SlideShare a Scribd company logo
How to build
Big Brother
Tim Yunusov
@a66at
How to build
Big Brother
With blackjack and h kers
With 3G modems and hackers
Tim Yunusov
@a66at
About me
Tim Yunusov
Senior Expert, Application Security
Positive Technologies
https://uk.linkedin.com/in/tyunusov
tyunusov@ptsecurity.com
@a66at
When/Who/Where/And why???
2014-2015
When/Who/Where/And why???
2014-2015
«root via SMS» SCADAStrangeLove
https://youtu.be/T9AFFIVpCa8
Russia and the whole world
When/Who/Where/And why???
2014-2015
«root via SMS» SCADA Strange Love
https://youtu.be/T9AFFIVpCa8
Russia and the whole world
Cause nobody cares(((
Boring stats
Boring stats
>10 (8 diff) 3G/4G modems/routers
75% vulns to RCE/fw modification
60% RCE are 0days
Boring stats
~60 000 devices/1M/Telco
5000 devices/1W/SecurityLab
100% vulns to RCE/fw
modification
How
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
Identification
WHOIS
Fingerprinting
Public Databases
Fingerprinting
<img src="http://192.168.0.1/img/1.png"
style="height:0;width:0;" onload="set('1')">
<img src="http://192.168.0.1/img/2.jpg"
style="height:0;width:0;" onload="set('2')">
<img src="http://hostname/img/3.png"
style="height:0;width:0;" onload="set('3')">
<img src="http://127.0.0.1:5000/request"
style="height:0;width:0;" onload="set('4')">
Fingerprinting
mini_httpd/1.19 19dec2003 /html/index.html
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
Code Injection
Public exploits + old FW
Blackbox
FW Access + FW RE + IDA
FW modification + Arbitrary upload
Code Injection
Code Injection
?action=ping || shutdown –r 0 ||
?date=;ping%20blahblah.com;%20
Code Injection
?action=ping || shutdown –r 0 ||
?date=;ping%20blahblah.com;%20
Code Injection
FW Access + FW RE + WEB DISASSM
Greetings:
• Kirill Nesterov
• Dmitry Sklyarov
Code Injection
FW Access + FW RE + #USETHEFORCE
Code Injection
FW modification + Arbitrary upload
• Integrity attacks
• Remote uploading (CSRF/XSS)
• Local upload (diag mode)
Code Injection
Integrity attacks
• FW encrypted via RC4
• RSA digital signature + SHA1
Code Injection
Integrity attacks
Code Injection
FW encrypted via RC4
• Constant keystream FAIL
• Part1 XOR Part2 FAIL
• FW1 XOR FW2 FAIL
• Lot of plaintext (CDROM) FAIL
Code Injection
FW encrypted via RC4 FAIL
• Constant keystream FAIL
• Part1 XOR Part2 FAIL
• FW1 XOR FW2 FAIL
• Lot of plaintext (CDROM) FAIL
Code Injection
RSA Digital Signature +SHA1
AR: !<arch>:
• FW files
• pkginfo: <7742526>
• sign=RSA(SHA1(FW[0..7742526]))
Code Injection
RSA Digital Signature +SHA1
AR: !<arch>:
• FW files
• pkginfo: <7742526>
• sign=RSA(SHA1(FW[0..7742526]))
Code Injection
RSA Digital Signature +SHA1
AR: !<arch>:
• FW files
• pkginfo: <7742526>
• sign=RSA(SHA1(FW[0..7742526]))
Code Injection
RSA Digital Signature +SHA1
ar --add data.tar.gz
ar -v
• data.tar.gz
• sign
• pkginfo
• data.tar.gz
Code Injection
RSA Digital Signature +SHA1 FAIL
ar --add data.tar.gz
ar -v
• data.tar.gz
• sign
• pkginfo
• data.tar.gz
Code Injection
FW uploading via CSRF
http://blog.kotowicz.net/2011/04/how-to-upload-arbitrary-file-
contents.html
Code Injection
FW uploading via XSS
HUAWEI PSIRT 436642 (2015-05-29)
http://www1.huawei.com/en/security/p
sirt/security-bulletins/security-
notices/archive/hw-436642.htm
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
Data Interception
Cell ID
WiFi
SMS
HTTP
SSL
Data Interception
Cell ID + http://opencellid.org/
• RCE
• XSS
Data Interception
Wi-Fi
Data Interception
SMS
Data Interception
HTTP
• ARP spoofing
• DNS spoofing
Data Interception
SSL
• Host RCE
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
GEO(!) + IMSI =
• Fake BTS + Binary SMS
• OSMO + Radio dump
+ Kraken
https://media.blackhat.com/us-13/us-13-nohl-
rooting-sim-cards-slides.pdf
SIM Cloning + GSM attacks
#USETHEFORCE
SIM Cloning + GSM attacks
Diag Mode
SIM Cloning + GSM attacks
Send AT commands
AT+CMGF=0
SIM Cloning + GSM attacks
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
Host Infection
BadUSB
Fake diagnostic tools/CDROM
HTML Injection + 0day
Even real diagnostic tools =))
Host Infection
Drive By Download
CD-ROM
Host Infection
HTML Injection + 0day
Host Infection
Kudos to @cyberpunkych
Lots of other stuff at http://yota.hlsec.ru
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
APT
APT
Subscribers attacks subscribers
• LISTEN 0.0.0.0:80
• Firewalls
How
Identification
Code injection
Data interception
SIM cloning / GSM Attacks
Host Infection
APT
Resume
KUDOS
@cyberpunkych
@GIFTSUNGIVEN
@SCADASL
D. Sklyarov
K. Nesterov
Write me ;-)
Tim Yunusov
https://uk.linkedin.com/in/tyunusov
tyunusov@ptsecurity.com
@a66at

More Related Content

What's hot

Hacking a Professional Drone
Hacking a Professional DroneHacking a Professional Drone
Hacking a Professional Drone
Priyanka Aash
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
SalmenHAJJI1
 
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
SalmenHAJJI1
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Priyanka Aash
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
Babaa Naya
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
Babaa Naya
 
Ccna security v2 instructor_ppt_ch11
Ccna  security v2 instructor_ppt_ch11Ccna  security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11
SalmenHAJJI1
 
EIGRP + MD5 Authentication Implementing
EIGRP + MD5 Authentication ImplementingEIGRP + MD5 Authentication Implementing
EIGRP + MD5 Authentication Implementing
Ankur Soni
 
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
SalmenHAJJI1
 
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
RootedCON
 
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
RootedCON
 

What's hot (14)

Hacking a Professional Drone
Hacking a Professional DroneHacking a Professional Drone
Hacking a Professional Drone
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6
 
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodrones
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
 
Ccna security v2 instructor_ppt_ch11
Ccna  security v2 instructor_ppt_ch11Ccna  security v2 instructor_ppt_ch11
Ccna security v2 instructor_ppt_ch11
 
EIGRP + MD5 Authentication Implementing
EIGRP + MD5 Authentication ImplementingEIGRP + MD5 Authentication Implementing
EIGRP + MD5 Authentication Implementing
 
Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3Ccna sv2 instructor_ppt_ch3
Ccna sv2 instructor_ppt_ch3
 
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]
 
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
Francisco Jesús Gómez & Carlos Juan Diaz - Sinfonier: Storm Builder for Secur...
 

Viewers also liked

Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
Defcon Moscow
 
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемыСМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
Payment Village
 
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
Mail.ru Group
 
Иван Новиков «Elastic search»
Иван Новиков «Elastic search»Иван Новиков «Elastic search»
Иван Новиков «Elastic search»
Mail.ru Group
 
Human computer confluence
Human computer confluenceHuman computer confluence
Human computer confluence
Università Cattolica del Sacro Cuore
 
Positive Technologies
Positive TechnologiesPositive Technologies

Viewers also liked (6)

Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
Defcon Moscow #9 - Timur Yunusov "Особенности проведения социотехнического те...
 
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемыСМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы
 
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
Юнусов Тимур «Особенности проведения социотехнического тестирования на проник...
 
Иван Новиков «Elastic search»
Иван Новиков «Elastic search»Иван Новиков «Elastic search»
Иван Новиков «Elastic search»
 
Human computer confluence
Human computer confluenceHuman computer confluence
Human computer confluence
 
Positive Technologies
Positive TechnologiesPositive Technologies
Positive Technologies
 

Similar to How to build Big Brother

Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Positive Hack Days
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
Flavio Eduardo de Andrade Goncalves
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
Tiago Henriques
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
台灣資料科學年會
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"
DefCamp
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking Point
MUK Extreme
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
Internet Society
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's  more than cracking WEPWireless Pentesting: It's  more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
Joe McCray
 
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Praetorian
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
keyalea
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
RootedCON
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
EC-Council
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
Daniel Stenberg
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
Felipe Prado
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
Daniel Stenberg
 
Media Files : Android's New Nightmare
Media Files :  Android's New NightmareMedia Files :  Android's New Nightmare
Media Files : Android's New Nightmare
Oguzhan Topgul
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
sonjeku1
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
EC-Council
 

Similar to How to build Big Brother (20)

Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
 
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking Point
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's  more than cracking WEPWireless Pentesting: It's  more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous Drones
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
 
Media Files : Android's New Nightmare
Media Files :  Android's New NightmareMedia Files :  Android's New Nightmare
Media Files : Android's New Nightmare
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
 

More from Payment Village

How I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prisonHow I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prison
Payment Village
 
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
Payment Village
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment Security
Payment Village
 
The white whales of fraud and where to find them
The white whales of fraud and where to find themThe white whales of fraud and where to find them
The white whales of fraud and where to find them
Payment Village
 
Breaking banks or saving them
Breaking banks or saving themBreaking banks or saving them
Breaking banks or saving them
Payment Village
 
Hack in Cash out OWASP London
Hack in Cash out OWASP LondonHack in Cash out OWASP London
Hack in Cash out OWASP London
Payment Village
 
Ради денег. Безопасность платежных терминалов
Ради денег. Безопасность платежных терминаловРади денег. Безопасность платежных терминалов
Ради денег. Безопасность платежных терминалов
Payment Village
 
Launch Impossible Current State of Application Control Bypasses on ATMs.
Launch Impossible Current State of Application Control Bypasses on ATMs.Launch Impossible Current State of Application Control Bypasses on ATMs.
Launch Impossible Current State of Application Control Bypasses on ATMs.
Payment Village
 

More from Payment Village (8)

How I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prisonHow I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prison
 
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
Unlocking Any Door In The 21st Century. Immersion In Biometric Security.
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment Security
 
The white whales of fraud and where to find them
The white whales of fraud and where to find themThe white whales of fraud and where to find them
The white whales of fraud and where to find them
 
Breaking banks or saving them
Breaking banks or saving themBreaking banks or saving them
Breaking banks or saving them
 
Hack in Cash out OWASP London
Hack in Cash out OWASP LondonHack in Cash out OWASP London
Hack in Cash out OWASP London
 
Ради денег. Безопасность платежных терминалов
Ради денег. Безопасность платежных терминаловРади денег. Безопасность платежных терминалов
Ради денег. Безопасность платежных терминалов
 
Launch Impossible Current State of Application Control Bypasses on ATMs.
Launch Impossible Current State of Application Control Bypasses on ATMs.Launch Impossible Current State of Application Control Bypasses on ATMs.
Launch Impossible Current State of Application Control Bypasses on ATMs.
 

Recently uploaded

University of Michigan, Ann Arbor degree offer diploma Transcript
University of Michigan, Ann Arbor degree offer diploma TranscriptUniversity of Michigan, Ann Arbor degree offer diploma Transcript
University of Michigan, Ann Arbor degree offer diploma Transcript
pcaex
 
What Is Non-Contact Measurement? Importance, Working And Devices
What Is Non-Contact Measurement? Importance, Working And DevicesWhat Is Non-Contact Measurement? Importance, Working And Devices
What Is Non-Contact Measurement? Importance, Working And Devices
VIEW
 
Sundar Pichai Net Worth: Know Google CEO's Earnings ...
Sundar Pichai Net Worth: Know Google CEO's Earnings ...Sundar Pichai Net Worth: Know Google CEO's Earnings ...
Sundar Pichai Net Worth: Know Google CEO's Earnings ...
shrivithakur
 
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
dizzycaye
 
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
andreassenrolf537
 
Second Victim policies in care of thr.pptx
Second Victim policies in care of thr.pptxSecond Victim policies in care of thr.pptx
Second Victim policies in care of thr.pptx
pictorial35
 
Arizona State University degree offer diploma Transcript
Arizona State University degree offer diploma TranscriptArizona State University degree offer diploma Transcript
Arizona State University degree offer diploma Transcript
pcaex
 
Boston University degree offer diploma Transcript
Boston University degree offer diploma TranscriptBoston University degree offer diploma Transcript
Boston University degree offer diploma Transcript
pcaex
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
parulpk4011
 
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
avanikakapoor
 
Lucknow Girls Call Nishatganj 08630512678 Girls Call Service
Lucknow Girls Call Nishatganj 08630512678  Girls Call ServiceLucknow Girls Call Nishatganj 08630512678  Girls Call Service
Lucknow Girls Call Nishatganj 08630512678 Girls Call Service
anilsa9823
 
California Institute of Technology degree offer diploma Transcript
California Institute of Technology degree offer diploma TranscriptCalifornia Institute of Technology degree offer diploma Transcript
California Institute of Technology degree offer diploma Transcript
pcaex
 
What is Optical Metrology? Important, Working, Features
What is Optical Metrology? Important, Working, FeaturesWhat is Optical Metrology? Important, Working, Features
What is Optical Metrology? Important, Working, Features
VIEW
 
Columbia University in the City of New York degree offer diploma Transcript
Columbia University in the City of New York degree offer diploma TranscriptColumbia University in the City of New York degree offer diploma Transcript
Columbia University in the City of New York degree offer diploma Transcript
pcaex
 
Playcar electronic schematics. Designed by ComfySpace
Playcar electronic schematics. Designed by ComfySpacePlaycar electronic schematics. Designed by ComfySpace
Playcar electronic schematics. Designed by ComfySpace
Thomas Nguyen
 
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
rhiannateal
 
Featured topics. Reels · About AIs on Instagram · Share a note with ...
Featured topics. Reels · About AIs on Instagram · Share a note with ...Featured topics. Reels · About AIs on Instagram · Share a note with ...
Featured topics. Reels · About AIs on Instagram · Share a note with ...
Virni Arrora
 
Illinois Institute of Technology degree offer diploma Transcript
Illinois Institute of Technology degree offer diploma TranscriptIllinois Institute of Technology degree offer diploma Transcript
Illinois Institute of Technology degree offer diploma Transcript
pcaex
 
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati secret soci...
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati  secret soci...※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati  secret soci...
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati secret soci...
Asa Samaul
 
Cape Breton University degree offer diploma Transcript
Cape Breton University degree offer diploma TranscriptCape Breton University degree offer diploma Transcript
Cape Breton University degree offer diploma Transcript
aseqa
 

Recently uploaded (20)

University of Michigan, Ann Arbor degree offer diploma Transcript
University of Michigan, Ann Arbor degree offer diploma TranscriptUniversity of Michigan, Ann Arbor degree offer diploma Transcript
University of Michigan, Ann Arbor degree offer diploma Transcript
 
What Is Non-Contact Measurement? Importance, Working And Devices
What Is Non-Contact Measurement? Importance, Working And DevicesWhat Is Non-Contact Measurement? Importance, Working And Devices
What Is Non-Contact Measurement? Importance, Working And Devices
 
Sundar Pichai Net Worth: Know Google CEO's Earnings ...
Sundar Pichai Net Worth: Know Google CEO's Earnings ...Sundar Pichai Net Worth: Know Google CEO's Earnings ...
Sundar Pichai Net Worth: Know Google CEO's Earnings ...
 
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
VIP Girls Call Navi Mumbai 9930245274 Provide Best And Top Girl Service And N...
 
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
竞猜欧洲杯app最好的-最好的竞猜欧洲杯app大全 |【​网址​🎉ac99.net🎉​】 .
 
Second Victim policies in care of thr.pptx
Second Victim policies in care of thr.pptxSecond Victim policies in care of thr.pptx
Second Victim policies in care of thr.pptx
 
Arizona State University degree offer diploma Transcript
Arizona State University degree offer diploma TranscriptArizona State University degree offer diploma Transcript
Arizona State University degree offer diploma Transcript
 
Boston University degree offer diploma Transcript
Boston University degree offer diploma TranscriptBoston University degree offer diploma Transcript
Boston University degree offer diploma Transcript
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
 
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
Hyderabad Girls call 000XX00000 Provide Best And Top Girl Service And No1 in ...
 
Lucknow Girls Call Nishatganj 08630512678 Girls Call Service
Lucknow Girls Call Nishatganj 08630512678  Girls Call ServiceLucknow Girls Call Nishatganj 08630512678  Girls Call Service
Lucknow Girls Call Nishatganj 08630512678 Girls Call Service
 
California Institute of Technology degree offer diploma Transcript
California Institute of Technology degree offer diploma TranscriptCalifornia Institute of Technology degree offer diploma Transcript
California Institute of Technology degree offer diploma Transcript
 
What is Optical Metrology? Important, Working, Features
What is Optical Metrology? Important, Working, FeaturesWhat is Optical Metrology? Important, Working, Features
What is Optical Metrology? Important, Working, Features
 
Columbia University in the City of New York degree offer diploma Transcript
Columbia University in the City of New York degree offer diploma TranscriptColumbia University in the City of New York degree offer diploma Transcript
Columbia University in the City of New York degree offer diploma Transcript
 
Playcar electronic schematics. Designed by ComfySpace
Playcar electronic schematics. Designed by ComfySpacePlaycar electronic schematics. Designed by ComfySpace
Playcar electronic schematics. Designed by ComfySpace
 
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
High End Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And N...
 
Featured topics. Reels · About AIs on Instagram · Share a note with ...
Featured topics. Reels · About AIs on Instagram · Share a note with ...Featured topics. Reels · About AIs on Instagram · Share a note with ...
Featured topics. Reels · About AIs on Instagram · Share a note with ...
 
Illinois Institute of Technology degree offer diploma Transcript
Illinois Institute of Technology degree offer diploma TranscriptIllinois Institute of Technology degree offer diploma Transcript
Illinois Institute of Technology degree offer diploma Transcript
 
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati secret soci...
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati  secret soci...※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati  secret soci...
※.+2.7.7.8.4.1.1.5.7.4.6.ஜ۩۞۩ஜ??#@$$가 등록함 how to Join illuminati secret soci...
 
Cape Breton University degree offer diploma Transcript
Cape Breton University degree offer diploma TranscriptCape Breton University degree offer diploma Transcript
Cape Breton University degree offer diploma Transcript
 

How to build Big Brother