cyber uc meeting 31
play

Cyber@UC Meeting 31 Hardware Hacking If Youre New! Join our Slack - PowerPoint PPT Presentation

Dec 14, 2022 •383 likes •506 views

Cyber@UC Meeting 31 Hardware Hacking If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

  1. Cyber@UC Meeting 31 Hardware Hacking

  2. If You’re New! ● Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati ● OWASP Chapter ● Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Stay updated through our weekly emails and SLACK ●

  3. Announcements ● Happy late Halloween October 27/28th was the ACM programming challenge ● CharitEweek from Nov. 13th-Nov. 17th ● ● Red team against Franco’s Class! Nov. 27th ● Reached out to P&G again for a tour of their cybersecurity operations center Logo Design Competition ●

  4. Weekly Content Committee Session

  5. Reaper ● First spotted in September Based off of Mirai, but no longer relies on cracking weak passwords ● Enslaves vulnerable IoT devices and creates a botnet network ● ● Contains vulnerabilities for Dlink, Netgear, Linksys, Goahead, JAWS, AVTECH, Vacron Believed to have already infected 2 million devices, growing 10k/day ● Mirai only needed 100k devices infected to take down the DNS provider Dyn in ● a massive DDOS attack ● The author is still modifying its code

  6. Reaper (continued) ● There are warnings of another vulnerability called IoTroop that is believed to be adding devices to the same botnet and has infected over 100k devices Mirai was a botnet that took down almost a million routers back in November ● 2016 https://thehackernews.com/2016/11/mirai-router-offline.html https://thehackernews.com/2017/10/iot-botnet-malware-attack.html

  7. DUHK ● Stands for “Don’t Use Hard-coded Keys” Uses a cryptographic implementation vuln to allow attackers to recover ● encryption keys that secure VPN connections ● This is the third crypto vuln seen just this month, KRACK, ROCA ● Affected vendors include Cisco, Fortinet, TechGuard DUHK exploits an outdated pseudorandom number gen algorithm that works ● with a hard coded seed key ● Some vendors store the secret seed value hard-coded into their source code ● By using a state recover attack, man-in-the-middle attackers who know the seed value can know the input values for the PRNG https://thehackernews.com/2017/10/crack-prng-encryption-keys.html

  8. Hardware Hacking

  9. Hardware Hacking Example ● Stuxnet Equivalent to DDOS for hardware ○ ○ Targeted PLCs Iran’s Nuclear Program Targeted ○ ● Cause Centrifuges to tear themselves apart ○ Believe to have Destroyed 1/5th of them ● ● ● ← Simple Centrifuge

  10. Breakout Session

  11. Hardware Hacking Topics ● IO exploitation Firmware Reverse Engineering ● Coldboot Attacks ● ● FPGA/ASIC Reverse Engineering (Silicon Dye Analysis) ● PCB RE Power Analysis ●

  12. Breakout Session ● Has this ever been done ● Who would perform this exploit ● Why would it be done ● If you wanted to do it. What would you do it on.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
! Introduction to Aerosols Introduction to Aerosols ! ! Drag Forces Drag Forces ! ! Cunningham

! Introduction to Aerosols Introduction to Aerosols ! ! Drag Forces Drag Forces ! ! Cunningham

! Introduction to Aerosols Introduction to Aerosols ! ! Drag Forces Drag Forces ! ! Cunningham Corrections Cunningham Corrections ! ! Lift Forces Lift Forces ! ME 637 Ahmadi ME 637 Ahmadi Aerosols are suspension of Aerosols are

453 views • 9 slides
Patent Law Prof. Roger Ford March 9, 2016 Class 11 Statutory bars: public sale;

Patent Law Prof. Roger Ford March 9, 2016 Class 11 Statutory bars: public sale;

Patent Law Prof. Roger Ford March 9, 2016 Class 11 Statutory bars: public sale; third-party activity Recap Recap Introduction to statutory bars Public use/on sale Exercises Todays agenda Todays agenda The on-sale

549 views • 34 slides
Analysis of model equations for stress-enhanced diffusion in coal layers Andro Mikeli c

Analysis of model equations for stress-enhanced diffusion in coal layers Andro Mikeli c

Analysis of model equations for stress-enhanced diffusion in coal layers Andro Mikeli c Andro.Mikelic@univ-lyon1.fr Institut Camille Jordan, UFR Math ematiques Universit e Claude Bernard Lyon 1, Lyon, France Talk at the conference

584 views • 36 slides
Risk Mitigation Virginie Chambost, Frdric Clerc and Paul Stuart May 27, 2015 O BJECTIVES To

Risk Mitigation Virginie Chambost, Frdric Clerc and Paul Stuart May 27, 2015 O BJECTIVES To

Designing Biorefinery Strategies for Phased Implementation and Risk Mitigation Virginie Chambost, Frdric Clerc and Paul Stuart May 27, 2015 O BJECTIVES To present some key factors for success (KFS) for winning business model(s) To present

1.1k views • 20 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
The science of mixtures and separation techniques Rahul Bhambure PhD Scientist, Chemical

The science of mixtures and separation techniques Rahul Bhambure PhD Scientist, Chemical

Mix it up!!! The science of mixtures and separation techniques Rahul Bhambure PhD Scientist, Chemical Engineering & Process Development Division, National Chemical Laboratory, Pune-411008 What are mixtures? Mixtures are the physical

414 views • 22 slides
How How Should Should the the US US Ta Tax Syste System Re Respond to to the the Gr Growing owing

How How Should Should the the US US Ta Tax Syste System Re Respond to to the the Gr Growing owing

How How Should Should the the US US Ta Tax Syste System Re Respond to to the the Gr Growing owing We Wealth Gap: Gap: The Continuing Debate over Wealth Taxes and Other Tax Proposals to Narrow the Gap Between Rich and Poor Moderator/Panelist: Other

214 views • 7 slides
Model and Implementa:on G. Cugola E. Della Valle

Model and Implementa:on G. Cugola E. Della Valle

Stream and Complex Event Processing Uncertainty in CEP Model and Implementa:on G. Cugola E. Della Valle A. Margara

806 views • 68 slides

More recommend