I apologize that I wasn’t able to post more coverage over the weekend: as I expected, it turned out to be fun, but packed.
I intended to post this yesterday, but I wasn’t able to find many updates on my lunch hour. Then I got stuck in a gumption trap late in the day at work, and basically came home and collapsed.
In retrospect, that was better, because this story broke late in the afternoon: Caesars Palace security was (in the opinion of at least some DEFCON attendees) a little too aggressive about searching rooms. More from Defiant, a company that was at DEFCON. Statement from Marc Rogers.
Also: badge related coverage if you care. Personally, I don’t need a stinking badge.
Black Hat updates:
- Putting this here for my IBM mainframe friend: “Mainframe [z/OS] Reverse Engineering and Exploit Development” by Chad Rikansrud.
DEFCON 26 updates:
- Haven’t found slides yet, but reference material for “Building Absurd Christmas Light Shows” with Rob Joyce is here.
- Also no slides that I’ve found for “You’d better secure your BLE devices or we’ll kick your butts!” with Damien Cauquil. But: his Twitter feed has an interesting link to “Exploiting BLE Smart Bulb Security using BtleJuice: A Step-by-Step Guide“, a blog post by Vaibhav Bedi (I think). What’s interesting about this post is that it covers the whole process of installing and configuring BtleJuice, “a framework to perform MiTM attacks on BLE devices”. Also: GitHub repo for Btlejack, “everything you need to sniff, jam and hijack Bluetooth Low Energy devices”.
- I’m excited about this one, though I haven’t had time to go through all of it yet: “Ridealong Adventures—Critical Issues with Police Body Cameras” by Josh Mitchell. Slides. five_oh_noes, a body camera scanner. More body camera related stuff.
- GitHub repo for “Breaking Smart Speakers: We are Listening to You” with Wu HuiYu and Qian Wenxiang. At the moment, this includes the presentation slides and Amazon Echo exploit code.