Så fik vi taget hul på én af de mest spændende uger(en lille uge), for os der har en interesse for infosec og geekerier.
Det er nemlig i disse dage, at der bliver afholdt nogle af de største konferencer i Las Vegas, nemlig Black Hat, Def Con og BSides. - Vi holder os til de 2 første i denne omgang.
Synes dog ikke der er grund til 3 tråde, så lad os se om ikke vi kan holde det til en enkelt.
Black Hat
Hjemmeside:
https://www.blackhat.com/us-15/
Talks(i+ præsentationer, slides og white-papers):
https://www.blackhat.com/us-15/briefings.html
Videoer: *
#bhusa:
https://twitter.com/search?q=bhusa
#BlackHat:
https://twitter.com/search?q=BlackHat
Def Con 23
Hjemmeside:
https://www.defcon.org/html/defcon-23/dc-23-index.html
Talks:
https://www.defcon.org/html/defcon-23/dc...akers.html
Videoer: *
#DefCon:
https://twitter.com/search?q=DefCon
Her er et par af de talks jeg synes lyder spændende:
Citer: AH! UNIVERSAL ANDROID ROOTING IS BACK
In recent months, we focus on bug hunting to achieve root on android devices. Our kernel fuzzing, leaded by @wushi, generated a lot of crashes and among them, we found a kernel Use-After-Free bug which lies in all versions of Linux kernel and we successfully take advantage of it to root most android devices(version>=4.3) on the market nowadays, even for the 64-bit ones.
We leverage this bug to root whatever android devices(version>=4.3) of whatever brands. And also we are the first one in the world, as far as we are aware, rooting the 64-bit android device by taking advantage of a kernel memory corruption bug. The related kernel exploitation method is unique.
In this talk, we will explain the root cause of this UAF bug and also the methods used to exploit it. We will demonstrate how we can fill the kernel memory once occupied by the vulnerable freed kernel object with fully user-controlled data by spraying and finally achieved arbitrarily code execution in kernel mode to gain root. All our spraying methods and exploiting ways apply to the latest Android kernel, and we also bypass all the modern kernel mitigations on Android device like PXN and so on. Even introduced 64-bit address space fails to stop our rooting. And a very important thing is that the rooting is stable and reliable. Actually, we will present a common way to exploit android kernel Use-After-Free bug to gain root. We will also cover some new kernel security issue on the upcoming 64-bit android platform in the future.
..........
Citer:CLONING 3G/4G SIM CARDS WITH A PC AND AN OSCILLOSCOPE: LESSONS LEARNED IN PHYSICAL SECURITY
Recently, documents leaked from Edward Snowden alleged that NSA and GCHQ had stolen millions of SIM card encryption keys from one of the world's largest chip manufacturers. This incident draws the public attention to the longstanding concern for the mobile network security. Despite that various attacks against 2G (GSM) algorithms (COMP-128, A5) were found in literature, no practical attacks were known against 3G/4G (UMTS/LTE) SIM cards. 3G/4G SIM cards adopt a mutual authentication algorithm called MILENAGE, which is in turn based on AES-128, a mathematically secure block cipher standardized by NIST. In addition to the encryption key, MILENAGE also uses nearly a dozen of 128-bit secrets to further obfuscate the algorithm
..........
Citer:Key-Logger, Video, Mouse — How To Turn Your KVM Into a Raging Key-logging Monster
Yaniv Balmas Security Researcher, Check Point Software Technologies
Lior Oppenheim Security Researcher, Check Point Software Technologies
Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?
Well, that's what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday's dirty coffee cup. The little grey box that is most commonly known as 'KVM'.
The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster. We will safely guide you through the embedded wastelands, past unknown IC's, to explore uncharted serial protocols and unravel monstrous obfuscation techniques.
Og det er kun et par eksempler.
Lidt tweets:
Citer:Rules for Alexis Park staff during @_defcon_ 9 in 2001 "report fire, farm animals, missing payphones/ATMs"
https://twitter.com/aramosorg/status/627573176986398720
Citer:@_defcon_ ... and it begins.. i smell an imsi catcher...
https://twitter.com/ustayready/status/62...0512627713
Citer:As I turn on the TV in my room at Ballys, I feel like things are beeing hacked around here ...
https://twitter.com/sehnaoui/status/629050395285794816
Citer:My elevator at #BlackHat #BHUSA - coincidence?
https://twitter.com/_Patrick_Dennis/stat...9025075201
Lidt værktøjer:
Stagefright detector og PoC(Black Hat):
https://blog.zimperium.com/stagefright-v...-released/
PSRecon – PowerShell Forensic Data Acquisition(Black Hat):
https://blog.logrhythm.com/digital-forensics/psrecon/
An Intentionally Vulnerable Router Firmware Distribution(BSides):
https://github.com/iv-wrt/iv-wrt/
Empire - Pure PowerShell post-exploitation agent(BSides):
http://www.powershellempire.com