DIA 1 /// Miércoles 29 click para ver/ocultar info

  1. 11:00 - 12:00

    Acreditación

    Ingreso a la conferencia, momento distendido para el reencuentro con amigos
    Acreditación y entrega de credenciales y programa del evento.

  2. 11:00 - 12:30

    Keynote + Panel de Hackers Old School

     

     

  3. 13:00 - 14:00 --- LUNCH BREAK

  4. 14:00 - 15:50

    Workshops

    Actividades hands on con participación de los asistentes
    Ver listado completo

  5. 16:10 - 18:00

    Workshops

    Actividades hands on con participación de los asistentes
    Ver listado completo

  6. 18:10 - 19:00

    Agafi (Advanced Gadget Finder)

    Economou

    Nicolás Economou

    La aparicion del bit NX en los CPUs de Intel y el uso de este en los sistemas operativos actuales marcó un antes y un después en la forma de explotacion de bug binarios. Con el tiempo, la ejecucion directa de DATOS fué perdiendo terreno y reemplazada por DEP (Data Execution Prevention), obligando a mejorar las tecnicas usadas hasta el momento. Hoy en día, no es posible tomar el control de una aplicacion moderna sin usar ROP (Returned Oriented Programming). ROP implica usar GADGETS (generalmente pequeños grupos de instrucciones) que no siempre son detectables por gadget-finders primitivos (la mayoría). La evolucion en la forma de explotacion de SEHs mas el uso de gadgets podría ser un muy buen ejemplo de esto: First-generation exploits (DEP disabled): - "pop REG" - "pop REG" - "ret" <--- Stack address Second-generation exploits (DEP enabled): - "mov REG,[ebp+0xc]" - "mov [esp],REG" - "call dword [REG+0x8]" <--- Stack Pivoting address En esta presentacion voy a mostrarles una tool recientemente desarrollada que, usando: * El "CPU/MMU" de QEMU (x86) * Taint Analysis * Snapshot del proceso * Busqueda por objetivo Es capaz de encontrar, a través de CODE EMULATION, todos los gadgets existentes en el espacio de memoria del proceso. En la segunda parte de la presentacion, se mostrarán las heuristicas implementadas para generar ROP-CHAINS.

DIA 2 /// Jueves 30 click para ver/ocultar info

  1. 08:00 - 08:45

    Acreditación

    Ingreso a la conferencia, momento distendido para el reencuentro con amigos
    Acreditación y entrega de credenciales y programa del evento.

  2. 08:45 - 09:00

    Presentación del evento

  3. 09:30 - 10:20

    Hacking US (and UK, Australia, France, etc.) traffic control systems

    Cesar Cerrudo

    Cesar Cerrudo

    Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them :) I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and finally some possible NSA style attacks (or should I say cyberwar style attacks?) Oh, I almost forgot, after this presentation anyone will be able to hack these devices and mess traffic control systems since there is no patch available (sorry didn't want to say 0day ;)) I hope that after this I still be allowed to enter (or leave?) the US.

  4. 10:20 - 11:10

    Exploring the Jolla Phone

    Vitaly Mclain

    Vitaly Mclain, Drew Suarez and Chris Weedon

    In February of 2011, Nokia cancelled all of its Linux-based phone projects in favor Windows Mobile. As a result, many of the engineers working on its Maemo-based phones left and founded Jolla. Given funding but no intellectual property, they created the new Jolla Phone and Sailfish OS, a combination of open source and proprietary components. The phones, now available in Nordic countries, also feature "smart covers" called "The Other Half", capable of anything from changing your theme to adding a keyboard to the phone. They also feature a full, open Linux environment, an Android compatibility layer, and many other appealing features. When we obtained these phones, we were immediately curious to explore them, and try to break things along the way. In this talk, we will explore the architecture of the phone and see where the weak points might be. Starting in the beginning, we will look into the phone's recovery, explain its layout and understand what security implications are present. We're also going to look at our process for looking for vulnerabilities in the stock operating system and the applications themselves. Public vulnerabilities will be discussed to understand what led to them and how they were patched. Exploitation of vulnerabilities in the context of the Jolla will also be covered, to help understand what protections or roadblocks the phone presents. Our exploration of "The Other Half" covers will also be discussed. We'll describe how they're architected, what we learned from interacting with the NFC and I2C interfaces, and any weak points that were discovered. A custom cover will be used to explore the possibility of malicious covers. Lastly, we will look at the application infrastructure and understand what it would take to test an application written for the Jolla environment. In the end, we will have covered broad topics in hardware and software, applicable to devices far beyond the one we cover in this talk.

  5. 11:10 - 11:40 --- COFFEE BREAK

    Coffe break

    Taza ekoparty

     

     

  6. 11:40 - 12:30

    Cooking an APT in the paranoid way

    Martinez Rodriguez

    Lorenzo Martinez Rodriguez

    La charla versa sobre los diferentes pasos para crear un APT en modo paranoico. Es decir, las medidas de seguridad a tener en cuenta para que el APT sea creado y gestionado de forma anónima. Se ilustrará la charla con un APT creado a través de ingeniería social en LinkedIN para hacer picar a perfiles de trabajadores y cargos de diferentes Ministerios del Gobierno de España y del sector de la Administración Pública. Se obtuvieron las versiones de los User Agents, así como de los complementos Java, Flash, Quicktime, Shockwave, etc,... de los diferentes visitantes, de forma targeteada, pudiendo ser capaz de disponer del material necesario para la elaboración de ataques de mayor nivel de sofisticación, mediante otras herramientas que también se detallan en la charla. Asimismo se mostrarán técnicas posibles de compra de transformación, de dinero físico en billetes, de forma intraceable a Bitcoins, que nos permitirán contratar diversos servicios que nos otorgarán una mayor invisibilidad en Internet, como servicios de VPN privada a países sin leyes, TOR, etc,.. Igualmente a la hora de conseguir un terminal telefónico con el IMEI no asociado a un contrato telefónico, así como una tarjeta SIM (que en España es necesario registrarlo a un nombre, apellidos y DNI determinado... utilizando ingeniería social) Además se mostrará cómo hacer llamadas spoofeando el callerID, que nos permitan dar más veracidad a nuestra historia en el APT. Se mostrarán estadísticas, versiones vulnerables, técnicas como typosquatting, generación de páginas web con certificado digital SSL válido, clonando la original, etc,… Se mostrará lo que se hizo y lo que…. podría llegado a haberse hecho (esto ya en un entorno virtual y de laboratorio) con una única visita a un entorno vulnerable

  7. 12:30 - 13:20

    Pointer Subterfuge In The Browser Address Space

    Alex Rad

    Alex Rad

    Hardening a browser is especially interesting because exploitation tends to be so interactive. Browser exploitation essentially has memory sporks -- read & write primitives giving exploits a chance to really have their way with the address space. So hardening browsers is quite difficult indeed because defenses like NX memory and ASLR can be trivially bypassed with the right vulnerability -- and many UaF flaws become just that.What's new for Ekoparty==================>I'll be announcing a browser exploitation challenge and provide unprotected and protected browser builds for people to try to exploit. For people that have never done browser exploitation, they will learn how easy it can be. For people who have already done browser exploitation, they will learn how frustrating it could become!

  8. 13:20 - 14:20 --- LUNCH BREAK

  9. 14:20-15:10

    Security Monitoring for big Infrastructures without a Million Dollar budget

    Hernan costante

    Hernan Costante and Juan Berner

    Nowadays in an increasingly more complex and dynamic network its not enough to be a regex ninja and storing only the logs you think you might need. From network traffic to custom logs you won't know which logs will be crucial to stop the next attacker, and if you are not planning to spend a half of your security budget in a commercial solution we will show you a way to building you own SIEM with open source. The talk will go from how to build a powerful logging environment for your organization to scaling on the cloud and storing everything forever. We will walk through how to build such a system with open source solutions as Elasticsearch and Hadoop, and creating your own custom monitoring rules to monitor everything you need. The talk will also include how to secure the environment and allow restricted access to other teams as well as avoiding common pitfalls and ensuring compliance standards.

  10. 15:10 - 15:40

    IDA Synergy - Collaborative Reverse Engineering

     Federico Muttis

    Federico Muttis

    A well-known problem in everyday's reverse engineering team's life is to consolidate their results. Although there were some public approaches to solve this problem, none of them covered our needs, futhermore none of them are actively supported nor maintained. Our approach to tackle this problem is IDASynergy, a combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro.

  11. 15:40 - 16:10

    La cifra negra de los delitos informáticos

    Maximiliano Macedo

    Cristian Borghello, Marcelo Temperini y Maximiliano Macedo

    Los delitos informáticos ya dejaron de ser un problema a futuro para convertirse en un problema del presente. De acuerdo a diferentes estudios actuales, los delitos informáticos son los de mayor crecimiento en los últimos años, con una proyección cada vez mayor. Una problemática que no distingue entre víctimas, siendo un delito de tipo pluriofensivo, viéndose afectada la confidencialidad, integridad y disponibilidad de la información, así como la privacidad, el patrimonio, la reputación e imagen de las personas, entre otras. La cifra negra existente, es consecuencia de la falta de estadísticas oficiales en la materia, representando un aspecto sustancialmente problemático que impide desarrollar un trabajo serio de observación, análisis y elaboración de estrategias o planes a mediano o largo plazo orientados a combatir el cibercrimen. En este marco, se propone la creación del Observatorio Latinoamericano de Delitos Informáticos: ODILA. Este proyecto, busca construir un espacio de investigación y trabajo en materia de delitos informáticos, especialmente dedicado a relevar y recolectar información sobre delitos informáticos ocurridos en Latinoamérica, con la finalidad de generar, sistematizar y difundir información sobre la realidad de esta problemática, así como fomentar la realización de denuncias por parte de las víctimas.

  12. 16:10 - 16:40 --- COFFEE BREAK

    Coffe break

    Taza ekoparty

     

     

  13. 16:40 - 17:30

    Dissecting and Attacking RMI Frameworks

    Nahuel D. Sanchez

    Nahuel D. Sanchez y Sergio Abraham

    Distributed Object or Remote Method Invocation (RMI) frameworks facilitate the remote invocation of methods and creation of objects between systems. Conceptually RMI frameworks are similar to Remote Procedure Call (RPC) platforms. A main difference is that in RMI the client and the server work with the entire object lifecycle (i.e. creation, destruction) whereas RPC is typically limited to remote methods or procedures. RMI frameworks are interesting because they provide a remote method for object manipulation. Even though Web Services have taken the lead as the de-facto technology for communication in distributed applications, RMI frameworks are still widely used in many applications. Almost every programming language has support for one or, usually, more RMI frameworks. The proliferation of this technology made RMI interfaces very common among all sorts of software, especially across Enterprise Applications, and constitute a fruitful vector from an attacker's point of view. In this presentation we will discuss the architecture, security features and new vulnerabilities we have detected in two implementations of popular Enterprise RMI frameworks: CORBA and SAP RMI-P4. Through live demonstrations, we will demonstrate novel techniques for remote file read/write, arbitrary database access, session hijacking, and other critical bugs in large enterprise platforms, as well as the countermeasures in order to protect from these threats. We will walk you through the vulnerability research process we performed over these frameworks, enabling you to understand also how these attacks could be extended to other RMI implementations you may encounter.

  14. 17:30 - 18:20

    Reverse Engineering the Supra iBox Yes

    Braden Thomas

    Braden Thomas

    This presentation walks through the reverse-engineering and exploitation of a hardened embedded device and provides certain techniques you can use to exploit similar devices. As MSP430 devices become more common, it is slowly becoming the norm to encounter devices in production with blown JTAG fuses. Previously, this was a significant hurdle. In 2008, Goodspeed described several attacks against the MSP's BSL (bootstrap loader). This presentation will review those attacks and describe the challenges facing a researcher attempting to perform them. This presentation will demonstrate how to reliably perform successful firmware extraction on a MSP430 with a blown JTAG fuse. Additionally, the presentation will cover what you might see while reverse-engineering MSP430 firmware. Finally, it will describe a software-only attack that uses a feature of BSL to extract sensitive data from RAM.

  15. 18:20 - 19:10

    Explotación práctica de señales de radio con Software Defined Radio

    Luis COlunga

    Luis Colunga

    ¿Sabías que es posible recibir señales de radio de aviones, barcos y hasta satélites de una manera fácil y económica? Software Defined Radio tendrá un papel clave en seguridad en telecomunicaciones inalámbricas como una amenaza y será una herramienta más que los pentesters deberían conocer. Anteriormente se utilizaba Software Defined Radio en los círculos académicos para hacer investigación en tecnologías inalámbricas, pero dado su costo, software inmaduro y conocimiento requerido no resultaba practico para profesionales de la seguridad. Esto está cambiando y proyectos como el RTL SDR y HackRF nos permite llevar ataques prácticos y hacer investigación en protocolos inalámbricos de una forma más accesible.

  16. 19:10 - 19:40 --- BEER BREAK

    Beer Break

    Beer break

     

     

  17. 19:40 - 20:30

    Deep-submicron CPU backdoors

    Alfredo Ortega

    Alfredo Ortega

    La existencia de backdoors o rootkits presentes directamente en el diseño del CPU es un riesgo conocido y explorado en muchos estudios teóricos, pero cuan realista es hacerlo en la práctica? resulta que es bastante facil. En esta charla les propongo demostrar la trivialidad de este tipo de ataque agregando un backdoor a un CPU ARM Cortex M0 y sintetizándolo en vivo.

  18. 20:30 - 21:20

    Remote Automotive Attack Surfaces

    Chris Valasek

    Chris Valasek

    Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes. Unfortunately, research has only been presented on 3 or 4 particular vehicles. Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities. This talk takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last 5 years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?

DIA 3 /// Viernes 31 click para ver/ocultar info

  1. 08:00 - 08:45

    Acreditación

    Ingreso a la conferencia, momento distendido para el reencuentro con amigos
    Acreditación y entrega de credenciales y programa del evento.

  2. 09:30 - 10:20

    Privacidad – Una historia de desencuentros

    Luciano Martins

    Luciano Martins

    Existe la privacidad o es todo una mera ilusión? Esta charla abarca varios puntos sobre la privacidad contemplando muchos años de historia, desde la segunda guerra mundial hasta la actualidad, y describiendo los programas de vigilancia de diferentes gobiernos.De la misma manera, abordaremos el tema desde la visión de empresas como Facebook, Google o Apple; mostrando las violaciones a los datos e información propia de los usuarios en cada uno de ellas.Usaremos ejemplos muy claros y haremos un mapeo con algunas películas para demostrar que no están muy lejos de la realidad.Llegando a la conclusión que la privacidad es algo que tenemos que cuidar entre todos y desde todos los aspectos posibles…

  3. 10:20 - 11:10

    Practical String Comparison Timing Attacks

    Paul Mcmillan

    Paul McMillan

    Embedded systems are often slow and resource constrained. This makes them the perfect target for network-based string-comparison timing attacks, which allow an attacker to attack credentials one character at a time (like in the movies), rather than brute-forcing the entire value at once. We will discuss how timing attacks work, how to optimize them, and how to handle the many factors which can prevent successful exploitation. We will also demonstrate attacks on at least one popular device. After this presentation, you will have the foundation necessary to attack your own devices, and a set of scripts to help you get started.

  4. 11:10 - 11:40 --- COFFEE BREAK

    Coffe break

    Taza ekoparty

     

     

  5. 11:40 - 12:30

    Making Android's Bootable Recovery Work For You

    Drew Suarez

    Drew Suarez

    Android bootable recovery mode is a self-contained alternative boot mode that loads a tiny Linux environment onto a mobile device. While most stock devices are shipped with recoveries that are fairly limited in nature, their use can be greatly extended with a little bit of effort. In this presentation, I will show you how to build your own custom recovery for your Android device. This can be used towards a number of interesting security related goals such as: penetration testing, forensics, data acquisition, bypassing security controls, modifying software, Android development and in some cases provides a direct exploitation route into a device. Using a variety of commonly available tools, attendees will learn how to deconstruct and inspect a number of different boot and recovery software implementations and rapidly begin compiling their own custom tools.

  6. 12:30 - 13:20

    Hacking RFID Billing Schemes For Fun and Free Rides

    Marcio Almeida Macedo

    Marcio Almeida Macedo

    The MIFARE Classic is one of the most used contactless cards in the world. It has been created by NXP Semiconductors and uses RFID communication. The Industry has been using this card in access control systems deployed in buildings, as well as in the public transportation as a ticket replacement. In 2008, two groups of researchers, conducting their work almost independently, have performed the card communication protocol and Crypto-1 cipher reverse engineering, uncovering several security weaknesses, which has jeopardized the card reputation. As a consequence, malicious users might clone this card in a couple of seconds. Since then, the MIFARE Classic has been highly exposed on the media. Besides that, other forms of attack have been researched, once there are numerous important systems yet using this undermined technology. This talk is intended to present the card features, the main types of attack, workarounds to control them and, as much as possible, keeping the system secure. As proof of concept we will show how to dump and clone old SUBE cards that still working on the buenos aires subway and bus transportation services.

  7. 13:20 - 14:20 --- LUNCH BREAK

  8. 14:20-15:10

    Monitoring malicious domains on the Internet in real time for forensics purposes.

    Thiago Bordini

    Thiago Bordini

    In times of Bullet Proof hosting and Fast Flux Networks, in which cybercriminals are constantly advocate of researchers (private and / or government), techniques of "diversion" of security actions are continuously employed. One of the most notorious and efficient is the change of address hosting malicious content. In this sense, increasingly are needed technical research and active monitoring. The presentation will be on this new need, continuous and active monitoring characteristics of malicious servers where the contents are hosted in order to accumulate evidence that is illuminating in the response to the incident. This technique of monitoring DNS will be extensively explained, taking into account the operating assumptions that contribute to the operational security (OPSEC), intelligence and reconnaissance and research as indicators geolocation. Besides the technical, will be presented by the author tool EvilWatcher, written by the author and using different modes of operation in his eagerness to reach the previously mentioned goal. Technical details will be widely exploited. The purpose of EvilWatcher is to perform an active monitoring of malicious hosts, which can generate a wealth of information for users (police forces / expert), this information is provided to the host geolocation, ASN, other DNS records that exist in the malicious domain, as well as anoma them behaviors found in each host detected. With time of use which can be identified by ASN and "local" a malicious content has been hosted, including generating statistics and intelligence base.

  9. 15:10 - 15:40

    Shellcode's map with locks in exports

    Javier Aguinaga

    Javier Aguinaga

    Cuando analizamos un exploit que tuvo gran impacto a nivel global, nuestro principal objetivo es el payload malicioso y no la vulnerabilidad en si. La tool que voy a presentar pretende minimizar los tiempos invertidos en el análisis de shellcodes, solo hay que copiar la shellcode y automáticamente el analizador freezara la ejecución en las llamadas a las API de Win32, con este enfoque se puede desactivar rápidamente la sección maliciosa. esta herramienta también puede trabajar con shellcodes que estén encodeadas con xor coders, alphanumeric stubs o encoders de tipo shikata_ga_nai o similares poniendo nuestro foco de atención en las secciones que realmente lo ameritan.

  10. 15:40 - 16:10

    BARFing Gadgets (turbo)

    Christian Heitman

    Christian Heitman

    Analizar código binario es una actividad crucial en muchas áreas de la ciencia de la computación y la ingeniería de software que van desde seguridad de software y análisis de programas a la ingeniería inversa. El análisis manual es una tarea difícil que consume mucho tiempo. Hay herramientas de software que buscan automatizar o ayudar a los analistas, sin embargo, la mayoría de éstas tiene restricciones técnicas y comerciales que limitan el acceso y uso a una gran parte de la comunidad académica y de practicantes. En esta charla presentaremos BARF, un framework de análisis binario de código abierto hecho en Python que tiene como objetivo soportar una amplia gama de tareas de análisis que son comunes en la disciplina seguridad de la información. BARF está pensada para ser multiplataforma (aunque actualmente solo implementamos x86), trabaja sobre un lenguaje intermedio (REIL) sobre el que se aplican los algoritmos de análisis. Está integrada con un solver SMT lo que permite resolver restricciones sobre porciones de código de manera sencilla. En la charla se presentará el framework y una herramienta específica para buscar, clasificar y verificar gadgets ROP en un binario. Los gadgets son clasificados de acuerdo a diferentes tipos (p.e. aritméticos, movimiento de datos, etc) y verificados mediante un SMT solver de manera automática.

  11. 16:10 - 16:40 --- COFFEE BREAK

    Coffe break

    Taza ekoparty

     

     

  12. 16:40 - 17:30

    BIOS and Secure Boot Attacks Uncovered

    Alexander Matrosov

    Alexander Matrosov and Yuriy Bulygin

    A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot and OS loaders. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component. This talk will detail and organize some of the attacks and how they work. We will demonstrate some of these attacks including user-mode bypasses of secure boot. We will describe underlying vulnerabilities and how to assess systems for these issues using chipsec (https://github.com/chipsec/chipsec), an open source framework for platform security assessment. We will cover attacks against BIOS write protection, attacks leveraging hardware configuration against SMM memory protections, attacks using vulnerabilities in SMI handlers, attacks against BIOS update implementations, attacks bypassing secure boot, and various other issues. In addition, we will explain why exploits against systems firmware, which were supposed to require kernel mode privilege, in many cases could be done from user mode. After watching, you should understand how these attacks work, how they are mitigated, and how to verify if your system has any of these problems.

  13. 17:30 - 18:20

    2 threads, 1 app (Inyección en Dalvik VM)

    Martin Balao

    Martin Balao y Martin Fernandez

    ¿Qué pasaría si un atacante usara tu dispositivo Android para hacer llamadas y mandar SMSs remotamente mientras estás en tu aplicación favorita? ¿Te darías cuenta si alguien ejecuta su código en la aplicación que estás usando ahora? En esta investigación vamos a transitar la explotación, escalación y post-explotación de un dispositivo Android, de forma remota y oculta para el usuario. Enfrentaremos los desafíos técnicos de inyectarnos en procesos y de ingresar a la máquina virtual de Java en Android (Dalvik VM).

  14. 18:20 - 18:50 --- BEER BREAK

    Beer Break

    Beer break

     

     

  15. 18:50 - 19:20

    BERserk: New RSA signature forgery attack

    Yuriy Bulygin

    Yuriy Bulygin

    We will describe a new class of implementations vulnerabilities in PKCS#1 v1.5 RSA signature verification enabling signature forgery attack. The attack exploits vulnerabilities in the parsing of ASN.1 encoded sequences during RSA signature verification. It is similar to the signature forgery attack against PKCS#1 v1.5 RSA signatures with low public exponents originally discovered by Daniel Bleichenbacher in 2006. Due to an incorrect check on signature padding, this attack allows for RSA signatures to be successfully forged without knowledge of the corresponding private key. As a result, attackers are able to “man-in-the-middle” connections that are assumed to be secure allowing them to monitor and intercept transmitted data. We will demonstrate successful forgery of SSL/TLS certificates using the vulnerability in Mozilla NSS library.

  16. 19:20 - 20:10

    Security vulnerabilities in DVB-C networks: Hacking Cable TV network part 2

    Rahul Sasi

    Rahul Sasi

    DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits an MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became the most widely used transmission system for digital cable television in Europe. source: http://en.wikipedia.org/wiki/DVB-C We been working with a Cable TV service provide for the past 1 year. With digital cable tv implementations, the transmited MPEG streams are encrypted/scrambled and users needs a setup box to de-scramble/decode the streams. Also service providers can shut down a device remotely if (no payment) or even display a custom text message that will scroll on top of a video. This is made possible by Middleware servers or applications servers that are used to manage the DVM networks. So in our talks we cover the various attacks we can do on DVB-C infrastructure. That will include the following topics. 1) Security Vulnerabilities in DVB-C middleware servers. [Hijacking a TV stream] 2) Implementation bugs in DVB-C network protocol .[Man in the Middle Attacks] 3) Fuzzing setup boxes via MPEG streams. [Shutting down Setup boxes] 4) Demo taking over your Cable TV BroadCasting.

  17. 20:10 - 21:10

    EKO AWARDS

    eko awards

    Entrega de premios - Cierre

     

NOVEDADES