Events Related
- GrrCON 2016 Videos – irongeek.com
These are the videos of the presentations from GrrCON 2016.
- Videos from the DHS Cyber Security Division (CSD) workshop earlier this year – voipsecurityblog.typepad.com
Here are a couple of links to the Department of Homeland Security (DHS) Cyber Security Division (CSD) showcase earlier this year. They did a great job of recording the videos of all the presenters. We were fortunate to be a featured presenter on the first day.
Tools
- ooktools: on-off keying tools for your sdr – github.com
ooktools aims to help with the reverse engineering of on-off keying data sources such as wave files or raw frames captured using RfCat.
- Mirai-Source-Code – github.com
Techniques
- scanlime:015 / Glitchy Descriptor Firmware Grab – www.youtube.com
This episode is all glitching and USB, turning a chip’s environment against it to slurp out hidden code.
- Pwning a thin client in less than one minute, again! – blog.malerisch.net
Today, together with Vincent Hutsebaut, we are releasing a further technique to pwn the same thin client and get a root shell without authentication, in less than one minute!
- Building an IoT Botnet: BSides Manchester 2016 – www.mdsec.co.uk
In August, @MDSecLabs delivered a talk at the Manchester BSides titled “Breaking and Entering, Hacking Consumer Security Systems”. The talk outlined research that we had performed in to the security (or lack of), of many IoT devices, specifically consumer security systems such as IP Cameras, DVRs, CCTV and Smart Home Security kits.
- DMA attacking over USB-C and Thunderbolt 3 – blog.frizk.net
I just got an Intel NUC Skull Canyon that has an USB-C port capable of Thunderbolt 3. Thunderbolt is interesting since it’s able to carry PCI Express which is Direct Memory Access (DMA) capable. I have previously demonstrated how it is possible to DMA-attack macs over Thunderbolt 2 in my DEF CON talk “Direct Memory Attack the Kernel”.
- JTAG Explained (finally!): Why “IoT”, Software Security Engineers, and Manufacturers Should Care – blog.senr.io
JTAG is a common hardware interface that provides your computer with a way to communicate directly with the chips on a board. It was originally developed by a consortium, the Joint (European) Test Access Group, in the mid-80s to address the increasing difficulty of testing printed circuit boards (PCBs).
Vulnerabilities
- Johnson & Johnson discloses that its insulin pump is hackable – thestack.com
Johnson & Johnson has revealed that its J&J Animas OneTouch Ping insulin pump is vulnerable to hackers, who could potentially force the device to overdose diabetic patients – however, it declares that the risk of this happening is very low.
Other News
- Feds Charge Two In Lizard Squad Investigation – krebsonsecurity.com
The U.S. Justice Department has charged two 19-year-old men alleged to be core members of the hacking groups Lizard Squad and PoodleCorp. The pair are charged with credit card theft and operating so-called “booter”or “stresser” services that allowed paying customers to launch powerful attacks designed to knock Web sites offline.
Leave A Comment