DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam Curry

  Рет қаралды 41,146

DEFCONConference

DEFCONConference

Күн бұрын

Пікірлер: 127
@samcurry1228
@samcurry1228 Ай бұрын
Yeah, this was super rough. I regret giving this as a talk because there just wasn’t enough content. Read the blog post instead, save 30 minutes, and you won’t have to listen to me say “like” 5,000 times 😄
@Atrophes
@Atrophes Ай бұрын
Hey man. You don't get better by not trying. We all see the shitty parts that no one else does. You're good, keep at it. You got to speak at fucking defcon. That's some good shit
@soundslike8454
@soundslike8454 29 күн бұрын
I thought it was fine, it just sounded conversational so my mind hasn't really even noticed those conversational words sprinkled in. It's not jarring cause it just sounds natural. It would be a lot more weird if you were specifically avoiding saying "like" and as a result sounding unnatural. Your talk was funny and I felt like you were just chatting with us which made it so much easier to engage with. I remember when your write up on this first came out, this whole situation is wild af. Thank you for covering this
@Shocker99
@Shocker99 29 күн бұрын
Respect for being in the comments of your own talk and not insulting everyone who criticised the talk. I can imagine it was rough giving the talk knowing you were lacking in content for a 20-45 minute talk.
@user-lg4le8xr4s
@user-lg4le8xr4s 28 күн бұрын
That's how you get better, don't regret it. If it wasn't good enough, then Defcon wouldn't have put you up there to begin with
@EarthWalkerOne
@EarthWalkerOne 28 күн бұрын
I enjoyed it. Didn't find it rough, and it's in at least the top 50% of defcon talks.
@A1.4graffix
@A1.4graffix 18 күн бұрын
This is a bigger problem than a lot of people even realize.....
@lifelover69
@lifelover69 Ай бұрын
Interesting talk, shed some light on remote modem management. I didn't know about TR 069. Thanks!
@alfonzo7822
@alfonzo7822 Ай бұрын
I'd seen it before on some router logs but wasn't really sure of it's purpose
@NeverGiveUpYo
@NeverGiveUpYo Ай бұрын
Gotta love this guy. Amazing talk.
@JamesBos
@JamesBos Ай бұрын
Am I going crazy or was there a similar talk regarding the whole HTTP replaying in a local network thing?!
@Tumleren
@Tumleren Ай бұрын
Yeah I'm sure I've heard that part before. Maybe he's done a talk earlier
@CJ1337HF
@CJ1337HF Ай бұрын
Yes!!!! Same here! I can't figure out where but I KNOW I've seen this before 😂
@CJ1337HF
@CJ1337HF Ай бұрын
Oh I found it, Low Level Learning did a video about it
@thewhitefalcon8539
@thewhitefalcon8539 Ай бұрын
Often these groups present at more than one conference
@Tumleren
@Tumleren Ай бұрын
@@CJ1337HF ah yes, that's the one. Thanks for figuring that out
@ZombieLurker
@ZombieLurker Ай бұрын
That modem is the same exact modem Comcast used to use. I think Comcast is on to the XB3 now and that one was the XB2, or something like that.
@cid3384
@cid3384 Ай бұрын
Bro out here lowkey warning us of remote managed modems/ioTs. Now, him not just taking the modem and telling the ISP he lost it is just low level social and the fact we have no physical device that is directly affected places into question whether there was ever a modem to begin. Used to spend time on DOCSIS modems, exploits for modems see to not have changed much. For DOCSIS 1, 2 and even 3, SNMP was the backdoor and now the same goes for TR-069. So remote management means exactly that, anyone remotely can and will manage the device, in this case, the actual pipeline to the cloud.
@madmorze
@madmorze Ай бұрын
Over this talk he said 4967 words, 413 of them were the word "like" which is 8.31% of his entire speech. It`s, like, crazy
@drqusk
@drqusk Ай бұрын
Drove me nuts listening to it.
@jchastain789
@jchastain789 Ай бұрын
He's prolly from California lololol
@Mack_Dingo
@Mack_Dingo Ай бұрын
well, you better tell him to go to "Toastmasters" training
@TomTom-gx1sm
@TomTom-gx1sm Ай бұрын
"And it's like ok you know like" xD
@nemdub86
@nemdub86 Ай бұрын
like, right?
@dustinmorrison6315
@dustinmorrison6315 Ай бұрын
3:44 when you're a good enough hacker to appreciate a run-of-the-mill botnet lol
@pirrracy
@pirrracy 22 күн бұрын
Same thing back in the 80's a British Telecom auditor found that MI5 had their own backdoor into every exchange in the country. For some reason an exchange operator tipped him off about lots of calls to French Guiana... and when he found the breach the top-dog at B.T. got told by his boss to sweep it under the rug etc.
@DankyDankerson69
@DankyDankerson69 22 күн бұрын
So how would we protect against a modem attack
@TomTom-gx1sm
@TomTom-gx1sm Ай бұрын
Wtf I did not recognize Sam Curry, he's now a grown up, haha.
28 күн бұрын
gr8 talk and research!
@jpphoton
@jpphoton 22 күн бұрын
Excellent.
@Sunset4Semaphores
@Sunset4Semaphores 9 күн бұрын
Basebands suck! Get over it!!!
@fawneight7108
@fawneight7108 Ай бұрын
People here complaining about his use of “like” but he is too busy talking at DEFCON and hacking things you don’t even comprehend. So STFU.
@David-gk2ml
@David-gk2ml 17 күн бұрын
I don't comprehend...
@Ryan-yh3wn
@Ryan-yh3wn 15 күн бұрын
Sam commented here HIMSELF saying he used it too much and let folks know his blog-post is much more concise. Obviously you don't have to be obnoxious about the criticism but who are you helping by not sharing a glaring issue with the talk? Why would you hide yourself away from criticism as a young hacker who wants to share their knowledge with others? If you want to be a PUBLIC communicator you have to be ready for PUBLIC criticism, which will always include a few jackass' who ironically are HORRIBLE communicators. Sam is a big boy I'm sure he can handle someone saying "you used like too much". If you can't handle some incredibly soft criticism you genuinely shouldn't public speak because it will destroy you as you are trusted with more serious topics and trusted as a teacher. But everyone figures out after a few talks or after a few public speaking engagements that you just look at the criticism and go "did I do that? should I not? oh that has people tune out? okay cool, don't want that." It is INFINITELY worse to feel like you're killing it because people are just showering you in praise and then you give a talk to a potential employer or give a talk representing a company and suddenly you're confused when they said you didn't sound confident or like you knew what you were talking about (fill in whatever example you want).
@afryhover
@afryhover 16 сағат бұрын
Every other word was “like”.
@7_of_9
@7_of_9 13 күн бұрын
#1 rule - never ever use the ISP modem)router.
@shaunwilliams-k7r
@shaunwilliams-k7r Ай бұрын
Arcadyan routers infecting all devices via wifi ?
@alfonzo7822
@alfonzo7822 Ай бұрын
Yes
@QuadDerrick
@QuadDerrick Ай бұрын
I live in Norway and rooted my isp's router, and see its sending all kind of encrypted data to some server in usa too . i am not a fan.. anyone knows what the name of the attack he used to mix the routers mac and different values to break into the isp's other customers routers was ? I imagine i can do the same up here in Norway if i have ,, a easy bash script generating the values, calculating the payload,, sending it off with some bash script even. There was some research done on this years ago regarding breaking the wifi password of peoples router if you had the mac address, this is another topic maybe but, still it might be exactly the same code that will calculate my encrypted string to send off with a bash script to enumerate my neighbors networks ? I got a old router that i tricked out of my isp , they'r new routers are much harder to root and control like the guy the video talks about when he gets questions from isp lady in end of video. I am hardly allowed to change wifi password without explicitly asking my isp to do so, and i can forget about custom firewall rules. I am "forced" to sit on my old vulnerable router from 1995 if i want to have my own firewall rules. All just so my dear isp's have a backdoor channel in for state authority's to snoop they'r data.
@TomTom-gx1sm
@TomTom-gx1sm Ай бұрын
You're mixing up things. Wifi passwords were generated using the mac address, it isn't a password to remotely configure the router.
@QuadDerrick
@QuadDerrick Ай бұрын
@@TomTom-gx1sm You'r mixing things up. i never claim or ask if is 'a password to remotely control the router' or any router. You might wanna put your glasses on if you wanna contribute. I will admit my comment was not very clear or complete looking in ending but,, i will edit it to make it more clear.
@Entropy67
@Entropy67 Ай бұрын
There is no name for that attack, other then reverse engineering. Look through the actively running processes and try to analyze their launch binaries. He saw encrypted stuff, found encryption/decryption functions, and used those to encrypt his own data putting it in the format of a command for the ISP bot net. All just guesses and trying things.
@Me-ik9pj
@Me-ik9pj 29 күн бұрын
what's the website showing ip history at 3:05?
@seansingh4421
@seansingh4421 Ай бұрын
Is anyone out there who’s not making and shipping hilariously vulnerable critical devices or a playa now gotta run a syslog server and a SIEM for his crib ? 😂😂
@someguydoingtheinternetgood
@someguydoingtheinternetgood 23 күн бұрын
@@seansingh4421 you should be doing that anyway
@Mmouse_
@Mmouse_ Ай бұрын
Like.
@IsThisHowUDoThat
@IsThisHowUDoThat 23 күн бұрын
this is like a joke right? I am just falling in this rabbit hole. but this exact story i heard yesterday but different. Is this like a weird cult coder copa pasta meme? How I accidently made a botnet..
@Sunset4Semaphores
@Sunset4Semaphores 9 күн бұрын
Southwest boo!
@ZambeziSentinel
@ZambeziSentinel 25 күн бұрын
Hard to listen for long when it's "like" all the time 😂😂
@kensaiix
@kensaiix 18 күн бұрын
half the runtime is "like" please work on removing filler words, for the sake of the sanity of your surrounding
@gottspeed
@gottspeed Ай бұрын
How do you like working with cox... lmao
@jchastain789
@jchastain789 Ай бұрын
But modems have been vulnerable for years. It seems nobody also changes their default pw, which is also a problem.
@camello52
@camello52 28 күн бұрын
This topic woukd be more interesting if the speaker could "like" actually deliver a presentation and be cool...right. just like it could be better. Things like that would improve audience engagement.
@cellc6191
@cellc6191 25 күн бұрын
can someone eli5. thank you
@derrikarenal3308
@derrikarenal3308 23 күн бұрын
ELI5: Ma (your commercial ISP) adheres to a commercial standard protocol (it's legal and the default, and the only available version). Ma is obligated to tell Pa (or Uncle Sam, or other) everything or modify what you can receive or send. Oh, and one more thing: Ma, Pa, or any ol anybody, can help themselves to accomplish any and all fuckery with most every consumer product connected to the internet.
@censoredeveryday3320
@censoredeveryday3320 23 күн бұрын
It hasn't been DefCon for 20 years. Call it USGovCon because that's who attends it.
@randomviewer3494
@randomviewer3494 Ай бұрын
Right?
@EvilMmM
@EvilMmM 19 күн бұрын
recorded whole talk using Samsung s24u and summarized, there is 3451 times LIKE said...
@kensaiix
@kensaiix 18 күн бұрын
like... you could have looked at the transcript from... like... YT, you know? like... it's a lot easier.
@jordantheman25
@jordantheman25 Ай бұрын
people are complaining about his use of "like", but, like, he needed some way to stretch this out to 25 minutes.
@mo938
@mo938 Ай бұрын
Like Like Like So like Like Like Like
@BroImVlogging
@BroImVlogging Ай бұрын
Exactly, shit threw me off. I want to know what happens but I do not want to hear "like" every 5 words for the remainder of the video and I got fed up with the "like"s 7 minutes in.
@shellcode4892
@shellcode4892 Ай бұрын
Well, he's talking at DEFCON and you're not, so.......
@mo938
@mo938 Ай бұрын
@@shellcode4892 like, what does that, like, have to, like, do with, like, anything?
@realdavidpain
@realdavidpain Ай бұрын
Keyboard heros that never had a talk in front of hundreds or even thousands of people...
@mo938
@mo938 Ай бұрын
@@shellcode4892 like what’s that like got to like do with like anything
@HostileGingerATL
@HostileGingerATL 23 күн бұрын
Damn, like, that’s pretty cool & I’ve liked always wanted to know how to do something like this cause like all my emails are full of spam & like all my social medias send me like attempt to login texts/emails. It’s super like fucking annoying. And if I could like just learn how to like figure out like who/how they’re doing it so I could like return the favor, I’d like make this my full time focus and then like create a business out of it to like hack & spam for everyone else who like deals with the same like problem, right. So, right like if anyone like knows how to do this right & could teach me, right, like I’d be willing to like pay, right. So, like, feel free to reach out like right. Right?
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
32:30
DEFCONConference
Рет қаралды 44 М.
Twin Telepathy Challenge!
00:23
Stokes Twins
Рет қаралды 79 МЛН
Happy birthday to you by Secret Vlog
00:12
Secret Vlog
Рет қаралды 6 МЛН
СКОЛЬКО ПАЛЬЦЕВ ТУТ?
00:16
Masomka
Рет қаралды 3,2 МЛН
I Went To DEFCON!
16:25
ThePrimeagen
Рет қаралды 288 М.
there’s no way they did this..
12:50
Low Level
Рет қаралды 220 М.
How Hackers Bypass Kernel Anti Cheat
19:38
Ryscu
Рет қаралды 775 М.
Twin Telepathy Challenge!
00:23
Stokes Twins
Рет қаралды 79 МЛН