He leads the Def Con 4 X 5K, and climbs rocks for fun.īack to top Bring Your Own Print Driver VulnerabilityĤ5 minutes | Tool, Exploit Jacob Baines Vulnerability researcher at Dragos He’s had a variety of jobs over his lifetime, working as a bike messenger, a caterer, a webmaster for a brewery, a wireless engineer, and doing even security work for the phone company. He provides security support to journalists, and staff globally. Jesse Krembs is a long term Def Con goon and now a staff information security analyst at The New York Times. This talk is for both hackers and journalists. Some best practices for journalists, hard technical problems facing media security, and how hackers can get involved. This talk will cover the unique threats and challenges of working in information security for a news organization. Methodologies underpinning digital network surveillance to top A Look Inside Security At The New York Times Or A Media Security Primer For Hackers He has a decade of experience researching the technologies and Information security, statistical modeling, and distributed computingĬoncepts to develop quantitative methods of assessing security risk. Fast multiplication and its applications, 2008.Īustin Allshouse is a Research Scientist at BitSight where he applies “Securing RSA Keys & Certificates for IoT Devices.”ĭaniel J. Remain widespread in network devices." Proceedings of the 2016 Hastings, Marcella, Joshua Fried, and Nadia Heninger. Widespread weak keys in network devices." 21st Security Scale: when crypto meets big data.” DEF CON 26, 2018.
Understanding and implementing distributed batch GCD to analyzingįindings from compromising RSA keys from network devices en masse.Īmiet, Nils and Romailler, Yolan. Gloss over, right? This talk will detail a hacker's journey from Implementation of Batch-GCD ” which seems like one hell of a detail to Researchers have attested that they “built a custom distributed When describing their research, past hackers and
Recover the private key because, unlike large integer factorization,Ĭalculating the greatest common divisor (GCD) of two moduli can beįast and efficient. Generating keys making it trivial to factor the RSA modulus and When devices have poorly initialized sources of “randomness” when Internet that share prime factors with other keys. (and DEFCON talks!) investigating the phenomenon of RSA keys on the Over the past decade, there have been a number of research efforts
DEFCON 2021 SERIES
His past work includes USBAnywhere, leading the unification of OpenBMC as a project under Linux Foundation, co-authoring a whitepaper on Google’s Titan, and reverse engineering Xilinx 7 Series FPGA bitstreams as part of to top The Mechanics of Compromising Low Entropy RSA KeysĢ0 minutes Austin Allshouse Staff Research Scientist / BitSight Rick Altherr has a career ranging from ASICs to UX with a focus on the intersection of hardware and software, especially in server systems. Her background includes Linux kernel development with work in the memory management and security areas as well as ARM Altherr
DEFCON 2021 SOFTWARE
Laura Abbott is a software engineer who focuses on low level software. Your Peripheral Has Planted Malware - An Exploit of NXP SOCs Vulnerability Yuwei Zheng, Shaokun Cao, Yunding Jian, Mingchuang Qin DEFCON 26 CON 26/DEF CON 26 presentations/DEFCON-26-Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf TrustZone technology for the ARMv8-M architecture Version 2.0 ARM Finally, NXP PSIRT will be used as a case study in how _not_ to respond to a vulnerability report. This talk will deep dive into how TrustZone-M works, where to look for weaknesses in implementations, and a detailed look into NXP LPC55S69’s implementation including discovering an undocumented peripheral that leads to a priviledge escalation vulnerability exploitable with TrustedFirmware-M. While much experience with TrustZone-A can be applied, architectural differences with ARMv8-M lead to a very different approach to configuration and transitions between secure and non-secure worlds. The concept of Trusted Execution Environments has been broadly introduced to microcontrollers with ARM’s TrustZone-M.
A huge thank you to the DEF CON 29 CFP Review Board, who spent countless hours poring through hundreds of submissions, in order to bring you the best possible speaking content! Breaking TrustZone-M: Privilege Escalation on LPC55S69Ĥ5 minutes | Demo, Exploit Laura Abbott Oxide Computer Company Rick Altherr Oxide Computer Company
0 kommentar(er)
