John Nye Returns from DefCon and Black Hat, UEFI and Windows 8 – HGG180

John Nye from http://endisnye.com (https://twitter.com/EndisNye_com) and Christian Johnson (https://twitter.com/TheWizBM) joins Jim (https://twitter.com/jcollison) for show #180 of Home Gadget Geeks brought to you by the Average Guy Network, part of http://thegeeksnetwork.com/ community.

Support the Average Guy Tech Scholarship Fund: https://www.patreon.com/theaverageguy

WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at http://theAverageGuy.tv/subscribe

Join us for the show live each Thursday at 8pmC/9E/1UTC at http://theAverageGuy.tv/live or call in your questions or comments to be played on the show at (402) 478-8450

Listen Mobile:

 

 


Home Server Show Meetup in Indy – Sep 20 – register  – http://homeservershow.com/forums/index.php?/topic/7748-meetup-2014-registration-and-info/

 

DefCon and Black Hat notes for The Average Guy: Home Gadget Geeks Podcast

John Nye – john.r.nye@gmail.com -or- @endisnye_com -or- endisnye.com

Black Hat Archives

https://www.blackhat.com/us-14/archives.html

Defcon Archives, (no 2014 slides yet)

https://www.defcon.org/html/links/dc-archives.html

Black Hat Information and Links

Time Magazine Article about The DarkTangent (a.k.a. Jeff Moss) the founder of Black Hat and Defcon: https://time.com/3103530/defcon-hackers-dark-tangent/

Blackhat Keynote “Cybersecurity as Realpolitik” – http://geer.tinho.net/geer.blackhat.6viii14.txt

Video (https://www.youtube.com/watch?v=nT-TGvYOBpI)

Talks that I saw and wanted to say a few things about:

BadUSB – On Accessories that Turn Evil – USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe – until now.

This talk introduces a new form of malware that operates from controller chips inside USB devices. USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user.

We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.

We then dive into the USB stack and assess where protection from USB malware can and should be anchored.

http://www.androidauthority.com/badusb-hack-412902/

http://www.pcmag.com/article2/0,2817,2461717,00.asp

Extreme Privilege Escalation on Windows 8/UEFI Systems:

The UEFI specification has more tightly coupled the bonds of the operating system and the platform firmware by providing the well-defined "runtime services" interface between the operating system and the firmware.

This interface is more expansive than the interface that existed in the days of conventional BIOS, which has inadvertently increased the attack surface against the platform firmware. Furthermore, Windows 8 has introduced APIs that allow accessing this UEFI interface from a userland process. Vulnerabilities in this interface can potentially allow a userland process to escalate its privileges from "ring 3" all the way up to that of the platform firmware, which includes permanently attaining control of the very-powerful System Management Mode (SMM).

This talk will disclose two of these vulnerabilities that were discovered in the Intel provided UEFI reference implementation, and detail the unusual techniques needed to successfully exploit them.

Whitepaper: https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems-WP.pdf

Slide Deck: https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems.pdf

802.1x and Beyond (HIGHLY Technical)

https://www.youtube.com/watch?v=gDOadcq_fFQ

Abusing Microsoft Kerberos: Sorry You Guys Don’t Get It. (Slide Deck) http://www.slideshare.net/gentilkiwi/abusing-microsoft-kerberos-sorry-you-guys-dont-get-it

Defcon Information and Links

DEFCON Documentary: https://www.youtube.com/watch?v=kbbbOOL6JCM

Defcon has been at the Rio for several years but this is the last year there, Defcon 23 is scheduled to be at the Bally’s/Paris casino and hotel.  It will finally be on the strip.

Defcon 22 Badge Challenge walkthrough, pretty cools stuff: http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough

Badge Interaction over Infrared: https://www.youtube.com/watch?v=63K2S_hhFxk

SOHOplessly Broken: Common Small Office Home Office Router Flaws: http://www.tomsguide.com/us/sohopelessly-broken-router-flaws,news-19328.html

EFF’s Official Posting about this “contest”: https://www.eff.org/deeplinks/2014/07/your-wireless-router-broken-help-us-fix-it-def-con

SOHOplessly Broken Competition Reveals 15 0-Day Flaws, and Cracks Four Routers Wide Open: http://www.decryptedtech.com/news/sohoplessly-broken-competition-reveals-15-0-day-flaws-cracks-four-routers-wide-open

Network World “Hacker Hunts and PWNs WiFi Pineapples With 0-Day at Defcon. http://www.networkworld.com/article/2462478/microsoft-subnet/hacker-hunts-and-pwns-wifi-pineapples-with-0-day-at-def-con.html

Portable Router that conceals your Internet traffic (ARS Article about Defcon Talk)

http://arstechnica.com/information-technology/2014/08/a-portable-router-that-conceals-your-internet-traffic/

Caffeinated Bitstream Blog, Defcon Highlights – http://cafbit.com/entry/highlights_of_defcon_22


Catch all the subscription links at http://theAverageGuy.tv/subscribe

Facebook Group: https://www.facebook.com/groups/theaverageguy/

Jim’s Twitter: http://twitter.com/#!/jcollison

Contact the show at jim@theaverageguy.tv

Find this and other great Podcasts from the Average Guy Network at http://theaverageguy.tv

Some links may contain affiliate codes that benefit the Average Guy Podcast Network.