SlideShare a Scribd company logo

How to hack airplanes and get away with it

H
hackersuli

This document discusses how to hack airplanes and get away with it. It provides an aviation security primer, describing security boundaries, certification requirements, and the "Swiss cheese model" of security. It also defines various aviation industry acronyms and terms. The document examines potential attack surfaces in different parts of an airplane system, including data loading interfaces. It presents a case study on portable data loaders used for updating airplane software, outlining the data loading process, attack surfaces, and potential threat scenarios involving the loader.

Internet
1 of 24
Download to read offline
How to hack airplanes …and get away with it.
whoami 0xloltan Zoltan Madarassy Principal Security Consultant at elttam Relentless expat 🌍 󰏘󰐘󰐴󰎉 🌍 I like computers that fly
Aviation primer ● Security boundaries ● History in safety ● (Information) security is still kind of new ● Certification requirements ○ Now with a 100% more cyber! ● Swiss cheese model
Glossary ● ARINC-615(A) ○ Dataloading interfaces over ARINC-429 or ARINC-664 ● ARINC-665 ○ Loadable Software [Airplane] Parts (LS[A]P) ○ Media Set Parts (MSP) ● ARINC-827 ○ Software crate ● ARINC-835 ○ Encryption guidance for LSPs and MSPs ● ARINC-429/AFDX(ARINC-664) ○ Main network buses on an aircraft ● LRU ○ Line Replaceable Unit ● LSAP ○ Loadable Software Airplane Parts ● MRO ○ Maintenance, Repair and Operations ● ACD ● AISD ● PIESD
Aviation entanglement ● Aircraft manufacturers ● OEMs ● Operators and maintenance ● Airports and ANSPs ● Regulatory bodies
Domain separation ● Example: Data diodes ● Ideal separation between domains ● Interconnection cutoffs MAC <> PHY
Attack surface example 1 - ACD CAN bus ● CAN is rarely used on airplanes ● Except for example lavatory doors ● Inaccessible in bulkheads Honorable mention: ● B737 MAX MCAS
Attack surface example 2 - AISD Data loading ● Media ○ Floppies ○ USB drives ○ Maintenance laptops ○ Portable data loaders ○ Integrated data loaders ○ Gatelink (wifi/cellular) ● Update types ● Bus ● Signatures and verification
Attack surface example 3 - PIESD IFEC
Attack surface example 3 - PIESD IFEC ● Maintenance panels ○ Touchscreen ○ RJ-45 ● IFE APIs ○ IDOR ○ Auth bypass ● IFC ○ Network separation ○ Client isolation ● PRAMs
Case study - Portable data loader Data loading process 1. New update available (LSAP) 2. LSAP -> Librarian 3. Librarian -> Data loader / LRU 4. Verification and installation
Case study - Portable data loader Attack surface ● GUI ● USB (airside and groundside) ● Wifi ● Ethernet ● Backend APIs ● ARINC-615(A) ● Secure boot ● Debugging interfaces
Case study - Portable data loader Threat scenarios ● Isolation bypass ● Physical tampering ● Malicious data
Case study - Portable data loader ● Scope: ○ USB ○ Ethernet ○ Wifi ● Network exposure and comms review ● IP stack fuzzing ● USB stack fuzzing ○ Mass storage ● File system and file name manipulation ○ Manually Approach
Case study - Portable data loader Threat scenario - Importing root CAs from USB ● Idea: RCE via cert attribute ● Reverse all the things! ● Spoiler alert: no luck ☹ ● Reversing QT binaries is terrible
Case study - Portable data loader Expectation Reality
Case study - Portable data loader ● Internal requirement ● Choice: ClamAV ○ Because it’s free ● Increased attack surface ● AV in aviation 😲 ● But it doesn't actually do anything ¯_(ツ)_/¯
Case study - Portable data loader
Case study - Portable data loader
Questions? Thank You!

Recommended

ACARS
ACARS ACARS
ACARSBrightlin3
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
White paper 4 steps to a great passenger experience
White paper 4 steps to a great passenger experienceWhite paper 4 steps to a great passenger experience
White paper 4 steps to a great passenger experienceDatafield
 
Cyber security
Cyber securityCyber security
Cyber securityNimesh Gajjar
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & HygineAmit Arya
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019Mustafa Kuğu
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 

Recommended

ACARS
ACARS ACARS
ACARSBrightlin3
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
White paper 4 steps to a great passenger experience
White paper 4 steps to a great passenger experienceWhite paper 4 steps to a great passenger experience
White paper 4 steps to a great passenger experienceDatafield
 
Cyber security
Cyber securityCyber security
Cyber securityNimesh Gajjar
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & HygineAmit Arya
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019Mustafa Kuğu
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
Cyber security training course ppt
Cyber security training course pptCyber security training course ppt
Cyber security training course pptRajshekarShivanagutt
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?WSO2
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentationMuhammadHossen
 
Chapter 12 Access Management
Chapter 12 Access ManagementChapter 12 Access Management
Chapter 12 Access ManagementDr. Ahmed Al Zaidy
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Java card
Java cardJava card
Java cardRavi Jakashania
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...eurobsdcon
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringTom Paseka
 

More Related Content

What's hot

Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Edureka!
 
Cyber security training course ppt
Cyber security training course pptCyber security training course ppt
Cyber security training course pptRajshekarShivanagutt
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?WSO2
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentationMuhammadHossen
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 

What's hot (20)

Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
Application Security
Application SecurityApplication Security
Application Security
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
 
Cyber security training course ppt
Cyber security training course pptCyber security training course ppt
Cyber security training course ppt
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cyber security-presentation
Cyber security-presentationCyber security-presentation
Cyber security-presentation
 
Chapter 12 Access Management
Chapter 12 Access ManagementChapter 12 Access Management
Chapter 12 Access Management
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Java card
Java cardJava card
Java card
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 

Similar to How to hack airplanes and get away with it

Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...eurobsdcon
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringTom Paseka
 
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fiDefcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fiPriyanka Aash
 
Cyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionCyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionPhilip Polstra
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks1GV20CS058Shivaraj
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexityasimkadav
 
Creating Data Fabric for #IOT with Apache Pulsar
Creating Data Fabric for #IOT with Apache PulsarCreating Data Fabric for #IOT with Apache Pulsar
Creating Data Fabric for #IOT with Apache PulsarKarthik Ramasamy
 
Socket Programming with Python
Socket Programming with PythonSocket Programming with Python
Socket Programming with PythonGLC Networks
 
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...Andrei Kholodnyi
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) IntroAnna Gerber
 
Activities of Smart Ship Application Platform 2 Project (SSAP2)
Activities of Smart Ship Application Platform 2 Project (SSAP2)Activities of Smart Ship Application Platform 2 Project (SSAP2)
Activities of Smart Ship Application Platform 2 Project (SSAP2)MTI Co., Ltd.
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
 
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...Neil Armstrong
 
Sagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-SiliconSagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-Siliconchiportal
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFoholiab
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 

Similar to How to hack airplanes and get away with it (20)

Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...Smartcom's control plane software, a customized version of FreeBSD by Boris A...
Smartcom's control plane software, a customized version of FreeBSD by Boris A...
 
Peering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in PeeringPeering Asia 2.0: Security in Peering
Peering Asia 2.0: Security in Peering
 
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fiDefcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
 
Cyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionCyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or Fiction
 
Edge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacksEdge computing PPT slides and it's benifits and drawbacks
Edge computing PPT slides and it's benifits and drawbacks
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Creating Data Fabric for #IOT with Apache Pulsar
Creating Data Fabric for #IOT with Apache PulsarCreating Data Fabric for #IOT with Apache Pulsar
Creating Data Fabric for #IOT with Apache Pulsar
 
Socket Programming with Python
Socket Programming with PythonSocket Programming with Python
Socket Programming with Python
 
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...
Developing safety autonomous driving solutions based on the adaptive AUTOSAR ...
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
 
Internet of Things (IoT) Intro
Internet of Things (IoT) IntroInternet of Things (IoT) Intro
Internet of Things (IoT) Intro
 
Activities of Smart Ship Application Platform 2 Project (SSAP2)
Activities of Smart Ship Application Platform 2 Project (SSAP2)Activities of Smart Ship Application Platform 2 Project (SSAP2)
Activities of Smart Ship Application Platform 2 Project (SSAP2)
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and Orchestration
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
 
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...
 
Sagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-SiliconSagar Kadam, Lead Software Engineer, Open-Silicon
Sagar Kadam, Lead Software Engineer, Open-Silicon
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 

More from hackersuli

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______hackersuli
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiájahackersuli
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchainhackersuli
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptxhackersuli
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelesehackersuli
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekhackersuli
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scamshackersuli
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknanhackersuli
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapokhackersuli
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, futurehackersuli
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADhackersuli
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengershackersuli
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Holehackersuli
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...hackersuli
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...hackersuli
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...hackersuli
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákhackersuli
 
Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?hackersuli
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnethackersuli
 
Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?hackersuli
 

More from hackersuli (20)

2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______2024_hackersuli_mobil_ios_android ______
2024_hackersuli_mobil_ios_android ______
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
 
[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain[Hackersuli]Privacy on the blockchain
[Hackersuli]Privacy on the blockchain
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
 
[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese[Hackersuli][HUN] GSM halozatok hackelese
[Hackersuli][HUN] GSM halozatok hackelese
 
Hackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknekHackersuli Minecraft hackeles kezdoknek
Hackersuli Minecraft hackeles kezdoknek
 
[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams[HUN][Hackersuli] Cryptocurrency scams
[HUN][Hackersuli] Cryptocurrency scams
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
 
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future[HUN] Hackersuli - Console and arcade game hacking – history, present, future
[HUN] Hackersuli - Console and arcade game hacking – history, present, future
 
Hackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOADHackersuli - Linux game hacking with LD_PRELOAD
Hackersuli - Linux game hacking with LD_PRELOAD
 
[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers[HUN][hackersuli] Malware avengers
[HUN][hackersuli] Malware avengers
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
[HUN][Hackersuli] Androidos alkalmazássebészet, avagy gumikesztyűt fel és irá...
 
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
[HUN][Hackersuli] iOS hekkelés, avagy egyik szemünk zokog, a másik meg kacagv...
 
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
[Hackersuli][HUN] Greasemonkey, avagy fogod majd a fejed, hogy miért nem hasz...
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
 
Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?Hogy jussunk ki lezárt hálózatokból?
Hogy jussunk ki lezárt hálózatokból?
 
Hardware hacking 1x1 by Dnet
Hardware hacking 1x1 by DnetHardware hacking 1x1 by Dnet
Hardware hacking 1x1 by Dnet
 
Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?Hogy néz ki egy pentest meló a gyakorlatban?
Hogy néz ki egy pentest meló a gyakorlatban?
 

Recently uploaded

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

Recently uploaded (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 

How to hack airplanes and get away with it

  • 1. How to hack airplanes …and get away with it.
  • 2. whoami 0xloltan Zoltan Madarassy Principal Security Consultant at elttam Relentless expat 🌍 󰏘󰐘󰐴󰎉 🌍 I like computers that fly
  • 3.
  • 4.
  • 5. Aviation primer ● Security boundaries ● History in safety ● (Information) security is still kind of new ● Certification requirements ○ Now with a 100% more cyber! ● Swiss cheese model
  • 6. Glossary ● ARINC-615(A) ○ Dataloading interfaces over ARINC-429 or ARINC-664 ● ARINC-665 ○ Loadable Software [Airplane] Parts (LS[A]P) ○ Media Set Parts (MSP) ● ARINC-827 ○ Software crate ● ARINC-835 ○ Encryption guidance for LSPs and MSPs ● ARINC-429/AFDX(ARINC-664) ○ Main network buses on an aircraft ● LRU ○ Line Replaceable Unit ● LSAP ○ Loadable Software Airplane Parts ● MRO ○ Maintenance, Repair and Operations ● ACD ● AISD ● PIESD
  • 7. Aviation entanglement ● Aircraft manufacturers ● OEMs ● Operators and maintenance ● Airports and ANSPs ● Regulatory bodies
  • 8.
  • 9.
  • 10. Domain separation ● Example: Data diodes ● Ideal separation between domains ● Interconnection cutoffs MAC <> PHY
  • 11. Attack surface example 1 - ACD CAN bus ● CAN is rarely used on airplanes ● Except for example lavatory doors ● Inaccessible in bulkheads Honorable mention: ● B737 MAX MCAS
  • 12. Attack surface example 2 - AISD Data loading ● Media ○ Floppies ○ USB drives ○ Maintenance laptops ○ Portable data loaders ○ Integrated data loaders ○ Gatelink (wifi/cellular) ● Update types ● Bus ● Signatures and verification
  • 13. Attack surface example 3 - PIESD IFEC
  • 14. Attack surface example 3 - PIESD IFEC ● Maintenance panels ○ Touchscreen ○ RJ-45 ● IFE APIs ○ IDOR ○ Auth bypass ● IFC ○ Network separation ○ Client isolation ● PRAMs
  • 15. Case study - Portable data loader Data loading process 1. New update available (LSAP) 2. LSAP -> Librarian 3. Librarian -> Data loader / LRU 4. Verification and installation
  • 16. Case study - Portable data loader Attack surface ● GUI ● USB (airside and groundside) ● Wifi ● Ethernet ● Backend APIs ● ARINC-615(A) ● Secure boot ● Debugging interfaces
  • 17. Case study - Portable data loader Threat scenarios ● Isolation bypass ● Physical tampering ● Malicious data
  • 18. Case study - Portable data loader ● Scope: ○ USB ○ Ethernet ○ Wifi ● Network exposure and comms review ● IP stack fuzzing ● USB stack fuzzing ○ Mass storage ● File system and file name manipulation ○ Manually Approach
  • 19. Case study - Portable data loader Threat scenario - Importing root CAs from USB ● Idea: RCE via cert attribute ● Reverse all the things! ● Spoiler alert: no luck ☹ ● Reversing QT binaries is terrible
  • 20. Case study - Portable data loader Expectation Reality
  • 21. Case study - Portable data loader ● Internal requirement ● Choice: ClamAV ○ Because it’s free ● Increased attack surface ● AV in aviation 😲 ● But it doesn't actually do anything ¯_(ツ)_/¯
  • 22. Case study - Portable data loader
  • 23. Case study - Portable data loader