DEFCON 25 updates: July 31, 2017.

Things are going to be a little busy this week, but I do plan to keep an eye out for updates. In the meantime, please enjoy this latest set:

  • TJ Horner has a nice blog post up about his experiences hacking voting machines in DEFCON 25’s “Voting Village”.
  • “The Adventures of AV and the Leaky Sandbox” (Itzik Kotler and Amit Klein) didn’t catch my attention the first time around, but the abstract sounds intriguing: “In this presentation, we describe and demonstrate a novel technique for exfiltrating data from highly secure enterprises whose endpoints have no direct Internet connection, or whose endpoints’ connection to the Internet is restricted to hosts used by their legitimately installed software. Assuming the endpoint has a cloud-enhanced antivirus product installed, we show that if the anti-virus product employs an Internet-connected sandbox in its cloud, it in fact facilitates such exfiltration.” Slides. White paper. GitHub repo.
  • GitHub repo (including slides and white paper) for the Marc Newlin/Logan Lamb/Chris Grayson presentation, “CableTap: Wirelessly Tapping Your Home Network”.
  • Here’s some stuff from “Tracking Spies in the Skies” (Jason Hernandez, Sam Richards, Jerod MacDonald-Evoy): North Star Post summary of their presentation. GitHub repo.
  • Slides from the David Robinson talk, “Using GPS Spoofing to control time”, are here. Slides contain links to code, per Mr. Robinson. I’ve only had a chance to take a quick look at this, but I’m fascinated.

Leave a Reply