Enviar pesquisa
Carregar
Unusual Bugs
•
3 gostaram
•
2,911 visualizações
A
amiable_indian
Seguir
Unusual Bugs - Ilja van Sprundel
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 64
Recomendados
A brief, high level introduction to Software Defined Radio. Cyberspectrum Sydney 24/11/2016
Cyberspectrum Sydney 0x01 Introduction to SDR
Cyberspectrum Sydney 0x01 Introduction to SDR
sdrsydney
The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community and have been extensively discussed for years. However, my smartphone’s settings do not provide the means to shut down the GSM radio to prevent my phone from connecting to a potentially insecure GSM access point. Instead, I have the option to turn off LTE, the fastest mobile network. This is not the only confusing aspect of mobile network security. Given LTE’s mutual authentication and strong encryption scheme result, there is a general assumption that LTE rogue base stations are not possible. However, before the connection authentication step, any mobile device implicitly trusts (and exchanges a substantial amount of messages with) any LTE base station, legitimate or not, that advertises itself with the right parameters. Such implicit trust and unprotected messages can be exploited to block mobile devices and track their location. Finally, it is generally assumed that Stingrays and IMSI catchers are expensive equipment that require downgrading the connection of mobile devices to GSM. However, a basic fully-LTE IMSI catcher can be implemented by means of low-cost software radio and slight modification of a well known open-source implementation of the LTE stack. This talk will present an exploration of the security of LTE networks, as well as experimentation results of passive eavesdropping threats, LTE protocol exploits to block mobile devices and a location leak that allows tracking mobile devices as the connection is handed off from tower to tower.
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Recomendados
A brief, high level introduction to Software Defined Radio. Cyberspectrum Sydney 24/11/2016
Cyberspectrum Sydney 0x01 Introduction to SDR
Cyberspectrum Sydney 0x01 Introduction to SDR
sdrsydney
The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community and have been extensively discussed for years. However, my smartphone’s settings do not provide the means to shut down the GSM radio to prevent my phone from connecting to a potentially insecure GSM access point. Instead, I have the option to turn off LTE, the fastest mobile network. This is not the only confusing aspect of mobile network security. Given LTE’s mutual authentication and strong encryption scheme result, there is a general assumption that LTE rogue base stations are not possible. However, before the connection authentication step, any mobile device implicitly trusts (and exchanges a substantial amount of messages with) any LTE base station, legitimate or not, that advertises itself with the right parameters. Such implicit trust and unprotected messages can be exploited to block mobile devices and track their location. Finally, it is generally assumed that Stingrays and IMSI catchers are expensive equipment that require downgrading the connection of mobile devices to GSM. However, a basic fully-LTE IMSI catcher can be implemented by means of low-cost software radio and slight modification of a well known open-source implementation of the LTE stack. This talk will present an exploration of the security of LTE networks, as well as experimentation results of passive eavesdropping threats, LTE protocol exploits to block mobile devices and a location leak that allows tracking mobile devices as the connection is handed off from tower to tower.
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
Phishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
Secrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
Workshop on Wireless Security
Workshop on Wireless Security
amiable_indian
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
amiable_indian
Advanced Ajax Security
Advanced Ajax Security
Advanced Ajax Security
amiable_indian
Network Performance Forecasting System
Network Performance Forecasting System
Network Performance Forecasting System
amiable_indian
Leading Indicators in Information Security
Leading Indicators in Information Security
Leading Indicators in Information Security
amiable_indian
Data, Security
Ferret - Data Seepage
Ferret - Data Seepage
amiable_indian
SCADA Security
SCADA Security
amiable_indian
Mais conteúdo relacionado
Mais de amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
State of Cyber Law in India
State of Cyber Law in India
amiable_indian
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
Hacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
Web Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
Network Security Data Visualization
Network Security Data Visualization
Network Security Data Visualization
amiable_indian
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
amiable_indian
What are the Business Security Metrics?
What are the Business Security Metrics?
What are the Business Security Metrics?
amiable_indian
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
amiable_indian
Advanced Ajax Security
Advanced Ajax Security
Advanced Ajax Security
amiable_indian
Network Performance Forecasting System
Network Performance Forecasting System
Network Performance Forecasting System
amiable_indian
Leading Indicators in Information Security
Leading Indicators in Information Security
Leading Indicators in Information Security
amiable_indian
Data, Security
Ferret - Data Seepage
Ferret - Data Seepage
amiable_indian
SCADA Security
SCADA Security
amiable_indian
Mais de amiable_indian
(20)
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
State of Cyber Law in India
State of Cyber Law in India
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
Reverse Engineering for exploit writers
Reverse Engineering for exploit writers
Hacking Client Side Insecurities
Hacking Client Side Insecurities
Web Exploit Finder Presentation
Web Exploit Finder Presentation
Network Security Data Visualization
Network Security Data Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
What are the Business Security Metrics?
What are the Business Security Metrics?
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
No Substitute for Ongoing Data, Quantification, Visualization, and Story-Telling
Advanced Ajax Security
Advanced Ajax Security
Network Performance Forecasting System
Network Performance Forecasting System
Leading Indicators in Information Security
Leading Indicators in Information Security
Ferret - Data Seepage
Ferret - Data Seepage
SCADA Security
SCADA Security
