black hat and defcon 2014
DESCRIPTION
Presenting BlackHat USA 2014 and Dercon 22TRANSCRIPT
Black hat / Defcon 2014
What is (a) Blackhat?• A conference for security professionals• 4 days of training, 2 days of briefings• 9,000 security executives, hackers, academics, and spies attended Black Hat this year• A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or
for personal gain“• Ticket price range from $1795 - $2595 just for the briefings
Venue – Mandalay Bay
Nothing says Vegas like a hotel wedding chapel
• First year that BH enters Mandalay• 3,309 hotel rooms and a casino of
12,500 m2
• Convention center is 93,000 m2 (!)
What is Defcon ?• By hackers, for hackers• Nearly 16,000 attendees, up from last year’s 12,000.• Tickets cost $220 at the door – cash only (I wonder why)
Venue – Rio
• 2,522 hotel rooms and a casino of 11,000 m2
• Convention center only 15,000 m2
• Long lines...
Focus on hacks, whatever it might be• Badge hacking• SDR hacking• Hardware• Software• Locks• People…• Hack all the things!
People who think that they’re hackers
Wall of sheep• Dedicated to security research and
the advancement of security awareness through, in many cases, unconventional methods.
”Free charge?! Awesome!”
Skytalks
• A con within a con (conception?)• Classic, old-school Defcon: no cameras, no recording.
No pre-con content takedowns. No sobriety. No bullshit.• Solely funded by donations• “Special” talks• A brief history of teledildonics. Yeah, apparently that’s a thing.• Breaking MIFARE ULTRALIGHT.. or how to get free rides and more
Summary
A Survey of Remote Automotive Attack Surfaces • Hacking cars remotely
Source: autoguide.com
BadUSB
Extreme Privilege Escalation on Windows 8/UEFI Systems• Hacking Windows through the bios
https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems-WP.pdf
Interesting sessionsCyber defend yourself – Don’t screw up!
Interesting sessions• Hacking RFID – or how to ride for free on public transportation
Source: SL
Interesting sessions• Internet of things
Source: Morgan Stanley
Interesting sessions• Post Exploitation – Veil Pillage
Interesting sessions• What the Watchers see – or not…
Interesting sessions• Veaponize your pets
Source: Funnypostcard.coml
Interesting sessions cont.• Exploiting Thunderbolt
Source: Intel
Everybody loves to hack credit cards!
Credit card hacks present or presented at Defcon
• Jackpotting ATMs• Mag stripe skimming (duh…)• Relay attack • False terminals (capture PIN)• No PIN attack (MiTM attack)
• More www.lightbluetouchpaper.org• And http://www.cl.cam.ac.uk/~rja14/banksec.html
Interesting sessions• And of course…. Lots on NSA playset
Source: Der Spiegel