SlideShare a Scribd company logo

IoT security zigbee -- Null Meet bangalore

veerababu penugonda(Mr-IoT)
veerababu penugonda(Mr-IoT)

How Start In Zigbee

Devices & Hardware
1 of 30
Download to read offline
IoT Security-Zigbee Null Bangalore/G4H/OWASP
; cat /dev/user(Mr-IoT) • Veerababu Penugonda • Working @Aujas – IoT/OT Security Consultant • Delivered talks in Open security communities • Maintaining www.iotpentest.com , Hack B4 Secure (YouTube) • More comfortable with hardware stuff
What is IOT/OT..? • IoT – Internet of things • A device which is connected to internet and receiving or sharing data directly or indirectly called Internet of thing ▪ OT – Operational Technology – Which is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. Scenario IoT OT security Challenging Challenging pentesting Difficult Difficult malware High Medium
Why Wireless communication..? Instead of this
Wireless Communication Protocols in IoT Name Type BLE designed for lower-powered devices Zwave mesh network protocol ZigBee mesh local area network 6LoWPAN lightweight IP-based communication RFID radio frequency identification NFC Near field communication etc
What is Zigbee..? Wikipedia : Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation A Zigbee module https://en.wikipedia.org/wiki/File:ETRX357_ZigBee_module_with_si ze_ref.JPG
Why Zigbee..? • Support for multiple network topologies such as point-to-point, point-to-multipointand mesh networks • Low duty cycle – provides long battery life • Low latency • Direct Sequence Spread Spectrum (DSSS) • Up to 65,000 nodes per network • 128-bit AES encryptionfor secure data connections • Collision avoidance,retries and acknowledgements https://www.digi.com/getattachment/resources/standards-and-technologies/zigbee-wireless-standard/Zigbeestack.png
How it works..?
Where it is Used..? Home Automati on Healthca re Smart Energy Building Automati on
Zigbee Certified Products http://www.zigbee.org/zigbee-products- 2/#zigbeecertifiedproducts/?view_30_filters=%5B%7B%22field%22%3A%22field_1%22%2C%22operator%22%3A%22i s%20not%20blank%22%7D%5D&view_30_page=1
Zigbee vulnerability Test Cases https://youtu.be/Ed1OjAuRARU
Zigbee vulnerability Test Cases
Known Vulnerabilities in Zigbee Implementation Vulnerabilities • Insecure key storage – (attacker extract key from the chip or nwk) • Insecure key transportation–( Plaintext key on OTA ) • ReusingInitializationVector (IV) – (where secret key stored for data encryption(AES-CTR) • Sending security headers in clear text – (cause to device damage – lack of replay protection – MiC(messagein code)) • Predictable sensor polling rates - (cause to device damage – sleep and wakeup)
Known Vulnerabilities in Zigbee • Default link key values (5A 69 67 42 65 65 41 6C 6C 69 61 6E 63 65 30 39 (ZigBeeAlliance09)) • Unauthenticated acknowledgementpackets (ACK) • CSMA/CA trade-off • Unencrypted keys • Predictable PAN IDs and limited channels • Insufficient replay protections • Signal interference • Unauthorizednetwork commissioning • Lack of DDoS Protection Mechanisms • Re-usinglink key • TouchLink Factory reset • Privacy issues Protocol Vulnerabilities https://research.kudelskisecurity.com/2017/11/21/zigbee-security-basics-part-3/
Pen-testing Tools Hardware • Bus Pirate (Hardware) • GoodFET (Hardware) • RZUSBSTICK (Protocol) • Chibi • Memsic TelosB (TPR2420) Software • KillerBee • SECBEE • Z3sec • Api-do • Attify ZigBee framework
Killerbee - Arsenal zbassocflood zbcat zbconvert zbdsniff zbdump zbfakebeacon zbfind zbgoodfind zbid zbjammer
Killerbee – Arsenal zbkey zbopenear zborphannotify zbpanidconflictflood zbrealign zbreplay zbscapy zbstumbler zbwardrive zbwireshark • zbid - Identifies availableinterfacesthat can be used by KillerBeeand associatedtools. • zbwireshark - Similarto zbdump but exposes a namedpipe for real-timecapture and viewingin Wireshark. • zbdump - A tcpdump-liketook to capture IEEE 802.15.4 framesto a libpcap or Daintree SNA packet capture file. Does not display real-timestats like tcpdump when not writing to a file. • zbreplay - Implementsa replay attack, readingfrom a specified DaintreeDCF or libpcap packet capture file, retransmittingthe frames. ACK framesare not retransmitted. • zbstumbler - Active ZigBee and IEEE 802.15.4 network discovery tool. Zbstumbler sends beacon request frames out while channel hopping, recordingand displaying summarizedinformationabout discovereddevices. Can also log results to a CSV file. • zbpanidconflictflood- Requirestwo Killerbeeinterfaces one Killerbee interfacelistens for packets and marks their PAN ID. The other interfaceconstantly sends out beacon packets with found PAN ID's. The beacon packets with the same PAN ID cause the PAN coordinatorto believe that there is a PAN ID
How it works.. No Demo Device reached just yesterday Killerbee To Attack the Philips Hue
Attify Zigbee Framework GUI wrapper for killerbee https://www.youtube.com/watch?v=uivlSdqWS48
Custom vulnerable lab development..? Requirements Arduino * 1 https://www.sparkfun.com/products/11021 DHT11 basic temperature-humidity sensor+ extras https://www.adafruit.com/product/386 2LDR/Photocell * 1 https://www.sparkfun.com/products/9088 BC547*1 https://www.sparkfun.com/products/8928 LED * any number https://www.sparkfun.com/products/10635 Jumper cables https://www.sparkfun.com/products/13870 Breadboard https://www.sparkfun.com/products/12046 Xbee shield * 2 https://www.sparkfun.com/products/12847 https://www.cybrary.it/channelcontent/zigbee-security-and-exploitation-for-iot-devices/
https://github.com/attify/zigbee-security-exploitation https://images.digi.com/products/xctu_layout Device being identified in XCTU
Pentest Methods..! • Physical pentesting -- GoodFET and Bus pirate -- Extracting the key which is loaded on the RAM or EEPROM Chips • OTA – Over the Air – device updating securely or not • Sniff • MiTM • Replay and Injection - With packets replay / injection to gain unauthorized devices of Zigbee devices
How to pentest..? Attack 1 : Key Sniffing Make it successfully flashed the RZUSB device Step 1 : RZUSB with our custom killerbee firmware to a Ubuntu Virtual Machine Step 2: Select channel number to sniff with zbdump (channels) Step 3: output the packet capture data to a libpcap file Step 4: stopped sniffing and ported the packet capture data to WireShark Step 5: encrypted key might looks like (0xcc 0x60 0x47 0x4c 0x93 0x42 0xe2 0xf7 0x7f 0x78 0x1b 0xfb 0x26 0xe1 0xbb 0x0f 0xa1 0x15 0x79 0x13 0x64 0x92 0xde 0x6b 0xda 0x7c 0x0d 0xe2 0xd5 0xc5 0xc0 0x57 0x78 0xc4 0xa5) Step 6: Decrypt Keys with AES Decrypter
Example sniffed cap file of ZigBee
Attack 2 : Association Flooding • After successfully sniff the keys from the zigbee • Add the device into network without owner pernmision • we could determine the PANIDs for each of the devices • n flooded each of these device PANIDs in turn with hundreds of Association Requests (one every 10 milliseconds • While we performed our Association Flooding attack, • we tried to access 14 functionality from the SmartThings by turning on and off the Centralite.
Attack 3: Replay Attack • After getting the information from the flooding attack • Start the attack using commands like ON/OFF to play with device like bulb Attack 4: Device Spoofing • MAC Spoofing attack where the device need to add into owner attack • After associationflooding attack all these attacks easy to do
Example MAC Address http://learn.linksprite.com/wp-content/uploads/2016/05/Screen-Shot-2016-05-12-at-10.56.14-PM- 1024x455.png
Remediation's.. • Reconfigure the device securely after finding the installationbugs • Out-of-band key loading method - Using factory generated and pre-loaded key • Secure network admission - Secure network admission • Dynamic device ID rotation – To Remediated the Spoofing attacks Follow the link : https://courses.csail.mit.edu/6.857/2017/project/17.pdf
References • Cache, Johnny, Wright, Joshua, and Liu, Vincent. Hacking Exposed: Wireless. Second Edition. McGraw-Hill, 2010. • 15.4-2011 – IEEE Standard for Local and metropolitan area networks–Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs) <http://standards.ieee.org/findstds/standard/802.15.4-2011.html> • ZigBee Security at Dartmouth Trust Lab. <http://www.cs.dartmouth.edu/~rspeers/> • ZigBee Specification, ZigBee Document 053474r17, ZigBee Alliance, January 17, 2008 • Radmand, M. Domingo, J. Singh, J. Arnedo, A. Talevski, S. Petersen, and S. Carlsen. “ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys”. Digital Ecosystem and Business Intelligence Institute, Curtin University of Technology, Perth, Australia • Olawumi, K. Haataja, M. Asikainen, N. Vidgren, and P. Toivanen “Three Practical Attacks Against ZigBee Security: Attack Scenario Definitions, Practical Experiments, Countermeasures, and Lessons Learned”, in IEEE 14th International Conference on Hybrid Intelligent Systems (HIS2014), At Kuwai. DOI: 10.1109/HIS.2014.7086198 • N. Whitehurst, T.R. Andel, and J.T.McDonald. “Exploring Security in ZigBee Networks”, in 9th Cyber and Information Security Research Conference, 2014. ACM 978-1-4503-2812- 8/14/4 • ZigBee wireless networks and Transceivers – Shahin Farahani • Y. Vasserman and N. Hopper, “Vampire attacks: draining life from wireless ad hoc sensor networks,” IEEE Trans. Mobile Computing, vol. • 12, no. 2, pp. 318–332, 2013. • Devu Manikantan Shila, Xianghui Cao, Yu Cheng, Senior Member, Zequ Yang, Yang Zhou, and Jiming Chen, “Ghost- in-the-Wireless: Energy Depletion Attack on ZigBee”
References •Ivan Vaccari, Enrico Cambiaso, and Maurizio Aiello, “Remotely Exploiting AT Command Attacks on ZigBee Networks” •https://phys.org/news/2017-09-flaws-smart-home-products.html •Philipp Morgner, Stephan MaŠejat, Zinaida Benenson, “Insecure to the Touch: Attacking ZigBee 3.0 via Touchlink Commissioning” •Vidgren, K. Haataja, J. L. Patiño-Andres, J. J. Ramírez-Sanchis, and P. Toivanen, “Security threats in ZigBee-enabled systems: Vulnerability evaluation, practical experiments, countermeasures, and lessons learned,” in Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013, pp. 5132–5138, January 2013. •Krivtsova, I. Lebedev, M. Sukhoparov et al., “Implementing a broadcast storm attack on a mission- critical wireless sensor network,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 9674, pp. 297–308, 2016. •https://www.google.co.in/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=2ahUKEwie1vqPv5bcA hVZWH0KHe96DoQQjRx6BAgBEAU&url=https%3A%2F%2Flearn.sparkfun.com%2Ftutorials%2Fxbee- shield-hookup-guide%2Fexample-communication- test&psig=AOvVaw37z4gVuWXNC25FnyKvNlY5&ust=1531379444262934

Recommended

Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
 
Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Abraham Aranguren
 
Güvenlik Sistemlerini Atlatma ve Alınacak Dersler
Güvenlik Sistemlerini Atlatma ve Alınacak DerslerGüvenlik Sistemlerini Atlatma ve Alınacak Dersler
Güvenlik Sistemlerini Atlatma ve Alınacak DerslerBGA Cyber Security
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 

Recommended

Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
 
Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Abraham Aranguren
 
Güvenlik Sistemlerini Atlatma ve Alınacak Dersler
Güvenlik Sistemlerini Atlatma ve Alınacak DerslerGüvenlik Sistemlerini Atlatma ve Alınacak Dersler
Güvenlik Sistemlerini Atlatma ve Alınacak DerslerBGA Cyber Security
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testingn|u - The Open Security Community
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Yeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma YöntemleriYeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxFreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxJulian Catrambone
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentestingn|u - The Open Security Community
 
Snort
SnortSnort
SnortRahul Jain
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyJuraj Michálek
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Adam Dunkels
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration TestersNikhil Mittal
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLinaro
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)BGA Cyber Security
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1Abe Arredondo
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 

More Related Content

What's hot

Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Yeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma YöntemleriYeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma YöntemleriBGA Cyber Security
 
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxFreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxJulian Catrambone
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyJuraj Michálek
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Adam Dunkels
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseHarris Andrea
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration TestersNikhil Mittal
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLinaro
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)BGA Cyber Security
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS appsMax Bazaliy
 

What's hot (20)

Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testing
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
Yeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma YöntemleriYeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
Yeni Nesil DDOS Saldırıları ve Korunma Yöntemleri
 
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxFreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
Snort
SnortSnort
Snort
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with Embassy
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and PfsenseSite-to-Site IPSEC VPN Between Cisco ASA and Pfsense
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration Testers
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)Siber Tehdit Avcılığı (Threat Hunting)
Siber Tehdit Avcılığı (Threat Hunting)
 
Reverse Engineering iOS apps
Reverse Engineering iOS appsReverse Engineering iOS apps
Reverse Engineering iOS apps
 

Similar to IoT security zigbee -- Null Meet bangalore

IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackPriyanka Aash
 
Remotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal NetworkRemotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal Networkijtsrd
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAleksandr Timorin
 
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...Priyanka Aash
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 

Similar to IoT security zigbee -- Null Meet bangalore (20)

ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
Day4
Day4Day4
Day4
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation Track
 
Remotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal NetworkRemotely Scanning Organization’s Internal Network
Remotely Scanning Organization’s Internal Network
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
 
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 

Recently uploaded

萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程1k98h0e1
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile servicerehmti665
 
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一ss ss
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一ga6c6bdl
 
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Authentic No 1 Amil Baba In Pakistan
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一ss ss
 
Call Girls In Munirka>༒9599632723 Incall_OutCall Available
Call Girls In Munirka>༒9599632723 Incall_OutCall AvailableCall Girls In Munirka>༒9599632723 Incall_OutCall Available
Call Girls In Munirka>༒9599632723 Incall_OutCall AvailableCall Girls in Delhi
 
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts ServiceVip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts Serviceankitnayak356677
 
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...srsj9000
 
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Book
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Bookvip Model Basti Call Girls 9999965857 Call or WhatsApp Now Book
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Bookmanojkuma9823
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一ga6c6bdl
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...nagunakhan
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...nagunakhan
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...ur8mqw8e
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 

Recently uploaded (20)

萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile service
 
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一
定制(Salford学位证)索尔福德大学毕业证成绩单原版一比一
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单留信学历认证原版一比一
 
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
定制宾州州立大学毕业证(PSU毕业证) 成绩单留信学历认证原版一比一
 
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
 
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Serviceyoung call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
 
Call Girls In Munirka>༒9599632723 Incall_OutCall Available
Call Girls In Munirka>༒9599632723 Incall_OutCall AvailableCall Girls In Munirka>༒9599632723 Incall_OutCall Available
Call Girls In Munirka>༒9599632723 Incall_OutCall Available
 
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts ServiceVip Noida Escorts 9873940964 Greater Noida Escorts Service
Vip Noida Escorts 9873940964 Greater Noida Escorts Service
 
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
 
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Book
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Bookvip Model Basti Call Girls 9999965857 Call or WhatsApp Now Book
vip Model Basti Call Girls 9999965857 Call or WhatsApp Now Book
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
 
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一
如何办理伦敦大学伯贝克学院毕业证(BBK毕业证) 成绩单留信学历认证原版一比一
 
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
 
CIVIL ENGINEERING
CIVIL ENGINEERINGCIVIL ENGINEERING
CIVIL ENGINEERING
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 

IoT security zigbee -- Null Meet bangalore

  • 2. ; cat /dev/user(Mr-IoT) • Veerababu Penugonda • Working @Aujas – IoT/OT Security Consultant • Delivered talks in Open security communities • Maintaining www.iotpentest.com , Hack B4 Secure (YouTube) • More comfortable with hardware stuff
  • 3. What is IOT/OT..? • IoT – Internet of things • A device which is connected to internet and receiving or sharing data directly or indirectly called Internet of thing ▪ OT – Operational Technology – Which is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. Scenario IoT OT security Challenging Challenging pentesting Difficult Difficult malware High Medium
  • 5. Wireless Communication Protocols in IoT Name Type BLE designed for lower-powered devices Zwave mesh network protocol ZigBee mesh local area network 6LoWPAN lightweight IP-based communication RFID radio frequency identification NFC Near field communication etc
  • 6. What is Zigbee..? Wikipedia : Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation A Zigbee module https://en.wikipedia.org/wiki/File:ETRX357_ZigBee_module_with_si ze_ref.JPG
  • 7. Why Zigbee..? • Support for multiple network topologies such as point-to-point, point-to-multipointand mesh networks • Low duty cycle – provides long battery life • Low latency • Direct Sequence Spread Spectrum (DSSS) • Up to 65,000 nodes per network • 128-bit AES encryptionfor secure data connections • Collision avoidance,retries and acknowledgements https://www.digi.com/getattachment/resources/standards-and-technologies/zigbee-wireless-standard/Zigbeestack.png
  • 9. Where it is Used..? Home Automati on Healthca re Smart Energy Building Automati on
  • 11. Zigbee vulnerability Test Cases https://youtu.be/Ed1OjAuRARU
  • 13. Known Vulnerabilities in Zigbee Implementation Vulnerabilities • Insecure key storage – (attacker extract key from the chip or nwk) • Insecure key transportation–( Plaintext key on OTA ) • ReusingInitializationVector (IV) – (where secret key stored for data encryption(AES-CTR) • Sending security headers in clear text – (cause to device damage – lack of replay protection – MiC(messagein code)) • Predictable sensor polling rates - (cause to device damage – sleep and wakeup)
  • 14. Known Vulnerabilities in Zigbee • Default link key values (5A 69 67 42 65 65 41 6C 6C 69 61 6E 63 65 30 39 (ZigBeeAlliance09)) • Unauthenticated acknowledgementpackets (ACK) • CSMA/CA trade-off • Unencrypted keys • Predictable PAN IDs and limited channels • Insufficient replay protections • Signal interference • Unauthorizednetwork commissioning • Lack of DDoS Protection Mechanisms • Re-usinglink key • TouchLink Factory reset • Privacy issues Protocol Vulnerabilities https://research.kudelskisecurity.com/2017/11/21/zigbee-security-basics-part-3/
  • 15. Pen-testing Tools Hardware • Bus Pirate (Hardware) • GoodFET (Hardware) • RZUSBSTICK (Protocol) • Chibi • Memsic TelosB (TPR2420) Software • KillerBee • SECBEE • Z3sec • Api-do • Attify ZigBee framework
  • 17. Killerbee – Arsenal zbkey zbopenear zborphannotify zbpanidconflictflood zbrealign zbreplay zbscapy zbstumbler zbwardrive zbwireshark • zbid - Identifies availableinterfacesthat can be used by KillerBeeand associatedtools. • zbwireshark - Similarto zbdump but exposes a namedpipe for real-timecapture and viewingin Wireshark. • zbdump - A tcpdump-liketook to capture IEEE 802.15.4 framesto a libpcap or Daintree SNA packet capture file. Does not display real-timestats like tcpdump when not writing to a file. • zbreplay - Implementsa replay attack, readingfrom a specified DaintreeDCF or libpcap packet capture file, retransmittingthe frames. ACK framesare not retransmitted. • zbstumbler - Active ZigBee and IEEE 802.15.4 network discovery tool. Zbstumbler sends beacon request frames out while channel hopping, recordingand displaying summarizedinformationabout discovereddevices. Can also log results to a CSV file. • zbpanidconflictflood- Requirestwo Killerbeeinterfaces one Killerbee interfacelistens for packets and marks their PAN ID. The other interfaceconstantly sends out beacon packets with found PAN ID's. The beacon packets with the same PAN ID cause the PAN coordinatorto believe that there is a PAN ID
  • 18. How it works.. No Demo Device reached just yesterday Killerbee To Attack the Philips Hue
  • 19. Attify Zigbee Framework GUI wrapper for killerbee https://www.youtube.com/watch?v=uivlSdqWS48
  • 20. Custom vulnerable lab development..? Requirements Arduino * 1 https://www.sparkfun.com/products/11021 DHT11 basic temperature-humidity sensor+ extras https://www.adafruit.com/product/386 2LDR/Photocell * 1 https://www.sparkfun.com/products/9088 BC547*1 https://www.sparkfun.com/products/8928 LED * any number https://www.sparkfun.com/products/10635 Jumper cables https://www.sparkfun.com/products/13870 Breadboard https://www.sparkfun.com/products/12046 Xbee shield * 2 https://www.sparkfun.com/products/12847 https://www.cybrary.it/channelcontent/zigbee-security-and-exploitation-for-iot-devices/
  • 22. Pentest Methods..! • Physical pentesting -- GoodFET and Bus pirate -- Extracting the key which is loaded on the RAM or EEPROM Chips • OTA – Over the Air – device updating securely or not • Sniff • MiTM • Replay and Injection - With packets replay / injection to gain unauthorized devices of Zigbee devices
  • 23. How to pentest..? Attack 1 : Key Sniffing Make it successfully flashed the RZUSB device Step 1 : RZUSB with our custom killerbee firmware to a Ubuntu Virtual Machine Step 2: Select channel number to sniff with zbdump (channels) Step 3: output the packet capture data to a libpcap file Step 4: stopped sniffing and ported the packet capture data to WireShark Step 5: encrypted key might looks like (0xcc 0x60 0x47 0x4c 0x93 0x42 0xe2 0xf7 0x7f 0x78 0x1b 0xfb 0x26 0xe1 0xbb 0x0f 0xa1 0x15 0x79 0x13 0x64 0x92 0xde 0x6b 0xda 0x7c 0x0d 0xe2 0xd5 0xc5 0xc0 0x57 0x78 0xc4 0xa5) Step 6: Decrypt Keys with AES Decrypter
  • 24. Example sniffed cap file of ZigBee
  • 25. Attack 2 : Association Flooding • After successfully sniff the keys from the zigbee • Add the device into network without owner pernmision • we could determine the PANIDs for each of the devices • n flooded each of these device PANIDs in turn with hundreds of Association Requests (one every 10 milliseconds • While we performed our Association Flooding attack, • we tried to access 14 functionality from the SmartThings by turning on and off the Centralite.
  • 26. Attack 3: Replay Attack • After getting the information from the flooding attack • Start the attack using commands like ON/OFF to play with device like bulb Attack 4: Device Spoofing • MAC Spoofing attack where the device need to add into owner attack • After associationflooding attack all these attacks easy to do
  • 28. Remediation's.. • Reconfigure the device securely after finding the installationbugs • Out-of-band key loading method - Using factory generated and pre-loaded key • Secure network admission - Secure network admission • Dynamic device ID rotation – To Remediated the Spoofing attacks Follow the link : https://courses.csail.mit.edu/6.857/2017/project/17.pdf
  • 29. References • Cache, Johnny, Wright, Joshua, and Liu, Vincent. Hacking Exposed: Wireless. Second Edition. McGraw-Hill, 2010. • 15.4-2011 – IEEE Standard for Local and metropolitan area networks–Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs) <http://standards.ieee.org/findstds/standard/802.15.4-2011.html> • ZigBee Security at Dartmouth Trust Lab. <http://www.cs.dartmouth.edu/~rspeers/> • ZigBee Specification, ZigBee Document 053474r17, ZigBee Alliance, January 17, 2008 • Radmand, M. Domingo, J. Singh, J. Arnedo, A. Talevski, S. Petersen, and S. Carlsen. “ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys”. Digital Ecosystem and Business Intelligence Institute, Curtin University of Technology, Perth, Australia • Olawumi, K. Haataja, M. Asikainen, N. Vidgren, and P. Toivanen “Three Practical Attacks Against ZigBee Security: Attack Scenario Definitions, Practical Experiments, Countermeasures, and Lessons Learned”, in IEEE 14th International Conference on Hybrid Intelligent Systems (HIS2014), At Kuwai. DOI: 10.1109/HIS.2014.7086198 • N. Whitehurst, T.R. Andel, and J.T.McDonald. “Exploring Security in ZigBee Networks”, in 9th Cyber and Information Security Research Conference, 2014. ACM 978-1-4503-2812- 8/14/4 • ZigBee wireless networks and Transceivers – Shahin Farahani • Y. Vasserman and N. Hopper, “Vampire attacks: draining life from wireless ad hoc sensor networks,” IEEE Trans. Mobile Computing, vol. • 12, no. 2, pp. 318–332, 2013. • Devu Manikantan Shila, Xianghui Cao, Yu Cheng, Senior Member, Zequ Yang, Yang Zhou, and Jiming Chen, “Ghost- in-the-Wireless: Energy Depletion Attack on ZigBee”
  • 30. References •Ivan Vaccari, Enrico Cambiaso, and Maurizio Aiello, “Remotely Exploiting AT Command Attacks on ZigBee Networks” •https://phys.org/news/2017-09-flaws-smart-home-products.html •Philipp Morgner, Stephan MaŠejat, Zinaida Benenson, “Insecure to the Touch: Attacking ZigBee 3.0 via Touchlink Commissioning” •Vidgren, K. Haataja, J. L. Patiño-Andres, J. J. Ramírez-Sanchis, and P. Toivanen, “Security threats in ZigBee-enabled systems: Vulnerability evaluation, practical experiments, countermeasures, and lessons learned,” in Proceedings of the 46th Annual Hawaii International Conference on System Sciences, HICSS 2013, pp. 5132–5138, January 2013. •Krivtsova, I. Lebedev, M. Sukhoparov et al., “Implementing a broadcast storm attack on a mission- critical wireless sensor network,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 9674, pp. 297–308, 2016. •https://www.google.co.in/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=2ahUKEwie1vqPv5bcA hVZWH0KHe96DoQQjRx6BAgBEAU&url=https%3A%2F%2Flearn.sparkfun.com%2Ftutorials%2Fxbee- shield-hookup-guide%2Fexample-communication- test&psig=AOvVaw37z4gVuWXNC25FnyKvNlY5&ust=1531379444262934