iot in 2016 a serious overview of iot today and a
play

IoT in 2016 : a serious overview of IoT today and a technical - PowerPoint PPT Presentation

May 01, 2023 •283 likes •819 views

IoT in 2016 : a serious overview of IoT today and a technical preview of HoneyVNC By Yonathan Klijnsma Yonathan Klijnsma Senior Threat Intelligence Analyst Perform threat intelligence analysis at keeping track of

  1. IoT in 2016 : a serious overview of IoT today and a technical preview of HoneyVNC By Yonathan Klijnsma

  2. Yonathan Klijnsma Senior Threat Intelligence Analyst Perform threat intelligence analysis at keeping track of current events and work on new upcoming threats. I do my part in: @ydklijnsma • Malware analysis (reverse engineering) github.com/0x3a • Network Forensics blog.0x3a.com • Programming Besides $DAYJOB I like to ‘ play around ’ with security related things. This varies from malware analysis to random programming projects ending in POC status 99% of the time. I occasionally write about my fi ndings on my blog. 2 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  3. FIRST TC Amsterdam 2015 3 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  4. FIRST TC Amsterdam 2015 4 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  5. It was getting pretty bad back then right?…. We were the firemen taking pictures with the small fires just smiling and laughing. 5 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  6. Did it get better? 6 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  7. No.. 7 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  8. No…. no really 8 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  9. Its currently even worse… 9 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  10. It doesn’t seem to get better… 10 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  11. Security Camera “IoT” 11 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  12. Security Camera “IoT” 12 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  13. Internet of Things Conference 13 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  14. Everything is being invented again 14 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  15. Everything is being invented again - They have Wifi - They have telnet - Nobody added authentication - There is actually a CVE for not having authentication - WHAT. 15 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  16. They aren’t getting it, hackers are having fun. 16 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  17. Besides ancient industrial devices we see new ‘toys’ 17 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  18. Besides ancient industrial devices we see new ‘toys’ 18 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  19. German 'Sonnenbatterie' solar-cell power storage systems 19 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  20. Boats… 20 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  21. We can fi nd criminals(!?) on VNC…. 21 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  22. Maldives fi shes! :D 22 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  23. Cardiac imaging on Shodan…. 23 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  24. Fingerprints…. 24 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  25. Swatting 2.0…. 25 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  26. Medical devices 26 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  27. Some notes on publishing these screenshots. Some people complain to Dan, Shodan or Me about some of the screenshots. Let me explain some of the data I published in talks or Twitter: - The severe items (f.e medical devices or power control) are already fixed - Some of the data I post on Twitter is in fact more than a year old, because it took a long time to fix - There is tons more than I actually publish or Tweet, its too problematic to expose or contains way too sensitive data 27 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  28. Some notes on publishing these screenshots. I usually cooperate with ICS-CERT or direct vendors / organisations for the things I find that are serious. I used to send out bulk data but it was quite unworkable for most so I filter out most of the data before sending it. I do this in my spare time. 28 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  29. Lets look at some statistics for VNC I decided to scan the globe (with some Shodan help) for the RFB protocol header. It came back with 335K~ results, of those there are 8K~ which use no authentication. The numbers are higher than my last talk, due to better scan results and actually more devices coming online! 29 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  30. Lets look at some statistics for VNC RFB 002.000 RFB 003.002 RFB 003.003 RFB 003.004 RFB 003.005 RFB 003.006 RFB 003.007 RFB 003.008 RFB 003.010 These should not exist?! RFB 003.016 RFB 003.033 RFB 003.039 RFB 003.043 RFB 003.130 RFB 003.236 RFB 003.889 RFB 004.000 RFB 004.001 RFB 005.000 RFB 009.123 RFB 009.221 RFB 009.963 RFB 103.006 0 40000 80000 120000 160000 30 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  31. Lets look at some statistics for VNC RFB 002.000 RFB 003.002 RFB 003.003 RFB 003.004 RFB 003.005 RFB 003.006 RFB 003.007 RFB 003.008 RFB 003.010 RFB 003.016 RFB 003.033 RFB 003.039 RFB 003.043 RFB 003.130 RFB 003.236 Apple remote desktop RFB 003.889 RealVNC Personal RFB 004.000 RealVNC Enterprise RFB 004.001 ? RFB 005.000 RFB 009.123 RFB 009.221 RFB 009.963 RFB 103.006 0 40000 80000 120000 160000 31 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  32. images.shodan.io 32 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  33. images.shodan.io - RDP 33 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  34. images.shodan.io - RDP 34 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  35. images.shodan.io - RDP 35 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  36. images.shodan.io - RDP 36 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  37. HoneyVNC With all of the scans I do I couldn’t find any proper honeypot that would allow actual interaction. Most of the half-working honeypots support the authentication step but thats about it, no visual data or anything. I decided to make one, because I like VNC and was wondering who was also poking these devices besides Dan, Shodan and Me. 37 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  38. HoneyVNC I implemented a ‘full interaction’ VNC honeypot I’ve named ‘HoneyVNC’. It is still under development but currently features: - Password authentication on/off (allows you to see brute force attempts) - Visuals (Actual screen data is being send over to give the impression of a real device on the other end) - Input can be used to browse around the fake virtual appliance behind the VNC server. - Sessions are logged for every time a successfully negotiated connection is seen. Everything is logged with a replay-able timestamped file format (mouse and keyboard) 38 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  39. HoneyVNC There are items I’m still working on to incorporate properly: - A web application to replay the session logfiles with actual visual representation of what happened in a session. - Virtual environment design: A honeypot owner can design its own virtual appliance behind the honeypot. 39 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  40. HoneyVNC - Virtual appliances 40 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  41. HoneyVNC Why not run an actual VNC server: - Annoying to setup and secure properly, you have to think about all the routes the attacker could go - HoneyVNC is just a consolidated Python program, there’s no jail to break out of because it doesn’t have one - Its Python, runs pretty much anywhere which makes HoneyVNC very portable 41 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  42. HoneyVNC - Findings I ran a basic version (you could login and get a random screen with uninitialised memory) for about 3 months on a couple different environments. I had some interesting (unexpected) results. 42 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

  43. HoneyVNC - Findings - Targeted scanning - Scans that hit my residential uplinks didn’t pass by at data center - Known webhosting ranges were not scanned 43 IoT in 2016 : a serious overview of today and a technical preview of HoneyVNC

Recommend

DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief

DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief

CS 498RK FALL 2016 DEV LAB 1 TODAY MP1 Overview Setting up a development environment Setting up a server Brief overview of important tools MP 1 was released yesterday. http://uiuc-web-programming.github.io/sp2016/MP-1/ MP 1 Setup

203 views • 17 slides
CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1

CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1

NAMS- DI presents 1 CHALLENGE PROGRAM 2016-17 SEASON / ORGANIZING A TEAM TODAY 2 Agenda WHAT WE WILL SEE TODAY 1 2 3 4 5 WHO WE ARE FEES PROGRAM TEAM QUESTIONS OVERVIEW CHALLENGES ORGANIZING A INSTANT TEAM, CHALLENGES

607 views • 37 slides
1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016

1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016

1. Abertis today 2. 2016 Financial Year 3. Outlook 4. Conclusions Abertis today 2016 Financial Year Outlook Conclusions Attractive, geographically diverse asset base Today, Abertis is the world leader in infrastructure management, with

753 views • 44 slides
Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today

Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today

Q2 2016 results 26 August 2016 CXENSE 2016 | Q2 2016 results www.cxense.com CXENSE:OSE today Sector Software-as-a-Service Customers All companies with online sites and apps Revenues NOK 200 million annualized and growing

538 views • 31 slides
2016 Prospective Candidates Information What are we doing today Northland Regional Council

2016 Prospective Candidates Information What are we doing today Northland Regional Council

2016 Prospective Candidates Information What are we doing today Northland Regional Council overview - Malcolm Nicolson, Chief Executive NRC Kaipara District Council overview - Graham Sibery, Chief Executive KDC The electoral

1.13k views • 55 slides
CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today

CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today

CSE-505: Programming Languages Lecture 1 Course Introduction Zach Tatlock 2016 Today Administrative stuff Course motivation and goals A Java example Course overview Course pitfalls Start Caml tutorial (see separate

314 views • 19 slides
revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01

revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01

revitalizing community today Boscobel Chamber of CommerceWinter 2016 ONEDRIVE:: 2016 01 30 Boscobel Chamber Presentation 200.pptx Presentation Overview 1. A current model for community development and economic development 2. Tourism as

855 views • 19 slides
Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program?

Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program?

Welcome to CS106A! Four Handouts Today: Course Overview Why Learn to Program? Meet Karel the Robot Who's Here Today? Aeronautical Engineering Drama Materials Science Anthropology Earth Systems Mathematics

1.02k views • 72 slides
Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview

Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview

Matt Fisher EUA Coordinator Overview of Parramatta today Overview of Parramatta today Overview of Parramatta today Existing Building Stock Existing Building Stock % % of CBD office buildings by age Existing Building Stock 49% 20 30 years

351 views • 21 slides
Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights,

Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights,

Cincinnati Bell Fourth Quarter 2016 Results February 15, 2017 Today's Agenda Highlights, Segment Results and Financial Overview Ted Torbeck, Chief Executive Officer Question & Answer 2 Safe Harbor This presentation and the documents

380 views • 24 slides
2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today concerning future company performance will be forward-looking information within the meanings of the securities laws. Actual results may materially

250 views • 11 slides
Plan for today Topic overview: What does the visual recognition problem entail? Why

Plan for today Topic overview: What does the visual recognition problem entail? Why

9/6/2012 Visual Recognition Kristen Grauman Dept of Computer Science Plan for today Topic overview: What does the visual recognition problem entail? Why are these hard problems? What works today? Course overview:

799 views • 33 slides
INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today

INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today

INTERLINK COMMUNICATION PUBLIC COMPANY LIMITED 15 August 2016 THE INTERLINK GROUP Agenda Today Agenda Interlink Communication Business Overview Q2 2016 Operating Summary 5 Years Aspiration and Plan THE INTERLINK GROUP THE

560 views • 45 slides
Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI

Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI

Overview Announcements: Homework 1 due today Homework 2 will be posted soon CMPSCI 370: Intro to Computer Vision Honors section will meet today at 4pm Image processing [ quantization, color maps, image enhancement ]

457 views • 10 slides
OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A

OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A

OTVCTs 2016 AGM overview 11am Welcome and Agenda for day OTVCTs 2016 overview and Q&A NAV, dividends, total return Investments made during year Highlights VCT1-4 AGMs and Q&A Investee presentations: Plasma

492 views • 18 slides
Memory Management Summer 2016 Cornell University Today Overview of memory The role of

Memory Management Summer 2016 Cornell University Today Overview of memory The role of

CS 4410 Operating Systems Memory Management Summer 2016 Cornell University Today Overview of memory The role of operating systems in memory management. 2 Program Process For a program to become process, and be executed on CPU,

198 views • 15 slides
Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today Segues

Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today Segues

Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today Segues Modal Unwind Popover Embed Where am I? Core Location MapKit Trax Demo (time permitting) Showing a Map Putting waypoints on the Map Segueing

1.32k views • 79 slides
ORSANCO Fiscal Year 2017 Budget Presentation April 26, 2016 1 What Will Be Presented Today

ORSANCO Fiscal Year 2017 Budget Presentation April 26, 2016 1 What Will Be Presented Today

ORSANCO Fiscal Year 2017 Budget Presentation April 26, 2016 1 What Will Be Presented Today Presentation Overview Status of Recommendations from April 2015 P&F Committee Meeting (Agenda #4) Review Budget Process (Agenda #5)

1.48k views • 79 slides
Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today MVC

Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today MVC

Stanford CS193p Developing Applications for iOS Spring 2016 CS193p Spring 2016 Today MVC Object-Oriented Design Pattern Continuation of Calculator Demo Computed Properties, MVC, Laying out the UI to work with different devices CS193p Spring

524 views • 34 slides
Input Methodologies Review Overview of decisions analyst briefing 20 December 2016 Sue Begg,

Input Methodologies Review Overview of decisions analyst briefing 20 December 2016 Sue Begg,

2664538 Input Methodologies Review Overview of decisions analyst briefing 20 December 2016 Sue Begg, Deputy Chair Overview of presentation Today we released our decisions on the IM review This presentation covers: Framework Key

585 views • 27 slides
Overview Last time we studied the evolution of a discrete linear dynamical system, and today we

Overview Last time we studied the evolution of a discrete linear dynamical system, and today we

Overview Last time we studied the evolution of a discrete linear dynamical system, and today we begin the final topic of the course (loosely speaking). Today well recall the definition and properties of the dot product. In the next two weeks

537 views • 37 slides
Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload and grading Computer Programming II Resources Welcome! This information is largely included in todays handouts, Course Overview and

288 views • 7 slides
Q1 2016 results 12 May 2016 CXENSE:OSE today Sector Software-as-a-Service Value prop.

Q1 2016 results 12 May 2016 CXENSE:OSE today Sector Software-as-a-Service Value prop.

Q1 2016 results 12 May 2016 CXENSE:OSE today Sector Software-as-a-Service Value prop. Personalization of internet sites and apps Customers All companies with online sites and apps NOK 200 million annualized and growing Revenues

698 views • 32 slides
R I S K M A N A G E M E N T D I S C U S S I O N October 2016 Markets Today: Considerations for

R I S K M A N A G E M E N T D I S C U S S I O N October 2016 Markets Today: Considerations for

R I S K M A N A G E M E N T D I S C U S S I O N October 2016 Markets Today: Considerations for Public Sector Entities Markets have changed significantly over the last decade, specially after the 2008 crisis. Regulators around the world have

85 views • 7 slides

More recommend