iot in 2016 a serious overview of iot today and a
play

IoT in 2016 : a serious overview of IoT today and a technical - PowerPoint PPT Presentation

May 01, 2023 •283 likes •819 views

IoT in 2016 : a serious overview of IoT today and a technical preview of HoneyVNC By Yonathan Klijnsma Yonathan Klijnsma Senior Threat Intelligence Analyst Perform threat intelligence analysis at keeping track of

  1. IoT in 2016 : a serious overview of IoT today and a technical preview of HoneyVNC By Yonathan Klijnsma

  2. Yonathan Klijnsma Senior Threat Intelligence Analyst Perform threat intelligence analysis at keeping track of current events and work on new upcoming threats. I do my part in: @ydklijnsma • Malware analysis (reverse engineering) github.com/0x3a • Network Forensics blog.0x3a.com • Programming Besides $DAYJOB I like to ‘ play around ’ with security related things. This varies from malware analysis to random programming projects ending in POC status 99% of the time. I occasionally write about my fi ndings on my blog. 2 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  3. FIRST TC Amsterdam 2015 3 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  4. FIRST TC Amsterdam 2015 4 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  5. It was getting pretty bad back then right?…. We were the firemen taking pictures with the small fires just smiling and laughing. 5 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  6. Did it get better? 6 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  7. No.. 7 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  8. No…. no really 8 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  9. Its currently even worse… 9 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  10. It doesn’t seem to get better… 10 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  11. Security Camera “IoT” 11 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  12. Security Camera “IoT” 12 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  13. Internet of Things Conference 13 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  14. Everything is being invented again 14 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  15. Everything is being invented again - They have Wifi - They have telnet - Nobody added authentication - There is actually a CVE for not having authentication - WHAT. 15 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  16. They aren’t getting it, hackers are having fun. 16 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  17. Besides ancient industrial devices we see new ‘toys’ 17 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  18. Besides ancient industrial devices we see new ‘toys’ 18 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  19. German 'Sonnenbatterie' solar-cell power storage systems 19 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  20. Boats… 20 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  21. We can fi nd criminals(!?) on VNC…. 21 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  22. Maldives fi shes! :D 22 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  23. Cardiac imaging on Shodan…. 23 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  24. Fingerprints…. 24 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  25. Swatting 2.0…. 25 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  26. Medical devices 26 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  27. Some notes on publishing these screenshots. Some people complain to Dan, Shodan or Me about some of the screenshots. Let me explain some of the data I published in talks or Twitter: - The severe items (f.e medical devices or power control) are already fixed - Some of the data I post on Twitter is in fact more than a year old, because it took a long time to fix - There is tons more than I actually publish or Tweet, its too problematic to expose or contains way too sensitive data 27 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  28. Some notes on publishing these screenshots. I usually cooperate with ICS-CERT or direct vendors / organisations for the things I find that are serious. I used to send out bulk data but it was quite unworkable for most so I filter out most of the data before sending it. I do this in my spare time. 28 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  29. Lets look at some statistics for VNC I decided to scan the globe (with some Shodan help) for the RFB protocol header. It came back with 335K~ results, of those there are 8K~ which use no authentication. The numbers are higher than my last talk, due to better scan results and actually more devices coming online! 29 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  30. Lets look at some statistics for VNC RFB 002.000 RFB 003.002 RFB 003.003 RFB 003.004 RFB 003.005 RFB 003.006 RFB 003.007 RFB 003.008 RFB 003.010 These should not exist?! RFB 003.016 RFB 003.033 RFB 003.039 RFB 003.043 RFB 003.130 RFB 003.236 RFB 003.889 RFB 004.000 RFB 004.001 RFB 005.000 RFB 009.123 RFB 009.221 RFB 009.963 RFB 103.006 0 40000 80000 120000 160000 30 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  31. Lets look at some statistics for VNC RFB 002.000 RFB 003.002 RFB 003.003 RFB 003.004 RFB 003.005 RFB 003.006 RFB 003.007 RFB 003.008 RFB 003.010 RFB 003.016 RFB 003.033 RFB 003.039 RFB 003.043 RFB 003.130 RFB 003.236 Apple remote desktop RFB 003.889 RealVNC Personal RFB 004.000 RealVNC Enterprise RFB 004.001 ? RFB 005.000 RFB 009.123 RFB 009.221 RFB 009.963 RFB 103.006 0 40000 80000 120000 160000 31 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  32. images.shodan.io 32 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  33. images.shodan.io - RDP 33 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  34. images.shodan.io - RDP 34 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  35. images.shodan.io - RDP 35 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  36. images.shodan.io - RDP 36 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  37. HoneyVNC With all of the scans I do I couldn’t find any proper honeypot that would allow actual interaction. Most of the half-working honeypots support the authentication step but thats about it, no visual data or anything. I decided to make one, because I like VNC and was wondering who was also poking these devices besides Dan, Shodan and Me. 37 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  38. HoneyVNC I implemented a ‘full interaction’ VNC honeypot I’ve named ‘HoneyVNC’. It is still under development but currently features: - Password authentication on/off (allows you to see brute force attempts) - Visuals (Actual screen data is being send over to give the impression of a real device on the other end) - Input can be used to browse around the fake virtual appliance behind the VNC server. - Sessions are logged for every time a successfully negotiated connection is seen. Everything is logged with a replay-able timestamped file format (mouse and keyboard) 38 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  39. HoneyVNC There are items I’m still working on to incorporate properly: - A web application to replay the session logfiles with actual visual representation of what happened in a session. - Virtual environment design: A honeypot owner can design its own virtual appliance behind the honeypot. 39 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  40. HoneyVNC - Virtual appliances 40 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  41. HoneyVNC Why not run an actual VNC server: - Annoying to setup and secure properly, you have to think about all the routes the attacker could go - HoneyVNC is just a consolidated Python program, there’s no jail to break out of because it doesn’t have one - Its Python, runs pretty much anywhere which makes HoneyVNC very portable 41 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  42. HoneyVNC - Findings I ran a basic version (you could login and get a random screen with uninitialised memory) for about 3 months on a couple different environments. I had some interesting (unexpected) results. 42 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  43. HoneyVNC - Findings - Targeted scanning - Scans that hit my residential uplinks didn’t pass by at data center - Known webhosting ranges were not scanned 43 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief

DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief

CS 498RK FALL 2016 DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief overview of important tools MP 1 was released yesterday. http://uiuc-web-programming.github.io/sp2016/MP-1/ MP 1 Setup

203 views • 17 slides
CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1

CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1

NAMS- DI presents 1 CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1 2 3 4 5 WHO WE ARE FEES PROGRAM TEAM QUESTIONS OVERVIEW CHALLENGES ORGANIZING A INSTANT TEAM, CHALLENGES

607 views • 37 slides
1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016

1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016

1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016 Financial Year Outlook Conclusions Attractive, geographically diverse asset base Today, Abertis is the world leader in infrastructure management, with

753 views • 44 slides
Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today

Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today

Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today Sector Software-as-a-Service Customers All companies with online sites and apps Revenues NOK 200 million annualized and growing

538 views • 31 slides
2016 Prospective Candidates Information What are we doing today Northland Regional Council

2016 Prospective Candidates Information What are we doing today Northland Regional Council

2016 Prospective Candidates Information What are we doing today Northland Regional Council overview - Malcolm Nicolson, Chief Executive NRC Kaipara District Council overview - Graham Sibery, Chief Executive KDC The electoral

1.13k views • 55 slides
CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today

CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today

CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today Administrative stuff Course motivation and goals A Java example Course overview Course pitfalls Start Caml tutorial (see separate

314 views • 19 slides
revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01

revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01

revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01 30 Boscobel Chamber Presentation 200.pptx Presentation Overview 1. A current model for community development and economic development 2. Tourism as

855 views • 19 slides
Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program?

Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program?

Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program? Meet Karel the Robot Who's Here Today? Aeronautical Engineering Drama Materials Science Anthropology Earth Systems Mathematics

1.02k views • 72 slides
Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview

Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview

Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview of Parramatta today Existing Building Stock Existing Building Stock % % of CBD office buildings by age Existing Building Stock 49% 20 30 years

351 views • 21 slides
Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights,

Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights,

Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights, Segment Results and Financial Overview Ted Torbeck, Chief Executive Officer Question & Answer 2 Safe Harbor This presentation and the documents

380 views • 24 slides
2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today concerning future company performance will be forward-looking information within the meanings of the securities laws. Actual results may materially

250 views • 11 slides
Plan for today Topic overview: What does the visual recognition problem entail? Why

Plan for today Topic overview: What does the visual recognition problem entail? Why

9/6/2012 Visual Recognition Kristen Grauman Dept of Computer Science Plan for today Topic overview: What does the visual recognition problem entail? Why are these hard problems? What works today? Course overview:

799 views • 33 slides
INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today

INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today

INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today Agenda Interlink Communication Business Overview Q2 2016 Operating Summary 5 Years Aspiration and Plan THE INTERLINK GROUP THE

560 views • 45 slides
Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI

Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI

Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI 370: Intro to Computer Vision Honors section will meet today at 4pm Image processing [ quantization, color maps, image enhancement ]

457 views • 10 slides
OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A

OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A

OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A NAV, dividends, total return Investments made during year Highlights VCT1-4 AGMs and Q&A Investee presentations: Plasma

492 views • 18 slides
Memory Management Summer 2016 Cornell University Today Overview of memory The role of

Memory Management Summer 2016 Cornell University Today Overview of memory The role of

CS 4410 Operating Systems Memory Management Summer 2016 Cornell University Today Overview of memory The role of operating systems in memory management. 2 Program Process For a program to become process, and be executed on CPU,

198 views • 15 slides
2 Pressure What is pressure? Pressure is the amount of force applied to an area. it is the

2 Pressure What is pressure? Pressure is the amount of force applied to an area. it is the

Gases: Chapter 9 Characteristics: Unlike liquids and solids, they: have large spaces between the gas molecules not tightly packed expand to fill the container take the shape of the container diffuse into one another and mix

1.17k views • 55 slides
To Boldly Go Yuris Night::World Space Party Two roads diverged in a wood...

To Boldly Go Yuris Night::World Space Party Two roads diverged in a wood...

To Boldly Go Yuris Night::World Space Party Two roads diverged in a wood... Non-Profits::Working at X PRIZE Small Start Ups::Zero Gravity Corporation [ Blogged for Wired Science ] Covered space exploration Every day 500-50,000

225 views • 18 slides
A person of interest . " About 2am 9th (the morning of the murder) I was coming by Thrawl

A person of interest . " About 2am 9th (the morning of the murder) I was coming by Thrawl

A person of interest . " About 2am 9th (the morning of the murder) I was coming by Thrawl Street Commercial Street and just before I got to Flower and Dean Street I met the murdered woman Kelly and she said to me 'Hutchinson will you lend me

452 views • 17 slides
Office Brochures D Your office brochure lets you communicate with your existing patients. You

Office Brochures D Your office brochure lets you communicate with your existing patients. You

T The Wealthy Dentist W D Do-It-Yourself Office Brochure Presented by Julie Frey TheWealthyDentist.com is a division of Du Molin & Du Molin Inc. T W Office Brochures D Your office brochure lets you communicate with your

417 views • 15 slides
PART ONE My Objectives 1. Acknowledge that citizens video taping us make many of us upset. 2.

PART ONE My Objectives 1. Acknowledge that citizens video taping us make many of us upset. 2.

Presentation Description Cameras, Citizen Reports, Social Media and Emergency Services Cameras, Citizen Reports, Social Media and Emergency Services Social media is everywhere, and everyone is a reporter. Camera phones Presented by Jeff

355 views • 19 slides
Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

An Investigation into the Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F U N I V E R S I T Y Outline 2 Overview of Systemic Functional Linguistics (Halliday 1994) and the Behavioural

618 views • 29 slides
Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of

Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of

Mapping Medical Records of Gas trectomy Patients to SNOMED C T Hyeoun-Ae Park College of Nursing, Seoul National University Seoul, Korea Background Electronic medical records (EMR) improves the ac cessibility of medical information and

252 views • 13 slides
Medical Indemnity Forum 24 th August Issues and Trends in Risk Management Heather Martin Risk

Medical Indemnity Forum 24 th August Issues and Trends in Risk Management Heather Martin Risk

Medical Indemnity Forum 24 th August Issues and Trends in Risk Management Heather Martin Risk Manager MDA National Dr Paul Nisselle AM General Manager, Clinical Risk Management The Avant Mutual Group Medical Indemnity Forum 24 th August

369 views • 14 slides

More recommend