The white paper for “Free-Fall: Hacking Tesla from Wireless to CAN Bus” (Ling Liu, Sen Nie, Yuefeng Du) is here. Slides here.
  • Slides for “Exploiting Network Printers” (Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk) are here.
  • Found slides for “Breaking Electronic Door Locks Like You’re on CSI: Cyber” here. (I called this one wrong: no Bluetooth. Not a complaint, just an observation.)
  • This is one that I saw, overlooked, and now am intrigued by: “All Your SMS & Contacts Belong to ADUPS & Others“. “Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers in China – without disclosure or the users’ consent.” Slides. White paper.
  • Slides for Vlad Gostomelsky’s “Hunting GPS Jammers”. I think this is one that really needs video, too.
  • “Intercepting iCloud Keychain” (Alex Radocea) slides.
  • And “The Future of ApplePwn – How to Save Your Money” (Timur Yunusov) slides.
  • And (hattip to Mr. Yunusov) “Jailbreaking Apple Watch” (Max Bazaliy). I haven’t compared these slides to the onea on the presentations server, just FYI.

Okay, lunch time is almost over, and I feel like I’ve done enough damage to the security community today. I’ll try to have more updates later today or tonight.

DEFCON 25/Black Hat updates: July 27, 2017.

Thursday, July 27th, 2017

Round 1:

Edited to add more:

  • Karla Burnett’s “Ichthyology: Phishing as a Science” is actually relevant to my professional life. White paper.
  • Slides and the white paper for “Hacking Hardware with a $10 SD Card Reader” (Amir Etemadieh, CJ Heres, and Khoa Hoang) are here.

Here’s your hat.

Wednesday, July 26th, 2017

Black Hat 2017 is just getting started.

There’s some overlap with DEFCON 25. For example, hacking wind farm control networks and the SHA-1 hash talk are on both schedules. But there are also a few things unique to the Black Hat 2017 schedule:

The same rules for the DEFCON post apply here: if you’re a presenter who wants some love, or if you want me to follow a specific talk, leave a comment.

DEFCON 25: 0 day notes.

Tuesday, July 25th, 2017

I’m not going again this year. Maybe next year, if things hold together. But if I were going, what on the schedule excites me? What would I go to if I were there?

Thursday: neither of the 10:00 panels really grab me. At 11:00, maybe “From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices” but I’m at best 50/50 on that. At 12:00, I feel like I have to hit the “Jailbreaking Apple Watch” talk. “Amateur Digital Archeology” at 13:00 sounds mildly interesting.

Not really exited by anything at 14:00. At 15:00, I suspect I would end up at “Real-time RFID Cloning in the Field” and “Exploiting 0ld Mag-stripe information with New technology“. And 16:00 is probably when I’d check out the dealer’s room again, or start getting ready for an earlyish dinner.

Friday: 10:00 is sort of a toss-up. THE Garry Kasparov is giving a talk on
The Brain’s Last Stand” and as you know, Bob, chess is one of my interests. On the other hand, there’s also two Mac specific talks, and Kasparov’s talk is probably going to be packed: I suspect I’d hit “macOS/iOS Kernel Debugging and Heap Feng Shui” followed by “Hacking travel routers like it’s 1999” (because I’m all about router hacking, babe). Nothing grabs me at 11:00, but I do want to see “Open Source Safe Cracking Robots – Combinations Under 1 Hour!” at 12:00:

By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, ‘set testing’ is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe.

13:00: “Controlling IoT devices with crafted radio signals“, and “Using GPS Spoofing to control time” at 14:00. (I do want to give a shout-out to the Elie Bursztein talk, “How we created the first SHA-1 collision and what it means for hash security“, though.)

Do I want to go to “Phone system testing and other fun tricks” at 15:00? Or do I want to take a break before “Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods“:

As we introduce each new attack, we will draw parallels to similar wired network exploits, and highlight attack primitives that are unique to RF. To illustrate these concepts, we will show each attack in practice with a series of live demos built on software-defined and hardware radios.

And then at 17:00, “Cisco Catalyst Exploitation” is relevant to my interests. However, I don’t want to dismiss “The Internet Already Knows I’m Pregnant“:

…EFF and Journalist Kashmir Hill have taken a look at some of the privacy and security properties of over a dozen different fertility and pregnancy tracking apps. Through our research we have uncovered several privacy issues in many of the applications as well as some notable security flaws as well as a couple of interesting security features.

Saturday: Nothing at 10:00. At 10:30, maybe “Breaking Wind: Adventures in Hacking Wind Farm Control Networks” because why not?

I have to give another shout-out to “If You Give a Mouse a Microchip… It will execute a payload and cheat at your high-stakes video game tournament” but I’m personally more interested in “Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices” at 11:00. (“All Your Things Are Belong To Us” sounds pretty cool, too, but I’d probably wait for the notes/repos/etc. to be released rather than attending in person.)

Oddly, there’s really nothing that grabs me between 12:00 and 15:00. At 15:00, “Tracking Spies in the Skies” mildly intrigues me (mostly for the ADS-B aspect), while at 16:00 I’m really excited by “CableTap: Wirelessly Tapping Your Home Network” (more home router hacking! Hurrah!)

At 17:00:

In this talk, we explore the security of one of the only smart guns available for sale in the world. Three vulnerabilities will be demonstrated. First, we will show how to make the weapon fire even when separated from its owner by a considerable distance. Second, we will show how to prevent the weapon from firing even when authorized by its owner. Third, we will show how to fire the weapon even when not authorized by its owner, with no prior contact with the specific weapon, and with no modifications to the weapon.

You have my attention.

(Related article from Wired. Presenter’s Twitter feed.)

Sunday: “I Know What You Are by the Smell of Your Wifi“, followed a little later by “Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years“.

Weirdly, after that, there’s nothing that interests me until the closing ceremonies at 16:00. (Though I might go to “Man in the NFC” if I was there.)

This seems like a very low-key year, and I’m not sure why. I don’t see any Bluetooth related stuff, and very little lock related. Perhaps I should be glad I’m skipping this year.

Anyway, you guys know the drill: if you see a talk you’re interested in, leave a comment and I’ll try to run it down. If you’re a presenter who wants to promote your talk, leave a comment and I’ll try to give you some love.


Tuesday, July 25th, 2017

DEFCON 25 is this week, and it snuck up on me. I was expecting it to start next week.

I guess this means I have to get the schedule analysis up in a hurry. I think I can get it done by Wednesday night; or at least get the Thursday/Friday parts of it up, and Saturday/Sunday up by Thursday night.

Is there anything that leaps out at me from a quick once-over? No “hippie, please!” panels that I noticed this year. Also no badge contest or mystery challenge.

(Also, I’m reorging the DEFCON tags. I think this should be transparent to everyone.)