Amit, CISO Platform's Blog (111)

Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.



We created the TumbleRF fuzzing orchestration framework to address these…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python,…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Fasten your seatbelts: We are escaping iOS 11 sandbox!

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Finding Xori: Malware Analysis Triage with Automated Disassembly

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Reaping and breaking keys at scale: when crypto meets big data

Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy.



Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

You’re Just Complaining Because You’re Guilty: A DEF CON Guide to Adversarial Testing of Software Used in the Criminal Justice System

Software is increasingly used to make huge decisions about people's lives and often these decisions are made with little transparency or accountability to individuals. If there is any place where transparency, third-party review, adversarial testing and true accountability is essential, it is the criminal justice system. Nevertheless, proprietary software is used throughout the system, and the trade secrets of software vendors are regularly deemed more important than the rights of the…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Who Controls the Controllers - Hacking Crestron IoT Automation Systems

While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 1:00pm — No Comments

Lost and Found Certificates: dealing with residual certificates for pre-owned domains

When purchasing a new domain name you would expect that you are the only one who can obtain a valid SSL certificate for it, however that is not always the case. When the domain had a prior owner(s), even several years prior, they may still possess a valid SSL certificate for it and there is very little you can do about it.



Using Certificate Transparency, we examined millions of domains and certificates and found thousands of examples where the previous owner for a domain…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:30pm — No Comments

Automated Discovery of Deserialization Gadget Chains

Although vulnerabilities stemming from the deserialization of untrusted data have been understood for many years, unsafe deserialization continues to be a vulnerability class that isn't going away. Attention on Java deserialization vulnerabilities skyrocketed in 2015 when Frohoff and Lawrence published an RCE gadget chain in the Apache Commons library and as recently as last year's Black Hat, Muñoz and Miroshis presented a survey of dangerous JSON deserialization libraries. While much…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:30pm — No Comments

Digital Leviathan: a comprehensive list of Nation-State Big Brothers (from huge to little ones

In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life.



We witness the rise of the Digital Leviathan. The same apps and applications…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:30pm — No Comments

Infecting the Embedded Supply Chain

With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

Hacking BLE Bicycle Locks for Fun and a Small Profit

Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't.



Previous talks…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

Breaking Smart Speakers: We are Listening to You.

In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

SMBetray - Backdooring and breaking signatures

When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

An Attacker Looks at Docker: Approaching Multi-Container Applications

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker.



While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers

Though many security mechanisms are deployed in Apple's macOS and iOS systems, some old-fashioned or poor-quality kernel code still leaves the door widely open to attackers. Especially, as kernel's critical components, device drivers are frequently exploited to attack Apple systems. In fact, bug hunting in Apple kernel drivers is not easy since they are mostly closed-source and heavily relying on object-oriented programming. In this talk, we will share our experience of analyzing and…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 12:00pm — No Comments

Last mile authentication problem: Exploiting the missing link in end-to-end secure communication

With "Trust none over the Internet" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected.



This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

Hacking PLCs and Causing Havoc on Critical Infrastructures

Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned.…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

Weaponizing Unicode: Homographs Beyond IDNs

Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

Practical & Improved Wifi MITM with MANA

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.



Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to…

Continue

Added by Amit, CISO Platform on September 26, 2018 at 11:30am — No Comments

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service