Soumettre la recherche
Mettre en ligne
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
•
Télécharger en tant que PPTX, PDF
•
1 j'aime
•
1,091 vues
DefconRussia
Suivre
Technologie
Business
Signaler
Partager
Signaler
Partager
1 sur 25
Télécharger maintenant
Recommandé
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Recommandé
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Contenu connexe
Plus de DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
Plus de DefconRussia
(20)
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
HTTP HOST header attacks
HTTP HOST header attacks
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
Weakpass - defcon russia 23
Weakpass - defcon russia 23
nosymbols - defcon russia 20
nosymbols - defcon russia 20
static - defcon russia 20
static - defcon russia 20
Zn task - defcon russia 20
Zn task - defcon russia 20
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
Nedospasov defcon russia 23
Nedospasov defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Miasm defcon russia 23
Miasm defcon russia 23
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Dernier
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Dernier
(20)
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
1.
Physical (In)security Inbar Raz Malware
& Security Manager Check Point Software Technologies ©2013 Check Point Software Technologies Ltd.
2.
Types of Vulnerability
Disclosures Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – If asked, work with the vendor – After 3-6 months, proceed to Full Disclosure Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC ©2013 Check Point Software Technologies Ltd. 2
3.
Disclosure #1 Vendor:
An Online Movie Ticket Service Field: Online shopping and entertainment Affected Product: On-site Ticket Kiosk Vulnerability: Multiple vulnerabilities cause the compromise of both customer and company data ©2013 Check Point Software Technologies Ltd. 3
4.
Disclosure Details On-site
Kiosk Touch Screen Credit Card Reader Ticket Printer No peripherals, No interfaces And the journey begins… ©2013 Check Point Software Technologies Ltd. 4
5.
Disclosure Details Improper
interface settings allow the opening of menu options. Menus can be used to browse for a new printer. ©2013 Check Point Software Technologies Ltd. 5
6.
Disclosure Details A
limited browser is not restricted enough. A right-click can be used… To open a full, unlimited Windows Explorer. Now the sky is the limit… ©2013 Check Point Software Technologies Ltd. 6
7.
Disclosure Details Browsing
through the file system reveals indicative directory names… And even more indicative file names. ©2013 Check Point Software Technologies Ltd. 7
8.
Disclosure Details Bingo:
Credit Card Data (Unencrypted!) Tools of the trade: Notepad We can use the ticket printer to take it home ©2013 Check Point Software Technologies Ltd. 8
9.
Disclosure Details But
that’s not all: RSA Keys and Certificates are also found on the drive! Which we can print, take home and then use a free OCR software to read… ©2013 Check Point Software Technologies Ltd. 9
10.
Disclosure Details The
result: RSA Keys used to bill credit cards. ©2013 Check Point Software Technologies Ltd. 10
11.
Disclosure #2 Vendor:
Point-of-Sale Manufacturer and Users Field: Network Security Vulnerability: Improper physical security allows access to insecure PoS devices during afterhours. ©2013 Check Point Software Technologies Ltd. 11
12.
Disclosure Details Point-Of-Sale
devices are all around you. ©2013 Check Point Software Technologies Ltd. 12
13.
Disclosure Details Location:
A bar in Tel-Aviv During working hours – tables, chair and PoS outside During afterhours – everything is locked inside the facility But the Ethernet port remains hot – In public space… ©2013 Check Point Software Technologies Ltd. 13
14.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. ©2013 Check Point Software Technologies Ltd. 14
15.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254 Confirm by ping (individual and broadcast) ©2013 Check Point Software Technologies Ltd. 15
16.
Attack Vector Evidence
of SMB (plus prior knowledge) lead to the next step: And the response: ©2013 Check Point Software Technologies Ltd. 16
17.
Things to do
with an open share #1: Look around [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 17
18.
Things to do
with an open share #1: Look around #2: Create a file list [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 18
19.
The mystery of
192.168.0.250 Answers a ping, but no SMB. First guess: the ADSL Modem. Try to access the Web-UI: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 19
20.
The mystery of
192.168.0.250 Use the full URL: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 20
21.
Going for the
ADSL router Reminder: We actually had this information. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 21
22.
Going for the
ADSL router Naturally, there is access control: Want to guess? [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 22
23.
Unlocked Achievements Best
for me, worst for them: Credit card data. Database files (yet to be analyzed). The program files of the billing system. Potential attack through the internet. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 23
24.
Next Steps Create
a Responsible Disclose document for the PoS manufacturer Send an Advisory to businesses ©2013 Check Point Software Technologies Ltd. 24
25.
IMPORTANT NOTICE The
bar operation was with full cooperation and consent. DOING THIS ON YOUR OWN IS ILLEGAL. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 25
Télécharger maintenant