This document contains the agenda and slides for a presentation on various cybersecurity topics including intelligence gathering, social engineering, unmanned aerial vehicles (UAVs), and laser-guided munitions. The presentation discusses how threats are moving past networks to target people directly, and covers topics like profiling companies and individuals to gain information. It also details how UAVs like the Predator and Reaper work, and how laser guidance systems can be detected or manipulated with replay attacks. The document stresses responsible disclosure of vulnerabilities over criminal use of information.
This is the presentation i used during the photoespana portfolio review held in manila last july 19 and 20, 2017
in this presentation i go through the projects i've gone through so far in my art practice
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
Advanced exploitation on social networks. Not a social engineering talk, nor a talk about technological exploitation: the combination of exploits against people and technology all in one place.
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
Just as there are two sides to every coin, there are two schools of thought in risk management. One camp believes that there is never enough data to make statistically significant risk decisions, due to the unknown-unknowns and never really knowing the entire population of data breaches. Another camp believes that we have well detailed information about specific domains and using Bayesian math we can come to conclusions on how to manage risk. Regardless of the group or believe in risk management the fact is that we all manage risk. This session will discuss the two camps and propose a hybrid model that goes beyond technical details into the core of trusted knowledge relationships.
Stealth refers to the act of trying to hide or evade detection. Stealth technology is ever increasingly becoming a paramount tool in battle especially “high technology wars” if one may occur in the future where invincibility means invincibility. Able to strike with impunity, stealth aircraft, missiles and warships are virtually invisible to most types of military sensors. The experience gained at the warfront emphasizes the need to incorporate stealth features at the design stage itself. The other purpose is to share the recent achievements related to the advanced composite materials used on various aero structures across the globe. Also discussed are the possibilities of achieving stealth capability on our existing fleet of fighter and bomber aircrafts of our Indian Armed forces using composite and smart materials. Stealth technology also known as LOT (Low Observability Technology) is a technology which covers a range of techniques used with aircraft, ships and missiles, in order to make them less visible (ideally invisible) to radar, infrared and other detection methods.
Stealth Technology essentially deals with designs and materials engineered for the military purpose of avoiding detection by radar or any other electronic system. Stealth aircraft are aircraft that use stealth technology to make it harder to be detected by radar and other means than conventional aircraft by employing a combination of features to reduce visibility in the visual, audio, infrared and radio frequency (RF) spectrum. Well known examples include the United States' F-117 Nighthawk (1980-2008), the B-2 Spirit "Stealth Bomber," and the F-22 Raptor.
This is the presentation i used during the photoespana portfolio review held in manila last july 19 and 20, 2017
in this presentation i go through the projects i've gone through so far in my art practice
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
Advanced exploitation on social networks. Not a social engineering talk, nor a talk about technological exploitation: the combination of exploits against people and technology all in one place.
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
Just as there are two sides to every coin, there are two schools of thought in risk management. One camp believes that there is never enough data to make statistically significant risk decisions, due to the unknown-unknowns and never really knowing the entire population of data breaches. Another camp believes that we have well detailed information about specific domains and using Bayesian math we can come to conclusions on how to manage risk. Regardless of the group or believe in risk management the fact is that we all manage risk. This session will discuss the two camps and propose a hybrid model that goes beyond technical details into the core of trusted knowledge relationships.
Stealth refers to the act of trying to hide or evade detection. Stealth technology is ever increasingly becoming a paramount tool in battle especially “high technology wars” if one may occur in the future where invincibility means invincibility. Able to strike with impunity, stealth aircraft, missiles and warships are virtually invisible to most types of military sensors. The experience gained at the warfront emphasizes the need to incorporate stealth features at the design stage itself. The other purpose is to share the recent achievements related to the advanced composite materials used on various aero structures across the globe. Also discussed are the possibilities of achieving stealth capability on our existing fleet of fighter and bomber aircrafts of our Indian Armed forces using composite and smart materials. Stealth technology also known as LOT (Low Observability Technology) is a technology which covers a range of techniques used with aircraft, ships and missiles, in order to make them less visible (ideally invisible) to radar, infrared and other detection methods.
Stealth Technology essentially deals with designs and materials engineered for the military purpose of avoiding detection by radar or any other electronic system. Stealth aircraft are aircraft that use stealth technology to make it harder to be detected by radar and other means than conventional aircraft by employing a combination of features to reduce visibility in the visual, audio, infrared and radio frequency (RF) spectrum. Well known examples include the United States' F-117 Nighthawk (1980-2008), the B-2 Spirit "Stealth Bomber," and the F-22 Raptor.
Stealth refers to the act of trying to hide or evade detection. Stealth technology is
ever increasingly becoming a paramount tool in battle especially “high technology wars”
if one may occur in the future where invisibility will mean invincibility. Able to strike with
impunity, stealth aircraft, missiles and warships are virtually invisible to most types of
military sensors. The experience gained at the warfront emphasizes the need to
incorporate stealth features at the design stage itself. According to conventional military
wisdom, surprise is the best form of attack. With evermore sophisticated methods of
detection, however, catching the enemy unawares has becoming increasingly difficult.
Thus paving way to the development of increasingly sophisticated technologies that help
in evading the enemy's ever vigilant “eyes”.
“The future is bright, the future is stealth”
Stealth refers to the act of trying to hide or evade detection. Stealth technology is
ever increasingly becoming a paramount tool in battle especially “high technology wars”
if one may occur in the future where invisibility will mean invincibility. Able to strike with
impunity, stealth aircraft, missiles and warships are virtually invisible to most types of
military sensors. The experience gained at the warfront emphasizes the need to
incorporate stealth features at the design stage itself. According to conventional military
wisdom, surprise is the best form of attack. With evermore sophisticated methods of
detection, however, catching the enemy unawares has becoming increasingly difficult.
Thus paving way to the development of increasingly sophisticated technologies that help
in evading the enemy's ever vigilant “eyes”.
“The future is bright, the future is stealth”
Stealth aircrafts are aircraft that use stealth technology to avoid detection by employing a combination of
features to interfere with radar as well as reduce visibility in the infrared visual, audio, and radio frequency (RF)
spectrum. While no aircraft is totally invisible to radar, stealth aircraft prevent conventional radar from detecting
or tracking the aircraft effectively, reducing the odds of a successful attack. Stealth is the combination of passive
low observable (LO) features and active emitters such as Low Probability of Intercept Radars, radios and laser
designators. These are usually combined with active defenses such as chaff, flares, and ECM. Stealth refers to
the act of trying to hide or evade detection, For airplanes, stealth first meant hiding from radar. It is not so much
a technology as a concept that incorporates a broad series of technologies and design features. This paper shows
the development of stealthy airplanes which teaches several important lessons about technology. The first is that
often many different technologies like Nano-Technology with Aerodynamics must be combined to achieve a
desired outcome. An advance in one field, such as materials or aerodynamics, must be accompanied by advances
in other fields, such as computing, constructing or electromagnetic theory. The second lesson is that sometimes
trial and error techniques are insufficient and advances in mathematical theory are necessary in order to achieve
significant advances. Finally, stealth teaches the lesson that technology is never static - a "stealth breakthrough"
may only last for a few years before an adversary finds a means of countering it. So this paper deals with how to
handle the Stealth. This paper also shows how and where to use Nano-Technology.
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
Reviewing cases ranging in size from your neighborhood bar to the massive TJX case, an ex-QIRA will discuss the dirty inside secrets of the card associations and QSA's. Reviewing lessons learned from dozens of past forensic cases, this presentation will highlight how to prepare for a PCI mandated forensics investigation including; what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
Now that the industry is trying to formalize the concept of risk management into neat little compartments like standards (ISO 27005/31000), certifications (CRISC) and products (GRC) guess what? We're doing it wrong. Fundamentally wrong. This talk will discuss why all this current risk management stuff is goofy and what sort of alternatives we have that might help us understand our ability to protect, our tendancy towards failure, and how to match that up with what management will stomach.
Stealth refers to the act of trying to hide or evade detection. Stealth technology is
ever increasingly becoming a paramount tool in battle especially “high technology wars”
if one may occur in the future where invisibility will mean invincibility. Able to strike with
impunity, stealth aircraft, missiles and warships are virtually invisible to most types of
military sensors. The experience gained at the warfront emphasizes the need to
incorporate stealth features at the design stage itself. According to conventional military
wisdom, surprise is the best form of attack. With evermore sophisticated methods of
detection, however, catching the enemy unawares has becoming increasingly difficult.
Thus paving way to the development of increasingly sophisticated technologies that help
in evading the enemy's ever vigilant “eyes”.
“The future is bright, the future is stealth”
Stealth refers to the act of trying to hide or evade detection. Stealth technology is
ever increasingly becoming a paramount tool in battle especially “high technology wars”
if one may occur in the future where invisibility will mean invincibility. Able to strike with
impunity, stealth aircraft, missiles and warships are virtually invisible to most types of
military sensors. The experience gained at the warfront emphasizes the need to
incorporate stealth features at the design stage itself. According to conventional military
wisdom, surprise is the best form of attack. With evermore sophisticated methods of
detection, however, catching the enemy unawares has becoming increasingly difficult.
Thus paving way to the development of increasingly sophisticated technologies that help
in evading the enemy's ever vigilant “eyes”.
“The future is bright, the future is stealth”
Stealth aircrafts are aircraft that use stealth technology to avoid detection by employing a combination of
features to interfere with radar as well as reduce visibility in the infrared visual, audio, and radio frequency (RF)
spectrum. While no aircraft is totally invisible to radar, stealth aircraft prevent conventional radar from detecting
or tracking the aircraft effectively, reducing the odds of a successful attack. Stealth is the combination of passive
low observable (LO) features and active emitters such as Low Probability of Intercept Radars, radios and laser
designators. These are usually combined with active defenses such as chaff, flares, and ECM. Stealth refers to
the act of trying to hide or evade detection, For airplanes, stealth first meant hiding from radar. It is not so much
a technology as a concept that incorporates a broad series of technologies and design features. This paper shows
the development of stealthy airplanes which teaches several important lessons about technology. The first is that
often many different technologies like Nano-Technology with Aerodynamics must be combined to achieve a
desired outcome. An advance in one field, such as materials or aerodynamics, must be accompanied by advances
in other fields, such as computing, constructing or electromagnetic theory. The second lesson is that sometimes
trial and error techniques are insufficient and advances in mathematical theory are necessary in order to achieve
significant advances. Finally, stealth teaches the lesson that technology is never static - a "stealth breakthrough"
may only last for a few years before an adversary finds a means of countering it. So this paper deals with how to
handle the Stealth. This paper also shows how and where to use Nano-Technology.
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
Reviewing cases ranging in size from your neighborhood bar to the massive TJX case, an ex-QIRA will discuss the dirty inside secrets of the card associations and QSA's. Reviewing lessons learned from dozens of past forensic cases, this presentation will highlight how to prepare for a PCI mandated forensics investigation including; what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
Now that the industry is trying to formalize the concept of risk management into neat little compartments like standards (ISO 27005/31000), certifications (CRISC) and products (GRC) guess what? We're doing it wrong. Fundamentally wrong. This talk will discuss why all this current risk management stuff is goofy and what sort of alternatives we have that might help us understand our ability to protect, our tendancy towards failure, and how to match that up with what management will stomach.
In the beginning, people inherently distrusted the Internet, however, Social Networking has changed this. People now enter information without even thinking of how it will affect them. This presentation will explain the shift in trust, with real-life examples, and what we as the security community need to do to change.
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
The following lecture will cover very advanced techniques and trade craft of subversive multi-vector threat's (SMT's) and advanced persistent threats (APTs) by two of the world's leading experts in this specific field. It is important to understand that APT's have a long history and though typically not talked about unless you are dealing with Governments, Defense Industrial Base (DIB), research organizations and global financials are all too real. The techniques and tradecraft associated are so mature and diverse, they literally go undetected. Today’s Internet is far more complex, dynamic and diverse than ever before. Because of this fast-paced evolution within the threat landscape these types of attacks (as we predicted in a recent lecture at ToorCon in October 2009 in San Diego, Ca), have swiftly become mainstream. The telemetry of the attack surface knows no bounds and includes any mediums necessary for the completing their operational charter and missions. In most instances, these attacks are sponsored by nation state and sub-national entities either politically or economically motivated. During our discussion, we will address the history and psychology of these cyber actors as it relates to APTs and while advancing in an in-depth discussion on SMT's, crypto-virology, asymmetric forms of information gathering, recent use cases and next generation countermeasures for detecting and defending these types of attacks. Lastly, as we predicted last fall on the rise of the APT's into the mainstream, we will also leave you with yet another prediction of what to expect in the coming year.
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Security B-Sides
Scoring methods are highly reliant on mathematics but what do the numbers really mean? W3C semantic standards allow us to create a more direct meaning-based model. Through set theory and description logics, we can compute classification and ranking through ontological-based reasoning. This method finally addresses the multiple viewpoints and perspectives often found within a large enterprise.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Make Tea Not War
1.
2. AGENDA
Whoami blah
Paterva blah blah
Always wanted to do a talk on fun stuff
1. It’s a security con ?
blah
2. UAVs, laser guided munitions
The fun stuff
3. EXCLUSIVE – hold the press !!
(South African) Facebook zero day !
3. INTELLIGENCE / INFO GATHERING
Why do you ‘hack’?
Information
Control…leads to information
Controls are getting harder to break
In proper assessment, 80-90% of time is spent on
intelligence gathering.
Intelligence gathering is also
A port scan
A Nessus scan…
..because we learn more about our target
4. YOU ARE PART OF THE STACK!
Threats are moving up the stack
Network -> OS -> Application - - -> Person
Understand the graph – volume and frequency
5. PEOPLE, SOCIAL ENGINEERING AND MALWARE
Everyone is talking malware….
Malware -> attacking the workstation
Server in a server room vs. workstation with a person behind it
For conventional malware traditional network mapping is
worthless
Focus in the past: find the server and perimeter (infrastructure
foot print)
Thinking needs to be updated
Now – person / company profiling -> the new foot print
7. MAKING ZA STRONGER
Don’t hack ... but if you really have to:
Have good/right intentions -> !criminal
Never ever use what you found
Don’t give SAP a reason to go look for you...
Mail your findings so that they can learn/fix
..not from your work - duh...
Development is NOT easy, and they are not idiots!
Treat with respect – ‘jy is volgende vettie!’
Don’t disrupt / destroy / delete anything
(even if they gave you bad service)
‘Insider knowledge’ does not count...
You are just an ass
Don’t share outside of SA
Sanitize and share the knowledge/tech – locally
Don’t be a doos at international cons....
Slammer ‘secured’ more networks in a day than all the security consultants in a year
Change only happens at the point of extinction
Strongest piece of metal is at the breaking point
A chain is as strong as it’s weakest member
8. UAVS
UAV == Unmanned aerial vehicle
Think back to your model airplane
Let’s put a camera in there !
Let’s put a BB gun in there !
Let’s put a Hellfire missile in there !!
Different sizes
Fixed wing / rotary
Electrical / Fuel powered
Used to be for recon, now also armed
10. UAVS
Different altitudes
60k feet / 18km++ (Zephyr)
100 feet (hand launched)
747 flies at around 32-40k feet
Speed (max)
747 flies at around 900 km/h
Predator MQ1 – 217 km/h
Avenger, Global Hawk 750 km/h
Prop vs. jet
Flying time
Up to 82 hours ... Typical 30h ish
11. UAVS
Initial
idea 1980s, serious thought in 1990s
Driving force behind it CIA
CIA pilots
Most known / successful = General Atomic
Predator - Series A
1995
RQ / MQ
Reaper - Series B
MQ9
2002
Avenger - Series C
Announced 2009
16. UAVS – COMMAND & CONTROL
Line of sight – C band (4 – 8 GHz)
Satellite – Ku band (11 – 15 GHz)
Can be routed over commercial sats. NBC - 1983
3 crew members
Pilot
Flying - looking through a straw
2 x sensor guys
Difference in two scans :
Tire tracks, movement
20. UAVS – PROBLEMS
Not a lot – it seems to kind of work well..
Ku band sucks in heavy weather
Pray for rain
Lag of up to two seconds
Like playing CS/CoD over a link made of wet towels and
barbed wire
No dog fights!
Thus– send in the UAVs once air dominance has
been established
22. LET’S JUST HIDE
Optics, infra red, RADAR
Conceal, underground
Rapid change in environment?
The Chinese vs. American spy sat story
Uhmm...next...
Weapons
Bombs, missiles
LASER guided
So...it becomes a game of defending against laser guided
munitions
23. HOW LASER GUIDED MUNITIONS WORK
Understand a little about light
Light storage system == FAIL
Terminology
Seeker = the bomb/missile
Designator = guy / plane with the laser
‘Painting’ the target
Invisible laser == you won’t see it..
Bomb vs. missile
28km,60km (spice) radius
26. ENCODING
But - there could be multiple targets and multiple
munitions
Seeker needs to know where it should go
Thus – must be able to distinguish designators
This is done by pulsing the laser
Fast
Very fast
You won’t see it’s pulsing ... either.
Encoding
PIM – Pulse Interval Module
PRF – Pulse Repetition Frequency
28. PRF / PIM
Missiles are pre-programmed, or programmed on
the fly.
PRF code is 3 digits.
Does this make sense?
Everyone should now be thinking...brute force
But just hang on..
Testing it:
29. BTW - HOW DOES IT GET TO THE
MUNITIONS?
Open protocol – on the ‘net
MIL-STD-3014 - MiDEF == PDF for munitions
In flight coding was introduced in 2008
32. DETECTION
See the light!
We can detect the designator’s laser light
We know we are being targeted (like in the
movies)...and run
We can decode the PIM/PRF
We might know if we are a priority target – nice...
Page 45 -6b: “Lower code numbers and faster
pulse rates are appropriate for the most important
targets and the most difficult operating conditions.”
33. DETECTION
Laser warning sensor configured as a multi-sensor arrangement and interfaced
with a suitable smoke/aerosol screening system can be used effectively on platforms
like main battle tanks, AFV, etc., to provide platform protection from laser-guided
munitions. The development of this sensor is a totally indigenous effort,
both in design and implementation.
34. DETECTION
Can we determine the direction of the designator?
Know where the special ops guy is sitting / plane
Source or reflected light?
We might look at the divergence ??
Shape of the reflected light
Know how far away the special ops guy is / plane
35. REPLAY
Sniff
the light!
Replay attack should work well...
You don’t even have to know what the designator says
Does it makes sense to have a 256 number code?
Why are PRF codes 393,424,515 and so on more popular?
Americans are always thinking big (1000 missiles at a time)
Bomb does not speak .. One way comms
So now it’s becoming interesting..
36. “WTF – DID IT JUST TURN THIS WAY?!”
.. replay the laser pulses ...
..and point it somewhere else...like..
...at the designator (see previous slides)
Will this work when the designator is a plane? NOT
“Page 46, Chapter 5 – Safety: c. Inversion. Caution
must be used when the laser-target line is over +30
degrees of the attack heading to ensure the LST or
LGB does not detect and guide on the laser
designator instead of the target‘s reflected laser
energy.”
Oops..
37. JDAMS
Guidance retrofitted to dumb bombs
GPS
TV (with RF link)
Inertial navigation system
Range up to 60km from drop, up to 12 control
surfaces
Cheap – 21k USD compared to missiles at around
75k USD
38. WHY DO YOU HAVE THESE SLIDES AT THE
CON ACTUALLY? AG, NO MAN REALLY...
Ona more serious note...
Same principles in attack (thinking) applies
It’s really just 1s and 0s
Don’t think it’s too complex!
If you ask the right questions, you can Google the
answers
(Patents, specs, etc.)
Significantly complex tech is indistinguishable from
magic.
Development of UAVs in non US countries is a big
headache for the US...