SlideShare a Scribd company logo

Asegúr@IT 7: Playing with Satellites 1.2

Download as PPTX, PDF
Chema Alonso
Chema Alonso

Presentación impartida por Leonardo Nve y Christian Martorella, de S21Sec en el Asegúr@IT 7 que tuvo lugar el día 24 de Marzo en Barlona.

Technology
1 of 104
Playing in a Satellite environment 1.2 Leonardo Nve Egea Christian Martorella lnve@s21sec.com cmartorella@s21sec.com º
Why 1.2? 1. Because I’m sure that some people will publish more attacks. 2. Because there are previous presentations about satellites.
Whocomentedthisbefore? Warezzman– (in 2004 at Undercon VIII first Spanish hacker CON) Jim Geovedi & RadityaIryandi (HITBSecConf2006) Adam Laurie (Blackhat 2009 at DC) Leonardo Nve(S21sec Blog February 2009)
Intro to SAT A  satellite  is  a  radiofrequency  repeater    that  is   launched  by  a  rocket  and  placed  in  orbit  around   the  earth.
Introto SAT Orbit based satellites Low Earth orbiting (LEO) Geostationary orbit (GEO) Other: Molniya, High (HEO), etc. Function based satellites Communications Earth observation Other: Scientifics, ISS, etc.
Introto SAT
Introto SAT ,[object Object]
UFO (UHF Follow ON) Military
Inmarsat
Meteorological (Meteosat)
SCPC / Telephony link FDMA,[object Object]
DVB Standard of European Telecommunications Standards Institute (ETSI). Defines audio and video transmission, and data connections. DVB-S & DVB-S2 is the specification for satellite communications.
DVB-S Transponder: Like channels (in Satellite comms) Frecuency (C band or Ku). Ex: 12.092Ghz Polarization. (horizontal/vertical) Symbol Rate. Ex: 27500Kbps FEC. Every satellite has many transponders onboard which are operating on different frequencies
DVB-S Header Program ID (PID): It permits different programs at same transponder with different components [Example BBC1 PIDs: 600 (video), 601 (English audio), 603 (subtitles), 4167 (teletext)] Body
DVB Feeds Temporal video links. Live emissions, sports, news. FTA – In open video.
DVB Feeds
DVB Feeds (2002)
DVB Feeds (2002) Captured NATO feeds
DVB Feeds (2002) NATO COMINT official
DVB Feeds Is widely known that the Department of Defense (DoD) and some US defense contractors use satellites and DVB for their comms. Let`ssee: http://telecom.esa.int/telecom/media/document/DVB-RCS%20Networks%20for%20the%20US%20Defense%20Market%20(R3).pdf
DVB Feeds (2009)
DVB Feeds (2009) U.S COMINT official
DVB Feeds How to find feeds: Lists of channels in www Blind Scan Visual representations of the signal
DVB Feeds - Tooknow more Dr HANS http://drhans.jinak.cz/news/index.php Zackyfiles http://www.zackyfiles.com (in spanish) Satplaza http://www.satplaza.com
DVB Data Two scenarios Satmodem Satellite Interactive Terminal (SIT) orAstromodem (DVB/RCS)
DVB Data - Satmodem INTERNET CLIENT ISP
DVB Data - Satmodem DOWNLINK INTERNET CLIENT ISP
DVB Data - Satmodem DOWNLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
DVB Data - Satmodem DOWNLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
DVB Data - Satmodem DOWNLINK ISP’s UPLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
DVB Data - Astromodem ISP DOWNLINK & UPLINK DOWNLINK & UPLINK INTERNET CLIENT ISP
Satellite Coverage
DVB Data Anyone with coverage can SNIFF the DVB Data, and normally it is unencrypted.
Wardriving ? No way… Satdriving
DVB Data What do you need: Skystar 2 DVB Card linuxtv-dvb-apps Wireshark The antenna (Dish + LNB) Data to point it.
DVB Data I bought it for 50€!!! from an PayTV ex-”hacker” :P (Including a set-top box that I will not use)
DVB Data
DVB Data
DVB Data Linux has the modules for this card by default, we only need the tools to manage it: linuxtv-dvb-apps My version is 1.1.1 and I use Fedora (Not too cool to use Debian :P).
Sniffing Data Once the antenna and the card are installed and linuxtv-dvb-apps compiled and installed, the process is: 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID We can repeat 2 to 3 any times we want.
Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
Sniffing Data Tune DVB Card The tool we must use is szap and we need the transponder’s parameters in a configuration file. For example, for “Sirius-4 Nordic Beam": # echo “sirius4N:12322:v:0:27500:0:0:0" >> channels.conf
Sniffing Data We run szap with the channel configuration file and the transponder we want use (the configuration file can have more than one). # szap –c channels.conf sirius4N We must keep it running.
Sniffing Data
Sniffing Data The transponder parameters can be found around Internet. http://www.fastsatfinder.com/transponders.html
Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
Sniffing Data Find a PID #dvbsnoop -s pidscan Search for data section on results.
Sniffing Data
Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
Sniffing Data Create an interface associated to a PID #dvbnet -a <adapter number> -p <PID> Activate it #ifconfig dvb0_<iface number> up
Sniffing Data
Sniffing Data Back to de pidscan results
Sniffing Data Create another interface
Sniffing Data Wireshark is our friend 16358 packets in 10 seconds
Sniffing data
Sniffing Data ,[object Object]
Malicious users can:
Catch passwords.
Catch cookies and get into authenticated HTTP sessions.
Read emails
Catch sensitive files
Do traffic analysis
Etc ….,[object Object]
Sniffing Data We can only sniff the downloaded data. We can only sniff one direction in a connection.
Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
DNS Spoofing DNS Spoofing is the art of making a DNS entry to point to an another IP than it would be supposed to point to. (SecureSphere)
DNS Spoofing What we need to perform this attack? DNS Request ID Source Port Source IP Destination IP Name/IP asking for
DNS Spoofing It´s trivial to see that if we sniff a DNS request we have all that information and we can spoof the answer. Many tools around do this job, the only thing we also need is to be faster than the real DNS server (jizz).
DNS Spoofing Why is this attack important? Think in phising With this attack, uplink sniff can be possible Rogue WPAD service Sslstrip can be use to avoid SSL connections.
Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
TCP hijacking TCP session hijacking is when a hacker takes over a TCP session between two machines. (ISS)
TCP hijacking If we sniff 1 we can predict Seq and Ack of 2 and we can send the payload we want in 2 1 A Seq=S1 ACK=A1 Datalen=L1 B 2 Seq=A1 ACK=S1+L1 Datalen=L2 3 Seq=S1+L1 ACK=A1+L2 Datalen=L3
TCP Hijacking A 1 3 Seq=S1 ACK=A1 Datalen=L1 Seq=S1+L1 ACK=A1+L2 Datalen=L3 B
TCP Hijacking Initially we can only have a false connection with A. In certain circumstances, we can make this attack with B, when L2 is predictable. Some tools for doing this: Hunt Shijack Scapy
Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
Attacking GRE Generic Routing Encapsulation Point to point tunneling protocol 13% of Satellite’s data traffic in our transponder is GRE
Attacking GRE This chapter is based on Phenoelit’s discussion paper written by FX applied to satellite scenario. Original paper: http://www.phenoelit-us.org/irpas/gre.html
Attacking GRE HQ INTERNET Remote Office Remote Office Remote Office
Attacking GRE Find a target: #tshark –ni dvb0_0 –R gre –w capture.cap
Attacking GRE GRE Packet
Attacking GRE IP dest 1 and source 1 must be Internet reachable IPs The payload´s IPs used to be internal.
Attacking GRE 1.1.1.1 INTERNET 1.1.1.2 10.0.0.54 10.0.0.5
Attacking GRE 1.1.1.1 INTERNET 1.1.1.2 (*) 10.0.0.54 10.0.0.5
Attacking GRE (*) GRE Packet
Attacking GRE (1) 1.1.1.1 1.1.1.2 10.0.0.54 10.0.0.5
Attacking GRE (1) GRE Packet
Attacking GRE (1) 1.1.1.1 1.1.1.2 (2) 10.0.0.54 10.0.0.5
Attacking GRE (2) IP Packet
Attacking GRE (1) 1.1.1.1 1.1.1.2 (2,3) 10.0.0.54 10.0.0.5
Attacking GRE (3) IP Packet
Attacking GRE (4) (1) 1.1.1.1 1.1.1.2 (2,3) 10.0.0.54 10.0.0.5
Attacking GRE (4) GRE Packet
Attacking GRE At Phenoelit´s attack payload’s IP source is our public IP. This attack lacks when that IP isn´t reachable from the internal LAN and you can be logged. I use internal IP because we can sniff the responses. To improve the attack, find a internal IP not used.
HTSNACBT Attack How To Scan NSA And Cannot Be Traced
HTSNACBT Attack We can send a SYN packet with any destination IP and TCP port (spoofing a satellite’s routable source IP) , and we can sniff the responses. We can analyze the responses.
HTSNACBT Attack OR… We can configure our linux like a satellite connected host. VERY EASY!!!
HTSNACBT Attack What we need: An internet connection (Let’s use it as uplink) with any technology which let you spoofing. A receiver, a card….
HTSNACBT Attack Let’s rock! Find a satellite IP not used, I ping IPs next to another sniffable satellite IP to find a non responding IP. We must sniff our ping with the DVB Card (you must save the packets). This will be our IP!
HTSNACBT Attack Configure Linux to use it. We need our router ‘s MAC
HTSNACBT Attack Configure our dvb interface to receive this IP (I suppose that you have configure the PID…) The IP is the one we have selected and in the ICMP scan, we must get the destination MAC sniffed.
HTSNACBT Attack Here we get the MAC address we must configure in our DVB interface
HTSNACBT Attack I use netmask /32 to avoid routing problems
HTSNACBT Attack Now we can configure our Internet interface with the same IP and configure a default route with a false router setting this one with a static MAC (our real router’s MAC).
HTSNACBT Attack

Recommended

USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...vanhoefm
 
Advanced WiFi Attacks Using Commodity Hardware
Advanced WiFi Attacks Using Commodity HardwareAdvanced WiFi Attacks Using Commodity Hardware
Advanced WiFi Attacks Using Commodity Hardwarevanhoefm
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPvanhoefm
 
Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache PoisoningSubhash Kumar Singh
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUICEvolving HTTP and making things QUIC
Evolving HTTP and making things QUICNatasha Rooney
 
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversScreaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversPriyanka Aash
 

Recommended

USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...
USENIX Security '15: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP a...vanhoefm
 
Advanced WiFi Attacks Using Commodity Hardware
Advanced WiFi Attacks Using Commodity HardwareAdvanced WiFi Attacks Using Commodity Hardware
Advanced WiFi Attacks Using Commodity Hardwarevanhoefm
 
Informal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPInformal Presentation on WPA-TKIP
Informal Presentation on WPA-TKIPvanhoefm
 
Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache PoisoningSubhash Kumar Singh
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUICEvolving HTTP and making things QUIC
Evolving HTTP and making things QUICNatasha Rooney
 
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversScreaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels: When Electromagnetic Side Channels Meet Radio TransceiversPriyanka Aash
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
 
network security
network securitynetwork security
network securitySrinivasa Rao
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Aircrack
AircrackAircrack
AircrackNithin Sathees
 
05 06 ike
05 06 ike05 06 ike
05 06 ikeBabaa Naya
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hackingphanleson
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Wireshark
WiresharkWireshark
Wiresharkashiesh0007
 
Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Jaime Sánchez
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedAndriy Berestovskyy
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linuxNouman Baloch
 
TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"Kunio Miyamoto, Ph.D.
 
Time Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux KernelTime Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux Kernelhenrikau
 
Himanshupptx
HimanshupptxHimanshupptx
HimanshupptxHimanshu Chaurishiya
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesNathanAn
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 
4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assetsMithi SkyConnect
 
Cyber crime law libreoffice
Cyber crime law libreofficeCyber crime law libreoffice
Cyber crime law libreofficesolomon24
 

More Related Content

What's hot

Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemnewbie2019
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsSiena Perry
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hackingphanleson
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol AttacksConferencias FIST
 
Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Jaime Sánchez
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedAndriy Berestovskyy
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linuxNouman Baloch
 
TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"Kunio Miyamoto, Ph.D.
 
Time Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux KernelTime Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux Kernelhenrikau
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesNathanAn
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 

What's hot (20)

Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
 
network security
network securitynetwork security
network security
 
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisonsAPNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
 
Aircrack
AircrackAircrack
Aircrack
 
05 06 ike
05 06 ike05 06 ike
05 06 ike
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Router and Routing Protocol Attacks
Router and Routing Protocol AttacksRouter and Routing Protocol Attacks
Router and Routing Protocol Attacks
 
Wireshark
WiresharkWireshark
Wireshark
 
Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0Stealth servers need Stealth Packets - Derbycon 3.0
Stealth servers need Stealth Packets - Derbycon 3.0
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptables
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linux
 
TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"TBD - To Block Connection from Suspicious IP addresses by using "DICE"
TBD - To Block Connection from Suspicious IP addresses by using "DICE"
 
Time Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux KernelTime Sensitive Networking in the Linux Kernel
Time Sensitive Networking in the Linux Kernel
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
 
CREST CCT Exam Prep Notes
CREST CCT Exam Prep NotesCREST CCT Exam Prep Notes
CREST CCT Exam Prep Notes
 
Wireshar training
Wireshar trainingWireshar training
Wireshar training
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
 

Viewers also liked

4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assetsMithi SkyConnect
 
Cyber crime law libreoffice
Cyber crime law libreofficeCyber crime law libreoffice
Cyber crime law libreofficesolomon24
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...Jordan Florentino
 
Seguridad en Apache Web Server
Seguridad en Apache Web ServerSeguridad en Apache Web Server
Seguridad en Apache Web ServerChema Alonso
 
Asegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL InjectionAsegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL InjectionChema Alonso
 
MS Forefront Client Security
MS Forefront Client SecurityMS Forefront Client Security
MS Forefront Client SecurityChema Alonso
 
Circuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IPCircuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IPChema Alonso
 
Seguridad en Navegadores
Seguridad en NavegadoresSeguridad en Navegadores
Seguridad en NavegadoresChema Alonso
 
Navegadores en la Empresa
Navegadores en la EmpresaNavegadores en la Empresa
Navegadores en la EmpresaChema Alonso
 
Default Passwords: Adelante por favor
Default Passwords: Adelante por favorDefault Passwords: Adelante por favor
Default Passwords: Adelante por favorChema Alonso
 
Portátiles A Prueba De Robos
Portátiles A Prueba De RobosPortátiles A Prueba De Robos
Portátiles A Prueba De RobosChema Alonso
 
Fortificación de MS SharePon
Fortificación de MS SharePonFortificación de MS SharePon
Fortificación de MS SharePonChema Alonso
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Apadrina un malware
Apadrina un malwareApadrina un malware
Apadrina un malwareChema Alonso
 
RootedCON 2011: DUST
RootedCON 2011: DUSTRootedCON 2011: DUST
RootedCON 2011: DUSTChema Alonso
 
Hacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros PalabrosHacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros PalabrosChema Alonso
 
MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0Chema Alonso
 
Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010Chema Alonso
 
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionChema Alonso
 

Viewers also liked (20)

4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets4 approaches to securing documents and email attachment assets
4 approaches to securing documents and email attachment assets
 
Cyber crime law libreoffice
Cyber crime law libreofficeCyber crime law libreoffice
Cyber crime law libreoffice
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your business
 
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...
Topics: Graft and Corruption/Bribery /Cyber Crime: Should there be a law agai...
 
Seguridad en Apache Web Server
Seguridad en Apache Web ServerSeguridad en Apache Web Server
Seguridad en Apache Web Server
 
Asegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL InjectionAsegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL Injection
 
MS Forefront Client Security
MS Forefront Client SecurityMS Forefront Client Security
MS Forefront Client Security
 
Circuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IPCircuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IP
 
Seguridad en Navegadores
Seguridad en NavegadoresSeguridad en Navegadores
Seguridad en Navegadores
 
Navegadores en la Empresa
Navegadores en la EmpresaNavegadores en la Empresa
Navegadores en la Empresa
 
Default Passwords: Adelante por favor
Default Passwords: Adelante por favorDefault Passwords: Adelante por favor
Default Passwords: Adelante por favor
 
Portátiles A Prueba De Robos
Portátiles A Prueba De RobosPortátiles A Prueba De Robos
Portátiles A Prueba De Robos
 
Fortificación de MS SharePon
Fortificación de MS SharePonFortificación de MS SharePon
Fortificación de MS SharePon
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
 
Apadrina un malware
Apadrina un malwareApadrina un malware
Apadrina un malware
 
RootedCON 2011: DUST
RootedCON 2011: DUSTRootedCON 2011: DUST
RootedCON 2011: DUST
 
Hacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros PalabrosHacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros Palabros
 
MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0
 
Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010
 
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL Injection
 

Similar to Asegúr@IT 7: Playing with Satellites 1.2

Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environmentChristian Martorella
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...PROIDEA
 
Root via sms. 4G security assessment
Root via sms. 4G security assessment Root via sms. 4G security assessment
Root via sms. 4G security assessment Sergey Gordeychik
 
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronBirds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronHITCON GIRLS
 
Introduction to Software Defined Radio (SDR) on Linux
Introduction to Software Defined Radio (SDR) on LinuxIntroduction to Software Defined Radio (SDR) on Linux
Introduction to Software Defined Radio (SDR) on LinuxPamela O'Shea
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...DefconRussia
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksfangjiafu
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Hacking RF based IoT devices
Hacking RF based IoT devicesHacking RF based IoT devices
Hacking RF based IoT devicesErez Metula
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na InternetJoão S Magalhães
 

Similar to Asegúr@IT 7: Playing with Satellites 1.2 (20)

Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environment
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
 
Root via sms. 4G security assessment
Root via sms. 4G security assessment Root via sms. 4G security assessment
Root via sms. 4G security assessment
 
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronBirds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Introduction to Software Defined Radio (SDR) on Linux
Introduction to Software Defined Radio (SDR) on LinuxIntroduction to Software Defined Radio (SDR) on Linux
Introduction to Software Defined Radio (SDR) on Linux
 
TCP/IP For Engineers
TCP/IP For EngineersTCP/IP For Engineers
TCP/IP For Engineers
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronights
 
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...
Philippe Langlois - 3G and LTE insecurity from the radio to the core network ...
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Best!
Best!Best!
Best!
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacks
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
Hacking RF based IoT devices
Hacking RF based IoT devicesHacking RF based IoT devices
Hacking RF based IoT devices
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na Internet
 
LTEcloudSecurityIssuesTakeaways-GP
LTEcloudSecurityIssuesTakeaways-GPLTEcloudSecurityIssuesTakeaways-GP
LTEcloudSecurityIssuesTakeaways-GP
 
Defeating Drones
Defeating DronesDefeating Drones
Defeating Drones
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Tech f42
Tech f42Tech f42
Tech f42
 

More from Chema Alonso

CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoChema Alonso
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarChema Alonso
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordChema Alonso
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackersChema Alonso
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismoChema Alonso
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?Chema Alonso
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con PythonChema Alonso
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
 

More from Chema Alonso (20)

CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
 
Foca API v0.1
Foca API v0.1Foca API v0.1
Foca API v0.1
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismo
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con Python
 
Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang Botnet
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Asegúr@IT 7: Playing with Satellites 1.2

  • 1. Playing in a Satellite environment 1.2 Leonardo Nve Egea Christian Martorella lnve@s21sec.com cmartorella@s21sec.com º
  • 2. Why 1.2? 1. Because I’m sure that some people will publish more attacks. 2. Because there are previous presentations about satellites.
  • 3. Whocomentedthisbefore? Warezzman– (in 2004 at Undercon VIII first Spanish hacker CON) Jim Geovedi & RadityaIryandi (HITBSecConf2006) Adam Laurie (Blackhat 2009 at DC) Leonardo Nve(S21sec Blog February 2009)
  • 4. Intro to SAT A  satellite  is  a  radiofrequency  repeater    that  is   launched  by  a  rocket  and  placed  in  orbit  around   the  earth.
  • 5. Introto SAT Orbit based satellites Low Earth orbiting (LEO) Geostationary orbit (GEO) Other: Molniya, High (HEO), etc. Function based satellites Communications Earth observation Other: Scientifics, ISS, etc.
  • 7.
  • 8. UFO (UHF Follow ON) Military
  • 11.
  • 12. DVB Standard of European Telecommunications Standards Institute (ETSI). Defines audio and video transmission, and data connections. DVB-S & DVB-S2 is the specification for satellite communications.
  • 13. DVB-S Transponder: Like channels (in Satellite comms) Frecuency (C band or Ku). Ex: 12.092Ghz Polarization. (horizontal/vertical) Symbol Rate. Ex: 27500Kbps FEC. Every satellite has many transponders onboard which are operating on different frequencies
  • 14. DVB-S Header Program ID (PID): It permits different programs at same transponder with different components [Example BBC1 PIDs: 600 (video), 601 (English audio), 603 (subtitles), 4167 (teletext)] Body
  • 15. DVB Feeds Temporal video links. Live emissions, sports, news. FTA – In open video.
  • 18. DVB Feeds (2002) Captured NATO feeds
  • 19. DVB Feeds (2002) NATO COMINT official
  • 20. DVB Feeds Is widely known that the Department of Defense (DoD) and some US defense contractors use satellites and DVB for their comms. Let`ssee: http://telecom.esa.int/telecom/media/document/DVB-RCS%20Networks%20for%20the%20US%20Defense%20Market%20(R3).pdf
  • 22. DVB Feeds (2009) U.S COMINT official
  • 23. DVB Feeds How to find feeds: Lists of channels in www Blind Scan Visual representations of the signal
  • 24. DVB Feeds - Tooknow more Dr HANS http://drhans.jinak.cz/news/index.php Zackyfiles http://www.zackyfiles.com (in spanish) Satplaza http://www.satplaza.com
  • 25. DVB Data Two scenarios Satmodem Satellite Interactive Terminal (SIT) orAstromodem (DVB/RCS)
  • 26. DVB Data - Satmodem INTERNET CLIENT ISP
  • 27. DVB Data - Satmodem DOWNLINK INTERNET CLIENT ISP
  • 28. DVB Data - Satmodem DOWNLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
  • 29. DVB Data - Satmodem DOWNLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
  • 30. DVB Data - Satmodem DOWNLINK ISP’s UPLINK POTS/GPRS UPLINK INTERNET CLIENT UPLINK ISP
  • 31. DVB Data - Astromodem ISP DOWNLINK & UPLINK DOWNLINK & UPLINK INTERNET CLIENT ISP
  • 33. DVB Data Anyone with coverage can SNIFF the DVB Data, and normally it is unencrypted.
  • 34. Wardriving ? No way… Satdriving
  • 35. DVB Data What do you need: Skystar 2 DVB Card linuxtv-dvb-apps Wireshark The antenna (Dish + LNB) Data to point it.
  • 36. DVB Data I bought it for 50€!!! from an PayTV ex-”hacker” :P (Including a set-top box that I will not use)
  • 39. DVB Data Linux has the modules for this card by default, we only need the tools to manage it: linuxtv-dvb-apps My version is 1.1.1 and I use Fedora (Not too cool to use Debian :P).
  • 40. Sniffing Data Once the antenna and the card are installed and linuxtv-dvb-apps compiled and installed, the process is: 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID We can repeat 2 to 3 any times we want.
  • 41. Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
  • 42. Sniffing Data Tune DVB Card The tool we must use is szap and we need the transponder’s parameters in a configuration file. For example, for “Sirius-4 Nordic Beam": # echo “sirius4N:12322:v:0:27500:0:0:0" >> channels.conf
  • 43. Sniffing Data We run szap with the channel configuration file and the transponder we want use (the configuration file can have more than one). # szap –c channels.conf sirius4N We must keep it running.
  • 45. Sniffing Data The transponder parameters can be found around Internet. http://www.fastsatfinder.com/transponders.html
  • 46. Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
  • 47. Sniffing Data Find a PID #dvbsnoop -s pidscan Search for data section on results.
  • 49. Sniffing Data 1- Tune the DVB Card 2- Find a PID with data 3- Create an Ethernet interface associated to that PID
  • 50. Sniffing Data Create an interface associated to a PID #dvbnet -a <adapter number> -p <PID> Activate it #ifconfig dvb0_<iface number> up
  • 52. Sniffing Data Back to de pidscan results
  • 53. Sniffing Data Create another interface
  • 54. Sniffing Data Wireshark is our friend 16358 packets in 10 seconds
  • 56.
  • 59. Catch cookies and get into authenticated HTTP sessions.
  • 62. Do traffic analysis
  • 63.
  • 64. Sniffing Data We can only sniff the downloaded data. We can only sniff one direction in a connection.
  • 65. Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
  • 66. DNS Spoofing DNS Spoofing is the art of making a DNS entry to point to an another IP than it would be supposed to point to. (SecureSphere)
  • 67. DNS Spoofing What we need to perform this attack? DNS Request ID Source Port Source IP Destination IP Name/IP asking for
  • 68. DNS Spoofing It´s trivial to see that if we sniff a DNS request we have all that information and we can spoof the answer. Many tools around do this job, the only thing we also need is to be faster than the real DNS server (jizz).
  • 69. DNS Spoofing Why is this attack important? Think in phising With this attack, uplink sniff can be possible Rogue WPAD service Sslstrip can be use to avoid SSL connections.
  • 70. Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
  • 71. TCP hijacking TCP session hijacking is when a hacker takes over a TCP session between two machines. (ISS)
  • 72. TCP hijacking If we sniff 1 we can predict Seq and Ack of 2 and we can send the payload we want in 2 1 A Seq=S1 ACK=A1 Datalen=L1 B 2 Seq=A1 ACK=S1+L1 Datalen=L2 3 Seq=S1+L1 ACK=A1+L2 Datalen=L3
  • 73. TCP Hijacking A 1 3 Seq=S1 ACK=A1 Datalen=L1 Seq=S1+L1 ACK=A1+L2 Datalen=L3 B
  • 74. TCP Hijacking Initially we can only have a false connection with A. In certain circumstances, we can make this attack with B, when L2 is predictable. Some tools for doing this: Hunt Shijack Scapy
  • 75. Some “old” Stuff in Sat hacking DNS Spoofing TCP hijacking Attacking GRE
  • 76. Attacking GRE Generic Routing Encapsulation Point to point tunneling protocol 13% of Satellite’s data traffic in our transponder is GRE
  • 77. Attacking GRE This chapter is based on Phenoelit’s discussion paper written by FX applied to satellite scenario. Original paper: http://www.phenoelit-us.org/irpas/gre.html
  • 78. Attacking GRE HQ INTERNET Remote Office Remote Office Remote Office
  • 79. Attacking GRE Find a target: #tshark –ni dvb0_0 –R gre –w capture.cap
  • 81. Attacking GRE IP dest 1 and source 1 must be Internet reachable IPs The payload´s IPs used to be internal.
  • 82. Attacking GRE 1.1.1.1 INTERNET 1.1.1.2 10.0.0.54 10.0.0.5
  • 83. Attacking GRE 1.1.1.1 INTERNET 1.1.1.2 (*) 10.0.0.54 10.0.0.5
  • 84. Attacking GRE (*) GRE Packet
  • 85. Attacking GRE (1) 1.1.1.1 1.1.1.2 10.0.0.54 10.0.0.5
  • 86. Attacking GRE (1) GRE Packet
  • 87. Attacking GRE (1) 1.1.1.1 1.1.1.2 (2) 10.0.0.54 10.0.0.5
  • 88. Attacking GRE (2) IP Packet
  • 89. Attacking GRE (1) 1.1.1.1 1.1.1.2 (2,3) 10.0.0.54 10.0.0.5
  • 90. Attacking GRE (3) IP Packet
  • 91. Attacking GRE (4) (1) 1.1.1.1 1.1.1.2 (2,3) 10.0.0.54 10.0.0.5
  • 92. Attacking GRE (4) GRE Packet
  • 93. Attacking GRE At Phenoelit´s attack payload’s IP source is our public IP. This attack lacks when that IP isn´t reachable from the internal LAN and you can be logged. I use internal IP because we can sniff the responses. To improve the attack, find a internal IP not used.
  • 94. HTSNACBT Attack How To Scan NSA And Cannot Be Traced
  • 95. HTSNACBT Attack We can send a SYN packet with any destination IP and TCP port (spoofing a satellite’s routable source IP) , and we can sniff the responses. We can analyze the responses.
  • 96. HTSNACBT Attack OR… We can configure our linux like a satellite connected host. VERY EASY!!!
  • 97. HTSNACBT Attack What we need: An internet connection (Let’s use it as uplink) with any technology which let you spoofing. A receiver, a card….
  • 98. HTSNACBT Attack Let’s rock! Find a satellite IP not used, I ping IPs next to another sniffable satellite IP to find a non responding IP. We must sniff our ping with the DVB Card (you must save the packets). This will be our IP!
  • 99. HTSNACBT Attack Configure Linux to use it. We need our router ‘s MAC
  • 100. HTSNACBT Attack Configure our dvb interface to receive this IP (I suppose that you have configure the PID…) The IP is the one we have selected and in the ICMP scan, we must get the destination MAC sniffed.
  • 101. HTSNACBT Attack Here we get the MAC address we must configure in our DVB interface
  • 102. HTSNACBT Attack I use netmask /32 to avoid routing problems
  • 103. HTSNACBT Attack Now we can configure our Internet interface with the same IP and configure a default route with a false router setting this one with a static MAC (our real router’s MAC).
  • 106. HTSNACBT Attack This is all !!! Some things you must remember: The DNS server must allow request from any IP or you must use the satellite ISP DNS server.
  • 107. HTSNACBT Attack If you have any firewall (iptables) disable it. All the things you make can be sniffed by others users.
  • 108. HTSNACBT Attack Now attacking GRE is very easy, you only need to configure your Linux with IP of one of the routers (the one with the satellite connection) and configure the tunneling. http://www.google.es/search?rlz=1C1GPEA_en___ES312&sourceid=chrome&ie=UTF-8&q=configuring+GRE+linux
  • 109. What TODO now? I’m studying the different methods to trace illegal users. (I only have a few ideas). Now I’m studying the possibilities of sending data to a satellite via Astromodem (DVB-RCS). This investigation looks fine.
  • 110. Conclusions Satellite communications are insecure. It can be sniffed. A lot of attacks can be made, I just talked about only few level 4 and level 3 attacks.
  • 111. Conclusions With this technology in our sky, an anonymous connection is possible. Many kinds of Denial of Service are possible.
  • 113. THANK YOU!!! Leonardo Nve Egea Christian Martorella lnve@s21sec.com cmartorella@s21sec.com