SlideShare uma empresa Scribd logo

NoCo IT Pros Hacking Demo

Transferir como PPTX, PDF
I
IceQUICK

Live hacking demo presented to the NoCO IT Pros Meetup group by a group from the local DC970 group.

Tecnologia
1 de 15
FREE PASSWORDS AND FWroIFmI !your local DC970: ch0wn35, Supertweak, Tyson, IceQUICK November 12, 2014
AGENDA Who is DC970? Wireless Security Physical Security Questions
WHO IS DC970  DEF CON is one of the world’s largest hacker conferences  Occurs every year in Las Vegas  Over 16,000 attended in 2014 DC970 is a local meet up with similar interest  Meets the 3rd Thursday of the month at Wild Boar Café  One of a handful of groups around Northern Colorado  E.g. NoCo2600.org meets the 1st Friday of the month at Centerra Starbucks
WIRELESS – CURRENT STATE  WPA2 released in 2004  WPA released in 2003  WEP released in 1999  162.5M+ data points on  https://wigle.net/
WIRELESS – WEP DEMO Live Demonstration
WIRELESS – WPS DEMO Live Demonstration
WIRELESS – WIFI PINEAPPLE Live Demonstration
WIRELESS - RECOMMENDATION  Encrypt using WPA2  Disable WPS  Change the default SSID (don’t use ‘linksys’)  Use a long passphrase  ‘Hiding’ the SSID won’t stop a targeted attack
PHYSICAL – CURRENT STATE  Survey  How many use Full Disk Encryption (FDE) at work?  How many use it at home / on personal devices?  Encryption is slowly becoming more ‘default’  We’re not there yet
PHYSICAL – CRACK THE PASSWORD  OphtCrack Demo
PHYSICAL – BYPASS LOGIN  KON-BOOT Demo
PHYSICAL - RECOMMENDATIONS  Use Full Disk Encryption (FDE)  Use a long passphrase  Don’t lose your device  Don’t sell it before wiping the data first
WRAP UP  These are real attacks There are attacks for nearly every device Be difficult and not worth the attacker’s effort
QUESTIONS?
WOULD YOU LIKE TO SEE MORE?  If we came back, what topic / demo would you like to see?

Recomendados

Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
 
IT wishes California
IT wishes CaliforniaIT wishes California
IT wishes CaliforniaITwishes
 
Threat Intelligence Victory Garden
Threat Intelligence Victory GardenThreat Intelligence Victory Garden
Threat Intelligence Victory GardenRyan Kovar
 
Node on Guard
Node on GuardNode on Guard
Node on GuardIBM
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Janet: bring your own device
Janet: bring your own deviceJanet: bring your own device
Janet: bring your own deviceJisc
 

Recomendados

Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usagen|u - The Open Security Community
 
IT wishes California
IT wishes CaliforniaIT wishes California
IT wishes CaliforniaITwishes
 
Threat Intelligence Victory Garden
Threat Intelligence Victory GardenThreat Intelligence Victory Garden
Threat Intelligence Victory GardenRyan Kovar
 
Node on Guard
Node on GuardNode on Guard
Node on GuardIBM
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Janet: bring your own device
Janet: bring your own deviceJanet: bring your own device
Janet: bring your own deviceJisc
 
Kali linux
Kali linuxKali linux
Kali linuxafraalfalasii
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondAdam Caudill
 
Kali linux
Kali linux Kali linux
Kali linux Fa6ma_
 
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...Douglas Webster
 
Spiceworks intro _pacitpros
Spiceworks intro _pacitprosSpiceworks intro _pacitpros
Spiceworks intro _pacitprosRandomShare
 
null Pune meet - Wireless Security
null Pune meet - Wireless Securitynull Pune meet - Wireless Security
null Pune meet - Wireless Securityn|u - The Open Security Community
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia PotapenkoFwdays
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:Recursion Ventures
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedJoseph Schorr
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 
SUBROSA
SUBROSASUBROSA
SUBROSARichard Blech
 
10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips10 Wireless Home Network Security Tips
10 Wireless Home Network Security TipsPECB
 
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-broDefcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-broPriyanka Aash
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 

Mais conteúdo relacionado

Mais procurados

Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondAdam Caudill
 
Kali linux
Kali linux Kali linux
Kali linux Fa6ma_
 
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...Douglas Webster
 
Spiceworks intro _pacitpros
Spiceworks intro _pacitprosSpiceworks intro _pacitpros
Spiceworks intro _pacitprosRandomShare
 

Mais procurados (6)

Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
SC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & BeyondSC Magazine Congress Chicago - BadUSB & Beyond
SC Magazine Congress Chicago - BadUSB & Beyond
 
Kali linux
Kali linux Kali linux
Kali linux
 
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Surviv...
 
Spiceworks intro _pacitpros
Spiceworks intro _pacitprosSpiceworks intro _pacitpros
Spiceworks intro _pacitpros
 

Semelhante a NoCo IT Pros Hacking Demo

"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia PotapenkoFwdays
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011shawn_merdinger
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsBunmi Sowande
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:Recursion Ventures
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedJoseph Schorr
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 
10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips10 Wireless Home Network Security Tips
10 Wireless Home Network Security TipsPECB
 
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-broDefcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-broPriyanka Aash
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Take Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityTake Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityKit O'Connell
 
Wi Fish Finder Defcon 17 Ahmadand Dhyani
Wi Fish Finder Defcon 17 Ahmadand DhyaniWi Fish Finder Defcon 17 Ahmadand Dhyani
Wi Fish Finder Defcon 17 Ahmadand DhyaniMd Sohail Ahmad
 

Semelhante a NoCo IT Pros Hacking Demo (20)

null Pune meet - Wireless Security
null Pune meet - Wireless Securitynull Pune meet - Wireless Security
null Pune meet - Wireless Security
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security Solutions
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
 
Protecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwordsProtecting your online identity - Managing your passwords
Protecting your online identity - Managing your passwords
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 
Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:Black Ops of Fundamental Defense:
Black Ops of Fundamental Defense:
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons Learned
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
 
SUBROSA
SUBROSASUBROSA
SUBROSA
 
10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips
 
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-broDefcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
Defcon 22-blake-self-cisc0ninja-dont-ddos-me-bro
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
(in)Secure Secret Zone
(in)Secure Secret Zone(in)Secure Secret Zone
(in)Secure Secret Zone
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Take Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer SecurityTake Back Your Online Privacy: Simple Computer Security
Take Back Your Online Privacy: Simple Computer Security
 
Wi Fish Finder Defcon 17 Ahmadand Dhyani
Wi Fish Finder Defcon 17 Ahmadand DhyaniWi Fish Finder Defcon 17 Ahmadand Dhyani
Wi Fish Finder Defcon 17 Ahmadand Dhyani
 

Último

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Último (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

NoCo IT Pros Hacking Demo

  • 1. FREE PASSWORDS AND FWroIFmI !your local DC970: ch0wn35, Supertweak, Tyson, IceQUICK November 12, 2014
  • 2. AGENDA Who is DC970? Wireless Security Physical Security Questions
  • 3. WHO IS DC970  DEF CON is one of the world’s largest hacker conferences  Occurs every year in Las Vegas  Over 16,000 attended in 2014 DC970 is a local meet up with similar interest  Meets the 3rd Thursday of the month at Wild Boar Café  One of a handful of groups around Northern Colorado  E.g. NoCo2600.org meets the 1st Friday of the month at Centerra Starbucks
  • 4. WIRELESS – CURRENT STATE  WPA2 released in 2004  WPA released in 2003  WEP released in 1999  162.5M+ data points on  https://wigle.net/
  • 5. WIRELESS – WEP DEMO Live Demonstration
  • 6. WIRELESS – WPS DEMO Live Demonstration
  • 7. WIRELESS – WIFI PINEAPPLE Live Demonstration
  • 8. WIRELESS - RECOMMENDATION  Encrypt using WPA2  Disable WPS  Change the default SSID (don’t use ‘linksys’)  Use a long passphrase  ‘Hiding’ the SSID won’t stop a targeted attack
  • 9. PHYSICAL – CURRENT STATE  Survey  How many use Full Disk Encryption (FDE) at work?  How many use it at home / on personal devices?  Encryption is slowly becoming more ‘default’  We’re not there yet
  • 10. PHYSICAL – CRACK THE PASSWORD  OphtCrack Demo
  • 11. PHYSICAL – BYPASS LOGIN  KON-BOOT Demo
  • 12. PHYSICAL - RECOMMENDATIONS  Use Full Disk Encryption (FDE)  Use a long passphrase  Don’t lose your device  Don’t sell it before wiping the data first
  • 13. WRAP UP  These are real attacks There are attacks for nearly every device Be difficult and not worth the attacker’s effort
  • 15. WOULD YOU LIKE TO SEE MORE?  If we came back, what topic / demo would you like to see?

Notas do Editor

  1. Close to 8-10 regulars
  2. Browse to interactive map WPA2 is not ‘unhackable’, just the most difficult
  3. Windows Surface Pro and RT 8.1 - default iPhone – default since 3GS Android, OSX, built-in, just enable it Windows – depending on edition, built in or not (not sure about W10)