Week 38 In Review – 2016

Events Related

• BSides Augusta 2016 Videos – www.irongeek.com
  These are the videos from the BSides Augusta conference.

Resources

• Long Secret Stingray Manuals Detail How Police Can Spy On Phones – theintercept.com
  The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.

Techniques

• Reprogramming the Defcon 24 badge – diyevil.com
  The Defcon 24 badge is built around a Intel Quark D2000 microcontroller processor, and contains 5 LEDs and 8 buttons. By default, it is programmed to occasionally blink in a few different patterns, and spit out some encoded phrases via serial.

• How I gained access to TMobile’s national network for free – medium.com
  One Friday night, I was sitting around pretending to be fine having absolutely nothing to do. I had a TMobile prepaid SIM on a spare phone with no active service, so I came up with a fun challenge: could I somehow get access to the internet without a data plan?

• Reverse Engineering Cisco ASA for EXTRABACON Offsets – zerosum0x0.blogspot.com
  One of the zero-day vulnerabilities released was a remote code execution in the Cisco Adaptive Security Appliance (ASA) device. The Equation Group’s exploit for this was named EXTRABACON. Cisco ASAs are commonly used as the primary firewall for many organizations, so the EXTRABACON exploit release raised many eyebrows.

Vulnerabilities

• Hands-on: Blue Hydra can expose the all-too-unhidden world of Bluetooth – arstechnica.com
  Blue Hydra is intended to give security professionals a way of tracking the presence of traditional Bluetooth, BTLE devices, and BTLE “iBeacon” proximity sensors. But it can also be connected to other tools to provide alerts on the presence of particular devices.

Other News

• NIST Unveils a Cybersecurity Self-Assessment Tool – www.bankinfosecurity.com
  Known as the Baldrige Cybersecurity Excellence Builder, the self-assessment tool is based on the Baldrige Performance Excellence Program and the risk management mechanisms of NIST’s cybersecurity framework. The Baldrige Performance Excellence Program, like the cybersecurity framework, is designed to help organizations worldwide guide their operations, improve performance and achieve sustainable results.