SlideShare une entreprise Scribd logo

DefCon 2012 - Bluetooth Monitoring With SCAPY

Michael Smith
Michael Smith
Technologie
1  sur  14
Télécharger pour lire hors ligne
PASSIVE BLUETOOH MONITORING IN SCAPY Ryan Holeman
AGENDA • bluetooth essentials • fundamental projects • scapy-btbb project overview • demo
ESSENTIAL BLUETOOTH • bluetooth is a frequency hopping protocol
ESSENTIAL BLUETOOTH • BTBB - bluetooth baseband • air traffic between master and slave bluetooth devices
ESSENTIAL BLUETOOTH • nap • non-significant for communication • vendor association • uap • upper address part • vendor association • calculated from btbb packets • lap • lower address part • easily obtained in btbb packet
FUNDAMENTAL PROJECTS SCAPY • Philippe Biondi • python network analysis and manipulation tool • supports many protocols and layers • Ethernet, Tcp/Ip, 802.11, 802.15.5, etc
FUNDAMENTAL PROJECTS LIBBTBB • Dominic Spill and Mike Ossmann • provides methods for: • uap discovery, clock discovery, etc • wireshark plugin • wireshark btbb support
FUNDAMENTAL PROJECTS UBERTOOTH • bluetooth baseband sniffer • Mike Ossmann • kismet plugin
SCAPY-BTBB GOALS • bluetooth baseband traffic in python
SCAPY-BTBB CONTRIBUTIONS • btbb layer in scapy •a stream utility for pcap files in scapy • btbb helper methods • vendor from nap/uap • distinct address lists from btbb traffic • extensive documentation of related projects
SCAPY-BTBB RELEVANCE • real time and postmortem data analysis for btbb traffic • compatibility across hardware • though pcap files • easily incorporated into: • developer debugging tools • auditing tools • exploitation tools
DEMO
REFERENCES • scapy • bluez • Phillippe Biondi • bluez.org • secdev.org/projects/scapy • pybluez • libbtbb • pybluez.googlecode.com • Dominic Spill & Mike Ossmann • wireshark • sourceforge.net/projects/libbtbb • wireshark.org • ubertooth • ipython • Mike Ossmann • ipython.org • ubertooth.sourceforge.net • pandas • kismet • pandas.pydata.org • Mike Kershaw • kismetwireless.net
PROJECT HOME AND CONTACT INFO • project home • hackgnar.com/projects/btbb • contact • email: ripper@hackgnar.com • twitter: @hackgnar

Recommandé

Still waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operatorStill waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operator
Alex Ellis
 
The Need For A Cloud Native Tunnel
The Need For A Cloud Native TunnelThe Need For A Cloud Native Tunnel
The Need For A Cloud Native Tunnel
Alex Ellis
 
Introduction to hubot
Introduction to hubotIntroduction to hubot
Introduction to hubot
Tencent
 
SUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content deliverySUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content delivery
Colours B.V.
 
Ci & proServer
Ci & proServerCi & proServer
Ci & proServer
Sebastian Helzle
 
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studiesOpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
Alex Ellis
 
Into The Box 2014 - Keynote
Into The Box 2014 - KeynoteInto The Box 2014 - Keynote
Into The Box 2014 - Keynote
Ortus Solutions, Corp
 
A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?
Nick den Engelsman
 

Recommandé

Still waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operatorStill waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operator
Alex Ellis
 
The Need For A Cloud Native Tunnel
The Need For A Cloud Native TunnelThe Need For A Cloud Native Tunnel
The Need For A Cloud Native Tunnel
Alex Ellis
 
Introduction to hubot
Introduction to hubotIntroduction to hubot
Introduction to hubot
Tencent
 
SUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content deliverySUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content delivery
Colours B.V.
 
Ci & proServer
Ci & proServerCi & proServer
Ci & proServer
Sebastian Helzle
 
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studiesOpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
Alex Ellis
 
Into The Box 2014 - Keynote
Into The Box 2014 - KeynoteInto The Box 2014 - Keynote
Into The Box 2014 - Keynote
Ortus Solutions, Corp
 
A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?
Nick den Engelsman
 
Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
Diego Caceres
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
SensePost
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
Mohamed Gamel
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
EC-Council
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
UISGCON
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
Norberto Leite
 
A tale of two proxies
A tale of two proxiesA tale of two proxies
A tale of two proxies
SensePost
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
Samy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
Sushma Patil
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chander
nforceit
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
David Cristóbal
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
ffranz
 
Scapy
ScapyScapy
Scapy
Mohamed Gamel
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP Packets
Security B-Sides
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
Talal Alharbi
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
Mukesh Chaudhari
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
EC-Council
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
Jad Nehme
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
Tiago Henriques
 
Python begin
Python beginPython begin
Python begin
ashigirl ZareGoto
 
Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016
Vlad Styran
 
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
Shakacon
 

Contenu connexe

En vedette

Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
Mohamed Gamel
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
UISGCON
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
Samy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
Sushma Patil
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
Jad Nehme
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
Tiago Henriques
 

En vedette (20)

Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
 
A tale of two proxies
A tale of two proxiesA tale of two proxies
A tale of two proxies
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chander
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
 
Scapy
ScapyScapy
Scapy
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP Packets
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 
Python begin
Python beginPython begin
Python begin
 

Similaire à DefCon 2012 - Bluetooth Monitoring With SCAPY

0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
Shakacon
 
0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test
Balazs Bucsay
 
Navigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software FoundationNavigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software Foundation
Brett Porter
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Barry Tarlton
 
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Mandi Walls
 

Similaire à DefCon 2012 - Bluetooth Monitoring With SCAPY (20)

Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016
 
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
 
0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test
 
Data visualisation in python tool - a brief
Data visualisation in python tool - a briefData visualisation in python tool - a brief
Data visualisation in python tool - a brief
 
Rust is for Robots!
Rust is for Robots!Rust is for Robots!
Rust is for Robots!
 
Sas 2015 event_driven
Sas 2015 event_drivenSas 2015 event_driven
Sas 2015 event_driven
 
Trend Micro Big Data Platform and Apache Bigtop
Trend Micro Big Data Platform and Apache BigtopTrend Micro Big Data Platform and Apache Bigtop
Trend Micro Big Data Platform and Apache Bigtop
 
Raspberry pi overview
Raspberry pi overview Raspberry pi overview
Raspberry pi overview
 
Introduction Apache Kafka
Introduction Apache KafkaIntroduction Apache Kafka
Introduction Apache Kafka
 
Navigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software FoundationNavigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software Foundation
 
Publishing Linked Data from RDB
Publishing Linked Data from RDBPublishing Linked Data from RDB
Publishing Linked Data from RDB
 
Approaching APIs
Approaching APIsApproaching APIs
Approaching APIs
 
Raspberry pi
Raspberry piRaspberry pi
Raspberry pi
 
Raspberry pi seminar
Raspberry pi seminarRaspberry pi seminar
Raspberry pi seminar
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Qcon beijing 2010
Qcon beijing 2010Qcon beijing 2010
Qcon beijing 2010
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
 
Project Baird — Overview for DVB Meeting 2010-11-23
Project Baird — Overview for DVB Meeting 2010-11-23Project Baird — Overview for DVB Meeting 2010-11-23
Project Baird — Overview for DVB Meeting 2010-11-23
 
Implementing a command line client to GitHub in Go
Implementing a command line client to GitHub in GoImplementing a command line client to GitHub in Go
Implementing a command line client to GitHub in Go
 
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
 

Plus de Michael Smith

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
Michael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
Michael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
Michael Smith
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
Michael Smith
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
Michael Smith
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
Michael Smith
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - LeeDefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
Michael Smith
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)
Michael Smith
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
Michael Smith
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
Michael Smith
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water Meters
Michael Smith
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
Michael Smith
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
Michael Smith
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM Attacks
Michael Smith
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
Michael Smith
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
Michael Smith
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware Vulnerabilities
Michael Smith
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
 

Plus de Michael Smith (20)

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
DefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency SecurityDefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency Security
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - LeeDefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water Meters
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM Attacks
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware Vulnerabilities
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
 
DefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter HackingDefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter Hacking
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

DefCon 2012 - Bluetooth Monitoring With SCAPY

  • 1. PASSIVE BLUETOOH MONITORING IN SCAPY Ryan Holeman
  • 2. AGENDA • bluetooth essentials • fundamental projects • scapy-btbb project overview • demo
  • 3. ESSENTIAL BLUETOOTH • bluetooth is a frequency hopping protocol
  • 4. ESSENTIAL BLUETOOTH • BTBB - bluetooth baseband • air traffic between master and slave bluetooth devices
  • 5. ESSENTIAL BLUETOOTH • nap • non-significant for communication • vendor association • uap • upper address part • vendor association • calculated from btbb packets • lap • lower address part • easily obtained in btbb packet
  • 6. FUNDAMENTAL PROJECTS SCAPY • Philippe Biondi • python network analysis and manipulation tool • supports many protocols and layers • Ethernet, Tcp/Ip, 802.11, 802.15.5, etc
  • 7. FUNDAMENTAL PROJECTS LIBBTBB • Dominic Spill and Mike Ossmann • provides methods for: • uap discovery, clock discovery, etc • wireshark plugin • wireshark btbb support
  • 8. FUNDAMENTAL PROJECTS UBERTOOTH • bluetooth baseband sniffer • Mike Ossmann • kismet plugin
  • 9. SCAPY-BTBB GOALS • bluetooth baseband traffic in python
  • 10. SCAPY-BTBB CONTRIBUTIONS • btbb layer in scapy •a stream utility for pcap files in scapy • btbb helper methods • vendor from nap/uap • distinct address lists from btbb traffic • extensive documentation of related projects
  • 11. SCAPY-BTBB RELEVANCE • real time and postmortem data analysis for btbb traffic • compatibility across hardware • though pcap files • easily incorporated into: • developer debugging tools • auditing tools • exploitation tools
  • 12. DEMO
  • 13. REFERENCES • scapy • bluez • Phillippe Biondi • bluez.org • secdev.org/projects/scapy • pybluez • libbtbb • pybluez.googlecode.com • Dominic Spill & Mike Ossmann • wireshark • sourceforge.net/projects/libbtbb • wireshark.org • ubertooth • ipython • Mike Ossmann • ipython.org • ubertooth.sourceforge.net • pandas • kismet • pandas.pydata.org • Mike Kershaw • kismetwireless.net
  • 14. PROJECT HOME AND CONTACT INFO • project home • hackgnar.com/projects/btbb • contact • email: ripper@hackgnar.com • twitter: @hackgnar