Security Second Thoughtshttp://www.matthewneely.com/blog/en-US2010-03-10T10:41:28ZSquarespace Site Server v5.9.2 (http://www.squarespace.com/)Presenting At Tomorrow Night's NEO InfoSec Forum Meetinghttp://www.matthewneely.com/blog/2009/9/15/presenting-at-tomorrow-nights-neo-infosec-forum-meeting.htmlMatt2009-09-15T18:41:48ZPenetration Testing Presentations

At tomorrow night's NEO InfoSec Forum meeting I'll be presenting "Unleash the Power of CUDA: Cracking Passwords With Video Cards". Below is a quick abstract of the talk:

Being able to quickly crack passwords is an important part of a penetration test. Even with the advent of rainbow tables and pass-the-hash attacks, bruteforce cracking of passwords is often still required. During this talk I’ll discuss how CUDA enabled video cards can be used to greatly increase the speed of password attacks. Demonstrations of a CUDA powered attack will be given.

NEO InfoSec meetings are free, open to the public and include free pizza. Food arrives around 6:00 PM and the meeting starts at 6:30 PM. More information on the meetings can be found here.

I look forward to seeing you there!

]]>Presenting Radio Reconnaissance in Penetration Testing this Thursday in Daytonhttp://www.matthewneely.com/blog/2009/7/7/presenting-radio-reconnaissance-in-penetration-testing-this.htmlMatt2009-07-08T01:04:30ZPenetration Testing Physical Security Presentations Radio Reconnaissance Wireless AssessmentIf you missed my ShmooCon presentation "Radio Reconnaissance in Penetration Testing: All Your RF Are Belong to Us" here is your chance to see it again! This Thursday I will be giving this talk at the three year anniversary party for the Ohio Information Security Forum. The party also includes talks on "Extracting PE Files from a PCAP" and "Reversing Malware". The Reversing Malware talk will be given by Bill Kimball who is truly an expert in this field and is a talk that should not be missed. Free food and drinks will also be provided. If you are in or around the Dayton area this is one event you should not miss. Did I mention the meeting is free!

Here are some links with directions and meeting details.

The party starts at 6:00. I hope to you see you there!

]]>Weekend Project: Building a Bus Piratehttp://www.matthewneely.com/blog/2009/6/18/weekend-project-building-a-bus-pirate.htmlMatt2009-06-18T16:36:10ZBus PirateThis past weekend I decided to make a Bus Pirate as a quick weekend project. The Bus Pirate is a universal serial interface originally designed by the folks over at Hack a Day. Basically the Bus Pirate is a device that can talk a wide range of serial protocols. Most folks are familiar with the USB serial bus, yes I know that is redundant, and the old school RS-232 serial port. Just about every computer made in the past 20 plus years has one of these serial ports. Sadly many hardware devices such as smart cards, integrated circuits and embedded devices do not speak RS-232 or USB. Because of this talking to these devices can be hassle. You often need to build a hardware converter and possibly write some custom code to communicate with these devices. The Bus Pirate tries to eliminate this hassle.

Today the Bus Pirate speaks eight protocols (1-Wire, UART, I²C, SPI, JTAG, raw 2-wire, raw 3-wire and PC AT keyboard). The raw 2-wire and raw 3-wire can be used to interface with proprietary serial protocols. The Bus Pirate also contains some other handy features such as a on-board 3.3 and 5 volt power supply, 0-6 volt measurement probe, a frequency measurement probe and frequency generator.

I was not adventurous enough to etch my own circuit board so I decided to build the Bus Pirate kit made by Fundamental Logic. The kit includes all the parts you need. Fundamental Logic even preprogrammed the PIC so you can build the kit without a PIC programmer. The online assembly directions for the kit are very clear and easy to follow. Before you start be sure to visit their tools page to make sure you have all the tools you need.

Overall the project took me about two hours to complete. A lot of that time was spent setting up and getting back into the swing of soldering. Overall it was not a very difficult project. The kit uses all through-hole components and the circuit board is not too densely populated. In terms of difficulty I rate this kit as medium to medium-low. I recommend this kit to anyone who wants to build a Bus Pirate. However if you are new to electronics and soldering this is probably not the best project for you to cut your teeth on.

Truthfully I had more problems getting my serial port and terminal program configured properly than I did assembling the kit. In the future I'll post some notes on getting the Bus Pirate to work in Windows and Linux. I'll also cover how to get it working with a serial-to-USB converter.

So the Bus Pirate sounds like a cool geek toy but how does it relate to security? First off when assessing hardware it is often helpful to communicate with the hardware directly. This will allow you to skip over the vendor's APIs and applications which may place limitation on what can be sent to the hardware. If you can talk to the hardware directly you can bypass these limitations. From the security point of view I am especially interested in the Bus Pirate's ability to speak JTAG, 1-wire and raw 2-wire serial protocols.

JTAG is a diagnostic protocol that can be used to communicate with electronic circuits and chips. JTAG is commonly used to restore bricked routers when an installation of OpenWRT or similar firmware fails. However JTAG can also be used to directly query the memory in most embedded devices.

iButton Image By Stan Zurek1-wire is a protocol used by the iButton line of products. iButtons are frequently used in physical access control systems.

The raw 2-wire mode can be used to communicate with a number of smart cards.

I'll let your imagination ponder why I would want to communicate with these devices.

]]>Finally My Notacon Slides Are Posted!http://www.matthewneely.com/blog/2009/6/11/finally-my-notacon-slides-are-posted.htmlMatt2009-06-12T03:17:47ZMagstripes Penetration Testing Physical Security PresentationsAt long last here are the slides from my Notacon talk. Below is an overview of the talk:

Notacon Mythbusters: Is Personal Data Stored on Hotel Keys? Using Magstripe Analysis Tools to Discover the Answer

For years emails and rumors have circulated that personal information such as credit card numbers, names and addresses are stored stored on hotel room keys.

The talk starts with an introduction to magstripe cards and how information is encoded onto the cards. The next section discusses what tools can be used to read and analyze magstripe cards. Next we test the myth by looking at data collected from a large number of hotel keys to determine what personal information is stored on them. The talk concludes with a discussion of advanced magstripe analysis, data manipulation techniques and how these techniques can be used during penetration tests and security assessments.

On a related note I hope to get back into updating this blog. One of my first priorities is to finish up the series on magstripe analysis. Thank you for reading and stay tuned for more updates!

]]>Slides from Tonight's NEO InfoSec Forum Meetinghttp://www.matthewneely.com/blog/2009/4/16/slides-from-tonights-neo-infosec-forum-meeting.htmlMatt2009-04-16T03:35:39ZPresentations By popular request here are the slides from tonight's tool talk presentation on Jasager and Karmetasploit.

]]>Encore Presentation of Radio Reconnaissance in Penetration Testing Coming This Julyhttp://www.matthewneely.com/blog/2009/3/17/encore-presentation-of-radio-reconnaissance-in-penetration-t.htmlMatt2009-03-17T03:21:18ZPresentations Radio ReconnaissanceIf you missed my ShmooCon presentation "Radio Reconnaissance in Penetration Testing: All Your RF Are Belong to Us" here is your chance to see it again! At the July 9th meeting of the Ohio Information Security Forum I will be doing an encore presentation of this popular talk. The Ohio Information Security Forum meetings are held in Dayton Ohio and are free and open to the public. For more information visit the Ohio Information Security Forum website.

]]>Client-Side Wireless Attacks and Defenses Presentation Slideshttp://www.matthewneely.com/blog/2009/3/10/client-side-wireless-attacks-and-defenses-presentation-slide.htmlMatt2009-03-10T04:22:38ZPenetration Testing PresentationsLast Thursday at the Ohio Information Security Conference I gave a presentation on attacking and defending wireless clients. The first half of this presentation focused on the various attacks that can be launched against wireless clients. During this section I cover basic attacks such as sniffing unencrypted traffic and moved up to more advanced attacks using tools such as Jasager and Karmetasploit. The second part of the talk covered how to protect wireless clients from these attacks. The slides from the presentation can be found here.

]]>Radio Reconnaissance in Penetration Testing Presentation Slideshttp://www.matthewneely.com/blog/2009/2/17/radio-reconnaissance-in-penetration-testing-presentation-sli.htmlMatt2009-02-17T18:25:06ZPresentations Radio Reconnaissance Wireless AssessmentHere are the slides from my "Radio Reconnaissance in Penetration Testing: All Your RF Are Belong to Us" presentation that I gave at ShmooCon last weekend. Sadly the video appears to of been lost. If the video turns up I will post it.

Remember to watch this blog for a series of blog posts on this topic!

]]>Upcoming Presentationshttp://www.matthewneely.com/blog/2009/2/17/upcoming-presentations.htmlMatt2009-02-17T04:26:00ZMagstripes Penetration Testing PresentationsMy speaking schedule has taken off this year. Right now I have six talks schedule for the first half of 2009, three of them this Wednesday! Plus I have a couple of CFPs which I am waiting to hear back on. To make it easier for folks to track my speaking schedule I added an Upcoming Presentations section on the Presentations Page. Here is my scheduled for the next few months:

February 18th - Cutting Edge Web Application Security Attacks - Lunch and Learn hosted by Peak 10 in Cincinnati Ohio - E-Mail Me for More Information
February 18th - Tool Talk: Pass the Hash - NEO InfoSec Forum in Cleveland Ohio - More Info
February 18th - Overview of ShmooCon - NEO InfoSec Forum in Cleveland Ohio - More Info
March 12th - Client-Side Wireless Attacks and Defenses - Ohio Information Security Conference in Dayton Ohio - Registration Information
April 16th - 19th - Notacon Mythbusters: Is Personal Data Stored on Hotel Keys? Using Magstripe Analysis Tools to Discover the Answer - Notacon in Cleveland Ohio - Registration Information
May 5th - Wireless Security Issues with Hands-on Lab on Auditing Wireless - Pittsburgh Chapter of ISSA in Pittsburgh PA - More Info

If you are at any of these events please come up and to say "hi". I always love to meet my readers in person!

]]>Who Was That Kilted Man?http://www.matthewneely.com/blog/2009/2/12/who-was-that-kilted-man.htmlMatt2009-02-12T04:12:57ZIf you were at ShmooCon and saw someone running around in a black kilt that was probably yours truly. For those that asked the kilt I was wearing is the Original by Utilikilt. If you want to experience a new level of freedom be sure to stop by the Utilikilt store next time you are in Seattle. You will not be disappointed.

As always ShmooCon was a blast. It was wonderful to meet everyone! The podcaster meetup was a lot of fun. Before the meetup Dave and I had a chance to make some Security Bats of Justice (TM) and try them out in a duel! If you are wondering Dave solidly that match. That man is dangerous with inflatable toys!

Of course there were also some great talks at this years ShmooCon. If you are in the Cleveland area and would like to hear a first hand review them stop by next week's NEO InfoSec Forum meeting. At next week's meeting I'll actually be doing two presentations. One will be an overview of ShmooCon and the other will cover the Pass-the-Hash Toolkit. Of course after the NEO InfoSec Forum meeting we're going to head over to Mavis Winkle's Irish Pub to record the Security Justice Podcast.

]]>