Paul's Security Weekly #524
Recorded August 3, 2017 at G-Unit Studios in Rhode Island!
Interview: Danny Miller, Ericom Software - 6:00PM-7:00PM
Danny Miller of Ericom Software joins us to discuss how enterprises can protect themselves utilizing new approaches to security, such as isolated browsing techniques!
Danny is the Director of Product Marketing at Ericom Software. He has more than 15 years of industry experience in corporate and product marketing, business development, and product management supporting an array of technology services, hardware and software solutions – with a strong focus on cybersecurity in recent years. Daniel holds a Bachelor's degree in Behavioral Sciences, a Master's degree in Psychology, and an Executive MBA.
Tech Segment: VaporTrail with Larry Pesce and Galen Alderson, InGuardians - 7:00-7:30PM
Fresh outta high school, Galen still has the new car smell. Galen has many years to become a curmudgeon by getting broken in as an intern at InGuardians.
As red team members and even "evil attackers", we've been finding numerous ways to exfiltrate data from networks with inexpensive hardware: Ethernet, WiFi and cellular (2G, 3G and LTE). The first two are highly detectable, while the latter is expensive and both leave a paper trail. We found a way to use a medium that is right under everypony's nose; low power, broadcast FM radio. With a Raspberry Pi and a length of wire, we can send text and raw binary data with a method nopony (until now) would think to look for. We receive the data with an RTL-SDR, putting our overall hardware budget at $20. In this demo, we will show you how to build and use this system. We'll share tales of the custom software and transmission protocols. You want to see it in action? We've got demos. You want the software? Yep, you can have that too. We're excited to offer Vapor Trail to you, the first FM radio data exfiltration tool. Sure, HAM radio folks have had digital modes for years, but we've done better AND cheaper. We've effectively created our own RF digital mode for pwnage, HAM radio data transfer and redundant communication methods. Why? Because we can. We want to go undetected with current capabilities. Turns out, our approach is quite novel for pulling data right from a network via pcaps or tool output.
Security News - 7:30-8:30PM
- Making Infosec Meetings More Inclusive
- How Engineers Hacked 113 Year Old Subway System Signs
- Chromes built-in adblocker arrives for early adopters
- Researchers display CAN do skill in vehicle DoS
- An Insight into Security Static Analysis Tools
- WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware
- New IoT Bill Proposes Security Standards for Smart Devices
- Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets
- FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware
- FCC has no documentation of DDoS attack that hit net neutrality comments
- Google Tracks Ransomware Payments at Scale With Machine Learning
- Sonic attacks against GPS/gimbal, etc
- Pre-pwned android phones for sale on Amazon - There is a time to buy name brand stuff folks...
- Billboard hax - We drink because you don't change your default passwords.
- IoT security analysis tool- Um, I am confused....
- Malwarebyteblog arrested at DEF CON - yeah the guy that "stopped" wanna cry by registering the killswitch domain...
- Updates to killlerbee and Wireshark for more functionality to include WirelessHART
- Hacking a smart gun with high tech and low tech attacks - This one is damned neat one WiFi based attack, the other with....cheap magnets. The vendor response is also priceless.