Week 32 In Review – 2016

Events Related

• DARPA’s Cyber Grand Challenge: Early Highlights from the Competition – www.youtube.com
  Early highlights from the world’s first all-machine hacking tournament, DARPA’s Cyber Grand Challenge (CGC). This computer security competition featured seven High Performance Computers as competitors. CGC took place on Thursday, August 4, 2016.

• Building the Workforce through Cybersecurity Competitions – www.whitehouse.gov
  The National Science and Technology Council report, A 21st Century Science, Technology, and Innovation Enterprise for America’s National Security, notes that maintaining “a diverse and robust STEM education pipeline, including providing robust STEM opportunities for the children of military families at home and abroad, is critical for the U.S. national security ST&I workforce.”

Resources

• Briefings – August 3&4 – www.blackhat.com

• DEF CON 24 presentations – media.defcon.org

Tools

• BLE
  Tools to test Bluetooth Low Energy (BLE) device
  • BLESuite – github.com
  • BLESuite_CLI – github.com
  • BLE-Replay – github.com

Techniques

• Big Bugs Podcast Episode 4: Fun and Hacking with Pokemon Go! – blog.bugcrowd.com
  In this episode, I’ll start by giving a brief history of Niantic and Pokemon Go and review some of the few technical issues that the game has experienced. The bulk of this podcast will be focused on how the hacking scene found ways to reverse engineer the game, and of course some tips and tricks so you can catch ’em all.

• FakeNet-NG: Next Generation Dynamic Network Analysis Tool – www.fireeye.com
  As a reverse engineer on the FLARE (FireEye Labs Advanced Reverse Engineering) team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to emulate the network environment and trick the malware into thinking it is connected to the Internet.

Vulnerabilities

• Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing – www.darkreading.com
  Researchers from Rapid7 Inc. will demonstrate how point-of-sale systems and hotel keys with magstripe technology can be hacked and used in brute-force attacks as part of a DefCon presentation this weekend.