BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Boston Linux Meeting Wednesday, December 19, 2018 - Security: Rogue Device Attacks
- Subject: [Discuss] Boston Linux Meeting Wednesday, December 19, 2018 - Security: Rogue Device Attacks
- From: gaf at blu.org (Jerry Feldman)
- Date: Thu, 13 Dec 2018 19:08:51 -0500
When: December 19, 2018 7:00PM (6:30PM for Q&A) Topic: Security: Rogue Device Attacks Moderator: Federico Lucifredi Location: MIT Building E-51, Room 315 Note: Parking at E-51 is now free. See note below Please note that Wadsworth St is open from Memorial Drive to Amherst St, but is closed between Amherst St to Main St. See the ling below for additional details. https://courbanize.com/projects/mit-kendall-square/updates Summary: A live demonstration of hacking with keystroke injection attacks Abstract: We will be taking advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed kesytroke payloads at well over 1000 words a minute. We access the host system and bypass traditional security countermeasures for payloads that can include reverse shells, binary injetion, brute force password attacks, and just about any attack that can be fully automated. In this session we explore the fundamentals of attacks exploiting the trust the operating system places on USB human-interaction devices to demonstrate once again the old principle that if you can physically access a computing device, there is no real security to be had. I will review the hardware, its capabilities, how it can be used to breach OS security, and how attackers can enable it to perform a variety of nefarious tasks with its own suite of tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads. After exploring the building blocks of USB HID exploitation, we take the discussion to the next level by altogether removing the need for a device and exploring what attacks can be delivered directly by a plain USB cable. We dissect an easily-sourced, low-cost hardware implant embedded in a standard, innocent-looking USB cable providing an attacker with further capabilities, including among them the ability to track its own geolocation. Clearly, complete control of a covert computer running with full system access can be used in a variety of network security attack scenarios that need to be accounted for in your threat model. We'll discuss applicable security countermeasures. Use your newfound knowledge for good, with great power comes great responsibility! Bio: Federico Lucifredi is The Ceph Storage Product Management Director at Red Hat, formerly the Ubuntu Server PM at Canonical, and the Linux ?Systems Management Czar? at SUSE. For further information and directions please consult the BLU Web site http://www.blu.org Parking: On-Campus Free Parking (These parking lots are free after 5pm) Due to the never-ending construction, Sloan's Hermann Garage is only accessable via Main Street. It is a small garage without a gate, and directly under the Sloan library. Another option is the Amherst Street/E51 lot. All other MIT lots require permits after hours. The closest public parking is Kendall Center Green Garage, next to the Marriott Hotel. The entrance is 90 Broadway Street. For other parking options, see http://web.mit.edu/facilities/transportation/parking/visitors/public_parking.html All Cambridge parking meters use Passport by Phone: https://www.cambridgema.gov/traffic/Parking/paybyphone This is active on all Cambridge metered parking spaces. Meters are free after 8PM For further information and directions please consult the BLU Web site http://www.blu.org -- Jerry Feldman <gaf at blu.org> Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 _______________________________________________ Announce mailing list Announce at blu.org http://lists.blu.org/mailman/listinfo/announce
- Prev by Date: [Discuss] Joplin Re: Backing up evernote
- Next by Date: [Discuss] Boston Linux Meeting Reminder, tomorrow, Wednesday, December 19, 2018 - Security: Rogue Device Attacks
- Previous by thread: [Discuss] Joplin Re: Backing up evernote
- Next by thread: [Discuss] Boston Linux Meeting Reminder, tomorrow, Wednesday, December 19, 2018 - Security: Rogue Device Attacks
- Index(es):