Wednesday
Feb112009

Who Was That Kilted Man?

DateWednesday, February 11, 2009 at 11:12PM

If you were at ShmooCon and saw someone running around in a black kilt that was probably yours truly. For those that asked the kilt I was wearing is the Original by Utilikilt.  If you want to experience a new level of freedom be sure to stop by the Utilikilt store next time you are in Seattle. You will not be disappointed.

As always ShmooCon was a blast.  It was wonderful to meet everyone!  The podcaster meetup was a lot of fun.  Before the meetup Dave and I had a chance to make some Security Bats of Justice (TM) and try them out in a duel!  If you are wondering Dave solidly that match.  That man is dangerous with inflatable toys!

Of course there were also some great talks at this years ShmooCon.  If you are in the Cleveland area and would like to hear a first hand review them stop by next week's NEO InfoSec Forum meeting.  At next week's meeting I'll actually be doing two presentations.  One will be an overview of ShmooCon and the other will cover the Pass-the-Hash Toolkit.  Of course after the NEO InfoSec Forum meeting we're going to head over to Mavis Winkle's Irish Pub to record the Security Justice Podcast.

AuthorMatt | Comment2 Comments |
Wednesday
Feb042009

Radio Reconnaissance in Penetration Testing Being Presented at ShmooCon 2009

DateWednesday, February 4, 2009 at 11:39PM

Due to some last minute scheduling changes my "Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us" talk will be presented at this years ShmooCon!  The presentation is schedule for 10:00 AM Saturday morning in the "Bring It On!" track.  I have gotten a lot of questions about what my talk covers, so here's some more information on it starting with the abstract:

Tired of boring old pentests where the only wireless traffic you see if 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic with real world examples illustrating how these techniques have been used to gather information on a target's physical security, personnel and standard operating procedures.

When doing a penetration test how many radios do you see at the client's site?  Do they use cordless phones or wireless headsets?  Do their guards and maintenance staff carry radios?  Even wonder what other radios they might have and what you might learn by monitoring them?  This talk will answer these questions.  I will go over how to profile a site to find frequencies to monitor, select the right equipment to monitor these transmissions and what information can be gained using these techniques.  The bulk of the talk will focus on a couple of real life examples where I step through how these techniques have been applied during penetration test to gather information about the target organization.

Only so much information can be covered during an hour long talk and this is a fairly new area to a lot of pentesters.  Because this, I'm also going to do a series of blog posts providing the details on monitoring radio traffic during penetration tests.  Through these blog posts I will cover all the details needed to select the right hardware, profile a site, monitor the target and put the information gather to use on a pentest!  I will also discuss how to protect your organization from these attacks and what steps you can take to audit your environment for wireless security risks.  All posts related to this will have the Radio Reconnaissance category attached to them.  Fair warning this series will not get my full attention until I finish up my series on magstripe analysis.

If you are going to be at ShmooCon please come up and say hi.  I would love to meet all my readers.

AuthorMatt | Comment4 Comments | Reference1 Reference |
in , , , ,
Saturday
Jan312009

Melting Padlocks with a Giant Magnifying Glass

DateSaturday, January 31, 2009 at 6:04PM

Remember burning and melting stuff with a magnifying glass as a kid?  Ever wonder what would happen if you took a giant magnifying glass and tried the same thing?  Well this exactly what Dick and Will over at The Brothers Whitney did when they used a giant Fresnel lens, about the size of a 60 inch TV, to create a home made death ray.  In the video below they release the death ray on a brass padlock!

After watching this I can't help by imagine a Steam Punk safe cracker using something similar to burn into a safe.  Anyways I need to find a giant Fresnel lens to use on my next physical pentest.  No more picking locks I'm just going to burn my way into buildings!

If you like the video be sure to visit the The Brothers Whitney's website for a complete write up on their death ray and more movies of them using it.

A big shout to Make.TV for originally pointing my to Dick and Will's work.

AuthorMatt | Comment1 Comment |
in
Friday
Jan302009

DECT Phones are Popping Up Everywhere

DateFriday, January 30, 2009 at 10:09PM

The hotel room I stayed in last night had a cordless phone.  Being a wireless geek I had to take a closer look at it.  The first thing I noticed is the phone is a DECT device.  In the past six months I've seen a lot more DECT devices in the US.  Looks like the standard might finally be catching on here.  Sadly the US joined the DECT bandwagon just in time for some major vulnerabilities in DECT to be released to the public.

Next I looked for the FCC ID on the device and pulled the certification docs from the FCC website.  For those folks that are interested the FCC ID of the device is DXADCT2900.  In the future I'll go over the steps I use to lookup a device in the FCC database and what sort of information you can learn from doing an FCC ID search.

That's it for now.  In other news I have been very busy preparing for ShmooCon.  My Radio Reconnaissance talk is on the ShmooCon wait list so I've been spenting most of my free time finishing up those slides incase another speaker cancels or does not show up at the last minute.  Once ShmooCon is over I'll get back to my series on magnetic stripe analysis and hopefully will have time to start hacking the Fon routers I picked up.  If you are going to be at ShmooCon and would like to meet up leave me a comment or drop me a line on Twitter.

 

AuthorMatt | CommentPost a Comment |
in
Sunday
Jan252009

COM-ON-AIR Cards Have Arrived

DateSunday, January 25, 2009 at 11:17PM

On Friday the COM-ON-AIR cards arrived from Germany!  They arrived faster then expected which was a nice surprise and speaks well to the customer service at Arc Computer Vertriebs GmbH.  Each card was shipped in a plain white box that contained the card, a CD and a sticker with information such as the model and serial number of the card.  The CD only contained drivers and software for Windows, which is not too surprising.  The CD did include installation directions in English which will be helpful if I ever decide the use the cards in a Windows system.

Over the next few weeks I'll work on getting the cards functioning in Linux using the drivers and utilities created by the folks at dedected.org.  Once I have the cards working I'll see if they can detect any of the DECT devices in my test lab.  I suspect this will fail because the devices in my lab are designed to work in the US and I believe the cards only operate in the EU DECT frequency range.  From looking at the COM-ON-AIR specs, in German, it appears like they only work in the 1880 MHz-1900 MHz EU DECT range.  The DECT standard used in the US, sometimes referred to as DECT 6.0, operates in the 1920 MHz through 1930 MHz frequency range.  In the US I've also seen a number of "frequency shifted DECT" devices that operate in the 900 MHz and 2.4 GHz range.

If the cards can only operate in the EU DECT range, the next challenge will be getting the cards to operate on other frequencies.  I ordered extra cards so I could tear some apart, and possible break them, in the processes of getting them to operate on other frequencies.  Luckily the folks at dedected.org have provided some details on the radio section of the cards.  I might be able to use this information to change the operating frequency of the card.  If that is not possible I might try to make a frequency shifting device that changes the input frequency. Either way if I need to get the cards working on another frequency it will test my RF hacking abilities.

I'll keep folks posted on my progress through this blog and Twitter.

AuthorMatt | Comment6 Comments |
in ,
Page 1 ... 3 4 5 6 7 ... 16 Next 5 Entries »