Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Home

2015 def con demonstration laboratory tools first look (i)

Posted by mitry at 2020-03-27
all

Jared Boone, ShareBrained Technology

Portapack H1 can turn hackrf one, a soft radio device, into a portable open-source radio research platform, which includes an LCD screen, micro SD card slot, audio interface and control buttons. The signal monitoring, acquisition and analysis can be completed on one device.

With hackrf one as the main body, portapack H1 adds LCD screen with touch control, audio interface, control case, micro SD card slot and RTC battery. The dual core arm Cortex-M processor of hackrf one can provide the radio research platform with low power consumption but sufficient processing capacity. Due to the limitation of resources, we can't run a complete operating system on the platform, so we use the chibios system, and the effect is good. Despite its limited performance, the portable device can monitor, analyze and record various types of narrowband radio signals. Because the platform is open source, developers can improve existing software to support more types of signals, or develop other programs.

About the author:

Jared Boone is an open source hardware enthusiast who is obsessed with the privacy and security issues of radio technology. He founded sharebrained technologies, through which he turned some of his research projects into products.

Supplementary contents:

Project address: https://github.com/sharebrained/portapack-hackrf

Official address: http://www.sharebrained.com/portapack/

Mozdef: Mozilla defense platform

Jeff Bryner

Mozdef (the Mozilla defense platform) is an elastic search based security event management (Siem) tool. The tool can give real-time alarm, investigate and collect evidence, respond to security events, and automatically defend in a modern and scalable way.

About the author:

Jeff Bryner is famous on def con for presenting his kinectapploit tool at the conference, which enables you to interact with metasplit, nmap, Nessus and other tools in 3D, real-time and gesture based operation. The mozdef tool is similar to kinectapploit in that it is only used for attack defense.

Supplementary contents:

Mozdef extends the traditional seim (i.e. security information and Event Management) function, enabling it to have the ability of collaborative event response, visualization and easy integration into other enterprise level systems. It uses elastic search, meteor and mongodb to collect a large number of different types of data, and can be saved in any way according to user needs. "You can think of mozdef as a set of Siem layer based on elastic search, which can bring security event response task process," Bryner said. The project began to conduct concept verification within Mozilla in 2013.

Project address: https://github.com/jeffbryner/mozdef

Official document: http://mozdef.readthedocs.org/en/latest/

Reference: http://n0where.net/mozilla-defense-platform-mozdef/

SpeedPhishing Framework (SPF)

Adam Compton

Speedphishing framework (SPF) can help penetration testers quickly and automatically implement phishing in a short time. Enter the simplest information (such as a domain name) into the tool, which can automatically find potential attack targets, deploy multiple phishing sites, generate phishing emails and send them to targets, record corresponding results, and generate a simple report while performing many other advanced tasks.

About the author:

Adam Compton has the background of software design and development and information security. He is currently a penetration testing engineer with 20 years of experience in the information security industry, of which 15 years are penetration testing engineers. He has worked in government and private companies, mainly for domestic and foreign government departments, multinational companies and local enterprises.

Homepage: http://blog.seedsofepiphany.com/

GitHub´╝Ühttps://github.com/tatanus

Supplementary contents:

Project address: https://github.com/tatanus/spf

Reference: http://www.secbox.cn/news/4783.html

CANtact

Eric evencheck free embedded system developer

Cantact is an open source can to USB tool, which integrates the socket can tool on Linux. This tool provides a low-cost way to connect to the vehicle network. The lecture will demonstrate the hardware and software tools used to assist in vehicle network research. Some of these tools are developed specifically for cantact, while others are existing open source tools (for example, wiresharkh and kayak).

About the author:

Eric evencheck is a free embedded system developer. When he studied electronic engineering at the University of Waterloo, he participated in EcoCAR advanced automotive technology competition with the school's alternative fuel research team, and designed and produced a hydrogen electric vehicle. Eric has studied automotive firmware at Tesla. He is currently a contributor to hackaday.com.

Supplementary contents:

Cantact is a cross platform, which can be connected to a laptop running Mac, Linux or windows through USB, and then can be connected to any can enabled vehicle through the OBD-II connection line. The tools before cantact were expensive and not affordable for many people. Researchers, hackers or interested people can afford to buy this device, which costs only $59.95. If they can't afford to buy it, they can make one by themselves, because the code is open source, and the hardware design files can be downloaded from GitHub.

Project address:

http://cantact.io/

https://github.com/CANtact/cantact-hw

Reference:

http://jandan.net/2015/03/31/cantact-toolkit.html

http://www.computerworld.com/article/2903714/60-diy-car-hacking-device-is-an-inexpensive-and-easy-way-to-hack-cars.html

Hamshield: Arduino broadband VHF / UHF FM transceiver

Casey Halverson

Hamshield: the Arduino broadband VHF / UHF FM transceiver Casey halversonhamshield can turn your Arduino device into a VHF / UHF FM voice and data transceiver for the 136-170mhz, 200-260mhz and 400-520mhz bands. There is no need to worry about SDR and processing, which have been solved in the chip. Hamshield's library provides convenient voice and data processing capabilities, and can control all aspects of the radio. Using the ardunino IDE, new radio technology can be written to the device in minutes. Through the standard headphone jack, the radio signal can be sent to the ardunino device. You can even connect the device to your computer and operate it through chrome.

Casey Halverson, an amateur radio player, had his license when he was 14. After several years of research on arduno hardware, he envisioned combining the rapid prototyping capabilities of the arduno environment with amateur radio. Casey is also a chrome developer, the first to bring the Arduino ide into the chromebook. After stopping studying hardware, he began to dabble in security issues, ranging from exposing third-party data leaks of Nissan LEAF to wireless photo frames.

reference material:

Project address: https://github.com/enhanced radiodevices/hamshield

Shadyshield: software defined phone extensions on arduno

Researcher Karl koscher

Shadyshield is an arduno compatible telephone interface that can be used for old-fashioned telephone line intrusion. Shadyshield can provide the original analog audio signal, and the specific processing is decided by the user. The author provides an example code of 300BPS modem realized by software on AVR. As long as you can think of it, shadyshield can do it. Want to get an automatic dialer? no problem! Shadyshield can also provide additional ram through SPI bus and store more data through microSD. Shadyshield provides RCA connector for NTSC / PAL signal output.

About the author:

Karl koscher is a postdoctoral researcher in embedded system security at the University of California, San Diego. In 2011, he and his colleagues demonstrated for the first time around the world how to fully control a car remotely through mobile phones, blue eyes and other channels. In addition to researching how to attack these systems, he also developed some tools and technologies that enable developers to automatically discover and fix potential security vulnerabilities in their embedded systems.

Deck

Dr. Phil (polstra), Professor, University of Pennsylvania

Deck is a Linux system for beaglebone and other similar development boards. The equipment for penetration with deck system can also be called deck. A large number of extension plug-ins are integrated in deck system, including 4deck for write protection in USB forensics, airdeck for UAV attack, usbdeck plug-ins for hid and large capacity device attack, which can control multiple devices through 802.15.4 network.

About the author:

Phil was born early. At the age of eight, he sold his $450 t199-4a device with all his savings. Two years later, he learned to compile 6502 and began to study the safety of other TVs and appliances. Phil is a professor at the University of Pennsylvania. His research in the past few years has focused on microprocessors and small embedded computers for forensics and penetration testing. Phil has developed a customized Linux based system and related hardware, which can make a low-cost remote penetration UAV through the beaglebone black development board and other things he developed. The details of this work are described in the book hacking and penetration testing with low power devices (Syngress, 2015) written by Phil. Before entering the academic circle, Phil worked as an executive in several well-known American companies. In his spare time, he likes to spend time with his family, playing with UAVs and electronic equipment.

Homepage: http://www.philpolstra.com/

Project address: http://sourceforge.net/projects/thedeck/

SWATtack - Smartwatch attack tool

Michael T. raggo, head of security research, mobileiron

Although wearable devices and smart watches have appeared for several years, before Apple watch, people did not pay enough attention to the enterprise data security issues on smart watches. Our relevant research and development of swattack tools reveal the security vulnerabilities of these devices when they are paired with the company's mobile devices. Swattack integrates our research results in discovering and reporting smart watch vulnerabilities, and automates the process of attacking and stealing data from these devices. Therefore, we hope that you can pay enough attention to the safety of these devices to ensure that we can use these devices in a safe and effective way in various occasions.

About the author:

Michael T. raggo is the head of security research at mobileiron and has more than 20 years of experience in providing mobile security solutions. Raggo has been engaged in mobile device security, penetration testing, wireless security assessment, compliance assessment, emergency response and forensics, and security technology research, and is now an information security training teacher. He wrote "data hiding" and co authored "information security the complete reference 2nd Edition" with others. He also published many articles in magazines and online websites. He is also a participant in PCI mobile task force. Raggo has delivered speeches at various security conferences around the world, including black hat, def con, sans, Gartner, DOD cyber crime, OWASP, infosec, etc., and also mentioned the Pentagon and the FBI.

Secbee: vulnerability scanning tool for ZigBee protocol

Tobias Zillner

Secbee is a ZigBee security testing tool, which belongs to ZigBee vulnerability scanning tool. Therefore, developers or security testers can quickly detect specific ZigBee vulnerabilities in the actual product deployment. The current scanning types supported by the tool include command execution, whether connection is enabled, network plaintext sniffing and plaintext encrypted with default key. A complete receiving device is being developed with the ultimate goal of ensuring that the program in each ZigBee device is safe and configured correctly.

About the author:

Tobias works for cognosec in Vienna and is a senior information auditor. He assesses the compliance with internal and external requirements through the audit of information system, and provides useful advice to the customer's managers, and takes into account the efficiency and effectiveness of IT system. In addition, Tobias ensures the security of information technology by performing penetration tests of web applications and services, source code analysis, and network and infrastructure. He holds a bachelor's degree in computer and storage media security and a master's degree in IT security and information system management. Tobias' expertise also applies to it governance, risk and compliance. He also has many certificates: CISSP, CISA, QSA, CEH, ITIL and COBIT.

Project address: https://github.com/zu1na/secbee

Note: for the original link of Defcon 2015 demo lab, please click the original link.

Pay attention to SecWiki official account, and more security information every day.

Please look forward to the next article for more details. Please do not reprint without authorization~