- Slides from the Jay Beale and Larry Pesce talk “Phishing without Failure and Frustration” are up here at the InGuardians website.
- At the same site, a talk Jay Beale gave in the Packet Capture Village, “Adding Ramparts to Your Bastille: An Introduction to SELinux Hardening”.
- Slides for Max Bazaliy‘s “A Journey Through Exploit Mitigation Techniques in iOS” are here.
- Haven’t found slides yet, but the tools from Salvador Mendoza’s “Samsung Pay: Tokenized Numbers, Flaws and Issues” are here.
- Patrick Wardle‘s “I’ve got 99 Problems, but Little Snitch ain’t one” slides are here.
Archive for the ‘DEFCON’ Category
DEFCON 24 updates: August 8, 2016.
Monday, August 8th, 2016More on Blue Hydra.
Sunday, August 7th, 2016Earlier, I wrote “It runs! It works! Mostly. Kind of.”
I’ve been banging on Blue Hydra in my spare time since Thursday, and I stand by that statement. Here’s what I’ve run into so far.
The README is pretty clear, and I didn’t have any problems installing the required packages. (I don’t have an Ubertooth, so I skipped that one. We’ll come back to the Ubertooth later.)
First problem, which was actually very tiny: I know next to nothing about Ruby, other than that cartoon foxes are somehow involved, so the phrase “With ruby installed add the bundler gem” was more like “I don’t speak your crazy moon language”. Google cleared that up pretty quickly: the magic words are gem install bundler.
Next problem: running bundle install resulted in an error stating that it couldn’t find the Ruby header files. It turns out that, while my Ubuntu installation had Ruby 2.1 installed, it didn’t have the ruby-dev package installed. sudo apt-get install ruby-dev fixed that issue.
Next problem: the SQLIte Ruby gem failed to install when I ran bundle install. It turns out that I also needed the sqlite3-dev package as well. And with that installed, the bundle built, and I could do ./bin/blue_hydra.
Which gave an error stating that it didn’t have permissions to open a handle for write. Okay, let’s try sudo ./bin/blue_hydra (because I always run code from strangers as root on my machine; everyone knows strangers have the best candy). And that actually worked: Blue Hydra launched and ran just fine. In fairness, this may be a configuration issue on my machine, and not an issue with the software itself.
In playing with it, I’ve found that it does what it claims to do. Sort of. It’s been able to detect devices in my small lab environment with Bluetooth discovery turned off, which is impressive. I also like the fact that it stores data into an SQLite database; other Bluetooth scanning tools I’ve played with didn’t do that.
However, it seems to take a while to detect my iPhone; in some instances, it doesn’t detect it at all until I go into Settings->Bluetooth. Once I’m in the Bluetooth settings, even if I don’t make a change, Blue Hydra seems to pick up the iPhone. Blue Hydra also has totally failed to detect another smart phone in my small lab environment (and I have verified that Bluetooth was both on and set to discoverable.)
Now, to be fair, there may be some other things going on:
- I’ve also observed previously that Bluetooth under Ubuntu 15.10 didn’t work very well. At all. So at one point on Saturday, just for giggles, I upgraded Project e to Ubuntu 16.01.1 LTS. And shockingly (at least for me) Bluetooth works much much better. As in, I can actually pair my phone with Ubuntu and do other Bluetooth related stuff that didn’t work with 15.10. That seems to have mitigated the discovery issues I was seeing with Blue Hydra a little, but not as much as I would have liked. (Edited to add 8/8: Forgot to mention: after I upgraded, I did have to rerun
bundle installto get Blue Hydra working again. But the second time, it ran without incident or error, and Blue Hydra worked immediately aftewards (though it still required root).) - I was using the Asus built-in Bluetooth adapter in my testing. Also just for giggles, I switched Blue Hydra to use an external USB adapter as well. That didn’t seem to make a difference.
- In fairness, Blue Hydra may be designed to work best with an Ubertooth One. The temptation is great to pick one of those up. It is also tempting to pick up a BCM20702A0 based external adapter (like this one) partly to see if that works better, partly because I don’t have a Bluetooth LE compatible adapter (and this one is cheap) and partly because the Bluetooth lock stuff is based on that adapter. (Edited to add 8/8: I’m also tempted by this Sena UD100 adapter. It is a little more expensive, but also high power and has a SMA antenna connector. That could be useful.)
- It may also be that I have an unreasonable expectation. Project e is seven years old at this point, and, while it still runs Ubuntu reasonably well, I do feel some slowness. Also, I think the battery life is slipping, and I’m not sure if replacements are available. I’ve been thinking off and on about replacing it with something gently used from Discount Electronics: something like a Core i5 or Core i7 machine with USB3 and a GPU that will work with hashcat. Maybe. We’ll see. Point is, some of my issues may just be “limits of old hardware” rather than bugs.
- And who knows? There may very well be some bugs that get fixed after DEFCON.
tl, dr: Blue Hydra is nice, but I’m not yet convinced it is the second coming of Christ that I’ve been waiting for.
DEFCON 24: August 7, 2016 updates.
Sunday, August 7th, 2016The presentations on the conference CD are here, if you’re looking for something specific that I didn’t mention. I’m still going to try to provide links to individual presenters and their sites, simply because I believe those are the most recent and best updated ones. Just to be clear, I’m not trying to rip off anyone else’s work, which is why I link directly. I want to provide myself (and possibly other interested folks) with one-stop shopping for the latest versions of the things I’m most interested in.
- Sean Metcalf’s “Beyond the MCSE: Red Teaming Active Directory” isn’t up yet, but it will be here when he gets around to it. (This isn’t a shot at him; if I was in Vegas right now, uploading my presentation would be the last thing on my mind, too.) That site does have his Black Hat presentation, “Beyond the MCSE: Active Directory for the Security Professional”.
- Haven’t found an updated copy of Master Chen’s “Weaponize Your Feature Codes” presentation yet, but the GitHub repo with his code is here.
- The slides for Joe Grand and Joe FitzPatrick’s “101 Ways to Brick your Hardware” are up on the Grand Idea Studio website.
- And the slides for “BSODomizer HD: A Mischievous FPGA and HDMI Platform for the (M)asses” are also on the Grand Idea Studio website.
- The material from the Six_Volts/Haystack “Cheap Tools for Hacking Heavy Trucks” presentation will be here within a week of the conference, according to the presenters. Here. Shake hands with danger.
- The GitHub repo with the slides and the code from the Anthony Rose and Ben Ramsey “Picking Bluetooth Low Energy Locks from a Quarter Mile Away” talk is here.
- Here are the slides and the whitepaper from Marc Newlin‘s “MouseJack: Injecting Keystrokes into Wireless Mice”.
- The slides from the Rogan Dawes and Dominic White “Universal Serial aBUSe: Remote Physical Access Attacks” will be here eventually, according to the presenters, and the tools will be here (ditto).
This takes us into today. I’ve been at this for about an hour and a half now. I’m not proud. Or tired. But I do have some other things I want to do, and I think it is a bit early to expect Sunday presentations to be up. I’ll end this one for now, and see if I can do another update tomorrow. Also, I want to do a further write-up on Blue Hydra, possibly tonight, maybe tomorrow as well.
If you are a presenter who’d like to provide a link to your talk (even if it is one I didn’t specifically call out) or you have other comments or questions, please feel free to comment here or send an email to stainles [at] sportsfirings.com.
DEFCON 24 notes: Hail Hydra!
Thursday, August 4th, 2016GitHub repository for Blue Hydra.
I’m jumping the gun a little, as the presentation is still a few hours away, but I wanted to bookmark this for personal reference as well as the enjoyment and edification of my readers.
Edited to add: quick update. Holy jumping mother o’ God in a side-car with chocolate jimmies and a lobster bib! It runs! It works! Mostly. Kind of.
If I get a chance, I’ll try to write up the steps I had to follow tomorrow. Yes, this blog is my personal Wiki: also, while the instructions in the README are actually pretty good, I ran into a few dependency issues that were not mentioned, but are documented on Stack Overflow.
DEFCON 24: 0-day notes.
Wednesday, August 3rd, 2016Another year observing DEFCON remotely. Maybe next year, if I get lucky, or the year after that.
The schedule is here. If I were going, what would I go to? What gets me excited? What do I think you should look for if you are lucky enough to go?
(As a side note, one of my cow-orkers was lucky enough to get a company paid trip to Black Hat this year. I’m hoping he’ll let me make archival copies of the handouts.)
DEFCON 23 notes: August 12, 2015.
Wednesday, August 12th, 2015More slides! More stuff!
- Brent White’s slides from “Hacking Web Apps” are here.
- Sean Metcalf has slides from both the DEFCON 23 and Black Hat versions of his “Red vs. Blue: Modern Active Directory Attacks & Defense” talk up here. According to Sean, the DEFCON 23 version is slightly different from the Black Hat version.
- Not exactly slides, but Mike Ryan has a post up at his blog that summarizes part of his presentation with Richo Healey, “Hacking Electric Skateboards: Vehicle Research For Mortals”. Actually, his whole blog, while small, has some really good Bluetooth related stuff that I want to bookmark. In addition, there’s a GitHub repo with Healey and Ryan’s skateboard code.
DEFCON 23 notes: August 11, 2015.
Tuesday, August 11th, 2015The Charlie Miller and Chris Valasek paper, “Remote Exploitation of an Unaltered Passenger Vehicle” is here. Sorry I don’t have much to say beyond that; I’ve been frantically busy all day and haven’t had a chance to review their paper (or much of anything else) yet. But I did want to get this up, because I’ve been waiting for it.
(Also, one of my cow-orkers owns a vulnerable vehicle, and I’ve been giving him a little bit of grief about that. Only a little bit, though, because he has problems with the vehicle that go beyond Miller and Valasek’s work.)
DEFCON 23 notes: August 10, 2015.
Monday, August 10th, 2015- Slides and code from Samy Kamkar’s “Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars” are up here.
- Jeremy Dorrough has a GitHub repository with slides and ancillary material from his presentation, “USB Attack to Decrypt Wifi Communications”.
- This is a better link for the slides from the Runa Sandvik and Michael Auger talk about the TrackingPoint rifles. That set of slides includes links to YouTube videos, which may add some additional context to Sandvik and Auger’s work. (I’m writing this at lunch and haven’t had a chance to watch the videos yet.)
- Dan Kaminsky has a blog entry up that includes the slides from his “I want these * bugs off my * Internet” talk.
- I haven’t found slides yet, but the tools from “Security Necromancy: Further Adventures in Mainframe Hacking” are up at Solder of Fortran’s site and Big Endian Smalls’ site.
More when I have it; possibly tonight or tomorrow.
DEFCON 23 notes: August 7, 2015.
Friday, August 7th, 2015I kind of skipped over yesterday, because Thursday is traditionally slow. And it is a little early for stuff to be up today, plus many of the good presentations are scheduled for tomorrow.
But! BlackHat 2015! Not everything from BlackHat gets duplicated at DEFCON, and vice versa, but there’s always some overlap. Some things that are already up:
- “When IoT Attacks: Hacking a Linux-Powered Rifle”, the Runa Sandvik and Michael Auger talk about the TrackingPoint rifles. Slides here.
- Colby Moore’s “Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex Data Service”, one of the talks I was interested in. Slides. Summary.
- “Switches Get Stitches”, by Cassidy, Leverett, and Lee, about vulnerabilities in industrial Ethernet switches. This was one of my backup talks, in case the primary was full. Slides.
- I mentioned Sean Metcalf’s “Red vs. Blue: Modern Active Directory Attacks & Defense” in passing. Slides. White paper.
- Not one I think I mentioned, but Marina Krotofil’s “Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion” might be of interest to some of you. Slides. White paper.
There are a couple of other overlaps I’ve found (specifically the Josh Drake presentation on Stagefright and the Valasek/Miller car exploit) but those don’t have any slides or other material attached yet.
More links and stuff as and when I find it and am able to post.
Edited to add: Just noticed this on the DEFCON 23 site. Download the conference CD optical disc here. Woo hoo woo hoo hoo. (The .rar file is 419 MB. Good thing I work for a networking company.)
DEFCON 23: -2 day notes
Tuesday, August 4th, 2015DEFCON 23 starts Thursday. Black Hat USA 2015 starts tomorrow.
Once again, it doesn’t look like I’m going to make it out to Vegas. Once again, I’m going to try to cover things from 1,500 miles away. It isn’t completely clear to me that anyone other than me is getting any benefit from this, but I’ve been doing this for long enough that I have a hard time stopping now.
Here’s the schedule. There are several presentations that are already getting media attention:
- “When IoT attacks: hacking a Linux-powered rifle” got a write-up in Wired, and notice from Tam. I’ll admit that I’m interested in this research, as it represents the intersection of two of my interests. But given the current state of TrackingPoint, is this more like “knowing how to hot-wire a Tucker Torpedo” than a Ferrari Enzo?
- “Hacking Smart Safes: On the ‘Brink’ of a Robbery” also got a Wired writeup, and I’m pretty sure I’ve seen coverage elsewhere; I just can’t find it right now.
- And Charlie Miller and Chris Valasek got a lot of press coverage off of their “Remote Exploitation of an Unaltered Passenger Vehicle” paper. Another Wired article (I know, I know, but this one is first-hand.) NYT article on the recall triggered by Valasek and Miller’s research. I have to admit, I’m impressed; usually, only people named “Nader” manage to get 1.4 million cars recalled.
So what would I go see if I was there? What sounds interesting to me?
DEFCON 22 updates: August 12, 2014.
Tuesday, August 12th, 2014- The slides from AlxRogan’s “Protecting SCADA From the Ground Up” talk are now up here.
- Paul McMillan has a GitHub repo that contains the tools (but not, as far as I can tell, the presentation) from his talk, “Attacking the Internet of Things using Time“.
DEFCON 22 notes: August 11, 2014.
Monday, August 11th, 2014Yes, I know there was a gap yesterday. I was a little busy hanging out with friends, and I made the executive decision that I’d take a day off in hopes that more of Saturday and Sunday’s presentations would be uploaded.
Two things I want to make note of before jumping into links:
- This Ars Technica article summarizing Phil Zimmerman’s DEFCON talk.
- FARK had a link to an Orlando Sentinel (!) article about “a surprise appearance” by John McAfee. Here’s a link to the article. I haven’t found any coverage of this elsewhere. And, in my opinion, anything John McAfee says at this time should be taken with an entire lick of salt
.
With those out of the way, more links. If I link to a Black Hat version of a talk, it is because I am assuming it is very similar, if not identical, to the DEFCON version of the same talk. It seems like maybe there was a little more duplication this year…
- The team behind “Hack All The Things: 20 Devices in 45 Minutes” now has a Wiki page up with all the hacks for all the things. Hattip for this to Mike Szczys at Hack A Day, who did a write up on their presentation.
- I didn’t have this on my list, but Joe Grand’s “Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering” is up over at Grand Idea Studio.
- The Black Hat version of Fatih Ozavci’s “VoIP Wars: Attack of the Cisco Phones” is here, including a PDF of the presentation and the source code.
- As far as I can tell, this was Black Hat only, not DEFCON, but I do want to mention it here: “When the Lights Go Out: Hacking Cisco EnergyWise“.
- I don’t think I ever threw up a full link to the Charlie Miller and Christopher Valasek presentation, “A Survey of Remote Automotive Attack Surfaces“, so here it is.
- Slides and the Mana toolkit from Dominic White and Ian de Villiers’ “Manna from Heaven: Improving the state of wireless rogue AP attacks“.
- The Black Hat version of Nir Valtman’s “A Journey to Protect Points-of-sale” can be found here.
- I don’t work as much with Windows as I used to, so this didn’t make my list. But if you’re interested, the Black Hat version of Ryan Kazanciyan and Matt Hastings’ talk on “Investigating PowerShell Attacks” is here. And here’s a brief article from PowerShell Magazine covering some of the same ground.
More updates later on tonight, I hope; otherwise, tomorrow.
DEFCON 22 notes: August 9, 2014.
Saturday, August 9th, 2014Here’s what I’ve been able to find so far:
- I haven’t found the actual presentation for “From root to SPECIAL: Pwning IBM Mainframes”. However, the scripts with explanations and usage examples are here. There’s also a GitHub repo with more resources here.
- Phil Polstra has the slides from his talk, “Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance” up here.
- The slides for Zoltan Balazs’ “Bypass firewalls, application white lists, secure remote desktops under 20 seconds” are located here.
DEFCON 22 updates: August 8, 2014.
Friday, August 8th, 2014Wired has an article based on the “Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog” presentation which will take place on Sunday. I didn’t write about this yesterday because (and with all due respect to the presenter) it just didn’t strike me as being very interesting. You attached a WiFi scanner to a cat and let it roam around the neighborhood? Not sure I see anything novel there, except maybe if you made the WiFi rig very small. (You could have done the same thing with Kismet on a Nokia N810 years ago. You still can, if you can find a Nokia N810, which isn’t that hard, and if you can figure out a way to secure it to your pet.)
In other news, here are the presentation links I’ve been able to find so far. I’ll try to update this post during the day. If you are a presenter who would like your talk listed (even if it wasn’t on my list) or if there’s a talk you’d like for me to find, please feel free to leave comments or send email to stainles [at] sportsfirings.com.
- Pete Teoh’s “Data Protection 101 – Successes, Fails, and Fixes” talk is posted here.
- The Rick Mellendick and John Fulmer presentation, “RF Penetration Testing, Your Air Stinks” is here.
- I’m not sure if there is any difference between this version and the DEFCON one, but a version from May of the Sarah Edwards presentation, “Reverse Engineering Mac Malware”, can be found here.
- I haven’t yet found a copy of the presentation, but here’s a blog entry from Adam “Major Malfunction” Laurie on the RFIDler (from “RFIDler: SDR.RFID.FTW“). Here’s the GitHub repository. And here’s the Kickstarter.
That’s everything I’ve been able to find from yesterday. We’re only about 30 minutes into today’s sessions. And while looking for links, I ran across this tidbit: DEFCON ordered 14,000 badges this year. They were gone by 6 PM yesterday.
DEFCON 22: 0 day notes (part 2)
Thursday, August 7th, 2014So what’s happening on Friday?
“Domain Name Problems and Solutions” intrigues me the most in the first block, since a) it looks like this is going to involve DNS based attacks on spam, and II) Paul Vixie is one of the key figures in the development of DNS.
“USB for all!” sounds like an interesting talk: “We will demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.”
I would have to go to “From root to SPECIAL: Pwning IBM Mainframes” just because I have a close friend (and former IBM-er) who speaks IBM mainframe. Plus, I’m curious. But “ShareEnum: We Wrapped Samba So You Don’t Have To” would be a good second choice: “ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.” And “Stolen Data Markets An Economic and Organizational Assessment” could be interesting as well. I’d probably still hit the IBM talk and seek out the slides for the other two.
More than likely I’d take a break at 13:00 and look at the slides for “Bypass firewalls, application white lists, secure remote desktops under 20 seconds” and “Investigating PowerShell Attacks” later. At 14:00, “What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil)“: “…we decode the previously undocumented mesh protocol enough to (1) “tune in” to live feeds from the various cameras positioned across the city, just like we were in police headquarters, and (2) inject arbitrary video into these streams.”
“Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance” sounds like the best talk at 15:00. And after that, there’s nothing that really intrigues me on Friday.
“Hack All The Things: 20 Devices in 45 Minutes” seems like the best opening panel on Saturday: if you don’t like what you’re seeing, just wait and something else will be along shortly. Plus free hardware!
There’s nothing that leaps out at me until “Secure Random by Default” at 13:00. Because Dan Kaminsky. “PropLANE: Kind of keeping the NSA from watching you pee” would be a good fallback if Kaminsky is too crowded: “…we’ve combined two things every good hacker should have, a Propeller powered DEF CON badge (DC XX in our case) and a somewhat sober brain to turn the DC badge (with some modifications) into an inline network encryption device.” (And hey: I have a DC 20 badge!)
“Secure Random” runs until 15:00, but if I couldn’t get into that, “NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It” would be my second choice in the 14:00 block.
“A Survey of Remote Automotive Attack Surfaces” is at 15:00. This is another Charlie Miller and Chris Valasek talk, and is already getting some press: I kind of want to see this, but, again, there’s a conflict with two other talks I’d also like to see: “VoIP Wars: Attack of the Cisco Phones” and “Detecting Bluetooth Surveillance Systems“. This is another case where I’d apologize profusely to Mr. Miller and Mr. Valasek, download a copy of their presentation, and hit one of the other two sessions.
“Manna from Heaven: Improving the state of wireless rogue AP attacks” sounds interesting, especially with the promise of “a new rogue access point toolkit”. But I just can’t pass up the promise of “Learn how to control every room at a luxury hotel remotely“.
“Attacking the Internet of Things using Time“, which is really about timing attacks, sounds more interesting than the title implies. And “Old Skewl Hacking: Porn Free!” sounds like a great way to wrap up the day.
I don’t know that there’s anything I care that much about Sunday morning, though “Burner Phone DDOS 2 dollars a day : 70 Calls a Minute” and “Optical Surgery; Implanting a DropCam” could be interesting if I was up at that time. “NSA Playset : GSM Sniffing” sounds a bit more interesting: “Introducing TWILIGHTVEGETABLE, our attempt to pull together the past decade of GSM attacks into a single, coherent toolset, and finally make real, practical, GSM sniffing to the masses.”
There’s a gap in stuff I want to see from 13:00 to 15:00. At 15:00, we have “Elevator Hacking – From the Pit to the Penthouse“. I confess to a great deal of curiosity about elevators and how they work. Plus: Deviant Ollam! And that takes us to the closing ceremonies at 16:30.
Tomorrow, I’ll start trying to put up links.