Enviar búsqueda
Cargar
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
•
Descargar como PPTX, PDF
•
1 recomendación
•
1,091 vistas
DefconRussia
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 25
Descargar ahora
Recomendados
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Recomendados
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Más contenido relacionado
Más de DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
Más de DefconRussia
(20)
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
HTTP HOST header attacks
HTTP HOST header attacks
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
Weakpass - defcon russia 23
Weakpass - defcon russia 23
nosymbols - defcon russia 20
nosymbols - defcon russia 20
static - defcon russia 20
static - defcon russia 20
Zn task - defcon russia 20
Zn task - defcon russia 20
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
Nedospasov defcon russia 23
Nedospasov defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Miasm defcon russia 23
Miasm defcon russia 23
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Último
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Último
(20)
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
1.
Physical (In)security Inbar Raz Malware
& Security Manager Check Point Software Technologies ©2013 Check Point Software Technologies Ltd.
2.
Types of Vulnerability
Disclosures Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – If asked, work with the vendor – After 3-6 months, proceed to Full Disclosure Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC ©2013 Check Point Software Technologies Ltd. 2
3.
Disclosure #1 Vendor:
An Online Movie Ticket Service Field: Online shopping and entertainment Affected Product: On-site Ticket Kiosk Vulnerability: Multiple vulnerabilities cause the compromise of both customer and company data ©2013 Check Point Software Technologies Ltd. 3
4.
Disclosure Details On-site
Kiosk Touch Screen Credit Card Reader Ticket Printer No peripherals, No interfaces And the journey begins… ©2013 Check Point Software Technologies Ltd. 4
5.
Disclosure Details Improper
interface settings allow the opening of menu options. Menus can be used to browse for a new printer. ©2013 Check Point Software Technologies Ltd. 5
6.
Disclosure Details A
limited browser is not restricted enough. A right-click can be used… To open a full, unlimited Windows Explorer. Now the sky is the limit… ©2013 Check Point Software Technologies Ltd. 6
7.
Disclosure Details Browsing
through the file system reveals indicative directory names… And even more indicative file names. ©2013 Check Point Software Technologies Ltd. 7
8.
Disclosure Details Bingo:
Credit Card Data (Unencrypted!) Tools of the trade: Notepad We can use the ticket printer to take it home ©2013 Check Point Software Technologies Ltd. 8
9.
Disclosure Details But
that’s not all: RSA Keys and Certificates are also found on the drive! Which we can print, take home and then use a free OCR software to read… ©2013 Check Point Software Technologies Ltd. 9
10.
Disclosure Details The
result: RSA Keys used to bill credit cards. ©2013 Check Point Software Technologies Ltd. 10
11.
Disclosure #2 Vendor:
Point-of-Sale Manufacturer and Users Field: Network Security Vulnerability: Improper physical security allows access to insecure PoS devices during afterhours. ©2013 Check Point Software Technologies Ltd. 11
12.
Disclosure Details Point-Of-Sale
devices are all around you. ©2013 Check Point Software Technologies Ltd. 12
13.
Disclosure Details Location:
A bar in Tel-Aviv During working hours – tables, chair and PoS outside During afterhours – everything is locked inside the facility But the Ethernet port remains hot – In public space… ©2013 Check Point Software Technologies Ltd. 13
14.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. ©2013 Check Point Software Technologies Ltd. 14
15.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254 Confirm by ping (individual and broadcast) ©2013 Check Point Software Technologies Ltd. 15
16.
Attack Vector Evidence
of SMB (plus prior knowledge) lead to the next step: And the response: ©2013 Check Point Software Technologies Ltd. 16
17.
Things to do
with an open share #1: Look around [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 17
18.
Things to do
with an open share #1: Look around #2: Create a file list [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 18
19.
The mystery of
192.168.0.250 Answers a ping, but no SMB. First guess: the ADSL Modem. Try to access the Web-UI: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 19
20.
The mystery of
192.168.0.250 Use the full URL: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 20
21.
Going for the
ADSL router Reminder: We actually had this information. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 21
22.
Going for the
ADSL router Naturally, there is access control: Want to guess? [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 22
23.
Unlocked Achievements Best
for me, worst for them: Credit card data. Database files (yet to be analyzed). The program files of the billing system. Potential attack through the internet. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 23
24.
Next Steps Create
a Responsible Disclose document for the PoS manufacturer Send an Advisory to businesses ©2013 Check Point Software Technologies Ltd. 24
25.
IMPORTANT NOTICE The
bar operation was with full cooperation and consent. DOING THIS ON YOUR OWN IS ILLEGAL. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 25
Descargar ahora