Week 33 In Review – 2016

Events Related

• DefCon Event
  Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for a second year in a row.
  • DEFCON 24 Badge Challenge – co9.io
  • The DEFCON CTF VM – fuzyll.com

• Northsec 2016 Conference – www.youtube.com
  NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike.
  We are determined to create a high quality security forum composed of a two day single track conference by the brightest in their field of expertise, followed by an intense 48 hour on-site CTF contest.

Resources

• Black Hat 2016
  Just a few days ago I had a blast again at this year’s Black Hat. Some of the talks were really worth listening to, so I wanted to point them out and give a short summary.
  • Philips Hue – R.E. Whitepaper from Black Hat 2016 – colinoflynn.com
  • Black Hat 2016 Summary – www.insinuator.net

• 101 Ways to Brick you Hardware – www.grandideastudio.com
  Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable. This presentation provides examples of common mistakes that can temporarily or permanently damage electronic systems and ways to recover, if possible.

Tools

• Defcon deals: Five hacking tools for $100 or less – www.cnet.com
  Are you a hacker on a budget? Fear not, for at Defcon, you can still pick up some powerful tools of the trade — and some fairly silly ones — for a reasonable price.

• PokemonGoDecoderForBurp – github.com
  A simpe decoder to decode requests/responses made by PokemonGo in burp

• PCILeech – github.com
  Direct Memory Access (DMA) Attack Software

• The Binwalk Firmware Analysis Tool – www.basicinputoutput.com
  I’ve recently been experimenting with a wicked-fun tool you may find useful called Binwalk:  a “fast, easy to use tool for analyzing and extracting firmware images” including, but not limited to, UEFI images.

• Datasploit – github.com
  A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

• WSSAT – Web Service Security Assessment Tool – github.com
  WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files.

Techniques

• DefCon 24 Badge – i.crave.beer
  Having a few years experience in product development, most of what Joe was saying wasn’t new to me, but the tools and techniques he presented in reversing unknown hardware were well received. Which leads me to the entire point of this post. Defcon 24 featured an electronic badge for attendee’s that allowed me to practice some of my new skills in reversing the circuit.

• Your Mouse Got Sick and You Don’t Know it. aka “Reverse Shell via Mouse” – www.insinuator.net
  In this Proof of Concept the marco opens the Windows Command Line and downloads Netcat via Windows’ own ftp.exe from an external FTP server. Afterwards, it launches Netcat in background mode, while a Netcat listener already is waiting on the remote machine.

Vulnerabilities

• Almost every Volkswagen sold since 1995 can be unlocked with an Arduino – arstechnica.com
  Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.

• Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable – threatpost.com
  Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks.

Other News

• Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon – motherboard.vice.com
  Geoffrey Vaughan, a security researcher and engineer, conducted scans using an IMSI-catcher detection app before and during the conference, and dumped his results this week.