La ingeniería inversa y el análisis de seguridad de dispositivos hardware suele requerir herramientas especializadas que el usuario medio no tiene disponibles en casa. Durante esta charla presentaremos las herramientas y métodos básicos a utilizar durante el análisis de este tipo de productos, buscando introducir a los asistentes en el mundo del hardware hacking sin necesidad de emplear excesivos recursos. Se empezará desde la búsqueda de información inicial, el análisis de interfaces interesantes (RS232, i2c, USB, etc ), pasando por la obtención del firmware utilizado por el dispositivo y finalmente por la emulación yo debugging en tiempo real del código utilizado por el dispositivo via JTAG. Para cada uno de estos aspectos se realizarán demostraciones sobre hardware común (off-the-shelf).
Software geeks fear hardware. It's a fact of life: code is easy to write and easy to change, but hardware catches on fire if you put it together wrong. But this is changing! Hardware is becoming cheaper and easier to work with every day and can often be managed with the same tools you use to deploy code to the cloud. Join self-described software guy and hardware-phobe Ronald McCollam for a guided trip from the safe world of web development to the scary lands of hardware and back again. We'll see how easy it can be to make the leap from managed code to microprocessors!
This presentations introduces some common protocols used in electronics, and how to sniff/speak them. Then a bit about USB, and some interesting hacks with these things.
Then a bit about openwrt and router hacking.
Presented by JP Dunning “.ronin” BlackHat Asia 2014; Demonstration of how to build a hardware based trojan at home. Create your own hardware of Trojan Virus. http://www.ehacking.net/2014/09/building-trojan-hardware-at-home.html
Software geeks fear hardware. It's a fact of life: code is easy to write and easy to change, but hardware catches on fire if you put it together wrong. But this is changing! Hardware is becoming cheaper and easier to work with every day and can often be managed with the same tools you use to deploy code to the cloud. Join self-described software guy and hardware-phobe Ronald McCollam for a guided trip from the safe world of web development to the scary lands of hardware and back again. We'll see how easy it can be to make the leap from managed code to microprocessors!
This presentations introduces some common protocols used in electronics, and how to sniff/speak them. Then a bit about USB, and some interesting hacks with these things.
Then a bit about openwrt and router hacking.
Presented by JP Dunning “.ronin” BlackHat Asia 2014; Demonstration of how to build a hardware based trojan at home. Create your own hardware of Trojan Virus. http://www.ehacking.net/2014/09/building-trojan-hardware-at-home.html
A talk I gave at Hackware v1.9 about my experience in using an Intel Edison in my company's product.
The video of my talk can be found here: https://engineers.sg/v/828
Introduction to ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
Introduction to ESP32 programming using official development framework, ESP-IDF and Arduino for ESP32.
Every demo code is published in this github repository:
https://github.com/alwint3r/RTR_Surabaya2017
Arduino Meetup with Sonar and 433Mhz Radiosroadster43
These are slides from our meetup. We give a quick intro to Arduino and then work thru a series of tasks. First we integrate the HC-SR04 sonar then transmit JSON with the cheap 433MHz radios. And finally we add a receiver to hear what others are transmitting.
The example code is on github here:
https://github.com/fwin-dev/arduino_sonar_web_api
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
Video here, thanks to archive.org:
https://archive.org/details/ShmooCon2014_Controlling_USB_Flash_Drive_Controllers
With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name brands" on the market. These flash controllers have capabilities that aren't mentioned on product packaging, and can be enabled with programming you will learn during this presentation. These flash controllers can be *reprogrammed entirely* via software to do whatever you want.
Turn an old flash drive into an emulated CDROM or a CDROM + flash drive. Update the controller's firmware, disassemble it, etc. This talk will touch on the various controller manufacturers, features, and show you how to leverage them for yourself. Why spend $100 on an old SanDisk[tm] U3 Cruiser when you can spend $4 for the same features?
Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. He writes and releases scripts in support of his work on github at http://github.com/warewolf. Outside of his day job, he can be found hacking on projects at the Reston, VA hackerspace Nova Labs http://www.nova-labs.org.
lesson2 - Nodemcu course - NodeMCU dev BoardElaf A.Saeed
1- What is NodeMCU.
2- NodeMCU Instillation in Arduino IDE.
3- Simple Projects with NodeMCU (Sensors & Actuators)
4- NodeMCU with Communication protocols.
5- Connection NodeMCU with Wi-Fi.
6- Use NodeMCU as Clients & Server.
7- Different Platform uses with IOT application.
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015CODE BLUE
A few months ago I publicly disclosed an Apple EFI firmware zero day. It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time. EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog. Very few tools exist to chase them.
This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.
Thunderstrike 2 (to be presented at BlackHat) is a fine example of the power of EFI rootkits and the problems they present.
Making wearables with NodeMCU - FOSDEM 2017Etiene Dalcol
NodeMCU is an open hardware IoT platform based on eLua for the ESP8266 microcontroller. It allows creating low-cost projects using Wi-Fi and easy scripting in Lua, which makes it great for making wearables, for example. In this talk I'll give an introduction to the platform, show how I built an audio reactive graduation dress and share the materials to get you started on your own wearable project. This talk is ideal for beginners to hardware hacking or Lua enthusiasts looking for project inspiration.
Manu Quintans y Frank Ruiz - All Your Crimeware Are Belong To Us! [RootedCON ...RootedCON
El objetivo de la presentación es el de transmitir al publico, de como funcionan las bandas criminales en internet desde un punto de vista técnico sin dejar de lado una pequeña introducción historica para los asistentes no familiarizados con el mundo del cibercrimen. Durante la presentación se hablara de los proveedores Offshore más activos e situado en Europa del este. Dicho ISP constituye uno de los recursos más activos del Crimeware mediante el cual se distribuyen una importante cantidad de códigos maliciosos, malware, crimepacks, botnets, iframers, tdsSystems y un largo ETC…. El indice de la presentación tendrá una estructura similar a la siguiente:
Un poco de Historia (Breve introducción al cibercrimen)
Infraestructura enumerando máquinas, dominios, etc? (Como tienen montado el chiringuito)
Dibujo de la organización, responsabilidades…(Vamos a mostrar, nombres, responsabilidades,horarios de trabajo)
Donde compran ellos su infraestructura (es realmente offshore??) (sacaremos algún leak que demuestra nuestras sospechas y se verán contrastadas nuestras suposiciones)
¿Que cuesta ser malo? (Kids Don’t do it!) (Cuanto invierte un malote)
Donde venden y compran servicios.
Servicios más relevantes que ofrecen, trafico, vps, vpn, marketplaces, mulas, etc.. (Cual es el éxito de su servicio) ‘lo prueban por su calidad y se quedan por el servicio técnico’
Análisis de los crimewares encontrados más relevantes y conocidos. Los clasicos Spyeye, Zevs, etc….
Análisis de los crimewares más raros y privados encontrados. (Bazar Bizarro)
Conclusiones y agradecimientos.
El contenido de la ponencia será completamente 100% real. se mantendrá la frescura de los datos en exclusiva para la la RootedCon, de está manera está presentación no se volverá a repetir en ningún congreso Por otro lado se sombrearan los datos que se considere que puedan perjudicar y causar un impacto negativo sobre los mismos. Toda la información que se cite durante la ponencia será con fines educacionales y a pesar de los títulos en ningún momento se incitara a cometer actos delictivos. Todos los datos adquiridos han sido fruto de colaboración empresas y autoridades que nos facilitan la publicación de los datos.
A talk I gave at Hackware v1.9 about my experience in using an Intel Edison in my company's product.
The video of my talk can be found here: https://engineers.sg/v/828
Introduction to ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
Introduction to ESP32 programming using official development framework, ESP-IDF and Arduino for ESP32.
Every demo code is published in this github repository:
https://github.com/alwint3r/RTR_Surabaya2017
Arduino Meetup with Sonar and 433Mhz Radiosroadster43
These are slides from our meetup. We give a quick intro to Arduino and then work thru a series of tasks. First we integrate the HC-SR04 sonar then transmit JSON with the cheap 433MHz radios. And finally we add a receiver to hear what others are transmitting.
The example code is on github here:
https://github.com/fwin-dev/arduino_sonar_web_api
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
Video here, thanks to archive.org:
https://archive.org/details/ShmooCon2014_Controlling_USB_Flash_Drive_Controllers
With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name brands" on the market. These flash controllers have capabilities that aren't mentioned on product packaging, and can be enabled with programming you will learn during this presentation. These flash controllers can be *reprogrammed entirely* via software to do whatever you want.
Turn an old flash drive into an emulated CDROM or a CDROM + flash drive. Update the controller's firmware, disassemble it, etc. This talk will touch on the various controller manufacturers, features, and show you how to leverage them for yourself. Why spend $100 on an old SanDisk[tm] U3 Cruiser when you can spend $4 for the same features?
Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. He writes and releases scripts in support of his work on github at http://github.com/warewolf. Outside of his day job, he can be found hacking on projects at the Reston, VA hackerspace Nova Labs http://www.nova-labs.org.
lesson2 - Nodemcu course - NodeMCU dev BoardElaf A.Saeed
1- What is NodeMCU.
2- NodeMCU Instillation in Arduino IDE.
3- Simple Projects with NodeMCU (Sensors & Actuators)
4- NodeMCU with Communication protocols.
5- Connection NodeMCU with Wi-Fi.
6- Use NodeMCU as Clients & Server.
7- Different Platform uses with IOT application.
Is there an EFI monster inside your apple? by Pedro Vilaça - CODE BLUE 2015CODE BLUE
A few months ago I publicly disclosed an Apple EFI firmware zero day. It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time. EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog. Very few tools exist to chase them.
This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.
Thunderstrike 2 (to be presented at BlackHat) is a fine example of the power of EFI rootkits and the problems they present.
Making wearables with NodeMCU - FOSDEM 2017Etiene Dalcol
NodeMCU is an open hardware IoT platform based on eLua for the ESP8266 microcontroller. It allows creating low-cost projects using Wi-Fi and easy scripting in Lua, which makes it great for making wearables, for example. In this talk I'll give an introduction to the platform, show how I built an audio reactive graduation dress and share the materials to get you started on your own wearable project. This talk is ideal for beginners to hardware hacking or Lua enthusiasts looking for project inspiration.
Manu Quintans y Frank Ruiz - All Your Crimeware Are Belong To Us! [RootedCON ...RootedCON
El objetivo de la presentación es el de transmitir al publico, de como funcionan las bandas criminales en internet desde un punto de vista técnico sin dejar de lado una pequeña introducción historica para los asistentes no familiarizados con el mundo del cibercrimen. Durante la presentación se hablara de los proveedores Offshore más activos e situado en Europa del este. Dicho ISP constituye uno de los recursos más activos del Crimeware mediante el cual se distribuyen una importante cantidad de códigos maliciosos, malware, crimepacks, botnets, iframers, tdsSystems y un largo ETC…. El indice de la presentación tendrá una estructura similar a la siguiente:
Un poco de Historia (Breve introducción al cibercrimen)
Infraestructura enumerando máquinas, dominios, etc? (Como tienen montado el chiringuito)
Dibujo de la organización, responsabilidades…(Vamos a mostrar, nombres, responsabilidades,horarios de trabajo)
Donde compran ellos su infraestructura (es realmente offshore??) (sacaremos algún leak que demuestra nuestras sospechas y se verán contrastadas nuestras suposiciones)
¿Que cuesta ser malo? (Kids Don’t do it!) (Cuanto invierte un malote)
Donde venden y compran servicios.
Servicios más relevantes que ofrecen, trafico, vps, vpn, marketplaces, mulas, etc.. (Cual es el éxito de su servicio) ‘lo prueban por su calidad y se quedan por el servicio técnico’
Análisis de los crimewares encontrados más relevantes y conocidos. Los clasicos Spyeye, Zevs, etc….
Análisis de los crimewares más raros y privados encontrados. (Bazar Bizarro)
Conclusiones y agradecimientos.
El contenido de la ponencia será completamente 100% real. se mantendrá la frescura de los datos en exclusiva para la la RootedCon, de está manera está presentación no se volverá a repetir en ningún congreso Por otro lado se sombrearan los datos que se considere que puedan perjudicar y causar un impacto negativo sobre los mismos. Toda la información que se cite durante la ponencia será con fines educacionales y a pesar de los títulos en ningún momento se incitara a cometer actos delictivos. Todos los datos adquiridos han sido fruto de colaboración empresas y autoridades que nos facilitan la publicación de los datos.
José Miguel Esparza y Mikel Gastesi - Social Engineering in Banking Trojans: ...RootedCON
La ingeniería social es el arte de obtener información confidencial a través de la manipulación de la persona que tiene ese conocimiento. La base de esta técnica es que las personas siempre suelen ser el eslabón más débil en un sistema securizado, ya que normalmente siempre hay una persona que sabe cómo acceder a él. La idea es que es más fácil manipular a una persona que al sistema en sí mismo. La banca online no es una excepción. En este caso, las personas más vulnerables son los propios usuarios, los clientes finales de los bancos, y el objetivo es acceder a sus cuentas. Para ello se utilizan troyanos bancarios, pero no se deja de lado la ingeniería social, sino que ésta aparece en forma de inyecciones HTML o redirecciones a sitios de phishing, siendo las primeras las más sofisticadas. Es impresionante ver cómo cada vez que un banco añade una barrera de seguridad ésta se salta sin problemas gracias a la ingeniería social y a la ingenuidad de los usuarios. Por lo tanto, ¿sigue siendo rentable invertir en medidas de seguridad sabiendo que no podemos controlar a los usuarios?¿existe alguna contramedida contra la ingeniería social?
Pese a que la criptografía matemática es en general bastante segura en cuanto a algoritmia y protocolos, a la hora de realizar implementaciones prácticas es fácil subvertir esa seguridad inicial añadiendo vectores de ataque que permiten ‘explotar’ vulnerabilidades que pongan en peligro la seguridad. La charla versará sobre ejemplos prácticos de como atacar y sacar partido a herramientas criptográficas de amplio uso (SmartCards, certificados SSL, comunicaciones seguras, etc) Junto con la charla se presentará y liberará un ejemplo de ‘Troyano’ que ataca al DNI-E haciendo operaciones seguras de forma desatendida una vez robado el PIN 3. Relación de temas
Problemas relacionados con gestión de certificados SSL (no verificabilidad, falsa sensación de seguridad, fallos en procesos de registro)
Problemas relacionados con certificados en formato PKCS#12
Problemas relacionados con comunicaciones seguras cifradas (ataques MitM avanzados)
Vectores prácticos de ataques a SmartCards (Dni-e)
Guillermo Grande y Alberto Ortega - Building an IP reputation engine, trackin...RootedCON
La presentación tratará acerca del sistema de reputación IP, accesible de forma libre, desarrollado en Alienvault. Se explicará el funcionamiento de todas sus partes, lo que incluye sus fuentes de información, las metodologías de recopilación de datos y el procesado de los mismos. Se tratarán temas como análisis automatizado de malware, algoritmos para perfilar datos y evitar falsos positivos, la forma de recibir retroalimentación, el uso de recursos muy diferentes en el sistema, así como las dificultades que hemos tenido a la hora de desarrollarlo.
Pedro Sánchez - Hospital Central. Historia de una extorsión [RootedCON 2012]RootedCON
¿Te crees que bastionando tu servidores estás seguro?, Tienes PKI, Certificados, SSL, e-DNI, IPSEC,mucha experiencia en seguridad, dispones de certificaciones y eres muy considerado en el sector, ¿pero? ¿le has preguntado a la secretaria de tu director? ¿sabes como y donde almacena las contraseñas tu director comercial?
Hospital Central, pretende enseñar a los asistentes como se realizo una auditoría a un hospital utilizando mecanismos de ingeniería social y como se obtuvo el control del hospital en menos de 24 horas. Nada de exploits, nada de SQL Injection. Tan solo la utilización de técnicas y troyanos humanos.
Jaime Peñalba y Javier Rodríguez - Live Free or Die Hacking [RootedCON 2012]RootedCON
Desde hace tiempo se ha tendido a criminalizar algunas actividades relacionadas con el mundo de la seguridad informática creando nuevas leyes o endureciendo las existentes con el fin de ampliar el control sobre las comunicaciones y los usuarios.
Teniendo en cuenta esta situación que ha sido agravada por las actuaciones de determinados colectivos; algunas practicas de la seguridad informática que antes podían justificarse como pura “”curiosidad”" se han convertido en un delito y pueden terminar en situaciones desagradables.
La charla tratara sobre los métodos que podemos utilizar para evitar que nuestra curiosidad se vuelva contra nosotros y terminemos recibiendo alguna visita “”non grata”". Mostraremos técnicas para conseguir anonimato en Internet y evitar ser trazados, como utilizar “”otros”" sistemas sin que nadie se percate de nuestra presencia, etc… En resumen: como se podría “”curiosear”" sin terminar enjaulado. Todo esto se demostrara utilizando herramientas propias, parte de las cuales serán liberadas al público tras finalizar la conferencia.
Chema Alonso y Manu "The Sur" - Owning “bad” guys {and mafia} with Javascript...RootedCON
En esta sesión se verá el funcionamiento de las javascript botnets, se analizarán entornos de despliegue y explotación, y acciones que pueden llevarse a cabo. Además, la sesión mostrará resultados de un estudio realizado a través de servidores proxy, nodos TOR y Rogue APs, que han permitido desplegar un sistema de prueba.
Lorenzo Martínez - Welcome to your secure /home, $user [Rooted CON 2012]RootedCON
El objetivo de la conferencia es exponer cómo se puede llevar a cabo, de forma lo más sencilla y estructurada posible, la coexistencia de diversos elementos cotidianos en las casas actuales, controlados por un único sistema, con la finalidad de mejorar la seguridad del lugar donde más tranquilos deberíamos estar: nuestra propia vivienda. Se explicará cómo diseñar un mecanismo de seguridad física casero basado en:
Mecanismos de monitorización mediante cámaras web genéricas, con técnicas de reconocimiento facial de los habitantes de la casa, así como detección por bluetooth.
Grabación de videos a sospechosos
Interacción con una alarma controlable vía TCPIP
Reconocimiento facial de personas clasificadas como “buscadas por las autoridades”, en modo lista negra, integrado con el aviso teléfonico a la policía mediante una centralita basada en VoIP, indicando la ubicación de qué persona de dicha lista, se encuentra en el domicilio.
Sistema de notificaciones de las alertas a Twitter, correo y mensajería instantánea.
Asimismo, se hablará de automatización de mecanismos de control de aire acondicionado/calefacción, robots dedicados a la limpieza y estaciones meteorológicas, demostrando que cualquier elemento casero con interfaz de red, puede ser un sistema SCADA. Además de implementar un sistema de autenticación biométrica, aprovechando el reconocimiento facial de quien entra en la casa, se podrá disponer de una lista blanca de usuarios, sobre los que poder personalizar un mensaje de bienvenida para cada usuario, pudiendo avisarle de diversos aspectos.
Juan Garrido - Corporate Forensics: Saca partido a tu arquitectura[RootedCON ...RootedCON
En los tiempos que corren, la asentada crisis, y los presupuestos cayendo en picado, arquitectos de sistemas, así como técnicos, se pueden ver en un aprieto, a la hora de necesitar realizar recogida de evidencias corporativas, en el caso de no poder contar con las herramientas adecuadas, por falta de presupuesto. En esta sesión, se aportará un enfoque práctico sobre este problema, incidiendo en presentar la arquitectura corporativa como una solución, más que un problema. Para ello, se aportarán ideas que permitan, por ejemplo, extraer datos en caliente de un equipo, o grupo de equipos, sin la tediosa tarea de realizar una imagen completa al mismo. Todo ello utilizando la infraestructura existente y sin necesidad de herramientas de terceros. También se presentarán ideas sobre cómo almacenar Logs de equipos críticos en BBDD, sin utilizar para ello aplicaciones residentes ni complejos proyectos. Toca remangarse y scriptar!!
Carlos Díaz y Fco. Jesús Gómez - CMD: Look who's talking too [RootedCON 2012]RootedCON
“DNS: Internet Dial-Tone”; Partiendo de esta premisa y con la vista puesta en el método de distribución de ‘malware’ presentado en 2011 (Cloud Malware Distribution), intentaremos mostrar de forma dinámica los resultados obtenidos después de algunos meses de trabajo focalizado en las comunicaciones, tanto en la parte de control como en la fuga de información, de las ‘botnets’. Por supuesto con el protocolo DNS con un papel protagonista. Jugaremos con tres parámetros fundamentales que tendremos que equilibrar:
Nivel de exposición de la infraestructura del atacante.
Recursos y complejidad.
Ancho de banda en la comunicación.
El objetivo final es concienciar de la importancia de poner el foco en este protocolo como se ha hecho en otros. Nuestros resultados, y los resultados obtenidos por proveedores de seguridad e investigadores en los últimos meses avalan la posición que defendemos.
It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded ...Priyanka Aash
With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area, the used operating systems are summarized with the term firmware. The devices themselves, also called embedded devices, are essential in the private and industrial environments as well as in the so-called critical infrastructure.
Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection: With EMBA you always know which public exploits are available for the target firmware. Besides the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this, EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more.
EMBA is the open-source firmware scanner, created by penetration testers for penetration testers.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://www.blackhat.com/us-22/arsenal/schedule/index.html#emba--open-source-firmware-security-testing-26596
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://forum.defcon.org/node/242109
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device.
This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried.
Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon
Hardware hacking hit the news quite often in 2017, and a lot of pentesters tried to jump into the band wagon and discover the joy of hacking things rather than servers or applications. But most of them are only looking for rootz shellz and p0wning embedded Linux operating systems rather than doing what we really call "hardware hacking". In this talk, we are going to hack a Bluetooth Low Energy smartlock, from its printed circuit board to a fully working exploit, as well as its (wait for it) associated mobile application you need to install to operate this thing.
This talk is not only an introduction into the field of hardware hacking, but also a good way to dive into electronics and its specific protocols, and of course into microcontrollers and System-on-chip reverse engineering. We will cover some electronics basic knowledge as well as tools and classic methodologies when it comes at analyzing an IoT device and will provide tips and tricks based on our experience but our failures too.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
13. Interesting interfaces
Interface Typical uses
RS232 Shells , debug output
Debug output, peripheral management,
i2c / SPI
serial EEPROM, ...
JTAG Testing and debugging
USB / Ethernet / SATA / Etc Same as your PC ;-)
37. Key security features
Feature Description
Internal boot code / core must assure
Secure boot
integrity of loaded firmware
Security subsystem must assure integrity
Runtime integrity
of running code
Debug interfaces must either be disabled
Interface protection
or (securely) protected
Sensitive keys must be stored within the
Key storage chipset and not readable to the
application
Content stored in external memory
(RAM) during runtime must be protected
External memory protection
from attackers.
(scrambling and maybe authentiaction)
Need to withstand SCA/FI attacks in
Protected crypto cores
order to properly protect keys.
38. Conclusion
• Embedded hacking = FUN
• Attacker’s challenges
– Info gathering often difficult
– Interfacing trickier than with software
• Defender’s challenges
– Device running under hostile environment
39. Shopping list
Item Price
Arduino / Other dev boards 20-60€ each / 20 to 300€
Bus Pirate 25€
Bus Blaster / GoodFET 30€ / DIY
Openbench Logic Sniffer / Saleae Logic Analyzer 40€ / 120€
Cables, solder, screwdrivers, probes, ... -
DSO Oscilloscope Nano / Quad 70€ / 150€
USB Microscope ~20 €
OpenVizsla (when available) 100 – 200 EUR
40. Some things to look at
• Routers, modems, STBs, MFPs ...
• Gaming consoles, modern TVs
• PC parts
• (Smart)phones
• Smart meters, alarms, SCADA/PLCs...
• Car or vehicle electronics
• Home appliances, domotics
• Gadgets
41. HW Hacking resources
• Hack a day – www.hackaday.com
• /dev/ttyS0 – www.devttys0.com
• Bunnie’s blog – www.bunniestudios.com
• Debugmo.de – debugmo.de
• Pagetable – www.pagetable.com
• HW vendors’ forums: SeedStudio, Sparkfun ,
adafruit.com, Dangerous Prototypes , ...
• Fritzing – www.fritzing.org
• [... The list goes on ...]