SlideShare uma empresa Scribd logo

DefCon 2012 - Bluetooth Monitoring With SCAPY

Michael Smith
Michael Smith
Tecnologia
1 de 14
Baixar para ler offline
PASSIVE BLUETOOH MONITORING IN SCAPY Ryan Holeman
AGENDA • bluetooth essentials • fundamental projects • scapy-btbb project overview • demo
ESSENTIAL BLUETOOTH • bluetooth is a frequency hopping protocol
ESSENTIAL BLUETOOTH • BTBB - bluetooth baseband • air traffic between master and slave bluetooth devices
ESSENTIAL BLUETOOTH • nap • non-significant for communication • vendor association • uap • upper address part • vendor association • calculated from btbb packets • lap • lower address part • easily obtained in btbb packet
FUNDAMENTAL PROJECTS SCAPY • Philippe Biondi • python network analysis and manipulation tool • supports many protocols and layers • Ethernet, Tcp/Ip, 802.11, 802.15.5, etc
FUNDAMENTAL PROJECTS LIBBTBB • Dominic Spill and Mike Ossmann • provides methods for: • uap discovery, clock discovery, etc • wireshark plugin • wireshark btbb support
FUNDAMENTAL PROJECTS UBERTOOTH • bluetooth baseband sniffer • Mike Ossmann • kismet plugin
SCAPY-BTBB GOALS • bluetooth baseband traffic in python
SCAPY-BTBB CONTRIBUTIONS • btbb layer in scapy •a stream utility for pcap files in scapy • btbb helper methods • vendor from nap/uap • distinct address lists from btbb traffic • extensive documentation of related projects
SCAPY-BTBB RELEVANCE • real time and postmortem data analysis for btbb traffic • compatibility across hardware • though pcap files • easily incorporated into: • developer debugging tools • auditing tools • exploitation tools
DEMO
REFERENCES • scapy • bluez • Phillippe Biondi • bluez.org • secdev.org/projects/scapy • pybluez • libbtbb • pybluez.googlecode.com • Dominic Spill & Mike Ossmann • wireshark • sourceforge.net/projects/libbtbb • wireshark.org • ubertooth • ipython • Mike Ossmann • ipython.org • ubertooth.sourceforge.net • pandas • kismet • pandas.pydata.org • Mike Kershaw • kismetwireless.net
PROJECT HOME AND CONTACT INFO • project home • hackgnar.com/projects/btbb • contact • email: ripper@hackgnar.com • twitter: @hackgnar

Recomendados

Still waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operatorStill waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operator
Alex Ellis
 
The Need For A Cloud Native Tunnel
The Need For A Cloud Native TunnelThe Need For A Cloud Native Tunnel
The Need For A Cloud Native Tunnel
Alex Ellis
 
Introduction to hubot
Introduction to hubotIntroduction to hubot
Introduction to hubot
Tencent
 
SUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content deliverySUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content delivery
Colours B.V.
 
Ci & proServer
Ci & proServerCi & proServer
Ci & proServer
Sebastian Helzle
 
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studiesOpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
Alex Ellis
 
Into The Box 2014 - Keynote
Into The Box 2014 - KeynoteInto The Box 2014 - Keynote
Into The Box 2014 - Keynote
Ortus Solutions, Corp
 
A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?
Nick den Engelsman
 

Recomendados

Still waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operatorStill waiting for IPv6? Try the inlets-operator
Still waiting for IPv6? Try the inlets-operator
Alex Ellis
 
The Need For A Cloud Native Tunnel
The Need For A Cloud Native TunnelThe Need For A Cloud Native Tunnel
The Need For A Cloud Native Tunnel
Alex Ellis
 
Introduction to hubot
Introduction to hubotIntroduction to hubot
Introduction to hubot
Tencent
 
SUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content deliverySUGNL Colours - Otap & content delivery
SUGNL Colours - Otap & content delivery
Colours B.V.
 
Ci & proServer
Ci & proServerCi & proServer
Ci & proServer
Sebastian Helzle
 
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studiesOpenFaaS - zero serverless in 60 seconds anywhere with case-studies
OpenFaaS - zero serverless in 60 seconds anywhere with case-studies
Alex Ellis
 
Into The Box 2014 - Keynote
Into The Box 2014 - KeynoteInto The Box 2014 - Keynote
Into The Box 2014 - Keynote
Ortus Solutions, Corp
 
A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?A Serverless first approach - Will it Lambda?
A Serverless first approach - Will it Lambda?
Nick den Engelsman
 
Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
Diego Caceres
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
SensePost
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
Mohamed Gamel
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
EC-Council
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
UISGCON
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
Norberto Leite
 
A tale of two proxies
A tale of two proxiesA tale of two proxies
A tale of two proxies
SensePost
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
Samy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
Sushma Patil
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chander
nforceit
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
David Cristóbal
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
ffranz
 
Scapy
ScapyScapy
Scapy
Mohamed Gamel
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP Packets
Security B-Sides
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
Talal Alharbi
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
Mukesh Chaudhari
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
EC-Council
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
Jad Nehme
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
Tiago Henriques
 
Python begin
Python beginPython begin
Python begin
ashigirl ZareGoto
 
Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016
Vlad Styran
 
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
Shakacon
 

Mais conteúdo relacionado

Destaque

Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
Mohamed Gamel
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
UISGCON
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
Samy Ummy
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
Sushma Patil
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
Jad Nehme
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
Tiago Henriques
 

Destaque (20)

Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
 
The jar of joy
The jar of joyThe jar of joy
The jar of joy
 
Wireshark display filters
Wireshark display filtersWireshark display filters
Wireshark display filters
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
 
Short 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket BotnetShort 1100 Jart Armin - The Pocket Botnet
Short 1100 Jart Armin - The Pocket Botnet
 
Analyse Yourself
Analyse YourselfAnalyse Yourself
Analyse Yourself
 
A tale of two proxies
A tale of two proxiesA tale of two proxies
A tale of two proxies
 
Himakomers magazine
Himakomers magazineHimakomers magazine
Himakomers magazine
 
Sushma Pati1mtech fresher
Sushma Pati1mtech fresherSushma Pati1mtech fresher
Sushma Pati1mtech fresher
 
PenTest using Python By Purna Chander
PenTest using Python By Purna ChanderPenTest using Python By Purna Chander
PenTest using Python By Purna Chander
 
Scapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de redScapy. Generación y manipulación básica de paquetes de red
Scapy. Generación y manipulación básica de paquetes de red
 
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
#RootedCON2012 - DNS: A botnet dialect - Carlos Diaz & Francisco J. Gomez
 
Scapy
ScapyScapy
Scapy
 
Fun with TCP Packets
Fun with TCP PacketsFun with TCP Packets
Fun with TCP Packets
 
The (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined NetworksThe (In)Security of Topology Discovery in Software Defined Networks
The (In)Security of Topology Discovery in Software Defined Networks
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
Jad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - ReportJad NEHME - Alcatel-Lucent - Report
Jad NEHME - Alcatel-Lucent - Report
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 
Python begin
Python beginPython begin
Python begin
 

Semelhante a DefCon 2012 - Bluetooth Monitoring With SCAPY

0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
Shakacon
 
0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test
Balazs Bucsay
 
Navigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software FoundationNavigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software Foundation
Brett Porter
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Barry Tarlton
 
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Mandi Walls
 

Semelhante a DefCon 2012 - Bluetooth Monitoring With SCAPY (20)

Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016Recon-Fu @BsidesKyiv 2016
Recon-Fu @BsidesKyiv 2016
 
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay
 
0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test0day hunting a.k.a. The story of a proper CPE test
0day hunting a.k.a. The story of a proper CPE test
 
Data visualisation in python tool - a brief
Data visualisation in python tool - a briefData visualisation in python tool - a brief
Data visualisation in python tool - a brief
 
Rust is for Robots!
Rust is for Robots!Rust is for Robots!
Rust is for Robots!
 
Sas 2015 event_driven
Sas 2015 event_drivenSas 2015 event_driven
Sas 2015 event_driven
 
Trend Micro Big Data Platform and Apache Bigtop
Trend Micro Big Data Platform and Apache BigtopTrend Micro Big Data Platform and Apache Bigtop
Trend Micro Big Data Platform and Apache Bigtop
 
Raspberry pi overview
Raspberry pi overview Raspberry pi overview
Raspberry pi overview
 
Introduction Apache Kafka
Introduction Apache KafkaIntroduction Apache Kafka
Introduction Apache Kafka
 
Navigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software FoundationNavigating the Incubator at the Apache Software Foundation
Navigating the Incubator at the Apache Software Foundation
 
Publishing Linked Data from RDB
Publishing Linked Data from RDBPublishing Linked Data from RDB
Publishing Linked Data from RDB
 
Approaching APIs
Approaching APIsApproaching APIs
Approaching APIs
 
Raspberry pi
Raspberry piRaspberry pi
Raspberry pi
 
Raspberry pi seminar
Raspberry pi seminarRaspberry pi seminar
Raspberry pi seminar
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Qcon beijing 2010
Qcon beijing 2010Qcon beijing 2010
Qcon beijing 2010
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
 
Project Baird — Overview for DVB Meeting 2010-11-23
Project Baird — Overview for DVB Meeting 2010-11-23Project Baird — Overview for DVB Meeting 2010-11-23
Project Baird — Overview for DVB Meeting 2010-11-23
 
Implementing a command line client to GitHub in Go
Implementing a command line client to GitHub in GoImplementing a command line client to GitHub in Go
Implementing a command line client to GitHub in Go
 
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
Updated non-lab version of Level Up. Delivered at LOPSA-East, May 3, 2014.
 

Mais de Michael Smith

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
Michael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
Michael Smith
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
Michael Smith
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
Michael Smith
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
Michael Smith
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
Michael Smith
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - LeeDefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
Michael Smith
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)
Michael Smith
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
Michael Smith
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
Michael Smith
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water Meters
Michael Smith
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
Michael Smith
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
Michael Smith
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM Attacks
Michael Smith
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
Michael Smith
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
Michael Smith
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware Vulnerabilities
Michael Smith
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
 

Mais de Michael Smith (20)

DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control SystemsDHS - Recommendations for Securing Zigbee Networks in Process Control Systems
DHS - Recommendations for Securing Zigbee Networks in Process Control Systems
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (white paper)
 
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
BlackHat 2011 - Exploiting Siemens Simatic S7 PLCs (slides)
 
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
BlackHat 2010 - Electricity for Free - The Dirty Underbelly of SCADA and Smar...
 
BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)BlackHat 2009 - Hacking Zigbee Chips (slides)
BlackHat 2009 - Hacking Zigbee Chips (slides)
 
DefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency SecurityDefCon 2012 - Sub-1 GHz Radio Frequency Security
DefCon 2012 - Sub-1 GHz Radio Frequency Security
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - MillerDefCon 2012 - Near-Field Communication / RFID Hacking - Miller
DefCon 2012 - Near-Field Communication / RFID Hacking - Miller
 
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - LeeDefCon 2012 - Near-Field Communication / RFID Hacking - Lee
DefCon 2012 - Near-Field Communication / RFID Hacking - Lee
 
DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)DefCon 2012 - Hardware Backdooring (White Paper)
DefCon 2012 - Hardware Backdooring (White Paper)
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAKDefCon 2012 - Firmware Vulnerability Hunting with FRAK
DefCon 2012 - Firmware Vulnerability Hunting with FRAK
 
DefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water MetersDefCon 2011 - Vulnerabilities in Wireless Water Meters
DefCon 2011 - Vulnerabilities in Wireless Water Meters
 
Defcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over PowerlinesDefcon 2011 - Penetration Testing Over Powerlines
Defcon 2011 - Penetration Testing Over Powerlines
 
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-ForensicsDefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics
 
DefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM AttacksDefCon 2012 - Subterfuge - Automated MITM Attacks
DefCon 2012 - Subterfuge - Automated MITM Attacks
 
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows HackingDefCon 2012 - Owned In 60 Seconds - Windows Hacking
DefCon 2012 - Owned In 60 Seconds - Windows Hacking
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
 
DefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware VulnerabilitiesDefCon 2012 - Finding Firmware Vulnerabilities
DefCon 2012 - Finding Firmware Vulnerabilities
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
 
DefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter HackingDefCon 2012 - Power Smart Meter Hacking
DefCon 2012 - Power Smart Meter Hacking
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

DefCon 2012 - Bluetooth Monitoring With SCAPY

  • 1. PASSIVE BLUETOOH MONITORING IN SCAPY Ryan Holeman
  • 2. AGENDA • bluetooth essentials • fundamental projects • scapy-btbb project overview • demo
  • 3. ESSENTIAL BLUETOOTH • bluetooth is a frequency hopping protocol
  • 4. ESSENTIAL BLUETOOTH • BTBB - bluetooth baseband • air traffic between master and slave bluetooth devices
  • 5. ESSENTIAL BLUETOOTH • nap • non-significant for communication • vendor association • uap • upper address part • vendor association • calculated from btbb packets • lap • lower address part • easily obtained in btbb packet
  • 6. FUNDAMENTAL PROJECTS SCAPY • Philippe Biondi • python network analysis and manipulation tool • supports many protocols and layers • Ethernet, Tcp/Ip, 802.11, 802.15.5, etc
  • 7. FUNDAMENTAL PROJECTS LIBBTBB • Dominic Spill and Mike Ossmann • provides methods for: • uap discovery, clock discovery, etc • wireshark plugin • wireshark btbb support
  • 8. FUNDAMENTAL PROJECTS UBERTOOTH • bluetooth baseband sniffer • Mike Ossmann • kismet plugin
  • 9. SCAPY-BTBB GOALS • bluetooth baseband traffic in python
  • 10. SCAPY-BTBB CONTRIBUTIONS • btbb layer in scapy •a stream utility for pcap files in scapy • btbb helper methods • vendor from nap/uap • distinct address lists from btbb traffic • extensive documentation of related projects
  • 11. SCAPY-BTBB RELEVANCE • real time and postmortem data analysis for btbb traffic • compatibility across hardware • though pcap files • easily incorporated into: • developer debugging tools • auditing tools • exploitation tools
  • 12. DEMO
  • 13. REFERENCES • scapy • bluez • Phillippe Biondi • bluez.org • secdev.org/projects/scapy • pybluez • libbtbb • pybluez.googlecode.com • Dominic Spill & Mike Ossmann • wireshark • sourceforge.net/projects/libbtbb • wireshark.org • ubertooth • ipython • Mike Ossmann • ipython.org • ubertooth.sourceforge.net • pandas • kismet • pandas.pydata.org • Mike Kershaw • kismetwireless.net
  • 14. PROJECT HOME AND CONTACT INFO • project home • hackgnar.com/projects/btbb • contact • email: ripper@hackgnar.com • twitter: @hackgnar