DEFCON 27 « Whipped Cream Difficulties

Archive for the ‘DEFCON 27’ Category

Black Hat/DEFCON 27 links: August 16, 2019.

Friday, August 16th, 2019

Slides for “Moving from Hacking IoT Gadgets to Breaking into One of Europe’s Highest Hotel Suites” are finally available at the Black Hat site. I’ve only given this a quick skim, but I’m excited.
Slides from “Deconstructing the Phishing Campaigns that Target Gmail Users” are here.
It looks like, according to Philippe Laulheret, the most up-to-date version of his ““Intro to Embedded Hacking—How you too can find a decade old bug in widely deployed devices. [REDACTED] Deskphones, a case study.” slides are here By the way, my guess about the phone maker was wrong. Also: post on the McAfee Labs blog going into more detail about the exploit.
Likewise, according to Dirk-jan Mollema, this is the most current version of his “I’m In Your Cloud… Pwning Your Azure Environement” presentation: slides, videos.

Apologies for being behind on this: I’m also working on another project that’s taking up a lot of my blogging time, but I hope to be done with that soon.

Posted in Bluetooth, DEFCON, DEFCON 27, Locks, Radio | Comments Closed

Black Hat/DEFCON 27 links: August 13, 2019.

Tuesday, August 13th, 2019

I had a lot of trouble finding this on the site, but: the DEFCON 27 media server is here.

“Say Cheese – How I Ransomwared Your DSLR Camera”. Here’s the writeup from the CheckPoint Research website, which is the most detailed I’ve been able to find.
Also from CheckPoint Research: the white paper for “SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database“.
GitHub repo for the BAL Xilinx package. This is part of the “Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation” presentation, and includes links to the slides and white paper.
I believe these are the most up-to-date slides for “GSM: We Can Hear Everyone Now!“
Stumbled across this while looking for other stuff: “MITRE ATT&CK: The Play at Home Edition“. Slides here.
There’s a long blog post at the McAfee Labs website about vulnerabilities in an industrial control system by Delta Controls. As I understand it, this is the basis for the “HVACking: Understand the Difference Between Security and Reality!” talk at DEFCON.
PenTest Partners post on “Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss“.

I’ve got to wrap this up for now, as my lunch hour is almost over. I may try to do a second post tonight, if I find enough additional material to justify one. Otherwise, please share, enjoy, comment, and thank any presenters whose work you found particularly enjoyable or valuable.

Posted in DEFCON, DEFCON 27, Photography, Radio | Comments Closed

Black Hat/DEFCON 27 links: August 9, 2019.

Friday, August 9th, 2019

Some more stuff I’ve stumbled across from Black Hat:

“All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices” by SparkZheng and XiaolongBai. Slides here.
I didn’t flag these as ones I was interested in, but XiaolongBai retweeted links: “Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime” by Tao Huang and Tielei Wang, “Attacking iPhone XS Max” by Tielei Wang and Hao Xu, and “Debug for bug: Crack and Hack Apple Core by itself” by Lilang Wu and Moony Li.
“Inside the Apple T2” by Mikhail Davidov and Jeremy Erickson. Slides here.
And now, your break from things Apple: “Infighting Among Russian Security Services in the Cyber Sphere” by Kimberly Zenz. Slides here. I’m excited about this one, and I have a feeling it might pique Lawrence‘s interest, too.
Blackhat version of a DEFCON presentation: “All the 4G Modules Could be Hacked” by Shupeng Gao, Haikuo Xie, Zheng Huang, and Zhang Ye. Slides here.
This has gotten some public attention, so I’m linking it here without comment: “Arm IDA and Cross Check: Reversing the Boeing 787’s Core Network” by Ruben Santamarta. Slides here. White paper here.

I expect to be somewhere between slightly and highly busy this weekend, so updates will be catch as catch can. It might be Monday before I can pull more stuff together, but I’ll try as best as I can to get updates before then.

Posted in Apple, DEFCON, DEFCON 27, Planes | 1 Comment »

Black Hat/DEFCON 27 links: August 8, 2019.

Thursday, August 8th, 2019

So here’s the first round of stuff from Black Hat and DEFCON 27. I apologize that I’m just posting links, but I haven’t had time to really digest any of these presentations, and I want to get the links up while they are still semi-timely:

“Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone” by Natalie Silvanovich. Slides here. Google Project Zero blog post here.
“Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone” by Xiling Gong and Peter Pi. White paper here. Slides here. Blog post here.
“Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)” by Sean Metcalf and Mark Morowczynski. Slides here.
“Reverse Engineering WhatsApp Encryption for Chat Manipulation and More” by Roman Zaikin and Oded Vanunu. Slides here.

I think it’s still early for today’s Black Hat and DEFCON presentations. I may try to get another post up tonight.

Posted in Apple, DEFCON, DEFCON 27 | Comments Closed

DEFCON 27/Black Hat 2019 preliminary notes.

Thursday, August 1st, 2019

DEFCON 27 starts a little later than I’m used to this year (August 8th, so a week from today.) Black Hat 2019 starts August 7th. Black Hat schedule is here. DEFCON schedule is here.

Again this year, I’m not going. While I feel like I’m moving closer to the point where I’m ready to return (expenses paid or expenses unpaid) I’m not quite where I want to be yet to go on my own dime. And as far as the company paying for me to go…not this year, for reasons I won’t go into. (Nothing bad. At least I don’t think so. Just don’t want to run my mouth about internal stuff.)

So, as usual: what would I go to, if I were going?

Let’s look at the DEFCON schedule first.

(more…)

Posted in Apple, Bluetooth, DEFCON, DEFCON 27, Radio, SDR | Comments Closed

M	T	W	T	F	S	S
« Mar
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Whipped Cream Difficulties

Archive for the ‘DEFCON 27’ Category

Black Hat/DEFCON 27 links: August 16, 2019.

Black Hat/DEFCON 27 links: August 13, 2019.

Black Hat/DEFCON 27 links: August 9, 2019.

Black Hat/DEFCON 27 links: August 8, 2019.

DEFCON 27/Black Hat 2019 preliminary notes.

Pages

Happy Amazon Fun Time!

Archives

Categories

Blogroll

BugMeNot

Firearms Reference

People who deserve your support.

Reference

RIP

Twitter

Twitter Catholico

Webcomics I Like (without reservation)

Meta