hacking paris 2014 extreme forensics reloades 2q 2014
play

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro - PowerPoint PPT Presentation

Apr 03, 2023 •198 likes •568 views

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

  1. HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com

  2. INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers - Tech Enthusiasts – a.k.a. Geeks Objectives. Think beyond traditional forensic tools and general landscape of the new challenges

  3. • Evolution of Digital Forensics… – Pc’s.. – Networks – Smartphones – Digital Devices – Cloud… – Next…?

  4. CORPORATE - ECONOMIC ESPIONAGE What is? Industrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security.[1] Economic espionage is conducted or orchestrated by governments and is international in scope, while industrial or corporate espionage is more often national and occurs between companies or corporations. Wikipedia. Corporate Espionage vs Counter Terrorism

  5. Currents USA – CHINA / DOJ / FBI Indict. • • Target.. • Colombia, Andres Sepulveda, Cuba, etc 19 countries, FBI, Rent-a-backdoor Creepware 40USD “Full Equipment” • • Statistics USA –Verizon- , COL, KMPG, • EXECUTIVE Responsibility - NOT I.T.

  6. Expectations… Sometimes you expect this: Web Site www.asoto.com  Email: info@asoto.com

  7. …But you get this.. Web Site www.asoto.com  Email: info@asoto.com

  8. Expectation: Web Site www.asoto.com  Email: info@asoto.com

  9. But you get this… Web Site www.asoto.com  Email: info@asoto.com

  10. Expectation… Web Site www.asoto.com  Email: info@asoto.com

  11. But you get this… Web Site www.asoto.com  Email: info@asoto.com

  12. EXPECTATION..

  13. But you get this…

  14. Sometimes you expect this: Web Site www.asoto.com  Email: info@asoto.com

  15. Get this…

  16. Sometimes you expect this: Web Site www.asoto.com  Email: info@asoto.com

  17. But you get this: Web Site www.asoto.com  Email: info@asoto.com

  18. Sometimes you expect this: Web Site www.asoto.com  Email: info@asoto.com

  19. …But you get this.. Web Site www.asoto.com  Email: info@asoto.com

  20. Lab TOOLS… • Software • Hardware • Specialized tools

  21. Password Protection… http://www.freerainbowtables.com/ …. http://www.freerainbowtables.com/en/tables2/ Others…

  22. Manual Password Recovery

  23. Really Standard process??

  24. • ISO 17025.. And remember the LIMS…..

  25. • Technical Process.. • Administrative Process.. • Legal process… • Integration…

  26. Actual/Future paths for specializations in digital forensics • OS + internals • NOS + internals • Mobile phones/smart phones • Digital devices / appliances • Reverse engineering / malware analysis • App Servers / web 2.0, 3.0 ….. Web Site www.asoto.com  Email: info@asoto.com

  27. New trends/challenges.. new tools required … • Firmware analysis and repair • Mechanical tools for media • Faraday cages • EEPROM / NAND readers • Spectrum analyzers • Mobile multiplexers • Sand boxes • Reverse engineering • Strong SSO auth. • Data mining…. Terabytes waiting for..

  28. ACE / SD / Others.. Web Site www.asoto.com  Email: info@asoto.com

  29. Nude HDD… Web Site www.asoto.com  Email: info@asoto.com

  30. Example of eXtreme The dark side of storage Digital Forensics, beyond • ATA Commands • ATA Factory commands the logical level… • What is the SA? • Firmware Flash ROM • • Heads/Platters • Security Erase, HDD Self destruction? • ATA password Web Site www.asoto.com  Email: info@asoto.com

  31. ATA commands.. Web Site www.asoto.com  Email: info@asoto.com PC3k… SD… Etc…

  32. OSINT • Open-source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source Web Site www.asoto.com  Email: software or public intelligence. info@asoto.com

  33. OSINT Free… Web Site www.asoto.com  Email: info@asoto.com

  34. More boy toys… • http://labs.adobe.com/technologies/swfinvestigator/ • IDA+Olly+Syser+Python+. • http://sourceforge.net/projects/malclassifier.adobe/ • http://aws.amazon.com/free/ • http://corelan.be/ Web Site www.asoto.com  Email: info@asoto.com

  35. Conlusions • teamwork, teamwork, teamwork • research beyond the standard channels • reverse engineering • binary analysis • VM and isolation • avoiding self destruction techniques (Media/Mobile) • hardware hacking… • reaserch, reaserch, reaserch • legal - technical integration local, regional and beyond the borders • concept unification, committee, academy and industry welcome ideas, research join efforts • Web Site www.asoto.com  Email: info@asoto.com

  36. QUESTIONS ? ☺

Recommend

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014 Episode 2 Previous episode: how to obtain a dump Hypothesis Find the code Reverse it Conclusion Memory Dump At that time we

719 views • 15 slides
2014: Extreme territories 2 2015: Extreme territories 3 2016: Extreme territories 4 2018:

2014: Extreme territories 2 2015: Extreme territories 3 2016: Extreme territories 4 2018:

Annual research practicum 2013: Extreme territories 1 2014: Extreme territories 2 2015: Extreme territories 3 2016: Extreme territories 4 2018: Energetics of urbanization 2019: Agro-industrial transformations the city Rem

413 views • 37 slides
Tracking (and Hacking) My Glucose 2014 Quantified Self Europe Conference May 10, 2014 May 10,

Tracking (and Hacking) My Glucose 2014 Quantified Self Europe Conference May 10, 2014 May 10,

Tracking (and Hacking) My Glucose 2014 Quantified Self Europe Conference May 10, 2014 May 10, 2014 Bob Troia @QuantifiedBob www.quantifiedbob.com Fasting Plasma Glucose Guidelines American Diabetes Association: 70 130(!) mg/dL (3.9-5.6

384 views • 25 slides
SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by: Francis Brown Bishop Fox, LLC www.bishopfox.com Agenda O V E R V I E W Introd oduction on/B /Bac ackgr grou ound Target eting ng S

892 views • 64 slides
Extreme value statistics of correlated random variables Lectures by Satya N. Majumdar 1 and Notes

Extreme value statistics of correlated random variables Lectures by Satya N. Majumdar 1 and Notes

Extreme value statistics of correlated random variables Lectures by Satya N. Majumdar 1 and Notes by Arnab Pal 2 1 CNRS, LPTMS, Orsay, Paris Sud 2 Raman Research Institute, India (Dated: June 20, 2014) Extreme value statistics (EVS) concerns the

321 views • 14 slides
9M 2014 6 th November 2014 B&B Porte des Lilas - Paris Successful reinvestments New Vlizy

9M 2014 6 th November 2014 B&B Porte des Lilas - Paris Successful reinvestments New Vlizy

9M 2014 6 th November 2014 B&B Porte des Lilas - Paris Successful reinvestments New Vlizy - Vlizy Liebenwalder Strasse - Berlin 1- Market update 2- Operating performances 3- Revenues 9 months 2014 4- Key takeaways New Vlizy -

217 views • 19 slides
Getting started with MediaWiki hacking Mark Holmquist Wikimedia Foundation 2014-03-22 Mark

Getting started with MediaWiki hacking Mark Holmquist Wikimedia Foundation 2014-03-22 Mark

Getting started with MediaWiki hacking Mark Holmquist Wikimedia Foundation 2014-03-22 Mark Holmquist Getting started with MediaWiki hacking Intent of this presentation I set out to give you a comprehensive introduction to MediaWiki. While I

380 views • 20 slides
Extreme Environmental Extreme Environmental People Skills: An Introduction to Participatory

Extreme Environmental Extreme Environmental People Skills: An Introduction to Participatory

Extreme Environmental Extreme Environmental People Skills: An Introduction to Participatory Approaches to Natural Resource Dispute Resolution 28 th Annual Environmental Permitting Summer School July 23-25, 2014 Instructors Kevin S. Hennessy,

987 views • 26 slides
WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA

WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA

WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA Gold, GCIH, GREM, CCE Blog: lylcdigitalforensics.blogspot.com Twitter: @_VincentLo_ CONTENT What is ShellBag? ShellBag Structure ShellBag

1.03k views • 51 slides
27/05/2014 1 27/05/2014 2 27/05/2014 3 27/05/2014 4 27/05/2014 Pr Progr ogram Descr

27/05/2014 1 27/05/2014 2 27/05/2014 3 27/05/2014 4 27/05/2014 Pr Progr ogram Descr

27/05/2014 1 27/05/2014 2 27/05/2014 3 27/05/2014 4 27/05/2014 Pr Progr ogram Descr cript iption on Calculator Cal Performs basic mathematical functions such as addition, subtraction, multiplication, division. Also includes

854 views • 17 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Morris Extreme Weather Project June 12-14, 2014 Abdullah A. Jaradat USDA-ARS, Morris, MN

Morris Extreme Weather Project June 12-14, 2014 Abdullah A. Jaradat USDA-ARS, Morris, MN

Morris Extreme Weather Project June 12-14, 2014 Abdullah A. Jaradat USDA-ARS, Morris, MN Agricultural Agricultural Research Research 6/12-14/2014 MORRIS EXTREME WEATHER PROJECT 1 Service Service Mission Enhance productive conservation

806 views • 34 slides
System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014

System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014

System description: Isabelle/jEdit in 2014 Makarius Wenzel Univ. Paris-Sud, LRI July 2014 Project Paral-ITP ANR-11-INSE-001 Introduction Building blocks jEdit: sophisticated text editor implemented in Java http://www.jedit.org Scala:

474 views • 21 slides
EXTREME POVERTY ERADICATION IN THE LDCs AND THE POST-2015 DEVELOPMENT AGENDA For presentation at

EXTREME POVERTY ERADICATION IN THE LDCs AND THE POST-2015 DEVELOPMENT AGENDA For presentation at

EXTREME POVERTY ERADICATION IN THE LDCs AND THE POST-2015 DEVELOPMENT AGENDA For presentation at the Special Event Launch of the OHRLLS Flagship Report State of the Least Developed Countries 2014 Thursday, 23 October 2014, UN

340 views • 18 slides
Silent Wire Hacking Hack In Paris 2018 erwan.broquaire@cerema.fr pierre-yves.tanniou@cerema.fr

Silent Wire Hacking Hack In Paris 2018 erwan.broquaire@cerema.fr pierre-yves.tanniou@cerema.fr

Silent Wire Hacking Hack In Paris 2018 erwan.broquaire@cerema.fr pierre-yves.tanniou@cerema.fr Hack In Paris - 2018 Direction territoriale Sud Ouest Silent wire hacking ? You know about TCP hijacking, 802.1x bypass techniques

466 views • 42 slides
Extreme value statistics Density of near-extreme events Sanjib Sabhapandit Laboratoire de

Extreme value statistics Density of near-extreme events Sanjib Sabhapandit Laboratoire de

Extreme value statistics Density of near-extreme events Sanjib Sabhapandit Laboratoire de Physique Th eorique et Mod` eles Statistiques CNRS UMR 8626 Universit e Paris-Sud 91405 Orsay cedex, France Collaborator Ref. Phys. Rev. Lett.

1.01k views • 86 slides
Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu Open-Source Digital Forensics Conference 2014 This work is sponsored by the Assistant Secretary of Defense for Research and Engineering under Air

800 views • 50 slides
EU Access to Finance Day Paris, 23 May 2014 European Investment Bank Group 06/06/2014 European

EU Access to Finance Day Paris, 23 May 2014 European Investment Bank Group 06/06/2014 European

EU Access to Finance Day Paris, 23 May 2014 European Investment Bank Group 06/06/2014 European Investment Bank Group 1 EIB activities for SMEs: Past achievements and future products Structure of presentation 0. Overview of EIB Group

389 views • 21 slides
Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Hacking of smart TV with 0-day Hack in paris 2017 Security Analysis aNd Evaluation(SANE) Lab.

Hacking of smart TV with 0-day Hack in paris 2017 Security Analysis aNd Evaluation(SANE) Lab.

Are you watching TV now? Is it real?: Hacking of smart TV with 0-day Hack in paris 2017 Security Analysis aNd Evaluation(SANE) Lab. Jongho Lee, Mingeun Kim*, Seungjoo Kim** hellsonic@korea.ac.kr, pr0v3rbs@kaist.ac.kr, skim71@korea.ac.kr CIST

521 views • 51 slides
Capital in the 21 st century Thomas Piketty Paris School of Economics LSE, June 16 2014 This

Capital in the 21 st century Thomas Piketty Paris School of Economics LSE, June 16 2014 This

Capital in the 21 st century Thomas Piketty Paris School of Economics LSE, June 16 2014 This presentation is based upon Capital in the 21 st century (Harvard University Press March 2014) This book studies the global dynamics of income

733 views • 56 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
FLOODING AND OTHER EXTREME WEATHER EVENTS January 6, 2014 1 Licensing SAFETY Research

FLOODING AND OTHER EXTREME WEATHER EVENTS January 6, 2014 1 Licensing SAFETY Research

FLOODING AND OTHER EXTREME WEATHER EVENTS January 6, 2014 1 Licensing SAFETY Research Oversight 2 Flooding and Severe Storms Lessons Learned George Wilson, Flooding Lead Japan Lessons Learned Directorate Office of Nuclear Reactor

742 views • 27 slides
HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer

HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer

HACKING THE POWER GRID: WHY WE SHOULD ALL BE CONCERNED ABOUT IOT SECURITY Presented by Computer Forensics & Cyber Security Expert: Lee Neubecker, CISSP https://greatlakesforensics.com My Blog: https://leeneubecker.com About Lee

427 views • 32 slides

More recommend