This month's meeting is all about hardware hacking!
Food and drinks served
A brief overview of the Ohio Information Security Forum.
By: Deral Heiland
During this presentation we will be demonstrating how to use available tools such as (JAGUALATOR) to identify UART and JTAG connection on a embedded device, once identified we will be using another tool called (SHIKRA) to establish a console connection to the device for further examination. We will also be discussing basic soldering techniques and internet resources available for hardware hacking.
Deral Heiland serves as a Research Lead for Rapid7 Global Service. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst.
By: Timothy Wright and Stephen Halwes
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
Timothy Wright - Penetration Testing team lead at American Electric Power in Columbus Ohio. Currently his focus is on penetration testing, threat emulation and hardware reverse engineering. Tim has 19 years of IT experience with a focus on offensive security testing. He is a member of the independent research group nullbyte (http://www.nu11byte.com) which works on many projects from embedded security to various CTF’s and events. You can hit him on Twitter @redteam_hacker.
Stephen Halwes - Cyber security researcher at PreTalen Ltd. in Beavercreek Ohio. Currently his focus is on embedded hardware and software reverse engineering. Stephen has 6 years of IT experience with a focus on offensive security testing. He is a member of the independent research group nullbyte (http://www.nu11byte.com) which works on many projects from embedded security to various CTF’s and events. You can hit him on Twitter @genonullfree.