-
Prop: Talk - Convention Safety & Security
My full report on the incident: http://props.punishedpixels.com/2014/06/10/convention-etiquette-101-dont-pull-a-knife-on-a-stranger/
Dude gets pen-face-stabbed at SDCC: http://www.cnn.com/2010/CRIME/07/25/comic.con.pen.stabbing/
published: 11 Jun 2014
-
DEF CON Safe Mode - Paul Marrapese - Abusing P2P to Hack 3 Million Cameras
To a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what's *truly* insane is that millions of IoT devices are shipping with features that expose them to the Internet the moment they come online, even in the presence of NAT and firewalls. P2P, or “peer-to-peer”, is a convenience feature designed to make the lives of users easier, but has the nasty side effect of making attackers’ lives easier as well.
Come for the story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. We'll talk about the hoards of IoT devices that exist outside of Shodan's reach and the botnet-like infrastructure they rely on. Learn how to fi...
published: 05 Aug 2020
-
DEF CON 25 - Nathan Seidle - Open Source Safe Cracking Robots
We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe. Come checkout the live cracking demo during the talk!
published: 08 Aug 2017
-
DEF CON Safe Mode - Bill Demirkapi - Demystifying Modern Windows Rootkits
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.
We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.
published: 05 Aug 2020
-
DEF CON Safe Mode - Trey Keown and Brenda So - Applied Cash Eviction through ATM Exploitation
ATMs are networked computers that dispense cash, so naturally they’re uniquely interesting devices to examine. We all remember ATM jackpotting from a decade ago. Unfortunately, it doesn’t look like ATM security has improved for some common models since then.
We present our reverse engineering process for working with an ATM and modifying its firmware. For this, we became our own "bank" by creating software that's able to speak the obscure protocols used by ATMs. For working with the device software at a low level, we restored JTAG access, defeated code signing, and developed custom debugging tools. We then leveraged this research to discover two 0-day network-based attacks, which we will demonstrate live. The first vulnerability takes advantage of the ATM’s remote administration interface...
published: 05 Aug 2020
-
The Vorpal Blade (Alice Madness returns) how to make a con-safe knife
Let' s make the Vorpal Blade from Alice, Madness Returns using only Glue, foam, and sticks. Oh yes, and 100% con safe.
Look us up at
https://www.facebook.com/CosplayExtreme/
published: 20 Jul 2016
-
DEF CON Safe Mode - Patrick Kiley - Reverse Engineering a Tesla Battery Mgmt. System for Moar Power
Tesla released the P85D in 2014. At that time the vehicle came with "insane mode" acceleration with a 0-60 time of 3.2 seconds. Later in July of 2015, Tesla announced "Ludicrous mode" that cut the 0-60 time down to 2.8 seconds. This upgrade was offered both new and as a hardware and firmware change to the existing fleet of P85D vehicles. Since then, Tesla has released newer ludicrous vehicles. What makes the P85D upgrade unique was how the process required changes to the vehicle's Battery Management System(BMS). The 'BMS' handles power requests from the drive units of the car. I was able to reverse engineer this upgrade process by examining the CAN bus messages, CAN bus UDS routines and various firmware files that I extracted from a car. I also decrypted and decompiled Python source code u...
published: 05 Aug 2020
-
DEF CON Safe Mode Demo Labs - Ajin Abraham - Mobile App Security Testing with MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
published: 19 Aug 2020
-
DEF CON Safe Mode - James Pavur - Whispers Among the Stars
Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.
The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under...
published: 05 Aug 2020
-
Nintendo Switch Joy Con Strap on Backwards [Fix] [Tutorial] [Safe Way] [Fast]
There didn't seem to be much help online for this problem, so I thought I'd contribute. :P
----------------------------------------------------------------------------------------------------------------
Recorded with an iPhone 7
published: 09 Apr 2017
4:37
Prop: Talk - Convention Safety & Security
My full report on the incident: http://props.punishedpixels.com/2014/06/10/convention-etiquette-101-dont-pull-a-knife-on-a-stranger/
Dude gets pen-face-stabbed...
My full report on the incident: http://props.punishedpixels.com/2014/06/10/convention-etiquette-101-dont-pull-a-knife-on-a-stranger/
Dude gets pen-face-stabbed at SDCC: http://www.cnn.com/2010/CRIME/07/25/comic.con.pen.stabbing/
https://wn.com/Prop_Talk_Convention_Safety_Security
My full report on the incident: http://props.punishedpixels.com/2014/06/10/convention-etiquette-101-dont-pull-a-knife-on-a-stranger/
Dude gets pen-face-stabbed at SDCC: http://www.cnn.com/2010/CRIME/07/25/comic.con.pen.stabbing/
- published: 11 Jun 2014
- views: 3439
32:34
DEF CON Safe Mode - Paul Marrapese - Abusing P2P to Hack 3 Million Cameras
To a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what's *truly* insane is that millions of ...
To a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what's *truly* insane is that millions of IoT devices are shipping with features that expose them to the Internet the moment they come online, even in the presence of NAT and firewalls. P2P, or “peer-to-peer”, is a convenience feature designed to make the lives of users easier, but has the nasty side effect of making attackers’ lives easier as well.
Come for the story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. We'll talk about the hoards of IoT devices that exist outside of Shodan's reach and the botnet-like infrastructure they rely on. Learn how to find P2P networks and how to exploit them to jump firewalls, steal camera passwords over the Internet, and correlate devices to physical addresses. We'll demonstrate how to snoop on someone's video simply by using your own camera – and how someone may be snooping on your video, too.
https://wn.com/Def_Con_Safe_Mode_Paul_Marrapese_Abusing_P2P_To_Hack_3_Million_Cameras
To a hacker, making a bug-ridden IoT device directly accessible to the Internet sounds like an insanely bad idea. But what's *truly* insane is that millions of IoT devices are shipping with features that expose them to the Internet the moment they come online, even in the presence of NAT and firewalls. P2P, or “peer-to-peer”, is a convenience feature designed to make the lives of users easier, but has the nasty side effect of making attackers’ lives easier as well.
Come for the story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compromise. We'll talk about the hoards of IoT devices that exist outside of Shodan's reach and the botnet-like infrastructure they rely on. Learn how to find P2P networks and how to exploit them to jump firewalls, steal camera passwords over the Internet, and correlate devices to physical addresses. We'll demonstrate how to snoop on someone's video simply by using your own camera – and how someone may be snooping on your video, too.
- published: 05 Aug 2020
- views: 38449
27:25
DEF CON 25 - Nathan Seidle - Open Source Safe Cracking Robots
We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hou...
We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe. Come checkout the live cracking demo during the talk!
https://wn.com/Def_Con_25_Nathan_Seidle_Open_Source_Safe_Cracking_Robots
We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe. Come checkout the live cracking demo during the talk!
- published: 08 Aug 2017
- views: 53544
38:30
DEF CON Safe Mode - Bill Demirkapi - Demystifying Modern Windows Rootkits
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that s...
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.
We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.
https://wn.com/Def_Con_Safe_Mode_Bill_Demirkapi_Demystifying_Modern_Windows_Rootkits
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode.
We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.
- published: 05 Aug 2020
- views: 20203
49:50
DEF CON Safe Mode - Trey Keown and Brenda So - Applied Cash Eviction through ATM Exploitation
ATMs are networked computers that dispense cash, so naturally they’re uniquely interesting devices to examine. We all remember ATM jackpotting from a decade ago...
ATMs are networked computers that dispense cash, so naturally they’re uniquely interesting devices to examine. We all remember ATM jackpotting from a decade ago. Unfortunately, it doesn’t look like ATM security has improved for some common models since then.
We present our reverse engineering process for working with an ATM and modifying its firmware. For this, we became our own "bank" by creating software that's able to speak the obscure protocols used by ATMs. For working with the device software at a low level, we restored JTAG access, defeated code signing, and developed custom debugging tools. We then leveraged this research to discover two 0-day network-based attacks, which we will demonstrate live. The first vulnerability takes advantage of the ATM’s remote administration interface, which can lead to arbitrary code execution and total device compromise. The second vulnerability is in the OEM’s implementation of a common middleware for ATM peripherals. This allows for command injection and jackpotting of ATMs over the network.
The high barrier to entry for even legally opening up one of these devices has left a lot of attack surface area unchecked. Through this talk, we want to shed light on the state of ATM security and encourage the security community to continue to challenge ATM vendors to do better.
https://wn.com/Def_Con_Safe_Mode_Trey_Keown_And_Brenda_So_Applied_Cash_Eviction_Through_Atm_Exploitation
ATMs are networked computers that dispense cash, so naturally they’re uniquely interesting devices to examine. We all remember ATM jackpotting from a decade ago. Unfortunately, it doesn’t look like ATM security has improved for some common models since then.
We present our reverse engineering process for working with an ATM and modifying its firmware. For this, we became our own "bank" by creating software that's able to speak the obscure protocols used by ATMs. For working with the device software at a low level, we restored JTAG access, defeated code signing, and developed custom debugging tools. We then leveraged this research to discover two 0-day network-based attacks, which we will demonstrate live. The first vulnerability takes advantage of the ATM’s remote administration interface, which can lead to arbitrary code execution and total device compromise. The second vulnerability is in the OEM’s implementation of a common middleware for ATM peripherals. This allows for command injection and jackpotting of ATMs over the network.
The high barrier to entry for even legally opening up one of these devices has left a lot of attack surface area unchecked. Through this talk, we want to shed light on the state of ATM security and encourage the security community to continue to challenge ATM vendors to do better.
- published: 05 Aug 2020
- views: 24851
12:36
The Vorpal Blade (Alice Madness returns) how to make a con-safe knife
Let' s make the Vorpal Blade from Alice, Madness Returns using only Glue, foam, and sticks. Oh yes, and 100% con safe.
Look us up at
https://www.facebook.com...
Let' s make the Vorpal Blade from Alice, Madness Returns using only Glue, foam, and sticks. Oh yes, and 100% con safe.
Look us up at
https://www.facebook.com/CosplayExtreme/
https://wn.com/The_Vorpal_Blade_(Alice_Madness_Returns)_How_To_Make_A_Con_Safe_Knife
Let' s make the Vorpal Blade from Alice, Madness Returns using only Glue, foam, and sticks. Oh yes, and 100% con safe.
Look us up at
https://www.facebook.com/CosplayExtreme/
- published: 20 Jul 2016
- views: 7177
36:26
DEF CON Safe Mode - Patrick Kiley - Reverse Engineering a Tesla Battery Mgmt. System for Moar Power
Tesla released the P85D in 2014. At that time the vehicle came with "insane mode" acceleration with a 0-60 time of 3.2 seconds. Later in July of 2015, Tesla ann...
Tesla released the P85D in 2014. At that time the vehicle came with "insane mode" acceleration with a 0-60 time of 3.2 seconds. Later in July of 2015, Tesla announced "Ludicrous mode" that cut the 0-60 time down to 2.8 seconds. This upgrade was offered both new and as a hardware and firmware change to the existing fleet of P85D vehicles. Since then, Tesla has released newer ludicrous vehicles. What makes the P85D upgrade unique was how the process required changes to the vehicle's Battery Management System(BMS). The 'BMS' handles power requests from the drive units of the car. I was able to reverse engineer this upgrade process by examining the CAN bus messages, CAN bus UDS routines and various firmware files that I extracted from a car. I also decrypted and decompiled Python source code used for diagnostics to determine that the process involved replacing the contactors and fuse with higher current versions as well as modifying the current sensing high voltage "shunt" inside the battery pack. I then performed this process on an actual donor P85D. I bricked the car in the process, forcing me to pay to have it towed to another state so I could troubleshoot. I came to understand that the BMS is the deciding module that allows the drive units to have only as much power as the BMS allows. The car is fixed and is faster.
https://wn.com/Def_Con_Safe_Mode_Patrick_Kiley_Reverse_Engineering_A_Tesla_Battery_Mgmt._System_For_Moar_Power
Tesla released the P85D in 2014. At that time the vehicle came with "insane mode" acceleration with a 0-60 time of 3.2 seconds. Later in July of 2015, Tesla announced "Ludicrous mode" that cut the 0-60 time down to 2.8 seconds. This upgrade was offered both new and as a hardware and firmware change to the existing fleet of P85D vehicles. Since then, Tesla has released newer ludicrous vehicles. What makes the P85D upgrade unique was how the process required changes to the vehicle's Battery Management System(BMS). The 'BMS' handles power requests from the drive units of the car. I was able to reverse engineer this upgrade process by examining the CAN bus messages, CAN bus UDS routines and various firmware files that I extracted from a car. I also decrypted and decompiled Python source code used for diagnostics to determine that the process involved replacing the contactors and fuse with higher current versions as well as modifying the current sensing high voltage "shunt" inside the battery pack. I then performed this process on an actual donor P85D. I bricked the car in the process, forcing me to pay to have it towed to another state so I could troubleshoot. I came to understand that the BMS is the deciding module that allows the drive units to have only as much power as the BMS allows. The car is fixed and is faster.
- published: 05 Aug 2020
- views: 24137
30:37
DEF CON Safe Mode Demo Labs - Ajin Abraham - Mobile App Security Testing with MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment fra...
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://wn.com/Def_Con_Safe_Mode_Demo_Labs_Ajin_Abraham_Mobile_App_Security_Testing_With_Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
- published: 19 Aug 2020
- views: 32544
44:30
DEF CON Safe Mode - James Pavur - Whispers Among the Stars
Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look ...
Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.
The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.
The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.
The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.
https://wn.com/Def_Con_Safe_Mode_James_Pavur_Whispers_Among_The_Stars
Space is changing. The number of satellites in orbit will increase from around 2,000 today to more than 15,000 by 2030. This briefing provides a practical look at the considerations an attacker may take when targeting satellite broadband communications networks. Using $300 of widely available home television equipment I show that it is possible to intercept deeply sensitive data transmitted on satellite links by some of the world's largest organizations.
The talk follows a series of case studies looking at satellite communications affecting three domains: air, land, and sea. From home satellite broadband customers, to wind farms, to oil tankers and aircraft, I show how satellite eavesdroppers can threaten privacy and communications security. Beyond eavesdropping, I also discuss how, under certain conditions, this inexpensive hardware can be used to hijack active sessions over the satellite link.
The talk concludes by presenting new open source tools we have developed to help researchers seeking to improve satellite communications security and individual satellite customers looking to encrypt their traffic.
The talk assumes no background in satellite communications or cryptography but will be most interesting to researchers interested in tackling further unsolved security challenges in outer space.
- published: 05 Aug 2020
- views: 36471
1:08
Nintendo Switch Joy Con Strap on Backwards [Fix] [Tutorial] [Safe Way] [Fast]
There didn't seem to be much help online for this problem, so I thought I'd contribute. :P
--------------------------------------------------------------------...
There didn't seem to be much help online for this problem, so I thought I'd contribute. :P
----------------------------------------------------------------------------------------------------------------
Recorded with an iPhone 7
https://wn.com/Nintendo_Switch_Joy_Con_Strap_On_Backwards_Fix_Tutorial_Safe_Way_Fast
There didn't seem to be much help online for this problem, so I thought I'd contribute. :P
----------------------------------------------------------------------------------------------------------------
Recorded with an iPhone 7
- published: 09 Apr 2017
- views: 166675