extreme hacking: encrypted networks swat style - wayne burke

Extreme HackingEncrypted Networks SWAT Style

© 2015 Wayne M Burke – Sequrit CSi BV - All rights reservedSource: batblue.com

By: Wayne Burke

“Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security.”

-‐ John Allen Paulos

Wayne Quick Intro:• IT since ZX-‐Spec / Com64• Microsoft MCSE / MCT from NT4• Certs:Cisco, UNIX / Linux, MS, Security• Master EC-‐Council Instructor• Author CAST 612 Adv Mobile HackingSpecializing in Mobile Device Digital Forensics, Hacking and Security Testing for:Apple iDevices, Google Androids & Blackberry• Blended Learning Security Video Productions.

• Miami• Singapore• Malaysia• Egypt>> 2010 > 2015 Series <<

© 2015 Wayne M Burke – Sequrit CSi BV - All rights reserved

Snowden the Apocalypse

Image Source:http://vtec1800.deviantart.com/art/Edward-Snowden-381628497

© 2015 Wayne M Burke – Sequrit CSi BV - All rights reservedhttp://ozelotstudios.deviantart.com/art/Snowden-381105666

Latest SSL/TLS Weakness:


Image PLACEMARKER – NSA Intercept

The LogJam Attack: https://weakdh.org/


The FREAK Attack: https://weakdh.org/

SSL Handshake - Diffie Hellman


Picture by Frank Moritz

Image PLACEMARKER – NSA Intercept - TURMOIL

Image PLACEMARKER – NSA Intercept - PRISM

Image PLACEMARKER – GHCQ Intercept - SIGDEV

Image PLACEMARKER – NSA Intercept - SKYNET


Hacking smartphones

The 2007 NSA wish book for analysts also includes a number of software tools that allow data to be stolen from a variety of smartphones and dumb cell phones. One software hack, called DROPOUTJEEP, is a software implant for Apple iOS devices that allows the NSA to remotely control and monitor nearly all the features of an iPhone, including geolocation, text messages, and the microphone and camera. (Researcher and developer Jake Appelbaum, who helped write the Spiegel article revealing the documents, said separately this week that the NSA claims DROPOUTJEEP installations are always successful.)

The NSA documents describing DROPOUTJEEP boast that every attempt to implant the malware on iPhones will always succeed,

Appelbaum reports.


Image PLACEMARKER – NSA Intercept - DROPOUTJEEP

Poodle SSL


Poodle Attack


What You Need To Do To Prevent a POODLE Attack on Your Web

Browser(s):


There are a few ways to stop this vulnerability from compromising websites. They are:

Fallback SCSV.Disabling SSLv3 on the client side.Disabling SSLv3 on the server side.Disabling CBC cipher suites in SSLv3.

However, ‘Disabling SSLv3 entirely’ seems to be the current trend being practiced by most websites. Users need to follow the instructions below disable SSLv3 from the major browsers.

https://www.thesslstore.com/blog/ssl3-poodle-vulnerability-affects-oodles/

Browser Failback


The Weapons (Software / Hardware)

�MITMf – Partial HSTS Bypass + ManyMore

�Wi-Fi Evil AP’s – Easy-Creds / PwnStar / Karma

�IMSI Catchers – Alibaba $1800 + Plus Others



Image PLACEMARKER – NSA Intercept - Google

Reference Websites:• https://nsa.gov1.info/dni/prism.html• https://weakdh.org/• https://github.com/byt3bl33d3r/MITMf• https://github.com/brav0hax/easy-creds• https://github.com/SilverFoxx/PwnSTAR• http://www.alibaba.com/product-detail/IMSI-catcher_135958750.html

Documentary:• Special Investigation: Bugged, Tracked, Hacked• http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/

Movies / TV Series:• Blackhat• http://www.imdb.com/title/tt2717822/• Mr Robot• http://www.imdb.com/title/tt4158110/

Thanks for listening J

Wayne Burke:[email protected]

extreme hacking: encrypted networks swat style - wayne burke

Technology