2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
Play • 32 min

Sébastien Dudek - 

@FlUxIuS

@penthertz

Why we are here today?

Software Defined Radio (sdr-radio.com)

What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks?

What other kinds of attacks can be launched? (I mean, other than replay type attacks)

Door systems (badge systems)

NFC? Contactless credit card attacks 

Smart building/home control systems

Bluetooth attacks

Point Of Sale systems

Cellular radio 3g/4g/5g

Industrial control systems

Home appliances

Medical telemetry systems

Drones!

LoRa - Wikipedia

DASH7 - Wikipedia - custom TCP stack for LoRa

Vehicle-to-grid - Wikipedia (V2G)

Automatic Wireless Protocol Reverse Engineering | USENIX

 

Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek 

 How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium

Carrier Aggregation explained (3gpp.org) 

Mobile phone jammer - Wikipedia

World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard

Supply chain attacks - systems tend to use wireless chipsets or protocols

 

LTE-torpedo-NDSS19.pdf (uiowa.edu)  -privacy attacks on 4g/5g networks using side channel information

How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas)

Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need?

Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io)

Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge

Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical

 

Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED

 

What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations?

Cellular?

Zigbee?

I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me?

Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio

List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)

7 Minute Security
7 Minute Security
Brian Johnson
7MS #450: DIY Pentest Dropbox Tips - part 4
Hey friends! We're continuing our series on pentest dropbox building - specifically playing off last week's episode where we started talking about automating the OS builds that go on our dropboxes. Today we'll zoom in a little closer and talk about some of the specific scripting we do to get a Windows 2019 Active Directory Domain Controller installed and updated so that it's ready to electronically punch in the face with some of your mad pentesting skills! Specifically, we talk about these awesome commands: tzutil /s "Central Standard Time" - this is handy to set the time zone of your server build powercfg.exe -change -standby-timeout-ac 0 will stop your VM from falling asleep Invoke-WebRequest "https://somesite/somefile.file" -OutFile "c:\some\path\somefile.file" is awesome for quickly downloading files you need. Couple it with Expand-Archive "C:\some\path\some.zip" "c:\path\to\where\you\want\to\extract\the\zip" to make auto-provisioning your toolkit even faster! Don't like it that Server Manager loves to rear its dumb head upon every login? Kill the task for it with Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask -Verbose. Byeeeeee!!!! I love Chrome more than I love IE/Edge, so I auto install it with: $Path = $env:TEMP; $Installer = "chrome_installer.exe"; Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer; Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait; Remove-Item $Path\$Installer Now get all the Windows updates! Install-PackageProvider -name nuget -force Install-Module PSWindowsUpdate -force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -IgnoreReboot Then rename your machine: Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so" Rename-Computer -LocalCredential administrator -PassThru Write-Host "New name accepted!" When you're ready to install Active Directory, you can grab the RSAT tools: Write-Host "Lets install the RSAT tooleeeage!" add-windowsfeature -name rsat-adds And then the AD domain services themselves: Write-Host "Now lets install the AD domain services!" add-windowsfeature ad-domain-services Then install the new forest: install-addsforest -domainname your.domain -installdns -DomainNetbiosName yourdomain
56 min
More episodes
Search
Clear search
Close search
Google apps
Main menu