SlideShare uma empresa Scribd logo

Huiming Liu-'resident evil' of smart phones--wombie attack

G
GeekPwn Keen

In this presentation, Huiming Liu, the researcher of Tencent Security Xuanwu Lab, will present an astonishing mobile wireless zombie(Wombie) attack demo — the smartphone viruses spread like zombies in “Resident Evil”, and the technique details will also be explained. The Wombie doesn’t rely on Internet to spread, so it can’t be detected on the internet. Besides, it can serve as an attack amplifier for many other attack methods. For example, the recent KRACK attack about WPA2 will benefit a lot if combined with the Wombie Attack.

Dispositivos e hardware
1 de 22
Baixar para ler offline
"Resident Evil" of SmartPhones--Wombie Attack Huiming Liu Tencent Xuanwu Lab
Contents 1.Overview 2.Demo Time 3.Technique details 4.Conclusion
ATTACKER Phone A Phone B
ATTACKER Phone A Phone B
ATTACKER Phone A Phone B
Demo Time
Technique Details 1.Firmware Patch 2.Wireless Zombie Implementation 3.Conclusion
Patch Firware? Why? • In a word, Launch Karma attack on a smartphone • Karma Attack • If you have ever connected to a WiFi, Your devices will frequently send probe request to find it. • Many devices will automatically connect if get correct responses, which is very easy to forge when the devices send directed probes. • Then, the devices may become MITM victims • How about on Latest smartphones?
Karma Attack! But on Android? • Latest Android Versions won’t send directed probe normally • However • All of them will send BROADCAST probe…we can use SSID dictionary to launch Karma Attack. • Add a network manually will STILL send directed probe • Some ROMs will send directed probe MISTAKENLY • How about being an attacker • WiFi chip on the SmartPhones can be both in STA and AP mode • SmartPhones are essentially mobile and of massive amount • If we can make the victim attack and infect another victim. The situation will be much worse
Patch Firware to Make phone infectious – How? • Reverse Engineering the firmware • Patch Probe Request Handler • Patch Association Request Handler
Patch Probe Request in the UCODE? NOT GOOD!
Instead, Forward Probe Request to Firmware Layer and Response! • Patch 1 line in UCODE to forward to firmware • hook sub_19610E • Call wlc_bcn_prb_template to generate template • Modify dst mac and ssid
Patch Association Request Handler (Nexus 5) -- How?
Patch Association Request Handler (Nexus 6p) -- How? • All required Information Elements’ parse function pointers are stored in an array dynamically created in Firmware(RAM) • Information Element SSID’s parse function is implemented in ROM (Hard to Modify) • So, we choose to modify the firmware instead of the ROM • hook a function(sub_1B03AC) in Firmware • Implement a SSID’s parse function • Replace its original parse function pointer with our new function pointer • Nexmon • C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more
Results Nexus 5 BCM4339 6.37.34.43 Nexus 6P BCM4358 7.112.200.17
Wombie Attack Process • Step1: Launch Karma attack to MITM other phones. • Step2: Get RCE by exploiting the vulnerabilities in the victims’ smartphones • Step3: Get Root Access and modify the firmware and set attack environment. • Step4: The victim infects another victim
What’s Inside Wireless Zombie? • 1. Background AP • 2. MITM module • 3. Exploit and Environment Setup module Background AP Traffic Hijack Module Exploit Payloads
• Google’s Latest data (OCT 2017): • Android version <=5.x 50% • Latest Android Release Version 0.2% • Version <= 4.x 22.3% How to get RCE/ROOT? Android Fragmentation!
Impact • Invisible Attack: • Doesn't rely on Internet to spread, so we can't detect it on the internet • Magnifier: • Easier to exploit & more severe consequences
Combined with Krack(ATTACK WPA2)? • Krack attack’s preconditions can be satisfied within our attack model. • Preconditions • Clone original wifi to a different channel • Monitor, block and send specific message • The way we can make it in our model • Nexmon to Intercept Packets. (OK) • Like running tcpdump in monitor mode and airbase-ng in the same time. (OK) • But the Exploit Scripts are not released now • Krack attack to WPA2 can be combined with our karma attack to launch and spread more easily
Conclusion • 1. Karma attack to smartphone is very dangerous due to android fragmentation and the smartphone’s mobility. • 2. To defend against this attack model, we must working with system security, wireless security, hardware security • 3. There’s no absolute security. Apart from the vendor’s effort, the users also need to pay more attention.
Acknowledgement Daxing Guo Bin Ma TombKeeper

Recomendados

Zhiyun Qian-what leaves attacker hijacking USA Today site
Zhiyun Qian-what leaves attacker hijacking USA Today siteZhiyun Qian-what leaves attacker hijacking USA Today site
Zhiyun Qian-what leaves attacker hijacking USA Today siteGeekPwn Keen
 
Nick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseNick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseGeekPwn Keen
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Types Of Attack.
Types Of Attack.Types Of Attack.
Types Of Attack.Greater Noida Institute Of Technology
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 

Recomendados

Zhiyun Qian-what leaves attacker hijacking USA Today site
Zhiyun Qian-what leaves attacker hijacking USA Today siteZhiyun Qian-what leaves attacker hijacking USA Today site
Zhiyun Qian-what leaves attacker hijacking USA Today siteGeekPwn Keen
 
Nick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseNick Stephens-how does someone unlock your phone with nose
Nick Stephens-how does someone unlock your phone with noseGeekPwn Keen
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Types Of Attack.
Types Of Attack.Types Of Attack.
Types Of Attack.Greater Noida Institute Of Technology
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat Security Conference
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_referenceCraig Cannon
 
Cafe Latte
Cafe LatteCafe Latte
Cafe LatteAirTight Networks
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte AttackAirTight Networks
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows Vrushank Narola
 
Automated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersAutomated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersNaveen S.R
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 
Android system security
Android system securityAndroid system security
Android system securityChong-Kuan Chen
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 

Mais conteúdo relacionado

Mais procurados

Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat Security Conference
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_referenceCraig Cannon
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows Vrushank Narola
 
Automated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersAutomated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersNaveen S.R
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 

Mais procurados (20)

Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnology
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...BlueHat v18 || Linear time shellcode detection using state machines and opera...
BlueHat v18 || Linear time shellcode detection using state machines and opera...
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_reference
 
Cafe Latte
Cafe LatteCafe Latte
Cafe Latte
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
 
Automated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across ClustersAutomated Deployment Using Jenkins Across Clusters
Automated Deployment Using Jenkins Across Clusters
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 

Semelhante a Huiming Liu-'resident evil' of smart phones--wombie attack

SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By NirmalNIRMAL RAJ
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applicationseightbit
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...vsoshnikov
 
Introduction To SPOT
Introduction To SPOTIntroduction To SPOT
Introduction To SPOTpauldeng
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2RazorEQX
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 

Semelhante a Huiming Liu-'resident evil' of smart phones--wombie attack (20)

Android system security
Android system securityAndroid system security
Android system security
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
Introduction To SPOT
Introduction To SPOTIntroduction To SPOT
Introduction To SPOT
 
How i'm going to own your organization v2
How i'm going to own your organization v2How i'm going to own your organization v2
How i'm going to own your organization v2
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 

Mais de GeekPwn Keen

PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...
PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...
PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...GeekPwn Keen
 
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGE
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGETHE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGE
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGEGeekPwn Keen
 
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...GeekPwn Keen
 
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...GeekPwn Keen
 
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGE
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGEADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGE
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGEGeekPwn Keen
 
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...GeekPwn Keen
 
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...GeekPwn Keen
 
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...GeekPwn Keen
 
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...GeekPwn Keen
 
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...GeekPwn Keen
 
Bo Li-they’ve created images that reliably fool neural network
Bo Li-they’ve created images that reliably fool neural networkBo Li-they’ve created images that reliably fool neural network
Bo Li-they’ve created images that reliably fool neural networkGeekPwn Keen
 
Alexey kurakin-what's new in adversarial machine learning
Alexey kurakin-what's new in adversarial machine learningAlexey kurakin-what's new in adversarial machine learning
Alexey kurakin-what's new in adversarial machine learningGeekPwn Keen
 

Mais de GeekPwn Keen (12)

PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...
PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...
PRACTICAL ADVERSARIAL ATTACKS AGAINST CHALLENGING MODELS ENVIRONMENTS - Moust...
 
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGE
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGETHE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGE
THE VANISHING TRICK FOR SELF-DRIVING CARS - Weilin Xu - DEF CON 26 CAAD VILLAGE
 
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...
TARGETED ADVERSARIAL EXAMPLES FOR BLACK BOX AUDIO SYSTEMS - Rohan Taori, Amog...
 
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...
TRANSFERABLE ADVERSARIAL PERTURBATIONS - Tencent Blade Team - DEF CON 26 CAA...
 
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGE
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGEADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGE
ADVERSARIAL^2 TRAINING - Yao Zhao, Yuzhe Zhao - DEF CON 26 CAAD VILLAGE
 
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...
HOW TO LEVERAGE THE OPEN-SOURCE INFORMATION TO MAKE AN EFFECTIVE ADVERSARIAL ...
 
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
BOOSTING ADVERSARIAL ATTACKS WITH MOMENTUM - Tianyu Pang and Chao Du, THU - D...
 
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...
RECENT PROGRESS IN ADVERSARIAL DEEP LEARNING ATTACK AND DEFENSE - Wenbo Guo a...
 
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
WEAPONS FOR DOG FIGHT:ADAPTING MALWARE TO ANTI-DETECTION BASED ON GAN - Zhuan...
 
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
 
Bo Li-they’ve created images that reliably fool neural network
Bo Li-they’ve created images that reliably fool neural networkBo Li-they’ve created images that reliably fool neural network
Bo Li-they’ve created images that reliably fool neural network
 
Alexey kurakin-what's new in adversarial machine learning
Alexey kurakin-what's new in adversarial machine learningAlexey kurakin-what's new in adversarial machine learning
Alexey kurakin-what's new in adversarial machine learning
 

Último

原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证gwhohjj
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...Amil Baba Dawood bangali
 
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作ss846v0c
 
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degreeyuu sss
 
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...amilabibi1
 
existing product research b2 Sunderland Culture
existing product research b2 Sunderland Cultureexisting product research b2 Sunderland Culture
existing product research b2 Sunderland CultureChloeMeadows1
 
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...Amil baba
 
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一(办理学位证)韩国汉阳大学毕业证成绩单原版一比一
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一C SSS
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...Amil Baba Dawood bangali
 
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree z zzz
 
the cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxthe cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxLeaMaePahinagGarciaV
 
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesVip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCRReal Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCRdollysharma2066
 
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...Amil baba
 
Hifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightHifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightKomal Khan
 
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一diploma 1
 
RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作f3774p8b
 

Último (20)

原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
原版1:1复刻斯坦福大学毕业证Stanford毕业证留信学历认证
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uk England Northern ...
 
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国旧金山艺术学院毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作
美国IUB学位证,印第安纳大学伯明顿分校毕业证书1:1制作
 
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
1:1原版定制美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实留信入库#永久存档#真实可查#diploma#degree
 
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
Hindu amil baba kala jadu expert in pakistan islamabad lahore karachi atar ...
 
existing product research b2 Sunderland Culture
existing product research b2 Sunderland Cultureexisting product research b2 Sunderland Culture
existing product research b2 Sunderland Culture
 
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
NO1 Qualified Best Black Magic Specialist Near Me Spiritual Healer Powerful L...
 
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一(办理学位证)韩国汉阳大学毕业证成绩单原版一比一
(办理学位证)韩国汉阳大学毕业证成绩单原版一比一
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
 
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree 毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree加拿大瑞尔森大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
the cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptxthe cOMPUTER SYSTEM - computer hardware servicing.pptx
the cOMPUTER SYSTEM - computer hardware servicing.pptx
 
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesVip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Vip Udupi Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国加州州立大学东湾分校毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCRReal Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
 
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...
NO1 Certified Vashikaran Specialist in Uk Black Magic Specialist in Uk Black ...
 
Hifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun TonightHifi Babe North Delhi Call Girl Service Fun Tonight
Hifi Babe North Delhi Call Girl Service Fun Tonight
 
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一
办理(CSU毕业证书)澳洲查理斯特大学毕业证成绩单原版一比一
 
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Serviceyoung call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
young call girls in Gtb Nagar,🔝 9953056974 🔝 escort Service
 
RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作RBS学位证,鹿特丹商学院毕业证书1:1制作
RBS学位证,鹿特丹商学院毕业证书1:1制作
 

Huiming Liu-'resident evil' of smart phones--wombie attack

  • 1. "Resident Evil" of SmartPhones--Wombie Attack Huiming Liu Tencent Xuanwu Lab
  • 7. Technique Details 1.Firmware Patch 2.Wireless Zombie Implementation 3.Conclusion
  • 8. Patch Firware? Why? • In a word, Launch Karma attack on a smartphone • Karma Attack • If you have ever connected to a WiFi, Your devices will frequently send probe request to find it. • Many devices will automatically connect if get correct responses, which is very easy to forge when the devices send directed probes. • Then, the devices may become MITM victims • How about on Latest smartphones?
  • 9. Karma Attack! But on Android? • Latest Android Versions won’t send directed probe normally • However • All of them will send BROADCAST probe…we can use SSID dictionary to launch Karma Attack. • Add a network manually will STILL send directed probe • Some ROMs will send directed probe MISTAKENLY • How about being an attacker • WiFi chip on the SmartPhones can be both in STA and AP mode • SmartPhones are essentially mobile and of massive amount • If we can make the victim attack and infect another victim. The situation will be much worse
  • 10. Patch Firware to Make phone infectious – How? • Reverse Engineering the firmware • Patch Probe Request Handler • Patch Association Request Handler
  • 11. Patch Probe Request in the UCODE? NOT GOOD!
  • 12. Instead, Forward Probe Request to Firmware Layer and Response! • Patch 1 line in UCODE to forward to firmware • hook sub_19610E • Call wlc_bcn_prb_template to generate template • Modify dst mac and ssid
  • 13. Patch Association Request Handler (Nexus 5) -- How?
  • 14. Patch Association Request Handler (Nexus 6p) -- How? • All required Information Elements’ parse function pointers are stored in an array dynamically created in Firmware(RAM) • Information Element SSID’s parse function is implemented in ROM (Hard to Modify) • So, we choose to modify the firmware instead of the ROM • hook a function(sub_1B03AC) in Firmware • Implement a SSID’s parse function • Replace its original parse function pointer with our new function pointer • Nexmon • C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more
  • 16. Wombie Attack Process • Step1: Launch Karma attack to MITM other phones. • Step2: Get RCE by exploiting the vulnerabilities in the victims’ smartphones • Step3: Get Root Access and modify the firmware and set attack environment. • Step4: The victim infects another victim
  • 17. What’s Inside Wireless Zombie? • 1. Background AP • 2. MITM module • 3. Exploit and Environment Setup module Background AP Traffic Hijack Module Exploit Payloads
  • 18. • Google’s Latest data (OCT 2017): • Android version <=5.x 50% • Latest Android Release Version 0.2% • Version <= 4.x 22.3% How to get RCE/ROOT? Android Fragmentation!
  • 19. Impact • Invisible Attack: • Doesn't rely on Internet to spread, so we can't detect it on the internet • Magnifier: • Easier to exploit & more severe consequences
  • 20. Combined with Krack(ATTACK WPA2)? • Krack attack’s preconditions can be satisfied within our attack model. • Preconditions • Clone original wifi to a different channel • Monitor, block and send specific message • The way we can make it in our model • Nexmon to Intercept Packets. (OK) • Like running tcpdump in monitor mode and airbase-ng in the same time. (OK) • But the Exploit Scripts are not released now • Krack attack to WPA2 can be combined with our karma attack to launch and spread more easily
  • 21. Conclusion • 1. Karma attack to smartphone is very dangerous due to android fragmentation and the smartphone’s mobility. • 2. To defend against this attack model, we must working with system security, wireless security, hardware security • 3. There’s no absolute security. Apart from the vendor’s effort, the users also need to pay more attention.