WillC – Phreaking Elevators – DEF CON 27 Conference

WillC - Phreaking Elevators - DEF CON 27 Conference

This is a comprehensive dive into the current emergency phones with an in-depth look at the phones used in elevators. This talk will provide unique insight into a topic that hasn’t been covered before: Elevator Phones. During this talk, I will discuss the commonality between elevator phone brands. I will cover a new, never before released, set of default passwords these system use. I will show a tool kit and how to use it to access elevator phones locally, as well as remotely. In addition, I will show how to reprogram a phone , how to make the elevator state …

Read moreWillC – Phreaking Elevators – DEF CON 27 Conference

How to crack password using Hashcat

how to crack password using hashcat | crack password | hashcat

This video tell you about the password cracking using hashcat. crack any kind of password’s hash in just few seconds by the using of hashcat tool. This video tells all the basics of password cracking with step by step explanation… link for download the hashcat tool ——- https://hashcat.net/hashcat/ link for centos installation—— https://youtu.be/Ei7E7eKkNBM link for install vm ware tools—– https://youtu.be/13pwPgjiJT0

PASTA: Password-based Threshold Authentication

PASTA: PASsword-based Threshold Authentication

We introduce and formalize a new notion of password-based threshold token authentication, which protects password-based authentication against single point of failures. Specifically, we distribute the role of a single server among n servers and allow any t servers to collectively verify clients’ passwords and generate tokens, while no t-1 servers can forge a valid token or mount offline dictionary attacks. We then introduce PASTA, a general framework wherein clients can sign on using a two-round (optimal) protocol that meets our strong security guarantees. Our experiments show that the overhead of protecting secrets and credentials against breaches in PASTA, i.e. compared …

Read morePASTA: Password-based Threshold Authentication

Mapping the Wireless IOT

Let's See What's Out There - Mapping the Wireless IOT

by Tobias Zillner “Radio… The final IoT frontier. These are the problems of penetration testers. Our continuing mission: To explore strange new signals… To seek out new devices; new protocols… To boldly detect what no one is aware of!” The Internet of Things (IoT) is considered to be the next phase of the Internet revolution – linking more and more objects of the real world to the virtual world and enabling anytime, anyplace and anything communication. Due to the vast increase in popularity and distribution, the IoT has become an interesting target for attackers. Because it is becoming more and …

Read moreMapping the Wireless IOT

Exploiting Windows Automatic Wireless Association – George Chatzisofroniou

#HITB2017AMS COMMSEC D1 - Exploiting Windows Automatic Wireless Association - George Chatzisofroniou

For the past ten years the KARMA attack has been the industry standard for causing a Wi-Fi client to automatically connect to an attacker-controlled Access Point. In the KARMA attack the attacker introduces an access point that bares the same characteristics as a (open) network which the client has connected to in the past (and will continue to connect to if given the chance, due to automatic association rules). Information about such networks were leaked to nearby stations during the Wi-Fi network discovery process. However, modern network managers have adopted effective countermeasures, including probing for previously associated networks only after …

Read moreExploiting Windows Automatic Wireless Association – George Chatzisofroniou

DEF CON 25 – John Sotos – Genetic Diseases to Guide Digital Hacks of the Human Genome

DEF CON 25 - John Sotos - Genetic Diseases to Guide Digital Hacks of the Human Genome

operating system (and set of application programs) built on the digital molecules DNA and RNA. The genome has thousands of publicly documented, unpatchable security vulnerabilities, previously called “genetic diseases.” Because emerging DNA/RNA technologies, including CRISPR-Cas9 and especially those arising from the Cancer Moonshot program, will create straightforward methods to digitally reprogram the genome in free-living humans, malicious exploitation of genomic vulnerabilities will soon be possible on a wide scale. This presentation shows the breathtaking potential for such hacks, most notably the exquisite targeting precision that the genome supports — in effect, population, and time — spanning annoyance to organized crime …

Read moreDEF CON 25 – John Sotos – Genetic Diseases to Guide Digital Hacks of the Human Genome

DEF CON 24 – Jmaxxz – Backdooring the Frontdoor

DEF CON 24 - Jmaxxz - Backdooring the Frontdoor

As our homes become smarter and more connected we come up with new ways of reasoning about our privacy and security. Vendors promise security, but provide little technical information to back up their claims. Further complicating the matter, many of these devices are closed systems which can be difficult to assess. This talk will explore the validity of claims made by one smart lock manufacturer about the security of their product. The entire solution will be deconstructed and examined all the way from web services to the lock itself. By exploiting multiple vulnerabilities Jmaxxz will demonstrate not only how to …

Read moreDEF CON 24 – Jmaxxz – Backdooring the Frontdoor