SlideShare una empresa de Scribd logo

28c3 in 15

Descargar como PPTX, PDF
A
antitree
TecnologíaEmpresariales
1 de 19
 This is the third year he’s done a GSM presentation  Did a live demo on stage showing how to sniff, crack, and impersonate a phone  A5/1 is dead AND improperly implemented  A5/3 is better but will be cracked (still 64bit but a block cipher at least)  A5/4 is legit biznitch but operators are lazy
 TMSI ~= username  KC ~= password  GSM != CDMA  Mitigations:  Implement padding randomization (blerg)  SI5/SI6 randomization (Google TS 44.018)  Implement A5/3  Implementing 1 and 2 are “easy” and effectively stop 100% of current threats
Tools that they used:  Osmocom – turns a phone into a GSM hacking tool  CaptureCapture – turns Osmocon into an IDS for GSM attacks  GSMMap.org – ratings of countries based on their GSM security
 Baseband = the chipset of the phone that handles telcoms  Facilitates the bridge to accept AT commands  Talks about Qualcom DIAG protocol  Download mode WRITE and EXECUTE anywhere on the device  Normal mode accepts commands to rw memory locations  Blerg blerg blerg. Good data if you want to learn how to reverese your self but no output.
Print Me if you dare  MSNBC: Millions of printers open to devastating hack attack  Ars technica: HP Printers can be remotely controlled and set on fire  Gawker: Hackers could turn your printer into a flaming death bomb  Gizmodo: Can hackers really use your HP printer to steal your identity and blow up your house?
Print Me if you dare  No bomb/fire  56 firmwares were released to fix this flaw affecting 2005-2011 CVE-2011-4161  Found out that you can update the firmware with LPR  Found out that this process did not use digital signatures or authentication  PJL – printer job language  Made a malicious remote firmware update in PJL launguage  Can be used for phishing
Print Me if you dare  Takes apart a printer and reviews the chips  Downloads the datasheet for the flash chip (digikey)  Learns how to talk to the chip  Made an Arduino dumper for the ROM chip of the printer  Runs output into IDA Pro  ...Magic…  Writes a vxworks rootkit – 3k of ARM assembly
Print Me if you dare  Malware  Reverse proxy – NAT traversal  Print-job interceptor – send to another IP  Debug message redirection – telnet  Cause paper jams, “Control Controller”  Summary:  Made a rootkit to attack HP printers to use as a pivot for pen tests.  Add RFU vulns to your pen tests (Not in Nessus, Nexpose yet). Run RFU for printer model. If the firmware changes = bad.  Can be included in legit documents (post script)
CELLULAR PROTOCOL STACKS Awesome Intro To Mobile Protocols talk Unfortunately nothing about CDMA and America Goes into GSM, GPRS, the history, why everything is fucked up, extremely thorough Got boring quickly Passed out
CELLULAR PROTOCLS STACKS Is he still talking? Holy crap He’s just naming 1000 acronyms now Punkrokk – do your joke Did he do it? Ok nevermind this talk was lame Here look at this instead:
• Presentation references “Over 9000” but it flies over the heads of all of Europe • Created the tor_extend ruby library < neat • Made a map of all the hidden routers < cute Taking Over The Tor Network
“Taking Over” The Tor Network • Created Tor malware that exploits a DLL in a Windows box • Did not release code • Their malware implemented packet spinning which is an attack vector discussed in 2008 • Did not talk to Tor Project at all • “This doesn’t work with the new version of Tor anymore”
• There are more than 600 bridge • They have found “all” 181 nodes bridge nodes • There are only • They have found Over about 2500 9000!!!1!! ORs “Taking Over” The Tor Network
• They made Windows malware and then used someone else’s attack then told the world they owned the Tor network • Hilarious last 10 minutes of the presentation where Dingldine and IOError do a Q and A: • Can you tell me what’s new and relevant about your presentation? • Why didn’t you talk to us? • You published a lot of bridge nodes. Why do you want to hurt third world countries? • Why don’t you release the exploit? “Taking Over” The Tor Network
Dingldine: “UR STUPD I FUK UR FACE!” “Taking Over” The Tor Network
DOWNLOAD All the things:  http://mirror.fem-net.de/CCC/28C3/mp4-h264-HQ/
END

Recomendados

ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)Tim N
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Practically DROWNing
Practically DROWNingPractically DROWNing
Practically DROWNingTim N
 
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)Open Labs Albania
 
Git Money
Git MoneyGit Money
Git MoneyTim N
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software Stefan Fodor
 
Image based automation
Image based automationImage based automation
Image based automationantitree
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sidesantitree
 

Recomendados

ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)Tim N
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Practically DROWNing
Practically DROWNingPractically DROWNing
Practically DROWNingTim N
 
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)
Rezart muco - A Web System for OpenMoko GTA02 (OSCAL2014)Open Labs Albania
 
Git Money
Git MoneyGit Money
Git MoneyTim N
 
Reconnaissance software
Reconnaissance software Reconnaissance software
Reconnaissance software Stefan Fodor
 
Image based automation
Image based automationImage based automation
Image based automationantitree
 
How [not] to throw a b sides
How [not] to throw a b sidesHow [not] to throw a b sides
How [not] to throw a b sidesantitree
 
0x20 hack
0x20 hack0x20 hack
0x20 hackantitree
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpnantitree
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600antitree
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting publicantitree
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016antitree
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Jabber 101
Jabber 101Jabber 101
Jabber 101stpeter
 
Sectools
SectoolsSectools
Sectoolssecuredome
 
aaa
aaaaaa
aaahungnhatban
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threatsVincenzo Iozzo
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Leif Bloomquist
 

Más contenido relacionado

Destacado

Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpnantitree
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600antitree
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpadantitree
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting publicantitree
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016antitree
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 

Destacado (11)

0x20 hack
0x20 hack0x20 hack
0x20 hack
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Salander v bond 2600
Salander v bond 2600Salander v bond 2600
Salander v bond 2600
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Meek and domain fronting public
Meek and domain fronting publicMeek and domain fronting public
Meek and domain fronting public
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_public
 

Similar a 28c3 in 15

Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Jabber 101
Jabber 101Jabber 101
Jabber 101stpeter
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threatsVincenzo Iozzo
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Leif Bloomquist
 
Hack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usHack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usThierry Zoller
 
All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.Thierry Zoller
 
BruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid ComputingBruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid Computingtomaszmiklas
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityFelipe Prado
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toasterguest66dc5f
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffOlle E Johansson
 

Similar a 28c3 in 15 (20)

Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Jabber 101
Jabber 101Jabber 101
Jabber 101
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threats
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Internet Technology for the Commodore 64
Internet Technology for the Commodore 64Internet Technology for the Commodore 64
Internet Technology for the Commodore 64
 
Hack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to usHack.lu 2006 - All your Bluetooth is belong to us
Hack.lu 2006 - All your Bluetooth is belong to us
 
All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.All your Bluetooth is belong to us - the rest too.
All your Bluetooth is belong to us - the rest too.
 
BruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid ComputingBruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid Computing
 
DEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning securityDEF CON 27- JISKA FABIAN - vacuum cleaning security
DEF CON 27- JISKA FABIAN - vacuum cleaning security
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toaster
 
Killer Bugs From Outer Space
Killer Bugs From Outer SpaceKiller Bugs From Outer Space
Killer Bugs From Outer Space
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuff
 
Artillery Duel Network
Artillery Duel NetworkArtillery Duel Network
Artillery Duel Network
 

Más de antitree

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurationsantitree
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3antitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcampantitree
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600antitree
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheepantitree
 
Hackerspaces
HackerspacesHackerspaces
Hackerspacesantitree
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruffantitree
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Torantitree
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijackingantitree
 

Más de antitree (12)

Hardening ssh configurations
Hardening ssh configurationsHardening ssh configurations
Hardening ssh configurations
 
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embedded
 
Tor
TorTor
Tor
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Lock picking barcamp
Lock picking barcampLock picking barcamp
Lock picking barcamp
 
Lock picking 2600
Lock picking 2600Lock picking 2600
Lock picking 2600
 
Anti tree firesheep
Anti tree firesheepAnti tree firesheep
Anti tree firesheep
 
Hackerspaces
HackerspacesHackerspaces
Hackerspaces
 
Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben WoodruffIntro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruff
 
Anonymity Systems: Tor
Anonymity Systems: TorAnonymity Systems: Tor
Anonymity Systems: Tor
 
Dll hijacking
Dll hijackingDll hijacking
Dll hijacking
 

Último

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

28c3 in 15

  • 1.
  • 2.  This is the third year he’s done a GSM presentation  Did a live demo on stage showing how to sniff, crack, and impersonate a phone  A5/1 is dead AND improperly implemented  A5/3 is better but will be cracked (still 64bit but a block cipher at least)  A5/4 is legit biznitch but operators are lazy
  • 3.  TMSI ~= username  KC ~= password  GSM != CDMA  Mitigations:  Implement padding randomization (blerg)  SI5/SI6 randomization (Google TS 44.018)  Implement A5/3  Implementing 1 and 2 are “easy” and effectively stop 100% of current threats
  • 4. Tools that they used:  Osmocom – turns a phone into a GSM hacking tool  CaptureCapture – turns Osmocon into an IDS for GSM attacks  GSMMap.org – ratings of countries based on their GSM security
  • 5. Baseband = the chipset of the phone that handles telcoms  Facilitates the bridge to accept AT commands  Talks about Qualcom DIAG protocol  Download mode WRITE and EXECUTE anywhere on the device  Normal mode accepts commands to rw memory locations  Blerg blerg blerg. Good data if you want to learn how to reverese your self but no output.
  • 6. Print Me if you dare  MSNBC: Millions of printers open to devastating hack attack  Ars technica: HP Printers can be remotely controlled and set on fire  Gawker: Hackers could turn your printer into a flaming death bomb  Gizmodo: Can hackers really use your HP printer to steal your identity and blow up your house?
  • 7. Print Me if you dare  No bomb/fire  56 firmwares were released to fix this flaw affecting 2005-2011 CVE-2011-4161  Found out that you can update the firmware with LPR  Found out that this process did not use digital signatures or authentication  PJL – printer job language  Made a malicious remote firmware update in PJL launguage  Can be used for phishing
  • 8. Print Me if you dare  Takes apart a printer and reviews the chips  Downloads the datasheet for the flash chip (digikey)  Learns how to talk to the chip  Made an Arduino dumper for the ROM chip of the printer  Runs output into IDA Pro  ...Magic…  Writes a vxworks rootkit – 3k of ARM assembly
  • 9. Print Me if you dare  Malware  Reverse proxy – NAT traversal  Print-job interceptor – send to another IP  Debug message redirection – telnet  Cause paper jams, “Control Controller”  Summary:  Made a rootkit to attack HP printers to use as a pivot for pen tests.  Add RFU vulns to your pen tests (Not in Nessus, Nexpose yet). Run RFU for printer model. If the firmware changes = bad.  Can be included in legit documents (post script)
  • 10. CELLULAR PROTOCOL STACKS Awesome Intro To Mobile Protocols talk Unfortunately nothing about CDMA and America Goes into GSM, GPRS, the history, why everything is fucked up, extremely thorough Got boring quickly Passed out
  • 11. CELLULAR PROTOCLS STACKS Is he still talking? Holy crap He’s just naming 1000 acronyms now Punkrokk – do your joke Did he do it? Ok nevermind this talk was lame Here look at this instead:
  • 12. • Presentation references “Over 9000” but it flies over the heads of all of Europe • Created the tor_extend ruby library < neat • Made a map of all the hidden routers < cute Taking Over The Tor Network
  • 13.
  • 14. “Taking Over” The Tor Network • Created Tor malware that exploits a DLL in a Windows box • Did not release code • Their malware implemented packet spinning which is an attack vector discussed in 2008 • Did not talk to Tor Project at all • “This doesn’t work with the new version of Tor anymore”
  • 15. • There are more than 600 bridge • They have found “all” 181 nodes bridge nodes • There are only • They have found Over about 2500 9000!!!1!! ORs “Taking Over” The Tor Network
  • 16. • They made Windows malware and then used someone else’s attack then told the world they owned the Tor network • Hilarious last 10 minutes of the presentation where Dingldine and IOError do a Q and A: • Can you tell me what’s new and relevant about your presentation? • Why didn’t you talk to us? • You published a lot of bridge nodes. Why do you want to hurt third world countries? • Why don’t you release the exploit? “Taking Over” The Tor Network
  • 17. Dingldine: “UR STUPD I FUK UR FACE!” “Taking Over” The Tor Network
  • 18. DOWNLOAD All the things:  http://mirror.fem-net.de/CCC/28C3/mp4-h264-HQ/
  • 19. END