DEFCON 20: Bypassing Endpoint Security for $20 or Less

Рет қаралды 265,320

Күн бұрын

Speaker: PHIL POLSTRA COMPUTER SECURITY PROFESSOR, UNIVERSITY OF DUBUQUE
In this talk cheap easily constructed devices which can be used to bypass endpoint security software by making any USB mass storage (flash or hard) drive appear as authorized devices will be presented.
The design and implementation will be discussed in detail. Devices can be constructed for approximately $18 and $30 for a small package which requires soldering of 4 wires, and a slightly larger package which requires no soldering, respectively. Some familiarity with microcontrollers and C programming would be helpful, but not required for attendees to get the most from this talk.
Phil Polstra was born at an early age. He cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450.
Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics.
His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual certs one might expect for someone in his position. Phil is also an accomplished aviator with several thousand hours of flight time. He holds 12 ratings including instructor, commerical pilot, mechanic, inspector, and avionics tech. When not working, he likes to spend time with his family, fly, hack electronics, and has been known to build airplanes.
Over the last few years Phil has spoken on various USB-related topics at a number of conferences such as 44Con, NetSecure, MakerFaire Detroit, and Black Hat. He has developed a number of cheap, fun, and useful devices for infosec and forensics professionals.
Twitter: @ppolstra
Facebook: ppolstra
ppolstra.blogspot.com
For more information visit: bit.ly/defcon20_information
To download the video visit: bit.ly/defcon20_videos
Playlist DEFCON 20: bit.ly/defcon20_playlist

Пікірлер: 80

@Barnacules 8 жыл бұрын

"If it doesn't play, I dedicate it to Microsoft" - ROFL

@WesleyDugg 8 жыл бұрын

+Barnacules Nerdgasm hmmm what are you doing in these parts?

@der_pinguin44 8 жыл бұрын

+Wesley “Wes” Duggan The same reason why we're all here.

@MrKristian252 7 жыл бұрын

I didn't know you liked these deep videoes Jerry.

@timbim5505 7 жыл бұрын

Barnacules Nerdgasm jerry!!!!!

@cachemist4149 7 жыл бұрын

Nice that you watch DEFCON, I loved your videos BEFORE this discovery, but now...

@subfission9433 8 жыл бұрын

This was the best defcon!

@Sekei.. 10 жыл бұрын

I was really thrown off by the people constantly cheering and clapping of the guys in the other auditorium somehow! :P

@mewwew411 10 жыл бұрын

Same

@troublewithweebles 3 жыл бұрын

Where is the video of THAT talk? Lets go to there

@bishopdante 8 жыл бұрын

Bruv... 4Gb Flash drive that turns out to be 2Gb... in the dodgy areas of Shenzhen back in 2008 there were fake Sony 2Gb thumb drives that turned out to only have 128Mb on them! You name it... there's at least 5x knock-off versions with shoddy specs if you go to Sz.

@puddingpimp 11 жыл бұрын

The reason you can't get USB flash drives with a blocksize !=512 is because Windows doesn't support it (though Win7/Win8 might). Flash drives have an MBR like a regular SCSI/ATA HDD, and there is no unambiguous way to determine what the sector offsets mean on an MBR with different sector sizes. It is also why 4k sector HDDs have 512 byte LBA sector addresses (the internal physical sectors are 4k).

@elizajaneheart865 8 жыл бұрын

thank you for the information there is still a lot that I do not know

@timbim5505 7 жыл бұрын

cant get past the audio quality

@CAGE9000 3 жыл бұрын

4:25 It's set up so you can't screw it up. Me fetching a heartwarming memory of my workmate Todd who I got southpark on his usb to watch at home after work. Knowing what a technological genius he is, telliing him to make sure he put it in his usb connector at the back of his tv. Next day at work: T: it didn't work M: I'll double check if it's not your codecs after work T: ok later that day... M: thats an hdmi connector Todd T: well it was a bit funny but iI got it in there... M: facepalm

@bigun89 10 жыл бұрын

Good talk!

@45shfifty 4 жыл бұрын

I've found that no version of windows will recognize more than the first partition on a USB device, including winblows 10.

@kl1nk0r 10 жыл бұрын

Jeeez, what is so hard about indenting code (34:14).

@denesk2794 7 жыл бұрын

It is not the code, it is the presentation format that tends to screw code copy-paste up. That said, yep :) you should fix that in a presentation ;)

@MagikGimp 8 жыл бұрын

Wait, so you write protect the drive and it can't prevent the malware from running? I understand not being able to delete it but can't shitty AVG at least stop it?

@ericsbuds 8 жыл бұрын

I haven't heard "scuzzy" in a long time lol

@varagner 8 жыл бұрын

+ericsbuds You mean the rest of the world moved past SCSI? I will inform my workplace at once!

@DanielWilson33 8 жыл бұрын

+ericsbuds +varagner Tell them less "scuzzy" more "sassy", then show them the wonders of SAS drives ;)

@stephenhunter70 8 жыл бұрын

MAC address filtering was never intended to be the total network security solution

@nixietubes 7 жыл бұрын

no one said it was

@elonmusk8711 5 жыл бұрын

@@nixietubes Well, the speaker claimed that MAC filtering ‘doesnt work’, which is a blatantly false, irrational statement, so yes. Doesn't work in what sense? The only sense in which it 'doesn't work' IS as a total network security solution - *so yes, the speaker DID imply exactly that*

@SgtLion 5 жыл бұрын

@@elonmusk8711Macs filtering isn't *any* kind of network security solution. It's as much a security barrier as making somebody type in their name.

@hansonsux 10 жыл бұрын

lots of skipping forward on this one...

@QCprepper 8 жыл бұрын

The real security flaw here is that no effort is made to authenticate the PID/VID, nor monitor incoming connection attempts. Im a big believer in heuristic analysis for detecting potential problems. It shouldnt be excessively difficult to write some additional code (there's already custom code that blocks invalid devices right? just add on to it) that detects an abnormal number of USB connection attempts (why are all these promiscuous usb devices trying to mate with me?) and raises a flag with the IT Security department. Assuming we want to keep this paradigm of filtering with PID/VID, we need a way of validating the alleged return. This could involve anything from something as basic as a security token in the approved devices (though this could be a problem seeing as there will be many such devices floating around), to something more advanced like a one-way hash or public/private keys.

@mattstechtips 11 жыл бұрын

Electric six reference :D

@johnallardyce4164 9 жыл бұрын

Send your complaints about Paul Roberts chewing gum to: threatpost.com/contact-us

@EttrionNano 10 жыл бұрын

my personal favorite filesystem is Linux's ext4

@HazeCommunityGaming 7 жыл бұрын

FAT32 is great except for the 4gb limiting.

@Canadian789119 5 жыл бұрын

@@HazeCommunityGaming and the 33 mb minimum.. I only use it for boot loaders.

@user-lm7nt7ri6k 10 жыл бұрын

..how?

@donaldotrumpez9819 8 жыл бұрын

Is this fast?

@rsga011089 7 жыл бұрын

i installed a TOR browser on my phone and whenever i turn on my VPN it doesn't connect to the internet. does it mean that my phone is hacked?

@bdnugget 7 жыл бұрын

yes

@aaronbrown8079 5 жыл бұрын

@andrewkent650 5 жыл бұрын

Maybe

@frtard 8 жыл бұрын

"isocrintis"

@joelmiroi6227 11 жыл бұрын

He was "born at an early age", huh? ^^

@denartha 11 жыл бұрын

The silent video would have been better with some dramatic piano music behind it.

@TheEightfoldPath_ 10 жыл бұрын

Yeah, cause explaining everything isn't important at all.

@StayUber 10 жыл бұрын

>> 25:18

@Bourbon102rus 11 жыл бұрын

rules

@FreakinKatGaming 4 жыл бұрын

You see here's your 1st problem your not running Linux, 2nd were drunks loll

@HelloKittyFanMan. 5 жыл бұрын

Well, not _absolutely_ nothing inside there.

@BrainSlugs83 11 жыл бұрын

Not done watching yet. But holy crap the first 17 minutes is just random information about USB (that you already know if you've ever bothered to touch V-USB, etc)...

@asdfghyter 10 жыл бұрын

I found this interesting. But yes, it was way to techical for the intended audience, and some of the details could've been skipped even if the intention was to teach people how to build these devices.

@zwz.zdenek 9 жыл бұрын

asdfghyter It was just fine for me (I'm an amateur), I'm not sure what audience you have in mind. That lecture didn't look like something for the common joes.

@dasnennstdumeinung 9 жыл бұрын

asdfghyter This is defcon dude, the target audience is pretty educated in that respect

@christi_L 8 жыл бұрын

+Moritz Mahringer Exactly what I was about to say lol.

@Tehwhitekity 7 жыл бұрын

readme info I thought the talk was "too technical" in that it had a lot of detailed explanation of stuff techies should mostly know already, as in, it's aiming a little low, rather than too high, competency-wise

@spacepirateivynova 7 жыл бұрын

i wonder how someone gets caught 'stealing all the data' unless they are stupid enough to delete the original files :D and/or the company doesn't backup anything... which is more common than is comfortable >.\\

@FreakinKatGaming 4 жыл бұрын

I liked to hack at one point too...18years ago till the feds kicked me in the fucking dick with a 300,000 Fine.

@HelloKittyFanMan. 5 жыл бұрын

Oops, there's no such thing as a "USB bus" or an "LCD display"!

@jasonreed1352 3 жыл бұрын

Don't forget to enter your PIN number at the ATM machine! Cover the number pad, because a UFO that has been identified as an extra terrestrial spacecraft that has landed terrestrially may be watching... Or it's from Russia in China and being piloted by a mentally handicapped child surgically altered to resemble an alien. Eck cetera.

@HelloKittyFanMan. 3 жыл бұрын

@@jasonreed1352: Sure! 😉😁

@KermitFrazierdotcom 4 жыл бұрын

"Idiot Proof" = Divide by Zero

@ernststavroblofeld1961 9 жыл бұрын

What is this nonsense? What we need is a USB stick device that you put into any computer, you hit enter and it backs up the NSA mainframe untraceable onto your hard drive. Not this teenage-nonsense here.

@ernststavroblofeld1961 9 жыл бұрын

***** ?

@ernststavroblofeld1961 9 жыл бұрын

***** OK, you are obviously nuts, but what on earth are you talking about? I clearly stated, what is needed and nobody has delivered yet. That is preposterous!

@ernststavroblofeld1961 9 жыл бұрын

***** You better are, useless time waster.

@HO1ySh33t 9 жыл бұрын

Ernst Stavro Blofeld oh the irony

@elizajaneheart865 8 жыл бұрын

Ernst Stavro Blofeld NSA has a space division they use satellite to help hack into GPS global positions system usb is not the only way to hack into a computer that's a psychical hack most hacks work that way.

@6golfer2 11 жыл бұрын

holy crap! Get to the point would ya

@BrainSlugs83 11 жыл бұрын

Wow, srsly. Just skip the first 25 minutes.

@elmateo77 9 жыл бұрын

5 gbps on a usb 3.0? HAHAHA. If that were the case, I could fill up my 64gb flashdrive in less than 13 seconds. I'm pretty sure I would remember if something like that had ever happened. The best I've gotten was less than a fifth of that (yes both the port and the device were using usb 3.0, and I was transferring from an ssd so I doubt that was the issue, and was transferring 3-6gb video files so there wasn't a large number of files to mess things up). Idk, maybe I'm just cursed to forever suffer slow transfer speeds, and if somebody else had been doing it they would have gotten the full speed :P

@PauliusGe 9 жыл бұрын

gbps is not GB/s

@lhs919 9 жыл бұрын

If you have any data transfer speed in Xbps (bits per second) you will have to divide it by 8 to get it in XBps or XB/s (bytes per second) where X is a SI unit (K, M, G, T etc.) and therefore 5Gbps is actually 625MB/s meaning it would take around 100 seconds to fill your flash drive IF that is, your flash drive could actually do the full 5Gbps which most devices can't, not even SSDs.

@Bewarethe1 9 жыл бұрын

elmateo77 lol!