SlideShare a Scribd company logo

CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz

CODE BLUE
CODE BLUE

Today's threat landscape is all about Cyber. We have cyber threats, cyber security, cyber warfare, cyber intelligence, cyber espionage... Cyber is a synonym for the Internet, but sometimes, it's not -all- about the internet. Focusing defences on the Internet front leads to some wrong assumptions and the overlooking of much simpler, yet just-as-dangerous attack vectors.

Technology
1 of 44
Download to read offline
©2014 Check Point Software Technologies Ltd. Physical (In)Security: It’s not all about Cyber Inbar Raz Malware & Security Research Manager Check Point Software Technologies
2©2014 Check Point Software Technologies Ltd. Vulnerability Disclosure !  Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – Offer to work with the vendor – After a grace period, proceed to Full Disclosure –  Web vulnerability: 1-4 weeks –  Software: 1-3 months –  Firmware: 3-6 months –  But: no actual standard, players make the rules !  Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC
3©2014 Check Point Software Technologies Ltd. Example #1: Movie Ticket Kiosk !  On-site Kiosk !  Touch Screen !  Credit Card Reader !  Ticket Printer !  No peripherals, No interfaces
4©2014 Check Point Software Technologies Ltd. The Attack !  Improper interface settings allow the opening of menu options. !  Menus can be used to browse for a new printer.
5©2014 Check Point Software Technologies Ltd. !  A limited Windows Explorer is not restricted enough. !  A right-click can be used… !  To open a full, unrestricted Windows Explorer. The Attack
6©2014 Check Point Software Technologies Ltd. The Attack !  Browsing through the file system reveals interesting directory names… !  And even more interesting file names.
7©2014 Check Point Software Technologies Ltd. The Attack !  Bingo: Credit Card Data (Unencrypted!) Tools of the trade: Notepad !  We can use the ticket printer to take it home ☺
8©2014 Check Point Software Technologies Ltd. The Attack !  But that’s not all: RSA Keys and Certificates are also found on the drive! !  Which we can print, take home and then use a free OCR software to read…
9©2014 Check Point Software Technologies Ltd. The Attack !  The result: RSA Keys used to bill credit cards.
10©2014 Check Point Software Technologies Ltd. Example #1: Summary !  Device purpose: Print purchased Movie Tickets !  Data on device: Credit Card data and Encryption Keys !  Method used to hack: 1 finger
11©2014 Check Point Software Technologies Ltd. Example #2: Point-of-Sale Device !  Point-Of-Sale devices are all around you.
12©2014 Check Point Software Technologies Ltd. The Attack !  PoS Device located outside business during the day !  At the end of the day, it is locked inside
13©2014 Check Point Software Technologies Ltd. The Attack !  But one thing is left outside, on the street:
14©2014 Check Point Software Technologies Ltd. The Attack !  Intelligence Gathering: Listen to the network, discover who’s talking, what language they’re speaking, and what they’re saying in that language
15©2014 Check Point Software Technologies Ltd. The Attack !  Intelligence Gathering: Listen to the network, discover who’s talking, what language they’re speaking, and what they’re saying in that language !  Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254
16©2014 Check Point Software Technologies Ltd. The Attack !  Evidence of SMB (plus prior knowledge) leads to the next step: !  And the response:
17©2014 Check Point Software Technologies Ltd. Things to do with an open share !  #1: Look around – Establish possible attack vectors
18©2014 Check Point Software Technologies Ltd. Things to do with an open share
19©2014 Check Point Software Technologies Ltd. Things to do with an open share !  #1: Look around – Establish possible attack vectors !  #2: Create a file list – Not like stealing data, but very helpful – Go home, analyze, come back later
20©2014 Check Point Software Technologies Ltd. !  Answers a ping, but no SMB. !  First guess: Switch/Router/ADSL Modem. !  Try to access the Web-UI: The mystery of 192.168.0.250
21©2014 Check Point Software Technologies Ltd. The mystery of 192.168.0.250 !  Use the full URL:
22©2014 Check Point Software Technologies Ltd. !  Reminder: We actually had this information. Going for the ADSL Modem/Router
23©2014 Check Point Software Technologies Ltd. Going for the ADSL Modem/Router !  Naturally, there is access control: !  Want to guess?
24©2014 Check Point Software Technologies Ltd. Example #2: Summary !  Device purpose: Cash Register and Local Server !  Data on device: Credit Card data, Customer Database !  Method used to hack: MacBook Pro, Free Software
25©2014 Check Point Software Technologies Ltd. Other opportunities !  A Medical Clinic in Tel-Aviv – Complete disregard for attendance systems
26©2014 Check Point Software Technologies Ltd. Other opportunities !  A Hospital in Tel-Aviv
27©2014 Check Point Software Technologies Ltd. Other opportunities !  An ATM at a shopping mall
28©2014 Check Point Software Technologies Ltd. Example #3: Hospital Smart TV !  Features – Watch TV – Listen to music – VOD – Browse the Internet !  Peripherals: – Touch Screen – Credit Card Reader – Earphones And… – USB…
29©2014 Check Point Software Technologies Ltd. The Attack !  Start with a USB Keyboard – Num-Lock works – Nothing else does !  Power off, Power on, F11
30©2014 Check Point Software Technologies Ltd. Our options are opening up !  Let’s boot something else !  BackTrack (kali): Never leave home without it
31©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem: But I’m facing a problem # The loopback interface, this is the default configuration: auto lo iface lo inet loopback pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off # The first network interface. # In this case we want to receive an IP-address through DHCP: auto eth0 iface eth0 inet dhcp # In this case we have a wired network: wpa-driver wired # Tell the system we want to use WPA-Supplicant # with our configuration file: wpa-conf /etc/wpa_supplicant.conf pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off
32©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem. !  But this is linux, everything is in text files ☺ But I’m facing a problem network={ key_mgmt=IEEE8021X eap=TTLS MD5 identity="a*****c“ anonymous_identity="a*****c“ password=“*****“ phase1="auth=MD5“ phase2="auth=PAP password=*****“ eapol_flags=0 }
33©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem. !  But this is linux, everything is in text files ☺ !  I copy the files, and try again. But I’m facing a problem
34©2014 Check Point Software Technologies Ltd. What next? !  Find out where we are (external IP) !  Proof-of-Concept: Open reverse shell
35©2014 Check Point Software Technologies Ltd. !  Further analysis of files reveals a lead: http://192.168.0.250/client/ !  This is the actual User Interface: But it’s not enough…
36©2014 Check Point Software Technologies Ltd. So the next logical step is…
37©2014 Check Point Software Technologies Ltd. So what’s next? !  We lost access to the devices – At least easy access !  Complete the report and go for disclosure However… !  Turns out other hospitals have the same device – So now we wait for someone to get sick…
38©2014 Check Point Software Technologies Ltd. Example #3: Summary !  Device purpose: Smart TV for Hospital Patients !  Data on device: Network Encryption Keys, Possible access to other networks !  Method used to hack: USB Drive, Free Software, Keyboard, Mouse
39©2014 Check Point Software Technologies Ltd. Example #4: Airport Entertainment
40©2014 Check Point Software Technologies Ltd. Escaping the Box
41©2014 Check Point Software Technologies Ltd. Collecting Valuable Information
42©2014 Check Point Software Technologies Ltd. Example #4: Summary !  Device purpose: Airport Entertainment and Shopping !  Data on device: VNC Encryption Keys, Possible access to other networks, Potential Botnet !  Method used to hack: USB Keyboard and Drive
43©2014 Check Point Software Technologies Ltd. Conclusion !  Local Networks are rarely as monitored and as protected as the Internet Gateway. !  Many devices that are publicly accessible do not get hardened against unauthorized access. !  Compromising a device on an internal network can easily be leveraged in a network proliferation operation. !  Best practice: Ask yourself: “Would I trust Inbar here?” !  It’s not all about Cyber.
44©2014 Check Point Software Technologies Ltd. Thank You!

Recommended

Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Defcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillDefcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillPriyanka Aash
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Perl Development (Sample Courseware)
Perl Development (Sample Courseware)Perl Development (Sample Courseware)
Perl Development (Sample Courseware)Garth Gilmour
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnaernestlithur
 
6421 b Module-10
6421 b Module-106421 b Module-10
6421 b Module-10Bibekananada Jena
 
Chapter3ccna
Chapter3ccnaChapter3ccna
Chapter3ccnaernestlithur
 
ccna
ccnaccna
ccnaSaimir Ciraku
 

Recommended

Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Defcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillDefcon 22-robert-rowley-detecting-defending-against-surveill
Defcon 22-robert-rowley-detecting-defending-against-surveillPriyanka Aash
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Perl Development (Sample Courseware)
Perl Development (Sample Courseware)Perl Development (Sample Courseware)
Perl Development (Sample Courseware)Garth Gilmour
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnaernestlithur
 
6421 b Module-10
6421 b Module-106421 b Module-10
6421 b Module-10Bibekananada Jena
 
Chapter3ccna
Chapter3ccnaChapter3ccna
Chapter3ccnaernestlithur
 
ccna
ccnaccna
ccnaSaimir Ciraku
 
Workshop on Cyber security
Workshop on Cyber security Workshop on Cyber security
Workshop on Cyber security Mehedi Hasan
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnaernestlithur
 
US Pmp Overview 2008
US Pmp Overview 2008US Pmp Overview 2008
US Pmp Overview 2008Jaydeep Adhikari
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Aerohive Configuration guide.
Aerohive Configuration guide. Aerohive Configuration guide.
Aerohive Configuration guide. armaan7139
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyDirectorate of Information Security | Ditjen Aptika
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
CCNA IP Addressing
CCNA IP AddressingCCNA IP Addressing
CCNA IP AddressingDsunte Wilson
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 

More Related Content

Viewers also liked

Workshop on Cyber security
Workshop on Cyber security Workshop on Cyber security
Workshop on Cyber security Mehedi Hasan
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Aerohive Configuration guide.
Aerohive Configuration guide. Aerohive Configuration guide.
Aerohive Configuration guide. armaan7139
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 

Viewers also liked (20)

Workshop on Cyber security
Workshop on Cyber security Workshop on Cyber security
Workshop on Cyber security
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
US Pmp Overview 2008
US Pmp Overview 2008US Pmp Overview 2008
US Pmp Overview 2008
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
Aerohive Configuration guide.
Aerohive Configuration guide. Aerohive Configuration guide.
Aerohive Configuration guide.
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
CCNA IP Addressing
CCNA IP AddressingCCNA IP Addressing
CCNA IP Addressing
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 

Similar to CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz

Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
 
Tech Presentation 2
Tech Presentation 2Tech Presentation 2
Tech Presentation 2guest2bdea
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...Thomas Burg
 
Operating systems
Operating systemsOperating systems
Operating systemssandrahezro
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxedmondpburgess27164
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
Some things about LAN device detection
Some things about LAN device detectionSome things about LAN device detection
Some things about LAN device detectionCanaan Kao
 
OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016joebursell
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiMarketingArrowECS_CZ
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Introduction to Computer basics for students
Introduction to Computer basics for studentsIntroduction to Computer basics for students
Introduction to Computer basics for studentsAkhil Nadh PC
 
Fixing security by fixing software development
Fixing security by fixing software developmentFixing security by fixing software development
Fixing security by fixing software developmentNick Galbreath
 

Similar to CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz (20)

Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
 
Tech Presentation 2
Tech Presentation 2Tech Presentation 2
Tech Presentation 2
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...The attack against target - how was it done and how has it changed the securi...
The attack against target - how was it done and how has it changed the securi...
 
Operating systems
Operating systemsOperating systems
Operating systems
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Some things about LAN device detection
Some things about LAN device detectionSome things about LAN device detection
Some things about LAN device detection
 
OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Introduction to Computer basics for students
Introduction to Computer basics for studentsIntroduction to Computer basics for students
Introduction to Computer basics for students
 
Fixing security by fixing software development
Fixing security by fixing software developmentFixing security by fixing software development
Fixing security by fixing software development
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

CODE BLUE 2014 : Physical [In]Security: It’s not ALL about Cyber by Inbar Raz

  • 1. ©2014 Check Point Software Technologies Ltd. Physical (In)Security: It’s not all about Cyber Inbar Raz Malware & Security Research Manager Check Point Software Technologies
  • 2. 2©2014 Check Point Software Technologies Ltd. Vulnerability Disclosure !  Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – Offer to work with the vendor – After a grace period, proceed to Full Disclosure –  Web vulnerability: 1-4 weeks –  Software: 1-3 months –  Firmware: 3-6 months –  But: no actual standard, players make the rules !  Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC
  • 3. 3©2014 Check Point Software Technologies Ltd. Example #1: Movie Ticket Kiosk !  On-site Kiosk !  Touch Screen !  Credit Card Reader !  Ticket Printer !  No peripherals, No interfaces
  • 4. 4©2014 Check Point Software Technologies Ltd. The Attack !  Improper interface settings allow the opening of menu options. !  Menus can be used to browse for a new printer.
  • 5. 5©2014 Check Point Software Technologies Ltd. !  A limited Windows Explorer is not restricted enough. !  A right-click can be used… !  To open a full, unrestricted Windows Explorer. The Attack
  • 6. 6©2014 Check Point Software Technologies Ltd. The Attack !  Browsing through the file system reveals interesting directory names… !  And even more interesting file names.
  • 7. 7©2014 Check Point Software Technologies Ltd. The Attack !  Bingo: Credit Card Data (Unencrypted!) Tools of the trade: Notepad !  We can use the ticket printer to take it home ☺
  • 8. 8©2014 Check Point Software Technologies Ltd. The Attack !  But that’s not all: RSA Keys and Certificates are also found on the drive! !  Which we can print, take home and then use a free OCR software to read…
  • 9. 9©2014 Check Point Software Technologies Ltd. The Attack !  The result: RSA Keys used to bill credit cards.
  • 10. 10©2014 Check Point Software Technologies Ltd. Example #1: Summary !  Device purpose: Print purchased Movie Tickets !  Data on device: Credit Card data and Encryption Keys !  Method used to hack: 1 finger
  • 11. 11©2014 Check Point Software Technologies Ltd. Example #2: Point-of-Sale Device !  Point-Of-Sale devices are all around you.
  • 12. 12©2014 Check Point Software Technologies Ltd. The Attack !  PoS Device located outside business during the day !  At the end of the day, it is locked inside
  • 13. 13©2014 Check Point Software Technologies Ltd. The Attack !  But one thing is left outside, on the street:
  • 14. 14©2014 Check Point Software Technologies Ltd. The Attack !  Intelligence Gathering: Listen to the network, discover who’s talking, what language they’re speaking, and what they’re saying in that language
  • 15. 15©2014 Check Point Software Technologies Ltd. The Attack !  Intelligence Gathering: Listen to the network, discover who’s talking, what language they’re speaking, and what they’re saying in that language !  Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254
  • 16. 16©2014 Check Point Software Technologies Ltd. The Attack !  Evidence of SMB (plus prior knowledge) leads to the next step: !  And the response:
  • 17. 17©2014 Check Point Software Technologies Ltd. Things to do with an open share !  #1: Look around – Establish possible attack vectors
  • 18. 18©2014 Check Point Software Technologies Ltd. Things to do with an open share
  • 19. 19©2014 Check Point Software Technologies Ltd. Things to do with an open share !  #1: Look around – Establish possible attack vectors !  #2: Create a file list – Not like stealing data, but very helpful – Go home, analyze, come back later
  • 20. 20©2014 Check Point Software Technologies Ltd. !  Answers a ping, but no SMB. !  First guess: Switch/Router/ADSL Modem. !  Try to access the Web-UI: The mystery of 192.168.0.250
  • 21. 21©2014 Check Point Software Technologies Ltd. The mystery of 192.168.0.250 !  Use the full URL:
  • 22. 22©2014 Check Point Software Technologies Ltd. !  Reminder: We actually had this information. Going for the ADSL Modem/Router
  • 23. 23©2014 Check Point Software Technologies Ltd. Going for the ADSL Modem/Router !  Naturally, there is access control: !  Want to guess?
  • 24. 24©2014 Check Point Software Technologies Ltd. Example #2: Summary !  Device purpose: Cash Register and Local Server !  Data on device: Credit Card data, Customer Database !  Method used to hack: MacBook Pro, Free Software
  • 25. 25©2014 Check Point Software Technologies Ltd. Other opportunities !  A Medical Clinic in Tel-Aviv – Complete disregard for attendance systems
  • 26. 26©2014 Check Point Software Technologies Ltd. Other opportunities !  A Hospital in Tel-Aviv
  • 27. 27©2014 Check Point Software Technologies Ltd. Other opportunities !  An ATM at a shopping mall
  • 28. 28©2014 Check Point Software Technologies Ltd. Example #3: Hospital Smart TV !  Features – Watch TV – Listen to music – VOD – Browse the Internet !  Peripherals: – Touch Screen – Credit Card Reader – Earphones And… – USB…
  • 29. 29©2014 Check Point Software Technologies Ltd. The Attack !  Start with a USB Keyboard – Num-Lock works – Nothing else does !  Power off, Power on, F11
  • 30. 30©2014 Check Point Software Technologies Ltd. Our options are opening up !  Let’s boot something else !  BackTrack (kali): Never leave home without it
  • 31. 31©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem: But I’m facing a problem # The loopback interface, this is the default configuration: auto lo iface lo inet loopback pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off # The first network interface. # In this case we want to receive an IP-address through DHCP: auto eth0 iface eth0 inet dhcp # In this case we have a wired network: wpa-driver wired # Tell the system we want to use WPA-Supplicant # with our configuration file: wpa-conf /etc/wpa_supplicant.conf pre-up /usr/sbin/ethtool -s eth0 speed 100 duplex full autoneg off
  • 32. 32©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem. !  But this is linux, everything is in text files ☺ But I’m facing a problem network={ key_mgmt=IEEE8021X eap=TTLS MD5 identity="a*****c“ anonymous_identity="a*****c“ password=“*****“ phase1="auth=MD5“ phase2="auth=PAP password=*****“ eapol_flags=0 }
  • 33. 33©2014 Check Point Software Technologies Ltd. !  Even though I’m set to DHCP, I have no IP address. !  An examination of the config files reveals the problem. !  But this is linux, everything is in text files ☺ !  I copy the files, and try again. But I’m facing a problem
  • 34. 34©2014 Check Point Software Technologies Ltd. What next? !  Find out where we are (external IP) !  Proof-of-Concept: Open reverse shell
  • 35. 35©2014 Check Point Software Technologies Ltd. !  Further analysis of files reveals a lead: http://192.168.0.250/client/ !  This is the actual User Interface: But it’s not enough…
  • 36. 36©2014 Check Point Software Technologies Ltd. So the next logical step is…
  • 37. 37©2014 Check Point Software Technologies Ltd. So what’s next? !  We lost access to the devices – At least easy access !  Complete the report and go for disclosure However… !  Turns out other hospitals have the same device – So now we wait for someone to get sick…
  • 38. 38©2014 Check Point Software Technologies Ltd. Example #3: Summary !  Device purpose: Smart TV for Hospital Patients !  Data on device: Network Encryption Keys, Possible access to other networks !  Method used to hack: USB Drive, Free Software, Keyboard, Mouse
  • 39. 39©2014 Check Point Software Technologies Ltd. Example #4: Airport Entertainment
  • 40. 40©2014 Check Point Software Technologies Ltd. Escaping the Box
  • 41. 41©2014 Check Point Software Technologies Ltd. Collecting Valuable Information
  • 42. 42©2014 Check Point Software Technologies Ltd. Example #4: Summary !  Device purpose: Airport Entertainment and Shopping !  Data on device: VNC Encryption Keys, Possible access to other networks, Potential Botnet !  Method used to hack: USB Keyboard and Drive
  • 43. 43©2014 Check Point Software Technologies Ltd. Conclusion !  Local Networks are rarely as monitored and as protected as the Internet Gateway. !  Many devices that are publicly accessible do not get hardened against unauthorized access. !  Compromising a device on an internal network can easily be leveraged in a network proliferation operation. !  Best practice: Ask yourself: “Would I trust Inbar here?” !  It’s not all about Cyber.
  • 44. 44©2014 Check Point Software Technologies Ltd. Thank You!