Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

DEFCON: Burning the Lookout

536 vues

Publié le

Talk from the DEFCON 26 Packet Hacking Village (PHV) detailing the use of the lawful intercept system Vigia in Brazil.

Publié dans : Technologie
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Soyez le premier à aimer ceci

DEFCON: Burning the Lookout

  1. 1. Burning the Lookout
  2. 2. ● Senior Security Researcher @ CrowdStrike ● Project Director / Intern @ MalShare ● Project Director @ Project 25499 ● Twitter: @SilasCutler ● Email: silascutler@riseup.net > whoami
  3. 3. Crash course in Lawful Intercept
  4. 4. ● Process, Tools, Ability for Law Enforcement to collect as part of investigations (wiretaps) ○ CALEA (Communications Assistance for Law Enforcement Act) ○ ESTI (European Telecommunications Standards Institute) ● Standard deployment ○ Intercept Access Point (IAP) ○ Mediation Device ○ Lawful Intercept Administration (LIA) Crash course on Lawful Intercept Cell Tower/Modem Provider Network Internet
  5. 5. Vigia
  6. 6. ● Pastebin 2015 ● Poster claimed to have hacked Brazilian Army after they did a CTF ● Post included: ○ 7000 Credentials ○ 3 Websites Backstory
  7. 7. ● Lawful Intercept Suite developed by SunTech Brazil ● (Mediation Device) ○ View intercepted data from service providers ○ Add new surveillance targets ● Where’s it used? Vigia
  8. 8. Hunting for Vigia ● What are distinct artifacts from these systems? ○ SSL ○ DNS ○ Page Content ● Censys / Shodan / Scans.io / Passive DNS for static patterns ○ /vigia/ or /suntech/ present in SSL certificates ○ vigia.<provider domain>
  9. 9. Why it matters
  10. 10. Why it matters ● Potential for unauthorized eavesdropping ● Previous targeting by foreign and domestic attackers ● Likely other similar systems in the wild
  11. 11. 211,046,525
  12. 12. Questions
  13. 13. Thank you // Fin

×