linkcabin aims to discuss the journey of reverse engineering a pub quiz machine, to a point of emulation. By reverse engineering the software, lessons have been learnt in implementation of security, limits in 'security by obscurity' software solutions and how complex actual machines which involve betting are. After reverse engineering parts of the machine, and coming from a threat intelligence background, it becomes clear how similar software and malware developers minds really are for functionality.
While still developing software for an archaic operating system, much like critical infrastructure around the world, it becomes hard to balance both security and functionality.
Adventures in Femtoland: 350 Yuan for Invaluable Funarbitrarycode
GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building. Lastly, USRP retails for $700 and can intercept almost everything that you can see in 2G.
But who cares about 2G? Those who are concerned switched off of 2G. AT&T is preparing to switch off all its 2G networks by the end of 2016. Even GSMA (GSM Alliance) admitted that security through obscurity is a bad idea (referring to COMP128, A5/*, GEA algorithms and other things). 3G and LTE networks have mandatory cryptographical integrity checks for all communications, mutual authentication both for mobile devices and base station. The opportunity to analyze all protocols and cryptographical primitives due to their public availability is important.
However, the main problem is that we do not have calypso phones for 3G. We do not have cheap and ready to use devices to fuzz 3G devices over the air. Or do we? What about femtocells? Perhaps telecoms are to fast to take their guard down with security considerations embedded in 3G/4G? Users can connect to femocells. and have access the Internet on high speeds, make calls, ect.. Why don't we abuse it?
Yes, there is already research that allows you to gain control over femtocell. There is also research that allows sniffing calls and messages after gaining control. But all such solutions are not scalable. You are still bound to the telecom provider. You still have to connect to a VPN - to a core network. You have to bypass location binding and so on. Perhaps there is an easier solution? Parhaps we can create UMTS-in-a-box from readily available femtocell and have them available in large quantities without telecom-branding? We already know.
We will tell the whole story from unboxing to proof-of-concept data intercept and vulnerabilities in UMTS networks with all your favorite acronyms: HNB, SeGW, HMS, RANAP, SCTP, TR-069.
Electronic Access Control Security / Безопасность электронных систем контроля...Positive Hack Days
Ведущий: Маттео Беккаро
Мастер-класс посвящен эксплуатации уязвимостей электронных систем контроля доступа. Ведущий расскажет о наиболее распространенных технологиях, их уязвимостях и возможных способах атаки. Участникам, которым удастся провести атаку, достанутся аппаратные гаджеты Opposing Force.
Adventures in Femtoland: 350 Yuan for Invaluable Funarbitrarycode
GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building. Lastly, USRP retails for $700 and can intercept almost everything that you can see in 2G.
But who cares about 2G? Those who are concerned switched off of 2G. AT&T is preparing to switch off all its 2G networks by the end of 2016. Even GSMA (GSM Alliance) admitted that security through obscurity is a bad idea (referring to COMP128, A5/*, GEA algorithms and other things). 3G and LTE networks have mandatory cryptographical integrity checks for all communications, mutual authentication both for mobile devices and base station. The opportunity to analyze all protocols and cryptographical primitives due to their public availability is important.
However, the main problem is that we do not have calypso phones for 3G. We do not have cheap and ready to use devices to fuzz 3G devices over the air. Or do we? What about femtocells? Perhaps telecoms are to fast to take their guard down with security considerations embedded in 3G/4G? Users can connect to femocells. and have access the Internet on high speeds, make calls, ect.. Why don't we abuse it?
Yes, there is already research that allows you to gain control over femtocell. There is also research that allows sniffing calls and messages after gaining control. But all such solutions are not scalable. You are still bound to the telecom provider. You still have to connect to a VPN - to a core network. You have to bypass location binding and so on. Perhaps there is an easier solution? Parhaps we can create UMTS-in-a-box from readily available femtocell and have them available in large quantities without telecom-branding? We already know.
We will tell the whole story from unboxing to proof-of-concept data intercept and vulnerabilities in UMTS networks with all your favorite acronyms: HNB, SeGW, HMS, RANAP, SCTP, TR-069.
Electronic Access Control Security / Безопасность электронных систем контроля...Positive Hack Days
Ведущий: Маттео Беккаро
Мастер-класс посвящен эксплуатации уязвимостей электронных систем контроля доступа. Ведущий расскажет о наиболее распространенных технологиях, их уязвимостях и возможных способах атаки. Участникам, которым удастся провести атаку, достанутся аппаратные гаджеты Opposing Force.
KiZAN will bring 25 Raspberry Pi starter kits that run Windows 10 IoT Core. This will enable participants to build a really compelling IoT/Azure/Power BI story in a single day! Interet of Things (IoT) Raspberry Pi starter kit
We’ll start off the day with an introduction to IoT and build IoT devices (hands on). Next, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub.
Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database.
Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
In the past 5 years Continuous Delivery has gained much attention. Its benefits of rapid, iterative change are well understood, all the way up to board level. However, CD often encounters an adversary; Security. Protection of data and computer systems seems to stand on concepts like infrequent change, segregation of duties and bureaucratic heavyweight process. But are CD and Security really at odds?
We don’t think so. Whilst we’ll show you the dangers of unfettered CD pipelines and the risk of letting security spread fear. We will also share ways in which we’ve managed to balance speed and security in our pipelines–considering both the technical and organisational aspects. In fact we hope you’ll see that not only is there a way, but it’s a far better way.
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...MediaTek Labs
Want to add Wi-Fi to your IoT project? This 30 minute webinar, presented by technical consultant Ajith KP, demonstrated how to program (using Arduino and Python) for peripheral sensors connected to the MediaTek LinkIt Smart 7688 Duo’s microcontroller and how to communicate between the microcontroller and the MT7688 SOC.
Three ways to undertake the peripheral programming for the MediaTek LinkIt Smart 7688 Duo were covered:
1) Using a primitive UART connection
2) Using the Firmata protocol
3) Using the Arduino Yun Bridge Library
A recording of the live event can be found at http://home.labs.mediatek.com/technical-mediatek-linkit-smart-7688-webinar-recording-available/
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
Discover the world of IoT and how they're shaping our world with a hands-on approach. Affordable, internet-connected devices are becoming ubiquitous - with the rise of Arduino, Raspberry Pi, and the Particle Photon, it's now possible to quickly prototype and design an internet-ready device that monitors weather patterns, responds to movement, or collects and transmits data to the cloud for under $100. In this full-day workshop, we'll begin with a hands-on introduction to IoT and build IoT devices. With a Raspberry Pi 2 kit running Windows 10 IoT Core, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub. Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database. Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
Presentation on Microsoft Technologies in Teaching, Learning and Research presented at Microsoft IT Academy Summit 2011 October. - Presentation Video in low quality to allow upload
KiZAN will bring 25 Raspberry Pi starter kits that run Windows 10 IoT Core. This will enable participants to build a really compelling IoT/Azure/Power BI story in a single day! Interet of Things (IoT) Raspberry Pi starter kit
We’ll start off the day with an introduction to IoT and build IoT devices (hands on). Next, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub.
Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database.
Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
How does one process 200GB of streaming raw data, daily? Where dedicated servers and home-made solutions fail, BigQuery comes out the victor. We will talk about the big data architecture with over 110 million players total on record, how we managed to implement it, and how is it possible that we keep daily operational costs under $50.
In the beginning we will explain what kinds of data sources a top-selling game has to integrate and analyze and how to pre-process the data to avoid ramping up costs in disaster scenarios. Part of the talk is also dedicated to all the components that are involved in the many transformations the data undergoes and we will show you how the output from the entire pipeline looks.
I have helped more than 100 customers build new and innovative services for their customers with the help of IoT technology. With this slides, I share the lessons learned working with these customers as they start a journey into improved digitalization. My focus is on IT operations and project management.
Implementing AI: Running AI at the Edge: ClickCV – Providing high-performance...KTN
The Implementing AI: Running AI at the Edge, hosted by KTN and eFutures, is the second event of the Implementing AI webinar series.
To make products more intelligent, more responsive and to reduce the data generated, it is advantageous to run AI on the product itself, as opposed to in the cloud.
The focus of this webinar was the opportunities and challenges of moving the AI processing to “the Edge”. The webinar had four presentations from experts covering overviews of the opportunity, implementation techniques and case studies.
Find out more: https://ktn-uk.co.uk/news/just-launched-implementing-ai-webinar-series
Advanced View Pic Microcontroller Projects List _ PIC Microcontroller.pdfWiseNaeem
Most of the electronics geeks are asking the whole list of pic projects PDF here we will share list every month as our projects are being updated on daily basis.
Advanced View Pic Microcontroller Projects List _ PIC Microcontroller.pdfIsmailkhan77481
Most of the electronics geeks are asking the whole list of pic projects PDF here we will share list every month as our projects are being updated on daily basis. PDF is a good source to work offline. We will offer direct PDF file download link with info of its release date , number of projects.
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
More Related Content
Similar to Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE.
KiZAN will bring 25 Raspberry Pi starter kits that run Windows 10 IoT Core. This will enable participants to build a really compelling IoT/Azure/Power BI story in a single day! Interet of Things (IoT) Raspberry Pi starter kit
We’ll start off the day with an introduction to IoT and build IoT devices (hands on). Next, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub.
Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database.
Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
In the past 5 years Continuous Delivery has gained much attention. Its benefits of rapid, iterative change are well understood, all the way up to board level. However, CD often encounters an adversary; Security. Protection of data and computer systems seems to stand on concepts like infrequent change, segregation of duties and bureaucratic heavyweight process. But are CD and Security really at odds?
We don’t think so. Whilst we’ll show you the dangers of unfettered CD pipelines and the risk of letting security spread fear. We will also share ways in which we’ve managed to balance speed and security in our pipelines–considering both the technical and organisational aspects. In fact we hope you’ll see that not only is there a way, but it’s a far better way.
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...MediaTek Labs
Want to add Wi-Fi to your IoT project? This 30 minute webinar, presented by technical consultant Ajith KP, demonstrated how to program (using Arduino and Python) for peripheral sensors connected to the MediaTek LinkIt Smart 7688 Duo’s microcontroller and how to communicate between the microcontroller and the MT7688 SOC.
Three ways to undertake the peripheral programming for the MediaTek LinkIt Smart 7688 Duo were covered:
1) Using a primitive UART connection
2) Using the Firmata protocol
3) Using the Arduino Yun Bridge Library
A recording of the live event can be found at http://home.labs.mediatek.com/technical-mediatek-linkit-smart-7688-webinar-recording-available/
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
Discover the world of IoT and how they're shaping our world with a hands-on approach. Affordable, internet-connected devices are becoming ubiquitous - with the rise of Arduino, Raspberry Pi, and the Particle Photon, it's now possible to quickly prototype and design an internet-ready device that monitors weather patterns, responds to movement, or collects and transmits data to the cloud for under $100. In this full-day workshop, we'll begin with a hands-on introduction to IoT and build IoT devices. With a Raspberry Pi 2 kit running Windows 10 IoT Core, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub. Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database. Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
Presentation on Microsoft Technologies in Teaching, Learning and Research presented at Microsoft IT Academy Summit 2011 October. - Presentation Video in low quality to allow upload
KiZAN will bring 25 Raspberry Pi starter kits that run Windows 10 IoT Core. This will enable participants to build a really compelling IoT/Azure/Power BI story in a single day! Interet of Things (IoT) Raspberry Pi starter kit
We’ll start off the day with an introduction to IoT and build IoT devices (hands on). Next, we’ll build a simple temperature sensor, collecting ambient temperature readings, and stream the data to an Azure IoT Hub.
Once the data is in Azure, we’ll analyze it with Azure Stream Analytics, and ship it to an Azure SQL Database.
Finally, we’ll report on the data and build dashboards of our temperature readings using Power BI.
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.
A Big (Query) Frog in a Small Pond, Jakub Motyl, BuffPanelData Science Club
How does one process 200GB of streaming raw data, daily? Where dedicated servers and home-made solutions fail, BigQuery comes out the victor. We will talk about the big data architecture with over 110 million players total on record, how we managed to implement it, and how is it possible that we keep daily operational costs under $50.
In the beginning we will explain what kinds of data sources a top-selling game has to integrate and analyze and how to pre-process the data to avoid ramping up costs in disaster scenarios. Part of the talk is also dedicated to all the components that are involved in the many transformations the data undergoes and we will show you how the output from the entire pipeline looks.
I have helped more than 100 customers build new and innovative services for their customers with the help of IoT technology. With this slides, I share the lessons learned working with these customers as they start a journey into improved digitalization. My focus is on IT operations and project management.
Implementing AI: Running AI at the Edge: ClickCV – Providing high-performance...KTN
The Implementing AI: Running AI at the Edge, hosted by KTN and eFutures, is the second event of the Implementing AI webinar series.
To make products more intelligent, more responsive and to reduce the data generated, it is advantageous to run AI on the product itself, as opposed to in the cloud.
The focus of this webinar was the opportunities and challenges of moving the AI processing to “the Edge”. The webinar had four presentations from experts covering overviews of the opportunity, implementation techniques and case studies.
Find out more: https://ktn-uk.co.uk/news/just-launched-implementing-ai-webinar-series
Advanced View Pic Microcontroller Projects List _ PIC Microcontroller.pdfWiseNaeem
Most of the electronics geeks are asking the whole list of pic projects PDF here we will share list every month as our projects are being updated on daily basis.
Advanced View Pic Microcontroller Projects List _ PIC Microcontroller.pdfIsmailkhan77481
Most of the electronics geeks are asking the whole list of pic projects PDF here we will share list every month as our projects are being updated on daily basis. PDF is a good source to work offline. We will offer direct PDF file download link with info of its release date , number of projects.
Similar to Jack S (linkcabin) - Becoming The Quiz Master: Thanks RE. (20)
Zsombor Kovács - Cheaters for Everything from Minesweeper to Mobile Banking ...hacktivity
In my opinion, cheating acceptable - it merely means expanding the frame of an application to the point, which is beyond what the creators of the application have ever imagined. In this talk, we explore how the popular instumentalisation framework Frida can be used to hack applications from games to mobile banking applications.
Vincent Ruijter - ~Securing~ Attacking Kuberneteshacktivity
This talks' focus lays on a popular containerization tool called Kubernetes. Common implementations of Kubernetes are not secure by default and a lot of information about hardening is not known to the public. Since version 1.7 the security level has increased and common security misconfigurations have been mitigated. During this talk it will be demonstrated what happens if these mitigations are not applied and how to abuse them. The talk will be about both securing and attacking the platform and could be considered a 'purple team' talk. Multiple live demos are planned, most of them ending in a guest-to-host escape and a root shell.
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and offers the capability to the users to take care of only those things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP, RDP or SSH then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 12km on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. It will be show how to tunnel data over a Windows jumpbox utilising RDP (including the dirty low level "secrets") or how to exfiltrate data over ICMP from barely secured networks. We have simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
Adobe Experience Manager (AEM) is an enterprise-grade CMS. It’s used by high-profile companies like Linkedin, Apple, Mastercard, Western Union, Cisco, General Motors, and others. AEM is built on top of the Apache Sling, Apache Felix and Apache Jackrabbit Oak projects. In the talk, the author will share unique methodology on how to approach AEM weabpps in pentests or bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities for which Adobe PSIRT assigned CVE ids. The author will share automation tool for discovering vulnerabilities and misconfigurations discussed in the talk.
Gabrial Cirlig & Stefan Tanase - Smart Car Forensics and Vehicle Weaponizationhacktivity
As “smart” is becoming the new standard for everything, malicious threat actors are quick to capitalize on the insecurity of IoT devices. Hackers compromising your network and spying on you is not something new in the world of personal computers, but definitely an emerging threat in the world of personal cars.
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...hacktivity
Several tools has been proposed for malware classification and similarity detection of binary malware samples, however none of them can solve all issues. In my presentation, I'll cover the problematics of Locality Sensitive Hashes and provide some experimental information about the comparison of different LSH algorithms. SSDEEPS's base algorithm, spamsum was originally designed for spam email detection. Although it discoveres some similarity between binaries, it basically needs large equal pieces of the byte code. This only happens rarely and can easily be altered. One of the contenders, TLSH (TrendMicro Locality Sensitive Hash) is a more stable similarity matching process. I'm going to present the results of the comparison on a smaller size samples set (~30k samples). Using LSHs is easy and doesn't require huge computational resources so after the process was deemed useful and effective it was extended to a large malware database of multiple hundreds of terabytes of samples. The experiments focus on ransomware sample classification, so I'm also going to present some details related to hunting for fresh unknown malware samples of known groups.
Matthias Deeg - Bypassing an Enterprise-Grade Biometric Face Authentication S...hacktivity
Biometric authentication systems have long, checkered history in IT security and are regarded as a highly controversial technology. Many manufacturers and users love them because of their usability and the personal touch they give to human-computer interaction when it comes to an often annoying but necessary task like user authentication. Other people hate them because of data privacy and security concerns. Despite all the controversy, biometric authentication systems are still here and they seem to stay.
In fall 2017, SySS GmbH started a research project concerning the enterprise-grade face authentication system Microsoft Windows Hello Face Authentication based on near infrared technology.
In our talk, we will present the results of our research project concerning the enterprise-grade face authentication system Windows Hello Face Authentication by Microsoft based on near infrared and visible light and will demonstrate how different versions of it can be bypassed by rather simple means.
Gergely Biczók - Interdependent Privacy & the Psychology of Likeshacktivity
The Facebook/Cambridge Analytica case headlined technical news the whole Spring of 2018. This case is not the first (and certainly not the last) that demonstrates privacy issues with Facebook and the ecosystem around it; yet, it gained notoriety because of its scale and alleged direct effect on the outcome of the US presidential election. In this talk we look behind the scenes and under the hood and analyze the IT, economic, psychological and legal background necessary to understand the full impact of the Cambridge Analytica case. We touch upon the underlying economic theory on externalities that defines interdependent privacy and sets the scene at a high level; the permission system of the Facebook API that enabled the collection of personal data at scale; the breakthrough psychology research that enabled the use of these data to influence political elections; and the legal impact through the lens of the GDPR.
Paolo Stagno - A Drone Tale: All Your Drones Belong To Ushacktivity
In 2013, DJI Drones quickly gained the reputation as the most stable platform for use in aerial photography and other fields. Since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responders, utility companies, governments and universities) to perform critical operations on daily basis. As a result of that, Drones security has also become a hot topic in the industry.
This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technologies, including existing vulnerabilities in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. As part of the presentation, we will discuss the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations.
A special focus will be on the recent changes and countermeasures DJI has applied to the firmware of its products in order to harden the security, following the recent accusations and the US Army ban. While the topic of hacking drones by faking GPS signals has been shared before at major security conferences in the past, this talk will extend these aspects to include geo-fencing and no fly zones abuses.
Zoltán Balázs - Ethereum Smart Contract Hacking Explained like I’m Fivehacktivity
Mining. Ethereum. Smart Contracts. Gas. Solidity. DAO. These words had no or a different meaning 5 years ago. But now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing Smart Contracts are like encryption protocols. Everyone can come up with one which looks secure from the developer’s perspective, but only a few can design and implement one which is really safe.
But how can one hack Smart Contracts? In order to understand this, I will explain the meaning of all of these words in the Ethereum world from the ground-ups with real life analogies. Once the basic building blocks are explained, I will guide you into the world of hacking Smart Contracts. After attending this presentation, everyone will understand how a recursive call can burn 250M USD on the DAO and how developers can create a parallel universe where this never happened. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.
Warning: case studies from recent real-life hacks and live interaction with Smart Contracts are included. And Cryptokitties. Meow.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. PwCPwC
@linkcabin
whoami
• Threat intelligence analyst for PwC – APT focused
• Studied cyber security at university
• Previously done talks on OSINT at Bsides London and
DEEPINTEL
• Likes reverse engineering and understanding complex
systems
• Big fan of philosophy, politics and English football!
2
#intelligentdigital
5. PwCPwC
The machine
Machine freeze
The machine froze, a restart was required. I learnt about
the system environment from its reboot.
It’s Windows 2000
5
Intelligent Digital
6. PwCPwC
Acquiring the machine?
We could acquire by simply buying one, they are available
for purchase on websites online.
6
Intelligent Digital
7. PwCPwC
Space
Pretty sure I don’t have space
for a quiz machine in London,
so I took an alternative route
7
Intelligent Digital
Understanding the machine better
Software updates are
distributed on their
site, much like routers,
so I just downloaded it.
8. PwCPwC
What I did for 3 months
8
Intelligent Digital
Morning/During Work After dinner
9. PwCPwC
The machine
What's in the box
Software updates are packaged in an archive
Every update contains a executable called setup.exe in the
binary which installs the update
File updates are packaged in archives within the original
archive and are password protected
Developer hoped no one would be able to reverse engineer
the binary to get the passwords!
9
Intelligent Digital
10. PwCPwC
Passwords are in the ini
Grabbing the passwords
Passwords were held in a encrypted ini file
Setup.exe decrypted the file contents during installation
process
10
Intelligent Digital
12. PwCPwC
Batch with 7z command line
7zip command line reveals the password
Allows us to understand the environments these binaries
are run
Gives us the password to system and game files which are
updated!
12
Intelligent Digital
14. PwCPwC
Crypto mystery
Working out crypto algorithms is hard
Open SSL library is used in the binary
Could not identify the cryptographic algorithm, accepted
two quad words into the main decryption function.
14
Intelligent Digital
15. PwCPwC
Crypto mystery
Working out crypto algorithms is hard
Static values are set as 0xE50C6C538E615259 and
0x61A468D10E3CB77F.
Another constant used in the algorithm
1953184666628070171
A mixture of bit shifting, XOR and AND operations in
algorithm
15
Intelligent Digital
16. PwCPwC
Me, still after crypto analysis
Reverse
engineer
the priority!
16
Intelligent Digital
17. PwCPwC
Overview of files in archive
Some rough file categories
Winshell – Main process interacting as the internals for
the software
“SystemDLLs” – Important dlls added to %SYSTEM32%
“SystemData” – data which is used by the operating for
multiple functions, mostly contains data with strings in
Games – obviously!
17
Intelligent Digital
18. PwCPwC
99 problems and privacy is one
SQLite database not encrypted
SQLite database present in the “SystemData”
Contains pub locations, player handles and player ‘pins’.
18
Intelligent Digital
~17,000 player rows
~6,000 pub location
rows
19. PwCPwC
Winshell features
Who will guard the guardians?
Boots and kills processes like local web servers, and other
layer 7 applications
Detects malicious operations, like “reboot fraud”
Checks expiry of machine, credits and overall well being of
machine.
Sets up environment in some manner.
19
Intelligent Digital
20. PwCPwC
Winshell probes WiFi
Winshell imports DLL’s with
the ability to detect network
router interface
Probing code can detect
versions of TP-LINK and
bandelux routers
Exports in the DLL shows also
mobile capabilities
Looks for APN details
20
Intelligent Digital
Router probe
21. PwCPwC
Router probing models?
Who will guard the guardians?
Specific models set in the binary analysed, which also has
the ability to remotely reboot the router!
21
Intelligent Digital
23. PwCPwC
Router probing
Credits
Subscriptions on service are defined by credits and
features. Highest tier subscription gives Free Wifi router
and internet, Free GPRS and unlimited credits for a year!
Capability to do this is impressive
23
Intelligent Digital
25. PwCPwC
Not
complete
Log components
• Leaderboard
• ‘Winshell’
• GPRS
• Internal game DLL logs
• Modem and Boot
• Firewall (?)
• Httpd and Dhcpd
• Updater
• The games themselves
• Configuration changes
• Explorer replacement
25
#intelligentdigital
26. PwCPwC
Machine Expiry
Weird names, software developers and malware
developers:
A file named Temp666.dat held the machine expiry value,
this was checked and modified during the booting of the
machine
26
Intelligent Digital
27. PwCPwC
Developers get unhappy
Messages in binaries are nothing new
Whether a software developer or malware developer, its
interesting to see the same annoyed messages are present
27
Intelligent Digital
28. PwCPwC
Apart from it
being fun
Why emulate games?
• Understand the questions without the need to understand
the compression
• Allows you to understand the quiz machine environment
• No need to buy a physical machine
28
#intelligentdigital
29. PwCPwC
Custom game communication
Lets talk
Custom commands are mostly related to credit,
communicates via the local webserver
29
Intelligent Digital
TERM
CTEL
CGET
CUSE
BTEL
BADD
BGET
TELC
TERM|0|0|0|0|
ENDX|2|0|0|0|
BVAL|0|0|0|0|
ASKC|0|0|0|0|
USEC|0|0|100|0|
USEC|0|0|50|0|
30. PwC 30
#intelligentdigital
Emulating games and changing credit
Every game has a call to
a DLL to check enough
credit is available.
The DLL communicates
with a lower level DLL
which gets the value,
there are multiple ways
of getting the credit
value, confusing huh?
When the
communication
between the two levels
of DLLs it returns to
EAX, what do we do?
Out of laziness, I patch
each games EAX return
value to a static value.
Not too high though, or
it’ll crash!
1 2 3 4
Two levels of DLLs to get credit level
33. PwCPwC
Getting it to run
After multiple attempts at patching
Binaries were identified to be using RAD game studio
Bink 2 video technology used, screen driver identified
DirectX Wrapper used for mouse and screen resolution
issues
Rare DLL’s used, but can be find on public sites if you try
hard enough ;)
33
Intelligent Digital
35. PwCPwC
So what?
After multiple attempts at patching
We can play some games without credit restrictions
We can learn the questions
We can debug the games knowing they will run
successfully
35
Intelligent Digital
36. PwCPwC
Conclusions
Its still Windows 2000
Because the base OS is Windows, its much easier to
analyse
No physical machine, no problem; something to take into
account for embedded devices and IoT with firmware
updates
Some privacy issues/Possible WiFi attack vectors
36
Intelligent Digital
37. PwCPwC
Conclusions
Its still Windows 2000
Developer thought no one would look at your binaries,
comments and debug statements helped RE
The computer spec limitations lead to interesting
questions for RNG in random function in games
Developer using limited resources means games are not as
sophisticated
37
Intelligent Digital
