Collaborate Disseminate
The hackerfest ShmooCon draws an eclectic mix from the infosec community. CyberScoop broke down five takeaways in case you missed out.
The post Inside ShmooCon 2023: The wacky, the weird and, of course, the cybers appeared first on CyberScoop.
Continue reading Inside ShmooCon 2023: The wacky, the weird and, of course, the cybers
Looks can be deceiving when a security researcher first studies a piece of code. What might seem mundane or straightforward on the surface — an insecure log-in page, for example — can lead to unexpected results when a security practitioner digs deeper. Without humans scanning for vulnerabilities, bugs are left to fester, and can be exploited to cause real issues if they fall into the wrong hands. That lesson lingers in Ken Pyle’s mind. During a security test for a client last year, Pyle, a partner at the security company DFDR Consulting, examined a networking switch made by Cisco. The equipment is popular with small businesses, including the managed service providers that handle remote connections, because it allows organizations to administer multiple devices across a network. What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, […]
The post Bug hunter unveils Cisco zero-days at ShmooCon appeared first on CyberScoop.
Continue reading Bug hunter unveils Cisco zero-days at ShmooCon
Videography Credit: 0xdade
Permalink
The post Shmoocon 2019, Francis Duff’s ‘Security Tool Evaluations With MITRE ATT&CK’ appeared first on Security Boulevard.
Continue reading Shmoocon 2019, Francis Duff’s ‘Security Tool Evaluations With MITRE ATT&CK’
When it comes to finding what direction a radio signal is coming from, the best and cheapest way to accomplish the task is usually a Yagi and getting dizzy. There are other methods, and at Shmoocon this last weekend, [Michael Ossmann] and [Schuyler St. Leger] demonstrated pseudo-doppler direction finding using cheap, off-the-shelf software defined radio hardware.
The hardware for this build is, of course, the HackRF, but this pseudo-doppler requires antenna switching. That means length-matched antennas, and switching antennas without interrupts or other CPU delays. This required an add-on board for the HackRF dubbed the Opera Cake. This board is …read more
Continue reading Shmoocon: Delightful Doppler Direction Finding With Software Defined Radio
Whelp, Spectre and Meltdown are the tech news du jour right now, and everyone is wondering: what is the effect of this problem on real hardware in real server rooms? Epic Games patched their machines and found something shocking. The CPU utilization for one of their online services increased about 100%. We don’t know what this server is doing, or what this process is, but the Spectre and Meltdown patches will increase CPU load depending on the actual code running. This is bad for Epic — they now have to buy an entirely new server farm. This is doubly bad …read more
Bruce Potter is the Founder and an organizer of ShmooCon, a long-running, yearly hacker convention in Washington, D.C. He also serves as the CTO of KeyW Corporation and Ponte Technologies. Bruce talks about his security journey, and the political clima… Continue reading Paul’s Security Weekly #497 – Bruce Potter, ShmooCon
The 90s were a wonderful time for portable communications devices. Cell phones had mass, real buttons, and thick batteries – everything you want in next year’s flagship phone. Unfortunately, Zach Morris’ phone hasn’t been able to find a tower for the last decade, but that doesn’t mean these phones are dead. This weekend at Shmoocon, [Brandon Creighton] brought these phones back to life. The Motorola DynaTAC lives again.
[Brandon] has a history of building ad-hoc cell phone networks. A few years ago, he was part of Ninja Tel, the group that set up their own cell phone network at DEF …read more
Continue reading Shmoocon 2017: Dig Out Your Old Brick Phone
Anyone can hack a radio, but that doesn’t mean it’s easy: there’s a lot of mechanics that go into formatting a signal before you can decode the ones and zeros.
At his Shmoocon talk, [Paul Clark] introduced a great new tool for RF Reverse Engineering. It’s called WaveConverter, and it is possibly the single most interesting tool we’ve seen in radio in a long time.
If you wanted to hack an RF system — read the data from a tire pressure monitor, a car’s key fob, a garage door opener, or a signal from a home security system’s sensor — …read more
Continue reading Shmoocon 2017: A Simple Tool For Reverse Engineering RF
Anyone can hack a radio, but that doesn’t mean it’s easy: there’s a lot of mechanics that go into formatting a signal before you can decode the ones and zeros.
At his Shmoocon talk, [Paul Clark] introduced a great new tool for RF Reverse Engineering. It’s called WaveConverter, and it is possibly the single most interesting tool we’ve seen in radio in a long time.
If you wanted to hack an RF system — read the data from a tire pressure monitor, a car’s key fob, a garage door opener, or a signal from a home security system’s sensor — …read more
Continue reading Shmoocon 2017: A Simple Tool For Reverse Engineering RF
Far too much stuff is wireless these days. Home security systems have dozens of radios for door and window sensors, thermostats aren’t just a wire to the furnace anymore, and we are annoyed when we can’t start our cars from across a parking lot. This is a golden era for anyone who wants to hack RF. This year at Shmoocon, [Marc Newlin] and [Matt Knight] of Bastille Networks gave an overview of how to get into hacking RF. These are guys who know a few things about hacking RF; [Marc] is responsible for MouseJack and KeySniffer, and [Matt] reverse engineered …read more
