Difference between revisions of "Episode524"
Boltcutter (talk | contribs) |
Boltcutter (talk | contribs) |
||
| Line 26: | Line 26: | ||
Daniel Miller is the Director of Product Marketing at Ericom Software. He has more than 15 years of industry experience in corporate and product marketing, business development, and product management supporting an array of technology services, hardware and software solutions – with a strong focus on cybersecurity in recent years. Daniel holds a Bachelor's degree in Behavioral Sciences, a Master's degree in Psychology, and an Executive MBA. | Daniel Miller is the Director of Product Marketing at Ericom Software. He has more than 15 years of industry experience in corporate and product marketing, business development, and product management supporting an array of technology services, hardware and software solutions – with a strong focus on cybersecurity in recent years. Daniel holds a Bachelor's degree in Behavioral Sciences, a Master's degree in Psychology, and an Executive MBA. | ||
| − | = Tech Segment - 7:00-7:30PM = | + | = Tech Segment: Larry Pesce and Galen Alderson, InGuardians - 7:00-7:30PM = |
| − | + | [[File: Galen Alderson.jpg|right|200px|thumb|[https://twitter.com/unknownloner Galen Alderson]]] | |
<!-- <center>{{#ev:youtube|HOnu6yJvFqM}}</center> --> | <!-- <center>{{#ev:youtube|HOnu6yJvFqM}}</center> --> | ||
| + | |||
| + | |||
| + | Fresh out of high school, Galen still has the new car smell. Galen has many years to become a curmudgeon by getting broken in as an intern at InGuardians. | ||
| + | |||
| + | As red team members and even "evil attackers", we've been finding numerous ways to exfiltrate data from networks with inexpensive hardware: Ethernet, WiFi and cellular (2G, 3G and LTE). The first two are highly detectable, while the latter is expensive and both leave a paper trail. We found a way to use a medium that is right under everypony's nose; low power, broadcast FM radio. With a Raspberry Pi and a length of wire, we can send text and raw binary data with a method nopony (until now) would think to look for. We receive the data with an RTL-SDR, putting our overall hardware budget at $20. In this demo, we will show you how to build and use this system. We'll share tales of the custom software and transmission protocols. You want to see it in action? We've got demos. You want the software? Yep, you can have that too. We're excited to offer Vapor Trail to you, the first FM radio data exfiltration tool. Sure, HAM radio folks have had digital modes for years, but we've done better AND cheaper. We've effectively created our own RF digital mode for pwnage, HAM radio data transfer and redundant communication methods. Why? Because we can. We want to go undetected with current capabilities. Turns out, our approach is quite novel for pulling data right from a network via pcaps or tool output. | ||
= Security News - 7:30-8:30PM = | = Security News - 7:30-8:30PM = | ||
Revision as of 17:22, 2 August 2017
Contents
Paul's Security Weekly Episode #524
Recorded August 3, 2017 at G-Unit Studios in Rhode Island!
Hosts
Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
Cryptanalyst
Infosec analyst
Pioneering ex-NSA pen tester
PCI specialist
Tribe of Hackers
InfoSec Curmudgeon
Currently a Sr. InfoSec Consultant for Online Business Systems.
Interview: Danny Miller, Ericom Software - 6:00PM-7:00PM
Daniel Miller is the Director of Product Marketing at Ericom Software. He has more than 15 years of industry experience in corporate and product marketing, business development, and product management supporting an array of technology services, hardware and software solutions – with a strong focus on cybersecurity in recent years. Daniel holds a Bachelor's degree in Behavioral Sciences, a Master's degree in Psychology, and an Executive MBA.
Tech Segment: Larry Pesce and Galen Alderson, InGuardians - 7:00-7:30PM
Fresh out of high school, Galen still has the new car smell. Galen has many years to become a curmudgeon by getting broken in as an intern at InGuardians.
As red team members and even "evil attackers", we've been finding numerous ways to exfiltrate data from networks with inexpensive hardware: Ethernet, WiFi and cellular (2G, 3G and LTE). The first two are highly detectable, while the latter is expensive and both leave a paper trail. We found a way to use a medium that is right under everypony's nose; low power, broadcast FM radio. With a Raspberry Pi and a length of wire, we can send text and raw binary data with a method nopony (until now) would think to look for. We receive the data with an RTL-SDR, putting our overall hardware budget at $20. In this demo, we will show you how to build and use this system. We'll share tales of the custom software and transmission protocols. You want to see it in action? We've got demos. You want the software? Yep, you can have that too. We're excited to offer Vapor Trail to you, the first FM radio data exfiltration tool. Sure, HAM radio folks have had digital modes for years, but we've done better AND cheaper. We've effectively created our own RF digital mode for pwnage, HAM radio data transfer and redundant communication methods. Why? Because we can. We want to go undetected with current capabilities. Turns out, our approach is quite novel for pulling data right from a network via pcaps or tool output.
Security News - 7:30-8:30PM
Paul's Stories
- Making Infosec Meetings More Inclusive
- How Engineers Hacked 113 Year Old Subway System Signs
- Chromes built-in adblocker arrives for early adopters
- Researchers display CAN do skill in vehicle DoS
- An Insight into Security Static Analysis Tools
- WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware
- New IoT Bill Proposes Security Standards for Smart Devices
- Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets
- FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware
- FCC has no documentation of DDoS attack that hit net neutrality comments
- Google Tracks Ransomware Payments at Scale With Machine Learning
