Whipped Cream Difficulties

Some of yesterday’s Black Hat presentations:

• “Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops” by Celeste Paul and Josiah Dykstra.
• “Reversing a Japanese Wireless SD Card – From Zero to Code Execution” by Guillaume Valadon. And here’s the GitHub repo.
• “Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community” by Christian Dameff and Jay Radcliffe.
• “Open Sesame: Picking Locks with Cortana“. “Exploiting the ‘Open Sesame’ vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges.”

Some others that I didn’t get to the first time around:

• “Software Attacks on Hardware Wallets” by Alyssa Milburn and Sergei Volokitin. “…we show how software attacks can be used to break in the most protected part of the hardware wallet, the Secure Element, and how it can be exploited by an attacker.” Slides. White paper.
• “Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers” with a whole big bunch of folks. “…we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).” Slides. White paper.

Ars Technica has a story up in advance of Justin Shattuck’s “Snooping on Cellular Gateways and Their Critical Role in ICS” presentation later today:

…many of the unsecured gateways were installed in police cars, ambulances, and other emergency vehicles. Not only were the devices openly broadcasting the locations of these first responders, but they were also exposing configurations that could be used to take control of the devices and, from there, possibly control dash cameras, in-vehicle computers, and other devices that relied on the wireless gateways for Internet connections.

There are a couple of other presentations from yesterday that sound interesting on second look, but the links to them are currently broken. Also, I haven’t had a chance to read through all of these yet: I did give a quick skim to “Stress and Hacking” and “Reversing a Japanese Wireless SD Card” and look forward to a more careful read of both.

I think I’m going to try to post a second update later this evening if the broken links are fixed and/or new content is available. We should also be getting close to the point where the DEFCON 26 media server has preliminary versions of the presentations up…

Edited to add: DEFCON 26 presentations are now live on the DEFCON media server.

This entry was posted on Thursday, August 9th, 2018 at 12:00 pm and is filed under DEFCON, DEFCON 26, Geek, Radio, WiFi. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.