filmov
tv
DEF CON 21 - Panel - Do It Yourself Cellular IDS
Показать описание
Do-It-Yourself Cellular IDS
SHERRI DAVIDOFF LMG SECURITY
SCOTT FRETHEIM LMG SECURITY
DAVID HARRISON LMG SECURITY
RANDI PRICE LMG SECURITY
For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system.
We leveraged commercial Home Node-Bs ("femtocells") to create a 3G cellular network sniffer without needing to reimplement the UMTS or CDMA2000 protocol stacks. Inside a Faraday cage, we connected smartphones to modified femtocells running Linux distributions and redirected traffic to a Snort instance. Then we captured traffic from infected phones and showed how Snort was able to detect and alert upon malicious traffic. We also wrote our own CDMA protocol dissector in order to better analyze CDMA traffic.
The goal of this project was to develop a low-cost proof-of-concept method for capturing and analyzing cellular traffic using locally-deployed femtocells, which any security professional can build.
Scott Fretheim is an expert penetration tester and risk assessment consultant. His clients include Fortune 500 companies, financial institutions, insurance companies, health care organizations, and more. He is a GIAC Certified Web Application Penetration Tester (GWAPT) and is trained in smart grid and SCADA security. He is a founding member of the Montana HTCIA, and holds his B.S. in Management of Information Systems. Scott is an instructor at Black Hat.
David Harrison specializes in digital and mobile device forensics as well as information security research. He is a principal author of the DEFCON 2012 Network Forensics Contest. David holds a A.S. in Computer Science from FVCC and is pursuing a B.S. in Software Design from Western Governor's University.
Randi Price is a security consultant at LMG Security. She specializes in policy and procedure review and development, including ISO 27001 assessments and HIPAA risk analyses. Randi provides security management consulting for large enterprises such as financial and health care organizations. She is a certified digital forensic examiner and holds her GIAC forensic certification (GCFE). Randi holds two BS degrees in Management of Information Systems and Accounting from the University of Montana.
SHERRI DAVIDOFF LMG SECURITY
SCOTT FRETHEIM LMG SECURITY
DAVID HARRISON LMG SECURITY
RANDI PRICE LMG SECURITY
For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system.
We leveraged commercial Home Node-Bs ("femtocells") to create a 3G cellular network sniffer without needing to reimplement the UMTS or CDMA2000 protocol stacks. Inside a Faraday cage, we connected smartphones to modified femtocells running Linux distributions and redirected traffic to a Snort instance. Then we captured traffic from infected phones and showed how Snort was able to detect and alert upon malicious traffic. We also wrote our own CDMA protocol dissector in order to better analyze CDMA traffic.
The goal of this project was to develop a low-cost proof-of-concept method for capturing and analyzing cellular traffic using locally-deployed femtocells, which any security professional can build.
Scott Fretheim is an expert penetration tester and risk assessment consultant. His clients include Fortune 500 companies, financial institutions, insurance companies, health care organizations, and more. He is a GIAC Certified Web Application Penetration Tester (GWAPT) and is trained in smart grid and SCADA security. He is a founding member of the Montana HTCIA, and holds his B.S. in Management of Information Systems. Scott is an instructor at Black Hat.
David Harrison specializes in digital and mobile device forensics as well as information security research. He is a principal author of the DEFCON 2012 Network Forensics Contest. David holds a A.S. in Computer Science from FVCC and is pursuing a B.S. in Software Design from Western Governor's University.
Randi Price is a security consultant at LMG Security. She specializes in policy and procedure review and development, including ISO 27001 assessments and HIPAA risk analyses. Randi provides security management consulting for large enterprises such as financial and health care organizations. She is a certified digital forensic examiner and holds her GIAC forensic certification (GCFE). Randi holds two BS degrees in Management of Information Systems and Accounting from the University of Montana.
0:50:25
Defcon 21 - Hardware Hacking with Microcontrollers: A Panel Discussion
0:52:09
DEF CON 21 - Mudge - Unexpected Stories From a Hacker Inside the Government
0:04:00
Exploitee.rs DEF CON 21 Exploit Demo
0:47:12
Defcon 21 - Meet the VCs
0:45:05
DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris
0:49:08
DEF CON 21 - ZOZ - Hacking Driverless Vehicles
0:47:14
DEF CON 24 - Mickey Shkatov, Panel How to Make Your Own DEF CON Black Badge
0:44:12
Defcon 21 - The ACLU Presents: NSA Surveillance and More
1:10:30
21 Days to BUSINESS DOMINATION! The Navy SEAL-Inspired CEO Challenge
0:44:47
Defcon 21 - Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine
1:41:24
Defcon 21 - Making Of The DEF CON Documentary
0:18:31
Defcon 21 - Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)
0:43:50
Defcon 21 - Backdoors, Government Hacking and The Next Crypto Wars
1:20:42
DEF CON 24 - Panel - MR ROBOT Panel
1:05:40
Defcon 21 - Do-It-Yourself Cellular IDS
0:40:33
Defcon 21 - Made Open: Hacking Capitalism
0:27:25
DEF CON 23 - Panel - Contests Closing Ceremonies
0:46:11
Panel - DEF CON to help hackers anonymously submit bugs to the government - DEF CON 27 Conference
0:36:58
Defcon 21 - How to Disclose or Sell an Exploit Without Getting in Trouble
0:45:20
DEF CON 21 - Brendan O'Connor - Stalking a City for Fun and Frivolity
0:45:20
Defcon 21 - Stalking a City for Fun and Frivolity
0:22:23
DEF CON 24 - Fred Bret Mounet - All Your Solar Panels are belong to Me
0:00:56
CMU hacking team going for third DefCon title in four years
0:39:24
DEF CON 21 - Ricky Hill - Phantom Network Surveillance UAV Drone
Комментарии