Your SlideShare is downloading. ×
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Make Tea Not War
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Make Tea Not War

598

Published on

Roelof Temmingh …

Roelof Temmingh
ZaCon 2009
http://www.zacon.org.za/Archives/2009/slides/

Published in: Technology, Sports
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
598
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. AGENDA   Whoami blah   Paterva blah blah Always wanted to do a talk on fun stuff 1.  It’s a security con ?   blah 2.  UAVs, laser guided munitions   The fun stuff 3.  EXCLUSIVE – hold the press !!   (South African) Facebook zero day !
  • 2. INTELLIGENCE / INFO GATHERING   Why do you ‘hack’?   Information   Control…leads to information   Controls are getting harder to break   In proper assessment, 80-90% of time is spent on intelligence gathering.   Intelligence gathering is also   A port scan   A Nessus scan…   ..because we learn more about our target
  • 3. YOU ARE PART OF THE STACK!   Threats are moving up the stack   Network -> OS -> Application - - -> Person Understand the graph – volume and frequency
  • 4. PEOPLE, SOCIAL ENGINEERING AND MALWARE   Everyone is talking malware….   Malware -> attacking the workstation   Server in a server room vs. workstation with a person behind it   For conventional malware traditional network mapping is worthless   Focus in the past: find the server and perimeter (infrastructure foot print)   Thinking needs to be updated   Now – person / company profiling -> the new foot print
  • 5. HACKERS VS. CRIMINALS   Commercializing vulnerabilities
  • 6. MAKING ZA STRONGER Don’t hack ... but if you really have to:   Have good/right intentions -> !criminal   Never ever use what you found   Don’t give SAP a reason to go look for you...   Mail your findings so that they can learn/fix   ..not from your work - duh...   Development is NOT easy, and they are not idiots!   Treat with respect – ‘jy is volgende vettie!’   Don’t disrupt / destroy / delete anything   (even if they gave you bad service)   ‘Insider knowledge’ does not count...   You are just an ass   Don’t share outside of SA   Sanitize and share the knowledge/tech – locally   Don’t be a doos at international cons.... Slammer ‘secured’ more networks in a day than all the security consultants in a year Change only happens at the point of extinction Strongest piece of metal is at the breaking point A chain is as strong as it’s weakest member
  • 7. UAVS   UAV == Unmanned aerial vehicle   Think back to your model airplane   Let’s put a camera in there !   Let’s put a BB gun in there !   Let’s put a Hellfire missile in there !!   Different sizes   Fixed wing / rotary   Electrical / Fuel powered   Used to be for recon, now also armed
  • 8. UAVS
  • 9. UAVS   Different altitudes   60k feet / 18km++ (Zephyr)   100 feet (hand launched)   747 flies at around 32-40k feet   Speed (max)   747 flies at around 900 km/h   Predator MQ1 – 217 km/h   Avenger, Global Hawk 750 km/h   Prop vs. jet   Flying time   Up to 82 hours ... Typical 30h ish
  • 10. UAVS   Initial idea 1980s, serious thought in 1990s   Driving force behind it  CIA   CIA pilots   Most known / successful = General Atomic   Predator - Series A   1995   RQ / MQ   Reaper - Series B   MQ9   2002   Avenger - Series C   Announced 2009
  • 11. UAVS - PREDATOR
  • 12. UAVS - REAPER
  • 13. UAVS - AVENGER
  • 14. UAVS – AVENGER SPECS   Jet engine   Speed – 740 km/h   Fly time – 20h   Altitude – 60k feet / 18km   Stealth - internal weapons bay, shape, materials, exhaust   RADAR / Optics / Targeting   Payload – 1.3 tons of Hellfire / Paveway II/ JDAM
  • 15. UAVS – COMMAND & CONTROL   Line of sight – C band (4 – 8 GHz)   Satellite – Ku band (11 – 15 GHz)   Can be routed over commercial sats. NBC - 1983   3 crew members   Pilot   Flying - looking through a straw   2 x sensor guys   Difference in two scans :   Tire tracks, movement
  • 16. CAPTURING UAVS   If communications dies it flies home   Self destruct ?
  • 17. FOOTAGE
  • 18. MATCHING WAR PORN TO GOOGLE EARTH EARTH
  • 19. UAVS – PROBLEMS   Not a lot – it seems to kind of work well..   Ku band sucks in heavy weather   Pray for rain   Lag of up to two seconds   Like playing CS/CoD over a link made of wet towels and barbed wire   No dog fights!   Thus– send in the UAVs once air dominance has been established
  • 20. SO, WE’RE PRETTY MUCH ...
  • 21. LET’S JUST HIDE   Optics, infra red, RADAR   Conceal, underground   Rapid change in environment?   The Chinese vs. American spy sat story   Uhmm...next...   Weapons   Bombs, missiles   LASER guided So...it becomes a game of defending against laser guided munitions
  • 22. HOW LASER GUIDED MUNITIONS WORK   Understand a little about light   Light storage system == FAIL   Terminology   Seeker = the bomb/missile   Designator = guy / plane with the laser   ‘Painting’ the target   Invisible laser == you won’t see it..   Bomb vs. missile   28km,60km (spice) radius
  • 23. PAINTING THE TARGET
  • 24. LASER ON!
  • 25. ENCODING   But - there could be multiple targets and multiple munitions   Seeker needs to know where it should go   Thus – must be able to distinguish designators   This is done by pulsing the laser   Fast   Very fast   You won’t see it’s pulsing ... either.   Encoding   PIM – Pulse Interval Module   PRF – Pulse Repetition Frequency
  • 26. PIM
  • 27. PRF / PIM   Missiles are pre-programmed, or programmed on the fly.   PRF code is 3 digits.   Does this make sense?   Everyone should now be thinking...brute force   But just hang on..   Testing it:
  • 28. BTW - HOW DOES IT GET TO THE MUNITIONS?   Open protocol – on the ‘net   MIL-STD-3014 - MiDEF == PDF for munitions   In flight coding was introduced in 2008
  • 29. DUDE, ERRR...NO.. VERY UN-COOL, DON’T PRESS THAT ...
  • 30. AND THE OTHER SIDE OF THE EQUATION
  • 31. DETECTION   See the light!   We can detect the designator’s laser light   We know we are being targeted (like in the movies)...and run   We can decode the PIM/PRF   We might know if we are a priority target – nice...   Page 45 -6b: “Lower code numbers and faster pulse rates are appropriate for the most important targets and the most difficult operating conditions.”
  • 32. DETECTION Laser warning sensor configured as a multi-sensor arrangement and interfaced with a suitable smoke/aerosol screening system can be used effectively on platforms like main battle tanks, AFV, etc., to provide platform protection from laser-guided munitions. The development of this sensor is a totally indigenous effort, both in design and implementation.
  • 33. DETECTION   Can we determine the direction of the designator?   Know where the special ops guy is sitting / plane   Source or reflected light?   We might look at the divergence ??   Shape of the reflected light   Know how far away the special ops guy is / plane
  • 34. REPLAY   Sniff the light!   Replay attack should work well...   You don’t even have to know what the designator says   Does it makes sense to have a 256 number code?   Why are PRF codes 393,424,515 and so on more popular?   Americans are always thinking big (1000 missiles at a time)   Bomb does not speak .. One way comms   So now it’s becoming interesting..
  • 35. “WTF – DID IT JUST TURN THIS WAY?!”   .. replay the laser pulses ...   ..and point it somewhere else...like..   ...at the designator (see previous slides)   Will this work when the designator is a plane? NOT   “Page 46, Chapter 5 – Safety: c. Inversion. Caution must be used when the laser-target line is over +30 degrees of the attack heading to ensure the LST or LGB does not detect and guide on the laser designator instead of the target‘s reflected laser energy.”   Oops..
  • 36. JDAMS   Guidance retrofitted to dumb bombs   GPS   TV (with RF link)   Inertial navigation system   Range up to 60km from drop, up to 12 control surfaces   Cheap – 21k USD compared to missiles at around 75k USD
  • 37. WHY DO YOU HAVE THESE SLIDES AT THE CON ACTUALLY? AG, NO MAN REALLY...   Ona more serious note...   Same principles in attack (thinking) applies   It’s really just 1s and 0s   Don’t think it’s too complex!   If you ask the right questions, you can Google the answers   (Patents, specs, etc.)   Significantly complex tech is indistinguishable from magic.   Development of UAVs in non US countries is a big headache for the US...
  • 38. QUESTIONS?
  • 39. FACEBOOK 0 DAY, BOUGHT TO YOU BY...
  • 40. ...VODACOM
  • 41. WE USE THE MAGIC EMAIL ADDRESS...
  • 42. ..AND AWAY IT GOES!

×