Black hat / Defcon 2014

What is (a) Blackhat?• A conference for security professionals• 4 days of training, 2 days of briefings• 9,000 security executives, hackers, academics, and spies attended Black Hat this year• A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or

for personal gain“• Ticket price range from $1795 - $2595 just for the briefings

Venue – Mandalay Bay

Nothing says Vegas like a hotel wedding chapel

• First year that BH enters Mandalay• 3,309 hotel rooms and a casino of

12,500 m2

• Convention center is 93,000 m2 (!)

What is Defcon ?• By hackers, for hackers• Nearly 16,000 attendees, up from last year’s 12,000.• Tickets cost $220 at the door – cash only (I wonder why)

Venue – Rio

• 2,522 hotel rooms and a casino of 11,000 m2

• Convention center only 15,000 m2

• Long lines...

Focus on hacks, whatever it might be• Badge hacking• SDR hacking• Hardware• Software• Locks• People…• Hack all the things!

People who think that they’re hackers

Wall of sheep• Dedicated to security research and

the advancement of security awareness through, in many cases, unconventional methods.

”Free charge?! Awesome!”

Skytalks

• A con within a con (conception?)• Classic, old-school Defcon: no cameras, no recording.

No pre-con content takedowns. No sobriety. No bullshit.• Solely funded by donations• “Special” talks• A brief history of teledildonics. Yeah, apparently that’s a thing.• Breaking MIFARE ULTRALIGHT.. or how to get free rides and more

Summary

A Survey of Remote Automotive Attack Surfaces • Hacking cars remotely

Source: autoguide.com

BadUSB

Extreme Privilege Escalation on Windows 8/UEFI Systems• Hacking Windows through the bios

https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems-WP.pdf

Interesting sessionsCyber defend yourself – Don’t screw up!

Interesting sessions• Hacking RFID – or how to ride for free on public transportation

Source: SL

Interesting sessions• Internet of things

Source: Morgan Stanley

Interesting sessions• Post Exploitation – Veil Pillage

Interesting sessions• What the Watchers see – or not…

Interesting sessions• Veaponize your pets

Source: Funnypostcard.coml

Interesting sessions cont.• Exploiting Thunderbolt

Source: Intel

Everybody loves to hack credit cards!

Credit card hacks present or presented at Defcon

• Jackpotting ATMs• Mag stripe skimming (duh…)• Relay attack • False terminals (capture PIN)• No PIN attack (MiTM attack)

• More www.lightbluetouchpaper.org• And http://www.cl.cam.ac.uk/~rja14/banksec.html

Interesting sessions• And of course…. Lots on NSA playset

Source: Der Spiegel