Hackerspaces
Download as pptx, pdf0 likes677 views
Quick presentation about hackerspaces given at Barcamp Rochester 3/2010
1 of 7
Download to read offline
Recommended
Dll hijacking
Dll hijackingD4rk357 a
油
DLL hijacking is a vulnerability that allows malicious code to be executed by tricking an application into loading a compromised DLL file. When a Windows program loads additional code stored in DLL files, it searches in the current directory before system folders, allowing a Trojan DLL to be executed if it is placed in the same directory as a file the user opens. While first reported in 2000, DLL hijacking recently saw widespread exploitation by abusing the DLL search order to take control of programs opened from remote shares or drives. Microsoft has provided some mitigations but no full fix, while new registry keys can safeguard individual applications.Hardening ssh configurations
Hardening ssh configurationsantitree
油
The document discusses hardening SSH configurations by improving the defaults for host key types, key exchange types, ciphers, and MACs used in older versions of OpenSSH. It recommends using ED25519 or ECDSA host keys, stronger key exchange algorithms like curve25519-sha256, and more modern ciphers like aes128-ctr and chacha20-poly1305. It also recommends the ssh-audit tool to audit SSH services and check configurations against recommendations. The document suggests an online tool would be useful, similar to SSL Labs, for remotely scanning SSH server configurations.State of wifi_2016
State of wifi_2016antitree
油
This document summarizes the state of WiFi security. It discusses older insecure protocols like WEP, more secure protocols like WPA and WPA2, and vulnerabilities that still exist. It demonstrates how passwords can be cracked for WPA networks and how enterprise environments are more secure when using WPA2 with authentication through a RADIUS server rather than a shared password. The document concludes that while WPA crypto has improved security, the underlying protocols are getting outdated and WPA3 will improve security further with techniques like SHA256 and Diffie-Hellman key exchange.Just Mouse Jack Init
Just Mouse Jack Initantitree
油
This document summarizes research into vulnerabilities in wireless keyboards and mice that use nRF24x chipsets. It describes how "Mousejack" attacks allow injecting mouse events or tracking mouse movement on vulnerable devices. It then provides steps to scan for, sniff traffic from, and send packets to affected devices to potentially control or exploit them. Finally, it discusses analyzing the nRF24 SDK to better understand the communication protocols and find other vulnerabilities.Introduction to ethereum_public
Introduction to ethereum_publicantitree
油
Ethereum allows for distributed applications and smart contracts to be built and run on a decentralized blockchain network. It provides a virtual machine that allows code to be run and maintain its own balance of funds. The currency powering the Ethereum network is Ether, which can be used to pay for transactions. A major hack of a decentralized autonomous organization called The DAO compromised $50 million worth of funds, leading to debates around how to respond and potential changes to the Ethereum network. While still early, Ethereum aims to enable new types of decentralized applications, but currently faces challenges around usability and security.Docker Security
Docker Securityantitree
油
The document discusses the security vulnerabilities and concerns of using Docker, particularly emphasizing the risks associated with running containers with root privileges and mounting Docker sockets. It highlights various attack vectors, such as RW volume abuse and device sharing, while offering defensive strategies such as using unprivileged containers and configuring security profiles. The overall tone suggests that while Docker can be beneficial for microservices and application development, it poses significant security challenges that must be carefully managed.Reinventing anon email
Reinventing anon emailantitree
油
Liberte and Tails are both Linux distributions focused on anonymity, with Liberte being Gentoo-based and emphasizing security features like anti-forensic capabilities and custom HTTP headers, while Tails, based on Debian, offers regular updates and broader user support. Cables aims to provide a decentralized messaging platform but lacks popularity and effective user adoption compared to Bitmessage, which is favored among deep web users for its p2p approach. Overall, while Liberte is innovative, Tails is more user-friendly and widely supported, and Bitmessage is the most utilized despite the complexity of its security features.0x20 hack
0x20 hackantitree
油
The document discusses DNS vulnerabilities, particularly focusing on Dan Kaminsky's discovery of DNS cache poisoning and its implications. It describes several mitigation strategies, such as DNSSEC, randomizing name servers, and the 0x20 hack, while highlighting the anxiety surrounding these vulnerabilities and their solutions. Despite indicating potential fixes, it suggests widespread neglect and pessimism towards addressing these threats.Laverna vs etherpad
Laverna vs etherpadantitree
油
- Laverna is a note taking application that stores encrypted notes locally in the browser using JavaScript rather than on a remote server.
- It uses Markdown formatting and encrypts notes using PBKDF2 before optionally syncing them to services like RemoteStorage.io or Dropbox.
- To use Laverna, it must be cloned from GitHub and built using Node.js, bower, and grunt with encryption handled entirely by the client side application.Meek and domain fronting public
Meek and domain fronting publicantitree
油
This document discusses Meek and domain fronting as techniques for circumventing internet censorship. It provides an overview of censorship tools and the arms race between censors and circumvention methods. Meek uses domain fronting to hide proxy traffic by making encrypted requests to CDNs like Google and Cloudflare that appear as normal traffic, making the connections difficult for censors to block without blocking major sites. Meek has been implemented in tools like Psiphon and Tor to provide uncensorable access by tunneling their protocols over domain-fronted connections. While attacks from deep packet inspection are possible, Meek has so far proven very effective at evading censorship.Nsa and vpn
Nsa and vpnantitree
油
The NSA has a program called OTP that targets VPN users. It has a team called OTTERCREAK that looks up VPN metadata of targets in repositories like TOYGRIPPE to define attacks. The team works with other NSA groups like TAO to decrypt traffic if they have exploits for the VPN protocols (e.g. recovering PSKs for IPsec) or can implant devices. They have decrypted traffic from services like PPTP, IPSec and SSH tunnels in the past by exploiting routers, protocols or gaining private keys. Running your own private VPN or using a service like PIA provides some protection but risks being targeted if the VPN is popular or if your ISP/network is exploited.Salander v bond 2600
Salander v bond 2600antitree
油
The document discusses espionage tactics and motivators behind corporate and governmental spying, highlighting the prevalence of intelligence programs across Fortune 500 companies. It contrasts the ethical practices of competitive intelligence with the illegal activities of private corporate spies, citing examples of manipulation and betrayal among individuals involved. Key motivations for intelligence-gathering activities include money, ideology, coercion, and ego.Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3antitree
油
The document discusses Lisbeth Salander and James Bond-style spies compared to corporate spies. It outlines the intelligence life cycle and different types of spies such as government employees, corporate competitive intelligence employees, and private corporate spies. It also discusses human intelligence versus technical intelligence and the benefits and costs of each. The document provides examples of social engineering techniques used by spies and the typical intelligence operations cycle of define, target, develop, access, process intelligence, and exit.Pentesting embedded
Pentesting embeddedantitree
油
The document discusses pentesting and attacking embedded devices. It outlines various attack vectors like exploiting external interfaces like JTAG and USB, analyzing circuit boards by probing or delidding chips, and reversing extracted firmware. It also provides mitigations like disabling debug interfaces, adding tamper protections, protecting firmware, and secure programming. The document advocates testing one's own devices and considering embedded security during the design process rather than as an afterthought. It presents the attacker's perspective to identify security risks and focuses efforts on high value targets.Tor
Torantitree
油
This document provides an overview of anonymity systems like Tor and I2P. It describes how Tor works by passing data through a series of proxies to hide a user's location and usage. The Tor Project is a non-profit organization that maintains the Tor network software to provide anonymity online. The document outlines potential attacks against Tor like traffic analysis, compromised relays, and social engineering. It also lists current sponsors and tools that can be used to access or configure the Tor network.Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
油
This document discusses corporate intelligence and how it relates to security concepts like social engineering, network security, and open source intelligence (OSINT). It outlines the intelligence lifecycle of defining a target, developing access to the target through various means, processing intelligence collected, and exiting an operation. Key takeaways are that corporate intelligence utilizes similar techniques to penetration testing and malware attacks while operating in legal and ethical grey areas.28c3 in 15
28c3 in 15antitree
油
This document summarizes a presentation on cellular network protocols and hacking GSM networks. The presentation discussed how A5/1 encryption has been cracked, showed a demo of sniffing and impersonating phones, and explained that better encryption standards like A5/3 and A5/4 exist but are not widely implemented. It also covered tools for hacking GSM networks like Osmocom and discussed ways cellular networks could improve security through measures like padding randomization and encryption upgrades.Android Hacking
Android Hackingantitree
油
The document discusses tools and techniques related to analyzing Android applications. It provides an overview of the Android operating system architecture and outlines various static and dynamic analysis methods. These include decompiling applications with Apktool and Dex2jar, reviewing manifest files, monitoring network traffic with Wireshark, and using tools like Burp Suite and Mallory. The document also highlights common mobile security issues discovered through analysis and provides recommendations for securing Android devices and applications.Lock picking barcamp
Lock picking barcampantitree
油
This document provides information about lock picking, including references for learning more, necessary tools, legality, and different types of locks. It discusses Deviant Ollam's book on physical penetration testing, the legality of owning lock picks in New York but not using them to break into locks not your own. It also summarizes different types of locks like wafer locks, pin tumbler locks, and techniques for opening them like lifting pins, raking, bump keys, and shimming.Lock picking 2600
Lock picking 2600antitree
油
This document provides an introduction to advanced lock picking techniques. It discusses tools used for lock picking like hook picks, tension wrenches, and rake picks. It explains pin tumbler locks and the concepts of binding pins, shear lines, and lifting pins. It also covers techniques like raking and discusses pick-resistant pin types like spool and mushroom pins. The document recommends a book for further reference and notes some legal aspects of lock picking in New York State.Anti tree firesheep
Anti tree firesheepantitree
油
This document discusses the Firefox add-on Firesheep, which allows session hijacking on unsecured Wi-Fi networks to steal Facebook cookies and change others' statuses. It demonstrates how Firesheep works through man-in-the-middle attacks like ARP poisoning and describes some protections like using SSL, firewalls, and not sharing Wi-Fi networks. It also mentions the Blacksheep add-on that detects Firesheep to make people feel better about security.Image based automation
Image based automationantitree
油
The document discusses the dual nature of image-based automation using Sikuli, highlighting both beneficial and harmful applications. Positive uses include automating desktop configurations and creating bots for social media, while negative uses involve automating malicious downloads and executing attacks. The document emphasizes the potential risks associated with such automation technology.How [not] to throw a b sides
How [not] to throw a b sidesantitree
油
This document outlines the key considerations and steps for organizing a BSides event, including planning, community engagement, and logistics. It emphasizes the importance of time management, sponsorship, volunteer coordination, and post-event follow-ups. The document also highlights the need to prepare for unexpected challenges and maintain communication with all stakeholders.Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruffantitree
油
The document discusses IPv6, including reasons for adopting it such as limited IPv4 address space and more efficient routing. However, IPv6 adoption has been slow due to lack of support from local ISPs and immature tunneling technologies. While the last of IPv4 address space was predicted to run out in March 2011, the actual transition is difficult to predict and may take 8 months or longer after exhaustion. As IPv4 sunsets, workarounds like NAT at ISPs and name-based virtual hosting will be used. IPv6 vulnerabilities exist where networks and firewalls have not been updated to support it.Anonymity Systems: Tor
Anonymity Systems: Torantitree
油
This document provides an overview of anonymity systems like Tor, I2P, and Freenet. It describes how Tor works by passing data through proxies to provide anonymity. It also discusses who uses Tor, such as whistleblowers and journalists seeking privacy. The document outlines the Tor project's finances and how it is funded by various organizations. It concludes by covering some attacks against Tor like traffic analysis and compromising relay nodes.Dll hijacking
Dll hijackingantitree
油
DLL hijacking is a technique that tricks a program into loading a malicious DLL instead of the expected one. It works by placing the malicious DLL in a location the program searches before its expected DLL path. An audit tool was demonstrated that automates detecting exploitable extensions by generating test files and monitoring the program and DLL loading behavior. The document proposes ways to deliver a malicious payload via a hijacked DLL and discusses mitigations like disabling WebDAV/SMB shares and having programs securely load DLLs.More Related Content
More from antitree (18)
Laverna vs etherpad
Laverna vs etherpadantitree
油
- Laverna is a note taking application that stores encrypted notes locally in the browser using JavaScript rather than on a remote server.
- It uses Markdown formatting and encrypts notes using PBKDF2 before optionally syncing them to services like RemoteStorage.io or Dropbox.
- To use Laverna, it must be cloned from GitHub and built using Node.js, bower, and grunt with encryption handled entirely by the client side application.Meek and domain fronting public
Meek and domain fronting publicantitree
油
This document discusses Meek and domain fronting as techniques for circumventing internet censorship. It provides an overview of censorship tools and the arms race between censors and circumvention methods. Meek uses domain fronting to hide proxy traffic by making encrypted requests to CDNs like Google and Cloudflare that appear as normal traffic, making the connections difficult for censors to block without blocking major sites. Meek has been implemented in tools like Psiphon and Tor to provide uncensorable access by tunneling their protocols over domain-fronted connections. While attacks from deep packet inspection are possible, Meek has so far proven very effective at evading censorship.Nsa and vpn
Nsa and vpnantitree
油
The NSA has a program called OTP that targets VPN users. It has a team called OTTERCREAK that looks up VPN metadata of targets in repositories like TOYGRIPPE to define attacks. The team works with other NSA groups like TAO to decrypt traffic if they have exploits for the VPN protocols (e.g. recovering PSKs for IPsec) or can implant devices. They have decrypted traffic from services like PPTP, IPSec and SSH tunnels in the past by exploiting routers, protocols or gaining private keys. Running your own private VPN or using a service like PIA provides some protection but risks being targeted if the VPN is popular or if your ISP/network is exploited.Salander v bond 2600
Salander v bond 2600antitree
油
The document discusses espionage tactics and motivators behind corporate and governmental spying, highlighting the prevalence of intelligence programs across Fortune 500 companies. It contrasts the ethical practices of competitive intelligence with the illegal activities of private corporate spies, citing examples of manipulation and betrayal among individuals involved. Key motivations for intelligence-gathering activities include money, ideology, coercion, and ego.Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3antitree
油
The document discusses Lisbeth Salander and James Bond-style spies compared to corporate spies. It outlines the intelligence life cycle and different types of spies such as government employees, corporate competitive intelligence employees, and private corporate spies. It also discusses human intelligence versus technical intelligence and the benefits and costs of each. The document provides examples of social engineering techniques used by spies and the typical intelligence operations cycle of define, target, develop, access, process intelligence, and exit.Pentesting embedded
Pentesting embeddedantitree
油
The document discusses pentesting and attacking embedded devices. It outlines various attack vectors like exploiting external interfaces like JTAG and USB, analyzing circuit boards by probing or delidding chips, and reversing extracted firmware. It also provides mitigations like disabling debug interfaces, adding tamper protections, protecting firmware, and secure programming. The document advocates testing one's own devices and considering embedded security during the design process rather than as an afterthought. It presents the attacker's perspective to identify security risks and focuses efforts on high value targets.Tor
Torantitree
油
This document provides an overview of anonymity systems like Tor and I2P. It describes how Tor works by passing data through a series of proxies to hide a user's location and usage. The Tor Project is a non-profit organization that maintains the Tor network software to provide anonymity online. The document outlines potential attacks against Tor like traffic analysis, compromised relays, and social engineering. It also lists current sponsors and tools that can be used to access or configure the Tor network.Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
油
This document discusses corporate intelligence and how it relates to security concepts like social engineering, network security, and open source intelligence (OSINT). It outlines the intelligence lifecycle of defining a target, developing access to the target through various means, processing intelligence collected, and exiting an operation. Key takeaways are that corporate intelligence utilizes similar techniques to penetration testing and malware attacks while operating in legal and ethical grey areas.28c3 in 15
28c3 in 15antitree
油
This document summarizes a presentation on cellular network protocols and hacking GSM networks. The presentation discussed how A5/1 encryption has been cracked, showed a demo of sniffing and impersonating phones, and explained that better encryption standards like A5/3 and A5/4 exist but are not widely implemented. It also covered tools for hacking GSM networks like Osmocom and discussed ways cellular networks could improve security through measures like padding randomization and encryption upgrades.Android Hacking
Android Hackingantitree
油
The document discusses tools and techniques related to analyzing Android applications. It provides an overview of the Android operating system architecture and outlines various static and dynamic analysis methods. These include decompiling applications with Apktool and Dex2jar, reviewing manifest files, monitoring network traffic with Wireshark, and using tools like Burp Suite and Mallory. The document also highlights common mobile security issues discovered through analysis and provides recommendations for securing Android devices and applications.Lock picking barcamp
Lock picking barcampantitree
油
This document provides information about lock picking, including references for learning more, necessary tools, legality, and different types of locks. It discusses Deviant Ollam's book on physical penetration testing, the legality of owning lock picks in New York but not using them to break into locks not your own. It also summarizes different types of locks like wafer locks, pin tumbler locks, and techniques for opening them like lifting pins, raking, bump keys, and shimming.Lock picking 2600
Lock picking 2600antitree
油
This document provides an introduction to advanced lock picking techniques. It discusses tools used for lock picking like hook picks, tension wrenches, and rake picks. It explains pin tumbler locks and the concepts of binding pins, shear lines, and lifting pins. It also covers techniques like raking and discusses pick-resistant pin types like spool and mushroom pins. The document recommends a book for further reference and notes some legal aspects of lock picking in New York State.Anti tree firesheep
Anti tree firesheepantitree
油
This document discusses the Firefox add-on Firesheep, which allows session hijacking on unsecured Wi-Fi networks to steal Facebook cookies and change others' statuses. It demonstrates how Firesheep works through man-in-the-middle attacks like ARP poisoning and describes some protections like using SSL, firewalls, and not sharing Wi-Fi networks. It also mentions the Blacksheep add-on that detects Firesheep to make people feel better about security.Image based automation
Image based automationantitree
油
The document discusses the dual nature of image-based automation using Sikuli, highlighting both beneficial and harmful applications. Positive uses include automating desktop configurations and creating bots for social media, while negative uses involve automating malicious downloads and executing attacks. The document emphasizes the potential risks associated with such automation technology.How [not] to throw a b sides
How [not] to throw a b sidesantitree
油
This document outlines the key considerations and steps for organizing a BSides event, including planning, community engagement, and logistics. It emphasizes the importance of time management, sponsorship, volunteer coordination, and post-event follow-ups. The document also highlights the need to prepare for unexpected challenges and maintain communication with all stakeholders.Intro to IPv6 by Ben Woodruff
Intro to IPv6 by Ben Woodruffantitree
油
The document discusses IPv6, including reasons for adopting it such as limited IPv4 address space and more efficient routing. However, IPv6 adoption has been slow due to lack of support from local ISPs and immature tunneling technologies. While the last of IPv4 address space was predicted to run out in March 2011, the actual transition is difficult to predict and may take 8 months or longer after exhaustion. As IPv4 sunsets, workarounds like NAT at ISPs and name-based virtual hosting will be used. IPv6 vulnerabilities exist where networks and firewalls have not been updated to support it.Anonymity Systems: Tor
Anonymity Systems: Torantitree
油
This document provides an overview of anonymity systems like Tor, I2P, and Freenet. It describes how Tor works by passing data through proxies to provide anonymity. It also discusses who uses Tor, such as whistleblowers and journalists seeking privacy. The document outlines the Tor project's finances and how it is funded by various organizations. It concludes by covering some attacks against Tor like traffic analysis and compromising relay nodes.Dll hijacking
Dll hijackingantitree
油
DLL hijacking is a technique that tricks a program into loading a malicious DLL instead of the expected one. It works by placing the malicious DLL in a location the program searches before its expected DLL path. An audit tool was demonstrated that automates detecting exploitable extensions by generating test files and monitoring the program and DLL loading behavior. The document proposes ways to deliver a malicious payload via a hijacked DLL and discusses mitigations like disabling WebDAV/SMB shares and having programs securely load DLLs.Hackerspaces
- 1. HACKERSPACES