Quantcast

Author: david b.

The New Scourge of Ransomware 6: CryptoLocker Takedown

Finally, John Bambenek and Lance James touch upon Operation Tovar that ended CryptoLocker campaign, and dwell on the lessons learned from this whole incident. John Bambenek: Operation Tovar, going on to takedown (see right-hand image). Law enforcement agencies of 13 countries and lots of individuals and...

The New Scourge of Ransomware 5: Human Intelligence Findings on CryptoLocker

The security experts keep on providing CryptoLocker facts that they were able to discover, including HUMINT details, victim communication and HDD forensics. Lance James: We’re also sending a message quickly, and we need to keep that message going. You even saw the FBI has been doing it lately, they’re...

The New Scourge of Ransomware 4: CryptoLocker Study in Contradictions

As part of their story on CryptoLocker analysis, John Bambenek and Lance James dwell on the methodology of tracking the ransomware via payments and DGA. John Bambenek: So, taking a look at CryptoLocker. A lot of this was a study in contradictions, because there were indicators that did not seem, at least on...

The New Scourge of Ransomware 3: Recovery and Defenses

The experts shift their focus over to CryptoLocker attack mitigation and touch upon the cooperation of law enforcement and security industry on this case. John Bambenek: So, a little bit of recovery and defenses (see right-hand image). A lot of this is best practice stuff. If you get your files encrypted,...

The New Scourge of Ransomware 2: The Business Model Behind CryptoLocker

As the presentation continues, the researchers share their findings on the uniqueness of CryptoLocker ransomware and the reasons it was such a viable threat. John Bambenek: In August 2013, CryptoLocker appears. I get a call from one of my clients – that’s how I first found it – from a local government...

The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends

Security experts Lance James and John Bambenek tell the Black Hat USA audience how they got together on the CryptoLocker ransomware case and how it went. Black Hat USA host: With no further ado, I will introduce our speakers today. We have John Bambenek and Lance James. Lance James: So, everybody knows what...

Most ransomware isn’t as complex as you might think 3: Attack payloads and mitigation

Lastline Labs’ Engin Kirda now describes the encryption, deletion and locking mechanisms leveraged by ransomware and also focuses on mitigation techniques. So what are the attack payloads? Encryption, of course, is a popular thing. About 5% of the samples that we actually looked at were using some sort of...

Most ransomware isn’t as complex as you might think 2: Evolution of ransom Trojans

The evolution of ransomware code and behavior since the emergence of these hoaxes up till the present day is what Engin Kirda covers in this part of his talk. So how has ransomware evolved over the years? Well, the ransomware concept actually dates back to the end of the 80s – the beginning of the 90s,...

Most ransomware isn’t as complex as you might think

Engin Kirda, the co-founder of Lastline Labs, took the floor at Black Hat USA to give a retrospective view of ransomware and analyze its present-day flaws. Hi! Good afternoon everyone. Thanks for showing up. I have the pleasure of having the last session. Hopefully it’s not the curse of having the last...

Explorations in Data Destruction 8: Electric Techniques

Zoz now stages experiments with high voltage as a method to demolish SSD drives and provides a general summary on destruction techniques that work the best. I have to go really fast now with electric. There aren’t too many things in there (see right-hand image). The goal was, you know, we’ve got...

Explorations in Data Destruction 7: Diamond Charge and Blast Suppression

Having conducted enough experiments with the Munroe effect over shaped charges, Zoz decides to try diamond charges and a blast suppression technique. So I feel good about shaped charges, but there’s one other charge I wanted to try, which is a diamond charge (see right-hand image). The EOD folks use these...

Explorations in Data Destruction 6: Oil Well Perforators

Courtesy of a neighboring bomb squad, Zoz gets the chance to play around with oil well perforators by utilizing them in his staged data demolition experiments. Alright, moving on, the bomb squad said to us “Oh, by the way, we have hundreds of these oil well perforators that we want to get rid of. Would...

Explorations in Data Destruction 5: The Munroe Effect

Zoz continues his series of HDD destruction experiments as he gives annular and radial shaped charges a shot and tries the compression welding technique. The stearic acid turns out to be a really important component of this explosive. And if you don’t get that amount right, it doesn’t work. So this is a...

Explorations in Data Destruction 4: Kinetic Methods

This part of Zoz’ research is a 101 on HDD demolition through physical damage rather than heat, so find out what techniques he leveraged and how it all went. Alright, moving on to part 2 – kinetic (see right-hand image). The goal here was to deform, spindle, mutilate the drive, basically, severely...

Explorations in Data Destruction 3: Beyond Straight Thermite

As Zoz keeps experimenting with thermal methods to completely ruin HDDs, he tries more substances based on thermite and draws some interesting conclusions. So alright, I wasn’t ready to give up yet. I know that in military thermite grenades they actually don’t use straight thermite – they use what...

Explorations in Data Destruction 2: Thermal Techniques

Having highlighted the goals and rules for the research, Zoz demonstrates HDD destruction attempts via a couple of thermal methods, including oxygen injection. So method number one, the good old plasma cutter (watch video below). Starting off keeping things simple. I had used plasma cutters many times and I...

Zoz – And That’s How I Lost My Other Eye… Explorations in Data Destruction

This DEF CON 23 presentation by Dr. Andrew ‘Zoz’ Brooks turned out a blast, so read about the ways to destroy data on hard disks, and don’t try this at home. Hello DEF CON! I’m actually going to break with tradition this time and start one minute early, because I have so much shit to show...

Remote Exploitation of an Unaltered Passenger Vehicle 7: Cyber Physical Action

This is the final part of Black Hat USA presentation by Charlie Miller and Chris Valasek, where they show a few demos of what can be done to a car remotely. Charlie Miller: We figured out eventually how to do that. Chris Valasek: These are the Lua scripts that we would use to actually send CAN messages on...

Remote Exploitation of an Unaltered Passenger Vehicle 6: Exploit Chain

The researchers continue looking into the vehicle attack workflow and examine cyber physical internals as well as the checksums to be able to control the Jeep. Chris Valasek: Let’s go through, very simply, how this works. You get on a cell network. You have your cell phone, you have your laptop, you have...

Remote Exploitation of an Unaltered Passenger Vehicle 5: Sending CAN Messages

Charlie and Chris venture to reach a new level of vehicle compromise by exploiting the V850 microcontroller’s firmware to remotely issue arbitrary commands. Charlie Miller: So far in this story, we could only play with your radio. It’s kind of cool, but not super-cool. Chris Valasek: What we had to do...

Remote Exploitation of an Unaltered Passenger Vehicle 4: Attacks Over Cellular Network

Having described a proof of concept regarding vehicle attacks over Wi-Fi, Charlie Miller and Chris Valasek move on to the cellular exploitation scenario. Charlie Miller: So, well, let’s see if we can do this over the cellular network, because then not only can you get from far away, but everyone will be...

Remote Exploitation of an Unaltered Passenger Vehicle 3: Uconnect Payloads

Charlie and Chris demonstrate what can be remotely done to a modern vehicle’s HVAC and infotainment system through deploying payloads on the head unit. Charlie Miller: So, we used a protocol called Dfeet, which we’ll show you in a second. What it looks like is it’s a cool GUI. And then, when we wrote...

Remote Exploitation of an Unaltered Passenger Vehicle 2: Connecting to the WPA2 Network

The researchers touch upon jailbreaking the Uconnect and shift the focus to attacking the Jeep’s head unit over Wi-Fi, in particular the hurdles along the way. Chris Valasek: Real quick – jailbreak (see right-hand image). Charlie gave you a teaser last year during the talk. It was a great way for us to...

Remote Exploitation of an Unaltered Passenger Vehicle

Twitter’s Charlie Miller and IOActive’s Chris Valasek present their research on the buzz topic of remotely hacking into the controls of the modern vehicles. Chris Valasek: I don’t know if we need introductions anymore. I’m Chris Valasek, Director of Vehicle Security Research at IOActive, and next to...

I will kill you 4: Creating the Shelf baby

Chris Rock focuses on virtual birthing here, describing a way to create a nonexistent baby, which is a new identity that can be used to one’s advantage. Okay, I’ve been given the wrap-up, so I’m going to go through this quickly. Now that we’ve killed somebody, what about birthing? It’s nearly the...

I will kill you 3: Workflow of a virtual kill

Becoming a funeral director, registering a fake death online and then getting access to someone’s funds are perfectly feasible tasks, Chris Rock argues. Instead of doing the fraudulent case of a funeral director, I actually thought it would be fun to find out how to become a funeral director myself (see...

I will kill you. Part 2: Accessing EDRS

After the introduction, Chris Rock demonstrates how easy it is for a hacker to access and manipulate the Electronic Death Registration System. How does a doctor get access to EDRS, or how does a hacker get access to EDRS? Here is a form that the doctor will fill out (see right-hand image), with the obvious...

Chris Rock – I will kill you

In the course of his DefCon 23 presentation, Australian security expert Chris Rock demonstrates how fake death or birth records can be created these days. DefCon host: When I was going through the schedule trying to see what speakers we’re going to be watching, I saw this description and said “Oh yeah, I...

No Budget Threat Intelligence 6: Defensive Strategies

As this ShmooCon presentation is coming to an end, Andrew Morris dwells on defenses against the attacks and shares his plans regarding the upcoming projects. Defensive Strategies So, a couple of defensive strategies (see right-hand image). It’s, basically, standard threat intelligence stuff, whatever you...

No Budget Threat Intelligence 5: Automation

Andrew Morris presents his automated threat reporting system called the Animus and the interactive Threatbot tool powered by the existing attacker database. Threat Reporting Automation So, now I’m going to talk about automating a lot of the stuff that I have been talking about so far. There’s this thing...