• About Black Hat USA
• Hot Research
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
– Advanced CAN Injection Techniques For Vehicle Networks
– Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
– GATTAttacking Bluetooth Smart Devices
– Introducing A New BLE Proxy Tool
– GreatFET: Making GoodFET Great Again
• Conclusions
• References
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
• About Black Hat
• Intriguing reports – Breaking BHAD: Abusing Belkin Home Automation Devices – (PEN)TESTING VEHICLES WITH CANTOOLZ YACHT – YET ANOTHER CAR HACKING TOOL – Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks
• Conclusions
• References
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
This talk was given in Unicom Ethical Hacking Conference 2015. This talk focuses on the importance of building security inside the product development life cycle. The presentation talks about architectural flaws and implementation bugs, principles of design, software development life cycle and activities to be done from security perspective.
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
• About Black Hat
• Intriguing reports – Breaking BHAD: Abusing Belkin Home Automation Devices – (PEN)TESTING VEHICLES WITH CANTOOLZ YACHT – YET ANOTHER CAR HACKING TOOL – Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks
• Conclusions
• References
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
This talk was given in Unicom Ethical Hacking Conference 2015. This talk focuses on the importance of building security inside the product development life cycle. The presentation talks about architectural flaws and implementation bugs, principles of design, software development life cycle and activities to be done from security perspective.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
• Security incidents related to IoT devices
• About the Android Things
• Major features
• Installation and Settings
• Accessible network service
• Security configurations
• Conclusions
• References
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
Table of Contents
• Background • Use case and Weave
• Android Things Security Considerations
• Android Things Version Information
• File system information • Firewall setting
• ADB port setting
• SELinux setting
• Conclusions
• Reference
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE - ATT&CKcon
USAA has utilized the MITRE ATT&CK framework as a unique means to map their current detection infrastructure and assess their ability to defend against the most relevant threats to their network. In this presentation they share some lessons learned during their journey with ATT&CK leading to identified best practices for workflow integration through team composition and custom tool development.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
• Security incidents related to IoT devices
• About the Android Things
• Major features
• Installation and Settings
• Accessible network service
• Security configurations
• Conclusions
• References
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
Table of Contents
• Background • Use case and Weave
• Android Things Security Considerations
• Android Things Version Information
• File system information • Firewall setting
• ADB port setting
• SELinux setting
• Conclusions
• Reference
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
According to recent reports, nearly 1/3rd of all US Businesses experienced a cybersecurity related breach last year.
With hackers increasingly targeting US businesses and insiders mishandling or misusing their privileges and access, its' imperative that all organizations have incident response (IR) capabilities at the ready. We're talking about real capabilities that include: threat visibility, centralized logging, root cause analysis, and assessment.
While we can agree IR capabilities are important, most businesses do not and may never have on-staff responders or organized security operations - if you are one of these, this talk is for you.
In this talk, Chris explores the processes, procedures, and best practices surrounding Incident Response (IR) as it relates to cybersecurity: Finding, containing, investigating, and eliminating attackers from within your network.
Learn more about cyber threat hunting, incident response, and how a strong incident response process will help your organization stay better protected from cyber attackers.
This presentation, reviewing Cybersecurity Incident Response (IR) Readiness, was originally shared during the 2019 DataConnectors Houston Cybersecurity Conference.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces the Red Teaming concept of IOC management, how a Red Team operator can use specific IOCs to blend in to a target, and how to design specific scenarios to test a Blue Team's defensive posture.
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks.
Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
•Automobile security is hot topic in many conferences.
•Cyber security measures are essential for the automobile.
•We summarize the following topics based on the above background.
–Presentations at the conferences other than Black Hat USA 2015 and DEF CON 23.
–Introduction of vulnerability assessment methods of automobile security by CVSS v3.
[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for A...CODE BLUE
Recently, services that provide remote control and acquire vehicle location information (GPS) is increasing. (As far as we know, it has been especially popular in the EV cars.)
These services are the challenging business for the automotive industry and OEMs because these have a potentially huge market or an additional value to their products in the future.
On the other hands, these services may lead to new threats and risks for the automobiles. This is because the Internet connection did not consider it was not necessary for automobiles so far.
Further, some researchers have already reported vulnerabilities in the remote services that are provided by various OEMs.
These issues are all reported in a foreign territory. Then, how about in Japan?
Therefore, we analyze the client apps for Japan provided by the various OEMs. But we also targeted analyzing apps for the US because apps for Japan is not many yet.
Specifically, we analyzed vulnerabilities (cooperation between apps, certificate verification, etc...) and whether these apps are using anti-analysis techniques such as obfuscation.
In this talk, we'll introduce about a potential for abusing of remote service apps in the future and countermeasures for these risks.
--- Naohide Waguri
Naohide Waguri joined FFRI in 2013. Before he joined FFRI, he had participated in software quality assurance, software development and promotion of test automation of network equipment (Gigabit Ethernet or Multilayer switches) as a network engineer. After joined FFRI, he participated in penetration testing, analysis and investigating the trend of cyber attacks. He is currently researching threat/risk analysis and evaluation method for a security of embedded systems such as in-vehicle devices. He was a speaker at CODE BLUE 2015.
Current state of automotive network securityFFRI, Inc.
Many electronic devices have been used by automobiles.These devices are connected each other and communicate to control automobile. Recent years, automotive network has been connected to smartphones and the internet. It makes new threats turn up. This slides summarizes how automotive network security have been and what is expected as incoming threats.
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
This presentation from escar Asia does go into detail on the Progressive Snapshot dongle security problems, but it also addresses common issues found in ICS security and the path forward. For example the insecure by design problem, no thought on embedded product security, importance of a security perimeter as the immediate best security solution, and the medium to long term solutions.
CANSPY: A platform for auditing CAN devicesPriyanka Aash
"In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smartcars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what professional tools from automobile manufacturers can do. In fact, they will do less as they do not have knowledge of upper-layer protocols.
Security auditors are used to dealing with this kind of situation: they reverse-engineer protocols before implementing them on top of their tool of choice. However, to be efficient at this, they need more than just being able to listen to or interact with what they are auditing. Precisely, they need to be able to intercept communications and block them, forward them or modify them on the fly. This is why, for example, a platform such as Burp Suite is popular when it comes to auditing web applications.
In this talk, we present CANSPY, a platform giving security auditors such capabilities when auditing CAN devices. Not only can it block, forward or modify CAN frames on the fly, it can do so autonomously with a set of rules or interactively using Ethernet and a packet manipulation framework such as Scapy. It is also worth noting that it was designed to be cheap and easy to build as it is mostly made of inexpensive COTS. Last but not least, we demonstrate its versatility by turning around a security issue usually considered when it comes to cars: instead of auditing an electronic control unit (ECU) through the OBD-II connector, we are going to partially emulate ECUs in order to audit a device that connects to this very connector."
(Source: Black Hat USA 2016, Las Vegas)
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
A joint presentation of Yokogawa and NextNine about a 60-site global cybersecurity deployment, including what went right, what went wrong, necessary changes to the processes and technology, and the new technology was developed.
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
While the Internet of Things (IoT) is growing significantly in the number of devices and capabilities, there is little thought given to security by the manufacturers and software developers for these devices. This talk will explore one mechanism, using open standards, to add a layer of security and convenience for devices connecting to a personal cloud including the challenges that exist to make it a reality.
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
In this report, we pick up briefings of Black Hat Asia 2016
• Mobile Security
– Android Commercial Spyware Disease and Medication, Mustafa Saad
– Su-a-Cyder: Home-Brewing iOS Malware Like a B0$$!, Chilik Tamir
• IoT Security
– Lets See Whats Out There Mapping The Wireless IOT, Tobias Zillner
– Hacking a Professional Drone, Nils Rodday
• Windows Security
– DSCompromised:A Windows DSC Attack Framework, Ryan Kazanciyan & Matt Hastings
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...CODE BLUE
Windows 10 IoT was released as a platform for IoT.
Windows 10 IoT Core, which is the lightest among Windows 10 IoT, is usable without charge, and can be run on single board computers like Raspberry Pi. So far, Linux-based platforms were considered as the platform for IoT devices, but now there is another option.
We conducted research on security system of Windows 10 IoT Core to judge whether it could be used safely.
We investigated the security design, the security functions, and default services, such as Web, FTP, and SSH, served by this OS. Furthermore, we also analyzed risks of intrusion and malware infection.
As a result of the investigation, like the newest Windows, we found that DEP, ASLR and CFG are also effective as countermeasures for being attacked vulnerabilities that affect the main memory. These countermeasures are not omitted from Windows 10 IoT Core.
On the other hand, we also found some designs and default settings of services and components are insecure.
For example, Windows update is disabled, Windows Firewall is disabled by default settings, Web interface is served on HTTP, and its authentication is basic authentication.
Moreover, we found a problem in the design of the remote debug service. This problem allows an attacker to create any user account and intrude using the web interface or SSH. Therefore, this problem might be abused by worm malware.
Lastly, we will introduce recommended security measures such as disabling unused services, changing settings, enabling the firewall, enabling web interface on HTTPS, etc.
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "The Bot Stops Here: Removing the BotNet Threat" at the Public and Higher Ed Security Summit.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
In 2017, Microsoft announced the ARM version of Windows. The number of devices with ARM version of Windows is increasing, such as Surface Pro X series and HP ENVY x2, and it is gradually becoming popular.
When using these ARM devices, there is a compatibility issue that existing x86/x64 applications cannot be used.
However, this problem has been addressed by providing x86/x64 emulation capabilities. In recent years, ARM64EC has been announced, allowing for the gradual migration of x64 applications to ARM. The aggressive introduction of these compatibility technologies is a sign of Microsoft's strong will to promote the ARM version of Windows.
On the other hand, doesn't the introduction of new compatibility technologies provide a new avenue of attack for attackers? As far as we know, this point has not even been discussed much at this point. Therefore, we reverse engineered the compatibility technology that exists in Windows on ARM and examined its exploitability.
We found that various techniques are available, such as code injection by modifying XTA cache files, and obfuscation by exploiting newly introduced relocation entries. All of these techniques have in common the characteristic that the binary "appearance" and runtime behavior are different, making them difficult to detect and track. In addition, some of the techniques can be widely exploited to interfere with static analysis or sandbox analysis. Therefore, there is a high possibility that they will become a threat to the ARM version of Windows in the future.
In this presentation, we will explain the details of our new method and its features with demonstrations. We hope that this presentation will be a good opportunity to develop and promote the security research of Windows on ARM.
The PoC code and detailed reverse engineering results will be available on GitHub.
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
Table of Contents
• About TrustZone
– Use case of TrustZone
– Cortex-A TrustZone
– Cortex-M TrustZone
– TEE implementation
• Vulnerability of TEE implementation
• Conclusions
• References
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
•CODE BLUE 2015 had over 600 visitors from many countries.
–It had started two track presentation and youth track.
–Two teenagers and a student were on stage.
•IoT Security
–Medical equipment and social infrastructure were studied.
–The white hackers reported these vulnerabilities.
•Bug Bounty
–Japanese bug hunters are active in the world.
–There are things to learn from their way.
•APT
–APT would have invaded various organizations in Japan.
–Forum for information exchange, such as the CODE BLUE is required to counter APT.
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
Recently, OS X and iOS are becoming target of cyber attacks.
–As a result, attack technique peculiar to OS X and iOS comes up.(e.g. Abuse of sync function, malware distribution by AdHocetc.)
We recommend some security settings for Mac and iPhone based on current state of threats.
–Target system is OS X 10.10.x (Yosemite) and iOS 8.x.
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
•Windows 10 IoT is successor platform of Windows Embedded that optimized for embedded devices.
•Windows 10 IoT Core Insider Preview has been provided for single-board computers such as the Raspberry Pi 2.
•We show tutorial about security of Windows 10 IoT Core using the Raspberry Pi 2.
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
Background
•Automobiles equip a lot of ECUs which communicate mutually on In-Vehicle Network to control engine, power window, and so on
•IVI devices such as navigation system and ADAS*known-as lane-keeping or brake-assist systems often are connected in the same network
•BecauseIn-Vehicle network becoming complicated by various devices, next-generation In-Vehicle network attracts interest as feasible technology at low cost
•This slide summarized about following topics
–Ethernet prospective as next-generation In-Vehicle network
–Recent security research about conventional In-Vehicle network andproposal of measures for the CAN
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
Large number web sites defacing for various purposes are increasing.
Many used technique within of the these attacks is targeting a popular product or these plug-ins like WordPress.
In this report, was analyses about vulnerability that made 18,000 websites victims by exploiting “Slider Revolution".
The point different from general attacks like SQL injection is that using normal function.
Many of these vulnerabilities within of the CMS product are often in where there are assume used by admin.
So, Limit of access to "/wp-admin" or "/admin" by editing ".htaccess" is very important.
MR201502 Intel Memory Protection Extensions OverviewFFRI, Inc.
• Intel MPX provides primitive functions for runtime memory protection via compiler’s code instrumentation
• Performance impact is not clear
– However, we guess it is faster than another approach of memory protection such as software fault isolation or runtime instrumentation
• After all, Intel MPX and runtime memory protection are not expected to come into wide use for some time because we need replacement our
desktops and servers for to use buffer overflow protection
MR201411 SELinux in Virtualization and ContainersFFRI, Inc.
• To achieve secure environment requires two surfaces for isolation in virtualization and containers
– An isolation between host OS and guest OS
– An isolation between guests
• libvirt is sophisticated VM management framework, it has already integrated isolation with SELinux and AppArmor
• Docker is familiar to developers, but it includes security risks like execution of untrusted programs
– We absolutely need SELinux for secure development with Docker
TENTACLE: Environment-Sensitive Malware Palpation(PacSec 2014)FFRI, Inc.
In this presentation, I present an automatically disarmament system for armed malware with anti-sandboxing. The system targets on 1) Host-fingerprinting malware like citadel, 2) armed malware with general anti-sandboxng for automated sandbox analyzer. An approach of disarmament focuses on exit reason and exit before activity in malware execution. I have developing CPU emulator-based disarmament system with instrumentation. The system suggests a suitable environment for dynamic analysis for individual malware.
Freeze Drying for Capturing Environment-Sensitive Malware AliveFFRI, Inc.
We propose a set of techniques for "freeze drying" malware and restoring the captured malware to enable live process migration. Our system can capture environment-sensitive malware in-process and run it in an environment other than the infected host.
Sophisticated malware, such as Citadel and ZeuS/GameOver, are armed with anti-analysis techniques to prevent running except on an infected host. These malwares detect the execution environment and do not engage in malicious behavior when the current host differs from the infected host.
We developed a malware capture system called Sweetspot that can capture malware in-process by using process live migration and mimicking the infected host's environment on the analyzer by means of system call proxies. In addition, Sweetspot can serve as a honeypot and provide dummy data when the malware requests sensitive information. In briefings, we will demonstrate freeze-drying and instant dynamic analysis of real malware.
• Each SELinux access control model is simple, but actually
access control is more complex
• Red Hat puts a lot of effort into SELinux, policy and utils for
SELinux usability
– Enlarging default policy modules
– Encouraging Policy module system
– Analyzing and generating policies from access violation log
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
1. FFRI,Inc.
1
Black Hat USA 2016
Survey Report
FFRI, Inc.
http://www.ffri.jpE-Mail: research-feedback[at]ffri.jp
Twitter: @FFRI_Research
Monthly Research 2016.08
2. FFRI,Inc.
2
Contents
• About Black Hat USA
• Hot Research
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
– Advanced CAN Injection Techniques For Vehicle Networks
– Can You Trust Autonomous Vehicles: Contactless Attacks against
Sensors of Self-driving Vehicle
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
– GATTAttacking Bluetooth Smart Devices – Introducing A New BLE
Proxy Tool
– GreatFET: Making GoodFET Great Again
• Conclusions
• References
3. FFRI,Inc.
About Black Hat USA
• The world's largest security conference in Las Vegas at every August
– Briefings of cutting-edge security research
• Threat demo, exploit technique, defense technology
• They have breakthrough or advantage
• Slides and papers are public on the Web
– Yuji Ukai, CEO of FFRI, Inc. is a member of the review boards
– There was published many tools and projects
• Apple launches bug bounty project the Apple Security Bounty
• Many security events (DEFCON, BSideLV, USENIX) were held near term
• In This Slide, we introduce hot research in Black Hat USA 2016
3
4. FFRI,Inc.
Hot Research (1)
• Vehicle
– CANSPY: A Platform For Auditing CAN Devices
• Jonathan-Christofer Demay & Arnaud Lebrun
– Advanced CAN Injection Techniques For Vehicle Networks
• Charlie Miller & Chris Valasek
– Can You Trust Autonomous Vehicles: Contactless Attacks
against Sensors of Self-driving Vehicle (DEFCON 24)
• Jianhao Liu, Chen Yan, Wenyuan Xu
4
5. FFRI,Inc.
Hot Research (2)
• IoT
– Into The Core – In-Depth Exploration of Windows 10 IoT Core
• Paul Sabanal
– GATTacking Bluetooth Smart Devices Introducing a New BLE
Proxy Tool
• Slawomir Jasek
– GreatFET: Making GoodFET Great Again
• Michael Ossmann
5
6. FFRI,Inc.
CANSPY: A Platform For Auditing CAN Devices (1)
• Capture tool for the CAN bus
– Circuit board data and software are open source
• https://bitbucket.org/jcdemay/canspy
• Connect to OBD-II
– It intercepts like server-client MITM attack
• Intercept in-between bus for ECU-ECU
• Analyze of captured frame
– CAN protocol stack is SocketCAN
– SocketCAN is supported by the Wireshark
• We are able to analyze captured frame by writing a
dissector
6
7. FFRI,Inc.
CANSPY: A Platform For Auditing CAN Devices (2)
• PC-ECU connection(CAN over Ethernet)
– Sniffing and bridging CAN bus from PC
• Inject CAN message using bridge service
• Rewrite frame and packet using Scapy
• Comments of FFRI researcher
– CANSPY is high-quality analysis tool
– Point of improvement
• The internal filtering capabilities
– This tool is useful for analysis for non real time function
• E.g.) Fault diagnosing function and device
7
8. FFRI,Inc.
Advanced CAN Injection Techniques
For Vehicle Networks (1)
• Continued research called "Jeep Hack" by Charlie Miller and Chris Valasek
– That is drawing any attention and extensively quoted in the media
• Researchers were getting a "Pwnie for Best Junk or Stunt Hack" on The Pwnie
Awards for 2016
• They were able to control steering even when the car is driving at high speed
• Brake, accelerator and steering were bypassed restriction at the Parking Assist
Module(PAM) and the Adaptive Cruise Control
– They disguised packet for speed camouflaging
• PAM haven't gotten speed from the legitimate ECU
• Rewrite firmware on the Power Steering Control Module (PSCM) ECU
– PSCM firmware has a 16bit checksum
– It is bypassed in less than 9 hours
• Message injection and confliction
– PAM disables message and restart ECU at message confliction
– E.g.)The car is stopped > Attacker suddenly injected "100 mph“ > Confliction
8
9. FFRI,Inc.
Advanced CAN Injection Techniques
For Vehicle Networks (2)
9
Original messages (80 00 01 31)
Disable message (00 04 01 3A)
PSCM
Message confliction
- The third byte is counter
- It's checking at message duplicate
- Third byte is faking
- Injecting just before at true message
- Original messages were ignored
Rewrite firmware
1. Start a programming
diagnostic session
2. Get security access
3. Write new firmware
Attacker PAM
Rewriting firmware and measuring message conflict
Sending a false message
OBD-II
10. FFRI,Inc.
Advanced CAN Injection Techniques
For Vehicle Networks (3)
• Jeep and Prius are different correspondence to the unreliable sudden
braking messages
– Jeep: Cancel messages and restart ECU
– Prius: Non check, activate the brakes
• Toyota seems to give priority to safety
• CAN injection countermeasures
– Automobile manufacturers fix the danger algorithm
– Monitoring of CAN message frequency
• Comments of FFRI researcher
– Vehicle has many system, so it is necessary to take measures and
threat analysis of the various points of view
– Research related to "arrival frequency of message" is already exist
10
11. FFRI,Inc.
Can You Trust Autonomous Vehicles: Contactless Attacks
against Sensors of Self-driving Vehicle (1)
• This research was published DEF CON 24
• Presented by Chinese university and the Qihoo360 researchers
• Attack various sensors in vehicle
– This attack has been verified in the actual vehicle sensors
• The Tesla, The Audi and others
– Similar research was published the Black Hat EU 2015
• Vehicle sensors are important for ADAS
– E.g.) Ultrasonic sensors, Millimeter Wave Radars
• Attacking methods
– Jamming
• Common frequency intense noise to denial of service
– Spoofing
• Signal which was disguised as a valid signal
– Relay
• Relay received signal
11
12. FFRI,Inc.
Can You Trust Autonomous Vehicles: Contactless Attacks
against Sensors of Self-driving Vehicle (2)
• Attacking Ultrasonic Sensors
– This sensor measures the distance to obstacle
– Researchers experimented two types of attack
• Jamming
– Irradiate the ultrasonic wave to the sensor
– The sensor can't receive reflected wave
– Therefore, Sensor doesn't recognize the obstacle
• Spoofing
– Irradiate ultrasonic waves of equivalent the output and
waveform to the sensor
– The sensor was misidentified the obstacle distance
– Experiment equipment was made with the Arduino and ultrasonic
transducer
– This attack can provoke crash deliberately
12
13. FFRI,Inc.
Can You Trust Autonomous Vehicles: Contactless Attacks
against Sensors of Self-driving Vehicle (3)
• Attacking Millimeter Wave Radar
– This sensor measures distance to the obstacle of front
– For Front collision avoidance and traffic-aware cruise control
– Researchers experimented two types of attack
• Jamming (76 - 77 GHz)
– Obstacle couldn't detect
• Spoofing
– The Sensor was mistaking the distance between the
obstacle and car
• Comments of FFRI researcher
– The result has big impact, because it verified at the actual vehicle
– Equipment for attacking the ultrasonic sensors is not expensive
– We feel the possibility of actually attack
13
14. FFRI,Inc.
Into The Core – In-Depth Exploration of
Windows 10 IoT Core (1)
• Research of Windows 10 IoT Core
• The security features
– Windows Defender is unsupported
– Microsoft Passport is unsupported
• Two-factor authentication by Windows Hello (biometric) or
PIN
– Secure boot
• If the boot target hadn't attestation, the system wouldn't boot
– It‘s protected system from rootkit and bootkit
– BitLocker
• Encryption of user and system files
– Windows Update is forced, but the Pro edition can postponement
14
15. FFRI,Inc.
Into The Core – In-Depth Exploration of
Windows 10 IoT Core (2)
• Network services and drivers
– It has many wireless driver (Wi-Fi, Bluetooth, ZigBee, Z-Wave)
• If the driver was attacked, system privilege will be hijacked
– UDP multicast
• Windows IoT devices are informing oneself by using the UDP
multicast
• Anyone can check the device name, IP address and others in the
packet
• Debugging with PC
– IoT device (Raspberry Pi 3), USB-UART adapter(Shikra)
– Activates serial debug on the device by using SSH or PowerShell
– Debugging kernel using WinDbg at the COM port
– Other approaches, debugging user mode process, analyzing crash
dump
15
16. FFRI,Inc.
Into The Core – In-Depth Exploration of
Windows 10 IoT Core (3)
• How to mitigate security risk of the Windows 10 IoT device
– Network segmentation
• You should separate PC and server from IoT devices
• Measures against the infection from the internal network
– Using firewall to protect network services
– Using hardware which support the TPM
• E.g.) Minnowboard + Dragonboard, Raspberry Pi + Discrete TPM
– Using BitLocker and Secure boot
• Conclusion
– Device maker should be careful about security setting
• Comments of FFRI researcher
– We also pointed out that the security of Win10 IoT Core in the past
– This research has novelty as proposing various hardware and
research technique
16
17. FFRI,Inc.
GATTAttacking Bluetooth Smart Devices –
Introducing A New BLE Proxy Tool (1)
• Gattacker is a proxy tool for BLE
• This tool can attack the device of Unencrypted communication
– It is possible to attack the device of unencrypted communication by MITM
• For example
– Sniffing and DoS for BLE smartLock
• Attacker can unlock smartlock house or car at any time by sniffed data
• Attacker, also it is possible to interfere with the locking by inhibiting the
valid operation
– Attacker can intrude payment process on BLE
• MITM flow
– GATTacker will monopolize advertising packet of BLE device
– GATTacker also sends advertising packet
– GATTacker receives an application request
– GATTacker bridges the device without being noticed
– As a result of the above, allows sniffing and modification of communication
17
18. FFRI,Inc.
GATTAttacking Bluetooth Smart Devices –
Introducing A New BLE Proxy Tool (2)
• Countermeasure to attacks on exposed services(E.g. payment)
– Provider is setting the deadline for expose the services
• Countermeasure to attacks on pairing
– Encryption of BLE
– Random MAC Address
– Whitelist of MAC addresses
• Comments of FFRI researcher
– You should combine whitelist filtering and other countermeasure
because MAC address can camouflaged
18
19. FFRI,Inc.
GreatFET: Making GoodFET Great Again (1)
• GeatFET is improved version of the GoodFET
• GoodFET is an open-source JTAG adapter
– More than twenty variants of the GoodFET hardware
platform were developed
• http://goodfet.sourceforge.net/
• Issue of GoodFET
– Software is complex and difficult to maintain
– Higher speed peripherals not available
• Interfaces such as SPI are implemented by bit-banging
19
20. FFRI,Inc.
GreatFET: Making GoodFET Great Again (2)
• GreatFET Advantages
– This tool is using LPC4330 of higher performance microcontroller
with USB interface
– LPC4330 can use the USB boot loader at just push one button
– It supports the tractable expansion interface at called a
"neighbor“
• GreatFET demerits
– GreatFET takes longer to hand-assemble than GoodFET because
parts are increased
• Comments of FFRI researcher
– This tool is good is that the high-performance peripheral device
can be used
– The cost take more than GoodFET
– It is recommended if you require higher performance
– Hand-assemble takes the technique of electronic work
20
21. FFRI,Inc.
21
Conclusions
• Cyberattack for Vehicle and IoT got to more realistic
– The vehicle was hijacked from remote during high-speed driving
– Tool was released for BLE MITM Attack more easily
• BLE is one of the most important protocol for IoT
• Research of defense technology is also making progress
– Each country is doing research for defense based on the
previous research
– Each industry are conducted the bug bounty program for
getting the advantage against the attacker side
• The Black Hat USA was excellent again this year
– There are many other interesting research are published
22. FFRI,Inc.
22
References
• Black Hat USA 2016
– https://www.blackhat.com/us-16/
• DEF CON
– https://www.defcon.org/html/defcon-24/dc-24-schedule.html
• CANSPY: A Platform For Auditing CAN Devices
– https://www.blackhat.com/docs/us-16/materials/us-16-Demay-CANSPY-A-Platorm-For-Auditing-
CAN-Devices-wp.pdf
• Advanced CAN Injection Techniques For Vehicle Networks
– https://www.blackhat.com/us-16/briefings.html#advanced-can-injection-techniques-for-vehicle-
networks
• Into The Core – In-Depth Exploration of Windows 10 IoT Core
– https://www.blackhat.com/docs/us-16/materials/us-16-Sabanal-Into-The-Core-In-Depth-
Exploration-Of-Windows-10-IoT-Core-wp.pdf
• GATTacking Bluetooth Smart Devices Introducing a New BLE Proxy Tool
– https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-
Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf
• GreatFET: Making GoodFET Great Again
– https://www.blackhat.com/docs/us-16/materials/us-16-Ossmann-GreatFET-Making-GoodFET-
Great-Again-wp.pdf
• Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle
– https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-
Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles-WP.pdf