Titanium Sponsors
Inquest
Platinum Sponsors
Leonardo DRS
Gold Sponsors
Modern Technology Solutions, Inc.
University of Dayton
Department of
Computer Science
Gluware
Social Media
Our LinkedIn Group: OISF at LinkedIn
OISF on YouTube: OISF on YouTube
Tweets by @oisf
Meeting Agenda - April 14th, 2016
14th April 2016This month's meeting is all about hardware hacking!
6:00pm:
Food and drinks served
Introduction
A brief overview of the Ohio Information Security Forum.
Intro to basic hardware hacking part one
By: Deral Heiland
Abstract
During this presentation we will be demonstrating how to use available tools such as (JAGUALATOR) to identify UART and JTAG connection on a embedded device, once identified we will be using another tool called (SHIKRA) to establish a console connection to the device for further examination. We will also be discussing basic soldering techniques and internet resources available for hardware hacking.
Bio
Deral Heiland serves as a Research Lead for Rapid7 Global Service. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst.
Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities via Hardware Reverse Engineering
By: Timothy Wright and Stephen Halwes
Abstract
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
Bio
Timothy Wright - Penetration Testing team lead at American Electric Power in Columbus Ohio. Currently his focus is on penetration testing, threat emulation and hardware reverse engineering. Tim has 19 years of IT experience with a focus on offensive security testing. He is a member of the independent research group nullbyte (http://www.nu11byte.com) which works on many projects from embedded security to various CTF’s and events. You can hit him on Twitter @redteam_hacker.
Stephen Halwes - Cyber security researcher at PreTalen Ltd. in Beavercreek Ohio. Currently his focus is on embedded hardware and software reverse engineering. Stephen has 6 years of IT experience with a focus on offensive security testing. He is a member of the independent research group nullbyte (http://www.nu11byte.com) which works on many projects from embedded security to various CTF’s and events. You can hit him on Twitter @genonullfree.