�ݺ�ߣshows by User: iazza

�ݺ�ߣshows by User: iazza / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: iazza / Wed, 29 Nov 2023 10:42:08 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: iazza HandPwning Security pitfalls of biometric hand-geometry recognition access control systems /slideshow/handpwning-security-pitfalls-of-biometric-handgeometry-recognition-access-control-systems/264067370 handpwningsecuritypitfallsofbiometrichand-geometryrecognitionaccesscontrolsystems-231129104208-89dfd467
The “Handpunch” PACS are based on the hand-geometry recognition. In this research we will first have a look how this technology work, subsequently, we will focus our attention on reviewing some of existing Handpunch devices on the market: from a physical security point-of-view until reversing their communication protocol. Moreover, it will be demonstrated how to remotely enroll a new super-admin into it (i.e. persistent backdoor), how to dump existing users information and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s developer, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude with practical and actionable countermeasures to prevent these attacks and how to harden these devices. ]]>
The “Handpunch” PACS are based on the hand-geometry recognition. In this research we will first have a look how this technology work, subsequently, we will focus our attention on reviewing some of existing Handpunch devices on the market: from a physical security point-of-view until reversing their communication protocol. Moreover, it will be demonstrated how to remotely enroll a new super-admin into it (i.e. persistent backdoor), how to dump existing users information and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s developer, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude with practical and actionable countermeasures to prevent these attacks and how to harden these devices. ]]> Wed, 29 Nov 2023 10:42:08 GMT /slideshow/handpwning-security-pitfalls-of-biometric-handgeometry-recognition-access-control-systems/264067370 iazza@slideshare.net(iazza) HandPwning Security pitfalls of biometric hand-geometry recognition access control systems iazza The “Handpunch” PACS are based on the hand-geometry recognition. In this research we will first have a look how this technology work, subsequently, we will focus our attention on reviewing some of existing Handpunch devices on the market: from a physical security point-of-view until reversing their communication protocol. Moreover, it will be demonstrated how to remotely enroll a new super-admin into it (i.e. persistent backdoor), how to dump existing users information and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s developer, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude with practical and actionable countermeasures to prevent these attacks and how to harden these devices. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/handpwningsecuritypitfallsofbiometrichand-geometryrecognitionaccesscontrolsystems-231129104208-89dfd467-thumbnail.jpg?width=120&height=120&fit=bounds" /> The “Handpunch” PACS are based on the hand-geometry recognition. In this research we will first have a look how this technology work, subsequently, we will focus our attention on reviewing some of existing Handpunch devices on the market: from a physical security point-of-view until reversing their communication protocol. Moreover, it will be demonstrated how to remotely enroll a new super-admin into it (i.e. persistent backdoor), how to dump existing users information and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s developer, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude with practical and actionable countermeasures to prevent these attacks and how to harden these devices.

HandPwning Security pitfalls of biometric hand-geometry recognition access control systems from Luca Bongiorni

]]> 76 0 https://cdn.slidesharecdn.com/ss_thumbnails/handpwningsecuritypitfallsofbiometrichand-geometryrecognitionaccesscontrolsystems-231129104208-89dfd467-thumbnail.jpg?width=120&height=120&fit=bounds document Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 ANP catalog: the adversarial ninja playset /slideshow/anp-catalog-the-adversarial-ninja-playset/250256500 anpcatalogtheadversarialninjaplayset-210921191446
How to bring your red teaming arsenal to next level]]>
How to bring your red teaming arsenal to next level]]> Tue, 21 Sep 2021 19:14:46 GMT /slideshow/anp-catalog-the-adversarial-ninja-playset/250256500 iazza@slideshare.net(iazza) ANP catalog: the adversarial ninja playset iazza How to bring your red teaming arsenal to next level <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/anpcatalogtheadversarialninjaplayset-210921191446-thumbnail.jpg?width=120&height=120&fit=bounds" /> How to bring your red teaming arsenal to next level

ANP catalog: the adversarial ninja playset from Luca Bongiorni

]]> 342 0 https://cdn.slidesharecdn.com/ss_thumbnails/anpcatalogtheadversarialninjaplayset-210921191446-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Manufacturing Hardware Implants from Idea to Mass Production: A Hacker's Journey /slideshow/manufacturing-hardware-implants-from-idea-to-mass-production-a-hackers-journey/242617147 eu-20-bongiorni-manufacturing-hardware-implants-from-idea-to-mass-production-210212093248
This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey. Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it. What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects.]]>
This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey. Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it. What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects.]]> Fri, 12 Feb 2021 09:32:47 GMT /slideshow/manufacturing-hardware-implants-from-idea-to-mass-production-a-hackers-journey/242617147 iazza@slideshare.net(iazza) Manufacturing Hardware Implants from Idea to Mass Production: A Hacker's Journey iazza This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey. Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it. What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/eu-20-bongiorni-manufacturing-hardware-implants-from-idea-to-mass-production-210212093248-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation wants to be a motivational talk for all those hackers out there that always wanted to share some cool hacking devices with the community but didn't know how to deal with R&D, Quality Assurance, and Mass Production. In this talk, I will be presenting the entire life-cycle of a couple of hacking toys I developed: WHID Injector & WHID Elite. From their inception to release in production, passing through some blockers and failures I encountered during the journey. Why is this topic interesting you ask… Easy! Both R&D processes that I used were not backed by any crowdsourcing fund and the sale of these devices is not going in any form to me. I am just doing this as hobby, fun and (most importantly) I believe in giving back something to the InfoSec community without making any profit out of it. What about listening to how I did it and then trying yourself? There will also be examples of other hackers, inspired by my adventure who followed my example and started similar not-for-profit projects.

Manufacturing Hardware Implants from Idea to Mass Production: A Hacker's Journey from Luca Bongiorni

]]> 222 0 https://cdn.slidesharecdn.com/ss_thumbnails/eu-20-bongiorni-manufacturing-hardware-implants-from-idea-to-mass-production-210212093248-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 How to bring HID attacks to next level with WHID Injector & P4wnP1 /slideshow/how-to-bring-hid-attacks-to-next-level-with-whid-injector-p4wnp1/81053977 howtobringhidattackstonextlevelv-171021194556
WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities.]]>
WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities.]]> Sat, 21 Oct 2017 19:45:56 GMT /slideshow/how-to-bring-hid-attacks-to-next-level-with-whid-injector-p4wnp1/81053977 iazza@slideshare.net(iazza) How to bring HID attacks to next level with WHID Injector & P4wnP1 iazza WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/howtobringhidattackstonextlevelv-171021194556-thumbnail.jpg?width=120&height=120&fit=bounds" /> WHID was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks (i.e. over WiFi or BLE). WHID stands for WiFi HID injector. It is a cheap but reliable piece of hardware designed to fulfill Pentesters needs related to HID Attacks, during their engagements. The core of WHID is mainly an Atmega 32u4 (commonly used in many Arduino boards) and an ESP-12s (which provides the WiFi capabilities and is commonly used in IoT projects). During the talk we will see in depth how WHID Injector was designed and its functionalities.

How to bring HID attacks to next level with WHID Injector & P4wnP1 from Luca Bongiorni

]]> 1139 2 https://cdn.slidesharecdn.com/ss_thumbnails/howtobringhidattackstonextlevelv-171021194556-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Introduction to Mobile Application Security - Techcity 2015 (Vilnius) /slideshow/techcity-vilnius-introduction-to-mobile-application-security/52628467 techcityswedbanksplitv-150910123612-lva1-app6891
Introduction to Mobile Application Security presentation and workshop]]>
Introduction to Mobile Application Security presentation and workshop]]> Thu, 10 Sep 2015 12:36:12 GMT /slideshow/techcity-vilnius-introduction-to-mobile-application-security/52628467 iazza@slideshare.net(iazza) Introduction to Mobile Application Security - Techcity 2015 (Vilnius) iazza Introduction to Mobile Application Security presentation and workshop <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/techcityswedbanksplitv-150910123612-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> Introduction to Mobile Application Security presentation and workshop

Introduction to Mobile Application Security - Techcity 2015 (Vilnius) from Luca Bongiorni

]]> 2663 7 https://cdn.slidesharecdn.com/ss_thumbnails/techcityswedbanksplitv-150910123612-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Certificate Pinning in Mobile Applications /slideshow/certificate-pinning-in-mobile-applicationsprosconsv10/45493105 certificatepinninginmobileapplicationsprosconsv-150305162212-conversion-gate01
Brief overwies about Certificates || Keys Pinning in Mobile Applications. State of Art, Pros and Cons.]]>
Brief overwies about Certificates || Keys Pinning in Mobile Applications. State of Art, Pros and Cons.]]> Thu, 05 Mar 2015 16:22:12 GMT /slideshow/certificate-pinning-in-mobile-applicationsprosconsv10/45493105 iazza@slideshare.net(iazza) Certificate Pinning in Mobile Applications iazza Brief overwies about Certificates || Keys Pinning in Mobile Applications. State of Art, Pros and Cons. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/certificatepinninginmobileapplicationsprosconsv-150305162212-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Brief overwies about Certificates || Keys Pinning in Mobile Applications. State of Art, Pros and Cons.

Certificate Pinning in Mobile Applications from Luca Bongiorni

]]> 6142 8 https://cdn.slidesharecdn.com/ss_thumbnails/certificatepinninginmobileapplicationsprosconsv-150305162212-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation 000000 http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Lockpicking Baltic Cyber Security Forum 2013 /slideshow/lockpicking-baltic-cyber-security-forum-2013/36602571 lockpickingbalticcybersecurityforum2013-140703124403-phpapp01
Lockpicking for beginners, hackers, pentesters and opsec.]]>
Lockpicking for beginners, hackers, pentesters and opsec.]]> Thu, 03 Jul 2014 12:44:03 GMT /slideshow/lockpicking-baltic-cyber-security-forum-2013/36602571 iazza@slideshare.net(iazza) Lockpicking Baltic Cyber Security Forum 2013 iazza Lockpicking for beginners, hackers, pentesters and opsec. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/lockpickingbalticcybersecurityforum2013-140703124403-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Lockpicking for beginners, hackers, pentesters and opsec.

Lockpicking Baltic Cyber Security Forum 2013 from Luca Bongiorni

]]> 2206 3 https://cdn.slidesharecdn.com/ss_thumbnails/lockpickingbalticcybersecurityforum2013-140703124403-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 iParanoid: an IMSI Catcher - Stingray Intrusion Detection System /iazza/mobile-cell-networksintrusiondetectionsystemiparanoidlucabongiorni mobilecellnetworksintrusiondetectionsystemiparanoidlucabongiorni-131121115352-phpapp01
The goal is the research and development of Intrusion Detection System related with Cell Networks. Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.). ]]>
The goal is the research and development of Intrusion Detection System related with Cell Networks. Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.). ]]> Thu, 21 Nov 2013 11:53:52 GMT /iazza/mobile-cell-networksintrusiondetectionsystemiparanoidlucabongiorni iazza@slideshare.net(iazza) iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iazza The goal is the research and development of Intrusion Detection System related with Cell Networks. Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.). <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mobilecellnetworksintrusiondetectionsystemiparanoidlucabongiorni-131121115352-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> The goal is the research and development of Intrusion Detection System related with Cell Networks. Mainly this App will check the status of some Cell Network variables (e.g. Cellid, LAC, A5 Encryption, etc.) subsequently update a local DB and check if the information about the cell networks around the users are valid or if there could be a risk (e.g. possible interception, possible impersonation, etc.).

iParanoid: an IMSI Catcher - Stingray Intrusion Detection System from Luca Bongiorni

]]> 19962 8 https://cdn.slidesharecdn.com/ss_thumbnails/mobilecellnetworksintrusiondetectionsystemiparanoidlucabongiorni-131121115352-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Mobile Network Security: Quanto sono sicure le reti cellulari? - Smau Milano 2013 /slideshow/smau-luca-bongiornimobilenetworksecurityquantosonosicurelereticellulari/27702537 smaulucabongiornimobilenetworksecurityquantosonosicurelereticellulari-131029131525-phpapp02
Sicurezza delle reti cellulari A tutt'oggi il GSM (Global System for Mobile Communications), sebbene progettualmente datato (1987), è lo standard di radio-comunicazione cellulare più diffuso al mondo contando, infatti, più di 4.4 miliardi di utenti in più di 200 stati. La sua popolarità e diffusione a livello globale, ha garantito, nel tempo, la possibilità di comunicare mantenendo un'efficiente mobilità, grazie la quale à massivamente utilizzato non solo dalla gente comune, ma anche da criminali ed organizzazioni terroristiche. Al fine di combattere queste ultime, è stato introdotto il cosiddetto sistema di Lawful Interception, il quale garantisce alle forze di Polizia, previo autorizzazione della Magistratura, la possibilità di localizzare ed intercettare determinate utenze attraverso l'utilizzo di diverse tecniche, tra le quali l'uso di IMSI-Catcher: particolari apparati portatili molto costosi in grado di tracciare e intercettare un telefono cellulare. Gli IMSI-Catcher sono utilizzati principalmente nel caso in cui non si conoscano (a priori e in dettaglio) i dati sugli utenti da tracciare e intercettare, o nel caso si sospetti la presenza d'insiders all'interno delle stesse compagnie telefoniche, i quali potrebbero compromettere le indagini. Il seguente intervento tratterà diverse tematiche inerenti lo stato dell'arte della sicurezza delle reti cellulari. Quali vulnerabilità risiedono in esse. E quali tool vengono utilizzati per portare a termine con successo attacchi agli utenti e alla rete. Verranno inoltre presentati alcuni casi di studio reali e alcune ricerche condotte.]]>
Sicurezza delle reti cellulari A tutt'oggi il GSM (Global System for Mobile Communications), sebbene progettualmente datato (1987), è lo standard di radio-comunicazione cellulare più diffuso al mondo contando, infatti, più di 4.4 miliardi di utenti in più di 200 stati. La sua popolarità e diffusione a livello globale, ha garantito, nel tempo, la possibilità di comunicare mantenendo un'efficiente mobilità, grazie la quale à massivamente utilizzato non solo dalla gente comune, ma anche da criminali ed organizzazioni terroristiche. Al fine di combattere queste ultime, è stato introdotto il cosiddetto sistema di Lawful Interception, il quale garantisce alle forze di Polizia, previo autorizzazione della Magistratura, la possibilità di localizzare ed intercettare determinate utenze attraverso l'utilizzo di diverse tecniche, tra le quali l'uso di IMSI-Catcher: particolari apparati portatili molto costosi in grado di tracciare e intercettare un telefono cellulare. Gli IMSI-Catcher sono utilizzati principalmente nel caso in cui non si conoscano (a priori e in dettaglio) i dati sugli utenti da tracciare e intercettare, o nel caso si sospetti la presenza d'insiders all'interno delle stesse compagnie telefoniche, i quali potrebbero compromettere le indagini. Il seguente intervento tratterà diverse tematiche inerenti lo stato dell'arte della sicurezza delle reti cellulari. Quali vulnerabilità risiedono in esse. E quali tool vengono utilizzati per portare a termine con successo attacchi agli utenti e alla rete. Verranno inoltre presentati alcuni casi di studio reali e alcune ricerche condotte.]]> Tue, 29 Oct 2013 13:15:25 GMT /slideshow/smau-luca-bongiornimobilenetworksecurityquantosonosicurelereticellulari/27702537 iazza@slideshare.net(iazza) Mobile Network Security: Quanto sono sicure le reti cellulari? - Smau Milano 2013 iazza Sicurezza delle reti cellulari A tutt'oggi il GSM (Global System for Mobile Communications), sebbene progettualmente datato (1987), è lo standard di radio-comunicazione cellulare più diffuso al mondo contando, infatti, più di 4.4 miliardi di utenti in più di 200 stati. La sua popolarità e diffusione a livello globale, ha garantito, nel tempo, la possibilità di comunicare mantenendo un'efficiente mobilità, grazie la quale à massivamente utilizzato non solo dalla gente comune, ma anche da criminali ed organizzazioni terroristiche. Al fine di combattere queste ultime, è stato introdotto il cosiddetto sistema di Lawful Interception, il quale garantisce alle forze di Polizia, previo autorizzazione della Magistratura, la possibilità di localizzare ed intercettare determinate utenze attraverso l'utilizzo di diverse tecniche, tra le quali l'uso di IMSI-Catcher: particolari apparati portatili molto costosi in grado di tracciare e intercettare un telefono cellulare. Gli IMSI-Catcher sono utilizzati principalmente nel caso in cui non si conoscano (a priori e in dettaglio) i dati sugli utenti da tracciare e intercettare, o nel caso si sospetti la presenza d'insiders all'interno delle stesse compagnie telefoniche, i quali potrebbero compromettere le indagini. Il seguente intervento tratterà diverse tematiche inerenti lo stato dell'arte della sicurezza delle reti cellulari. Quali vulnerabilità risiedono in esse. E quali tool vengono utilizzati per portare a termine con successo attacchi agli utenti e alla rete. Verranno inoltre presentati alcuni casi di studio reali e alcune ricerche condotte. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/smaulucabongiornimobilenetworksecurityquantosonosicurelereticellulari-131029131525-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Sicurezza delle reti cellulari A tutt'oggi il GSM (Global System for Mobile Communications), sebbene progettualmente datato (1987), è lo standard di radio-comunicazione cellulare più diffuso al mondo contando, infatti, più di 4.4 miliardi di utenti in più di 200 stati. La sua popolarità e diffusione a livello globale, ha garantito, nel tempo, la possibilità di comunicare mantenendo un'efficiente mobilità, grazie la quale à massivamente utilizzato non solo dalla gente comune, ma anche da criminali ed organizzazioni terroristiche. Al fine di combattere queste ultime, è stato introdotto il cosiddetto sistema di Lawful Interception, il quale garantisce alle forze di Polizia, previo autorizzazione della Magistratura, la possibilità di localizzare ed intercettare determinate utenze attraverso l'utilizzo di diverse tecniche, tra le quali l'uso di IMSI-Catcher: particolari apparati portatili molto costosi in grado di tracciare e intercettare un telefono cellulare. Gli IMSI-Catcher sono utilizzati principalmente nel caso in cui non si conoscano (a priori e in dettaglio) i dati sugli utenti da tracciare e intercettare, o nel caso si sospetti la presenza d'insiders all'interno delle stesse compagnie telefoniche, i quali potrebbero compromettere le indagini. Il seguente intervento tratterà diverse tematiche inerenti lo stato dell'arte della sicurezza delle reti cellulari. Quali vulnerabilità risiedono in esse. E quali tool vengono utilizzati per portare a termine con successo attacchi agli utenti e alla rete. Verranno inoltre presentati alcuni casi di studio reali e alcune ricerche condotte.

Mobile Network Security: Quanto sono sicure le reti cellulari? - Smau Milano 2013 from Luca Bongiorni

]]> 1753 4 https://cdn.slidesharecdn.com/ss_thumbnails/smaulucabongiornimobilenetworksecurityquantosonosicurelereticellulari-131029131525-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Mobile Network Security: a tale of tracking, spoofing and owning mobile phones. Defcon Moscow. OpenBTS & IMSI-catcher. /slideshow/dcm-final-23052013fullycensored/22105917 dcmfinal23-05-2013fullycensored-130529001131-phpapp02
Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.]]>
Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.]]> Wed, 29 May 2013 00:11:31 GMT /slideshow/dcm-final-23052013fullycensored/22105917 iazza@slideshare.net(iazza) Mobile Network Security: a tale of tracking, spoofing and owning mobile phones. Defcon Moscow. OpenBTS & IMSI-catcher. iazza Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/dcmfinal23-05-2013fullycensored-130529001131-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.

Mobile Network Security: a tale of tracking, spoofing and owning mobile phones. Defcon Moscow. OpenBTS & IMSI-catcher. from Luca Bongiorni

]]> 18241 6 https://cdn.slidesharecdn.com/ss_thumbnails/dcmfinal23-05-2013fullycensored-130529001131-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection /slideshow/open-bts-emergency-gsm-messaging-monitoring-system-for-civil-protection/3991536 openbts-100506071800-phpapp02
Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.]]>
Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.]]> Thu, 06 May 2010 07:17:40 GMT /slideshow/open-bts-emergency-gsm-messaging-monitoring-system-for-civil-protection/3991536 iazza@slideshare.net(iazza) OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection iazza Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/openbts-100506071800-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Open BTS: Emergency GSM Messaging & Monitoring System for Civil Protection is proposed as a solution ready-to-deploy in the event of natural disaster, in that areas where GSM networks are temporarily down.

OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection from Luca Bongiorni

]]> 10437 23 https://cdn.slidesharecdn.com/ss_thumbnails/openbts-100506071800-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-iazza-48x48.jpg?cb=1702465666 Graduated with top grades in "Security in Systems and Computer Networks" at University of Milan (Italy). After some years as consultant and researcher, I am working as Head of Offensive Security. I am also actively involved in Security R&D, where the main fields are: Radio Networks, Reverse Engineering, Hardware Hacking, Internet of Things and Physical Security. I also love to share my knowledge and present some cool projects at security conferences around the globe: BlackHat, TROOPERS, HackInParis, DEFCON, HackInBo, SAS, OWASP Chapters, Kaspersky ICS Security Conference, OzSecCon, etc. whid.ninja https://cdn.slidesharecdn.com/ss_thumbnails/handpwningsecuritypitfallsofbiometrichand-geometryrecognitionaccesscontrolsystems-231129104208-89dfd467-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/handpwning-security-pitfalls-of-biometric-handgeometry-recognition-access-control-systems/264067370 HandPwning Security pi... https://cdn.slidesharecdn.com/ss_thumbnails/anpcatalogtheadversarialninjaplayset-210921191446-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/anp-catalog-the-adversarial-ninja-playset/250256500 ANP catalog: the adver... https://cdn.slidesharecdn.com/ss_thumbnails/eu-20-bongiorni-manufacturing-hardware-implants-from-idea-to-mass-production-210212093248-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/manufacturing-hardware-implants-from-idea-to-mass-production-a-hackers-journey/242617147 Manufacturing Hardware...