Suche senden
Hochladen
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
•
Als PPTX, PDF herunterladen
•
1 gefällt mir
•
1,091 views
DefconRussia
Folgen
Technologie
Business
Melden
Teilen
Melden
Teilen
1 von 25
Jetzt herunterladen
Empfohlen
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Empfohlen
Plan def. univ. beta panamá
Plan def. univ. beta panamá
ArmandoMarino
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Weitere ähnliche Inhalte
Mehr von DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
DefconRussia
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
DefconRussia
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
DefconRussia
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
DefconRussia
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
DefconRussia
Mehr von DefconRussia
(20)
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
HTTP HOST header attacks
HTTP HOST header attacks
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
Weakpass - defcon russia 23
Weakpass - defcon russia 23
nosymbols - defcon russia 20
nosymbols - defcon russia 20
static - defcon russia 20
static - defcon russia 20
Zn task - defcon russia 20
Zn task - defcon russia 20
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
Nedospasov defcon russia 23
Nedospasov defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Miasm defcon russia 23
Miasm defcon russia 23
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
Anton Alexanenkov - Tor and Botnet C&C
Anton Alexanenkov - Tor and Botnet C&C
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Tyurin Alexey - NTLM. Part 1. Pass-the-Hash
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Scary
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Roman Korkikyan - Timing analysis workshop Part 2 Practice
Kürzlich hochgeladen
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Kürzlich hochgeladen
(20)
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Slack Application Development 101 Slides
Slack Application Development 101 Slides
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
1.
Physical (In)security Inbar Raz Malware
& Security Manager Check Point Software Technologies ©2013 Check Point Software Technologies Ltd.
2.
Types of Vulnerability
Disclosures Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – If asked, work with the vendor – After 3-6 months, proceed to Full Disclosure Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC ©2013 Check Point Software Technologies Ltd. 2
3.
Disclosure #1 Vendor:
An Online Movie Ticket Service Field: Online shopping and entertainment Affected Product: On-site Ticket Kiosk Vulnerability: Multiple vulnerabilities cause the compromise of both customer and company data ©2013 Check Point Software Technologies Ltd. 3
4.
Disclosure Details On-site
Kiosk Touch Screen Credit Card Reader Ticket Printer No peripherals, No interfaces And the journey begins… ©2013 Check Point Software Technologies Ltd. 4
5.
Disclosure Details Improper
interface settings allow the opening of menu options. Menus can be used to browse for a new printer. ©2013 Check Point Software Technologies Ltd. 5
6.
Disclosure Details A
limited browser is not restricted enough. A right-click can be used… To open a full, unlimited Windows Explorer. Now the sky is the limit… ©2013 Check Point Software Technologies Ltd. 6
7.
Disclosure Details Browsing
through the file system reveals indicative directory names… And even more indicative file names. ©2013 Check Point Software Technologies Ltd. 7
8.
Disclosure Details Bingo:
Credit Card Data (Unencrypted!) Tools of the trade: Notepad We can use the ticket printer to take it home ©2013 Check Point Software Technologies Ltd. 8
9.
Disclosure Details But
that’s not all: RSA Keys and Certificates are also found on the drive! Which we can print, take home and then use a free OCR software to read… ©2013 Check Point Software Technologies Ltd. 9
10.
Disclosure Details The
result: RSA Keys used to bill credit cards. ©2013 Check Point Software Technologies Ltd. 10
11.
Disclosure #2 Vendor:
Point-of-Sale Manufacturer and Users Field: Network Security Vulnerability: Improper physical security allows access to insecure PoS devices during afterhours. ©2013 Check Point Software Technologies Ltd. 11
12.
Disclosure Details Point-Of-Sale
devices are all around you. ©2013 Check Point Software Technologies Ltd. 12
13.
Disclosure Details Location:
A bar in Tel-Aviv During working hours – tables, chair and PoS outside During afterhours – everything is locked inside the facility But the Ethernet port remains hot – In public space… ©2013 Check Point Software Technologies Ltd. 13
14.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. ©2013 Check Point Software Technologies Ltd. 14
15.
Attack Vector In
the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254 Confirm by ping (individual and broadcast) ©2013 Check Point Software Technologies Ltd. 15
16.
Attack Vector Evidence
of SMB (plus prior knowledge) lead to the next step: And the response: ©2013 Check Point Software Technologies Ltd. 16
17.
Things to do
with an open share #1: Look around [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 17
18.
Things to do
with an open share #1: Look around #2: Create a file list [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 18
19.
The mystery of
192.168.0.250 Answers a ping, but no SMB. First guess: the ADSL Modem. Try to access the Web-UI: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 19
20.
The mystery of
192.168.0.250 Use the full URL: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 20
21.
Going for the
ADSL router Reminder: We actually had this information. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 21
22.
Going for the
ADSL router Naturally, there is access control: Want to guess? [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 22
23.
Unlocked Achievements Best
for me, worst for them: Credit card data. Database files (yet to be analyzed). The program files of the billing system. Potential attack through the internet. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 23
24.
Next Steps Create
a Responsible Disclose document for the PoS manufacturer Send an Advisory to businesses ©2013 Check Point Software Technologies Ltd. 24
25.
IMPORTANT NOTICE The
bar operation was with full cooperation and consent. DOING THIS ON YOUR OWN IS ILLEGAL. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 25
Jetzt herunterladen