- DefCon Event
Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for a second year in a row.
- Northsec 2016 Conference – www.youtube.com
NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike.
We are determined to create a high quality security forum composed of a two day single track conference by the brightest in their field of expertise, followed by an intense 48 hour on-site CTF contest.
- Black Hat 2016
Just a few days ago I had a blast again at this year’s Black Hat. Some of the talks were really worth listening to, so I wanted to point them out and give a short summary.
- 101 Ways to Brick you Hardware – www.grandideastudio.com
Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable. This presentation provides examples of common mistakes that can temporarily or permanently damage electronic systems and ways to recover, if possible.
- Defcon deals: Five hacking tools for $100 or less – www.cnet.com
Are you a hacker on a budget? Fear not, for at Defcon, you can still pick up some powerful tools of the trade — and some fairly silly ones — for a reasonable price.
- PokemonGoDecoderForBurp – github.com
A simpe decoder to decode requests/responses made by PokemonGo in burp
- PCILeech – github.com
Direct Memory Access (DMA) Attack Software
- The Binwalk Firmware Analysis Tool – www.basicinputoutput.com
I’ve recently been experimenting with a wicked-fun tool you may find useful called Binwalk: a “fast, easy to use tool for analyzing and extracting firmware images” including, but not limited to, UEFI images.
- Datasploit – github.com
A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
- WSSAT – Web Service Security Assessment Tool – github.com
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files.
- DefCon 24 Badge – i.crave.beer
Having a few years experience in product development, most of what Joe was saying wasn’t new to me, but the tools and techniques he presented in reversing unknown hardware were well received. Which leads me to the entire point of this post. Defcon 24 featured an electronic badge for attendee’s that allowed me to practice some of my new skills in reversing the circuit.
- Your Mouse Got Sick and You Don’t Know it. aka “Reverse Shell via Mouse” – www.insinuator.net
In this Proof of Concept the marco opens the Windows Command Line and downloads Netcat via Windows’ own ftp.exe from an external FTP server. Afterwards, it launches Netcat in background mode, while a Netcat listener already is waiting on the remote machine.
- Almost every Volkswagen sold since 1995 can be unlocked with an Arduino – arstechnica.com
Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.
- Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable – threatpost.com
Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks.
- Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon – motherboard.vice.com
Geoffrey Vaughan, a security researcher and engineer, conducted scans using an IMSI-catcher detection app before and during the conference, and dumped his results this week.