Quantcast

Author: david b.

Common Darknet Weaknesses: An Overview of Attack Strategies

Adrian Crenshaw, a well-known InfoSec expert and author of Irongeek.com, provides a comprehensive overview of known darknets at AIDE Conference. Hello everyone! My name is Adrian Crenshaw, and my presentation today is Darknets: An Overview of Attack Strategies. First of all, a little bit about me, if...

The Mysterious Mister Hokum 5: Almost Made It

In conclusion to his DerbyCon presentation, Jason Scott tells the things he learned about Robert Hoquim from his family and how Aleshe’s life came to its end. I was talking to Aleshe’s brother about: “Where do you guys come from?” And here is a picture: Tom is on the bottom here, sitting in...

The Mysterious Mister Hokum 4: Fraud as a Desire Path

Jason Scott dwells on the contrast between what’s on the cover and what may be inside when it comes to technology, and focuses on John Aleshe’s background. How much scamming is out there? Well, this (see right-hand image), for instance, is the cover of the Atari Video Checkers program for the Atari...

The Mysterious Mister Hokum 3: Inexistent Devices for Sale

Moving on with early PC scams, Jason Scott enumerates a few cases where con artists would attempt to sell imaginary or non-functional equipment back in the day. Like I said, it was an expensive time, and there were a lot of promises. This (see right-hand image) is Radio Shack, who has turned out to be a...

The Mysterious Mister Hokum 2: Outbreak of Early Computer Frauds

Jason Scott moves on to tell further details about Robert Hoquim’s BBS fraud and some of the first shady computer deals that were widespread back in the 1970s. So, he became the ‘solve-all-your-problems’ amazing guy. He ended up taking everyone’s messages, and then quietly entering into these...

The Mysterious Mister Hokum

Well-known technology historian Jason Scott tells the extraordinary story of the con artist named John Paul Aleshe, aka Robert Hoquim, at DerbyCon conference. Welcome to The Mysterious Mister Hokum, presented to you by Jason Scott, proprietor of textfiles.com, documentary filmmaker, famous cat owner,...

Beyond Information Warfare 6: Possible Solutions

This part contains Winn Schwartau’s summary on what could be done to reduce the destructive impact of technology weaponization and other types of abuse. Swarming and self-organization. Is everybody familiar with John von Neumann’s Automaton theory? Quick brief comments, simple rule set: if I am here, in...

Beyond Information Warfare 5: Bio-Engineering and Distributed Intelligence

Winn Schwartau’s emphasis within this section is on advancement of bio-engineering and computer power increase, and the way these can possibly be weaponized. Some stuff is amazing these days, some of the new technologies. We are going to have bio-engineered prosthetics. And can we fuck with that...

Beyond Information Warfare 4: Exploitable Cutting-Edge Technology

Delving deeper into the weaponization aspect, Winn Schwartau gets down to describing such technologies as HERF, EMP, un-manned vehicles, and flying bots. Next thing I’m really interested in is EMP and HERF (see right-hand image). Why do I care about EMP and HERF? It makes some other technology useless –...

Beyond Information Warfare 3: Technology Weaponization

The concept of weaponizing new technologies is what Winn Schwartau covers in this section, focusing in particular on IPv6, voice simulation, and mobile. What we have to look at is life cycle (see right-hand image). One of the things that you get – there’s no magic here, there’s just standard life...

Beyond Information Warfare 2: Fortress Mentality That Doesn’t Work

Winn Schwartau is listing drawbacks of generally adapted defensive postures and dwells on the concept of weaponization with regard to new technology. Defensive postures were initially set up by US military. And it was based upon the model developed in the 1970s, and effectively it said: “We’re going...

Beyond Information Warfare: Winn Schwartau on Attack Mindset Methodology

Distinguished security specialist Winn Schwartau delivers an engaging talk at DerbyCon, covering the issues of technology being exploited and weaponized. Hi! How many guys are actually hacking here? We’re going to talk about some issues that really got me crazy in the last couple of years – thanks to...

Stop Fighting Anti-Virus 4: The Cert Signing Trick

Penetration tester Andy Cooper now touches upon another hurdle with antiviruses where signing a malicious payload with a valid cert may help bypass the defense. I have a third idea that I’ve come up with, which is cert signing. Whenever it comes down to certs, we know that SSL certs for websites are iffy...

Stop Fighting Anti-Virus 3: Impetus through Embarrassment

What Integgroll highlights in this part is some stimuli for antivirus vendors to enhance their products, including bypass research and pentesting overall. However, there is this other group of people (see right-hand image), the other definition of Luddite – in fact, the number 1 definition whenever you...

Stop Fighting Anti-Virus 2: Pursuit of Better Protection

Integgroll now draws some parallels between the physical and cyber world while depicting the hypothetical struggle needed for refining antivirus efficiency. So, why am I here? I’m going to tell you a little story about a pentest I was on a little while back. What ended up happening with this pentest is I...

Stop Fighting Anti-Virus: Pentester’s Viewpoint

Penetration tester Andy Cooper, when participating in DerbyCon event, shares his perspective of methods for evading the regular antivirus defenses. So, I was at DerbyCon and I couldn’t get my AV working. Fortunately, Adrian Crenshaw was able to jump in and actually assist me and fix this problem. Anyways,...

Hacking, Surveilling, and Deceiving Victims on Smart TV 5: Conclusion

This final section of SeungJin Lee’s Black Hat presentation outlines hidden photo and video recording on Smart TV, and contains the takeaways for the study. We’ve implemented two surveillance programs. One is taking pictures and sending the photos to my server automatically. The second is recording video...

Hacking, Surveilling, and Deceiving Victims on Smart TV 4: Ways to Deploy Surveillance

In this section of the presentation, beist compares Smart TV and smartphones in terms of compromising and focuses on actual TV surveillance on the code level. Before we move on to how I implemented surveillance programs, I want to mention the comparison of surveillance between smartphone and Smart TV. I did...

Hacking, Surveilling, and Deceiving Victims on Smart TV 3: Exploitable Vulnerabilities

Moving on with his Black Hat talk, SeungJin Lee describes the discovered security weaknesses of Smart TV technology which can be used for deploying attacks. I’m going to show three vulnerabilities in the app store. When your Smart TV installs a program from app store, it first downloads an XML file (see...

Hacking, Surveilling, and Deceiving Victims on Smart TV 2: Attack Vectors

Having outlined the key features of Smart TV technology, SeungJin Lee is now focusing on reverse-engineering its exploitable components for the attack purpose. I’m going to talk about the Smart TV attack vectors (see right-hand image). I want to say that Smart TV has almost the same attack vectors as...

Hacking, Surveilling, and Deceiving Victims on Smart TV

Special guest at the Black Hat USA event SeungJin Lee, aka beist, from the Korea University highlights the main vectors for exploiting Smart TV technology. I’m going to talk about Smart TV hacking. Let me introduce myself: SeungJin Lee; my handle is ‘beist’ and I’m from Korea University – the name...

Under Attack 6: The Challenge of Taming the Cyber Genie

Gordon Corera makes a judicious point here that the undoubted benefits from using computers and the downside of our increasing vulnerability go hand in hand. Over at the State Department in the office of Chris Painter, lead negotiator on cyber issues, the walls are filled with posters of films over the...

Under Attack 5: Massive DDoS Attacks and Stuxnet

BBC reporter’s focus in this entry lies in the realm of the infamous cyber attack on Estonia in 2007 and facts behind Stuxnet as viewed by renowned experts. The first signs that one state might be prepared to use the cyber realm to attack another came in Europe in 2007. The conflict began with a monument,...

Under Attack 4: Cyber Threats to Critical Infrastructure

Gordon Corera and his interviewees dwell in this part of the series on cyber attacks targeting components of critical infrastructure, and their consequences. Everyone says they’re under attack in cyberspace. But they all have different ideas of what that means. Part of this is about nations finding their...

Under Attack 3: Who Spies on Whom?

The issues raised here by Gordon Corera as he’s taking more interviews largely include the attribution of cyber attacks and espionage to specific nation states. Cyber attacks may be launched through computer networks, but they’re still about people. Attackers research employees in a target company,...

Under Attack 2: Major Security Agency Executives on Industrial Espionage

In this part, high-level executives of GCHQ, MI6, BAE Systems and the RSA reveal some information about attempted data breaches and cyber attacks targeting their organizations as well as powerful businesses. On the outskirts of Cheltenham in South West England sits GCHQ. For decades it’s been Britain’s...

Under Attack: BBC’s Study of Contemporary Cyber Threats

This series reflects contemplations and interviews by BBC’s Gordon Corera with executives and experts regarding the present-day state of the cyber threatscape. I’m Gordon Corera, and for the BBC World Service I’ve been looking at the extent to which cyberspace is being used to steal, spy and wage war....

Web Application Hacking 5: Tools for Decrypting SSL and TLS Traffic

This is the final part of the lecture describing Convergence as an alternative to the CA system, also covering sslstrip, sslsniff and other tools compromising SSL / TLS protocols. Let’s get back to the problem of secure protocol. (Slide 38) The problem with SSL and the secrecy is that everyone is a CA...

Web Application Hacking 4: Notorious CA Hacks

Find out in this part of the lecture at FSU about the most outrageous certificate authority attacks of the last years and the consequences they could lead to. So, about securing the Internet. Let’s go over some important certificate authority attacks (see right-hand image). Now in this first slide I used...

Web Application Hacking 3: Hurdles for Securing the Internet

This part of the lecture encompasses an insight into the trust issues associated with certificate authorities, SSL vulnerabilities, and CA scoping problems. So, who can become a certificate authority? Any ideas? You, me, anyone really. What’s the problem here? The problem is when you visit a website and...