Week 33 In Review – 2016

Events Related

  • DefCon Event
    Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for a second year in a row.

  • Northsec 2016 Conference – www.youtube.com
    NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike.
    We are determined to create a high quality security forum composed of a two day single track conference by the brightest in their field of expertise, followed by an intense 48 hour on-site CTF contest.

Resources

  • 101 Ways to Brick you Hardware – www.grandideastudio.com
    Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable. This presentation provides examples of common mistakes that can temporarily or permanently damage electronic systems and ways to recover, if possible.

Tools

  • PCILeech – github.com
    Direct Memory Access (DMA) Attack Software
  • The Binwalk Firmware Analysis Tool – www.basicinputoutput.com
    I’ve recently been experimenting with a wicked-fun tool you may find useful called Binwalk:  a “fast, easy to use tool for analyzing and extracting firmware images” including, but not limited to, UEFI images.
  • Datasploit – github.com
    A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.
  • WSSAT – Web Service Security Assessment Tool – github.com
    WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files.

Techniques

  • DefCon 24 Badge – i.crave.beer
    Having a few years experience in product development, most of what Joe was saying wasn’t new to me, but the tools and techniques he presented in reversing unknown hardware were well received. Which leads me to the entire point of this post. Defcon 24 featured an electronic badge for attendee’s that allowed me to practice some of my new skills in reversing the circuit.

Vulnerabilities

  • Almost every Volkswagen sold since 1995 can be unlocked with an Arduino – arstechnica.com
    Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.

Other News

One Comment

  1. Week 33 In Review – 2016 – sec.uno August 16, 2016 at 12:17 am

    […] post Week 33 In Review – 2016 appeared first on Infosec […]

Leave A Comment