Cyberon We are specialists in Cyber security services Tue, 12 Feb 2019 21:02:45 +0000 en-US hourly 1 DAY 4 @ DEFCON 26 Wed, 15 Aug 2018 19:49:09 +0000 Last day of Defcon!

Today was the last day of Defcon and we focused mainly on visiting “villages”. These are smaller and more intimate talks where you are able to get a bit closer to the presenters.

Here are our top pics of the day:

One of the first Village talks was about stalking and specifically on Twitter. The presenter showed how to stalk “indirectly” by following the followers of the stalker victim. By doing this you get all the updates, check ins and tags automatically without interacting directly. Social media is public by default and following people are usually unrestrictive making the stalking really easy.

Shortly after we attended a talk regarding social media phishing and how automated tools can be used to collect all pictures and information for specific people. “Social mapper” is a open source tool and searches for target accounts in LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban.

The tool is intended for ethical hacking in penetration testing and red teams/blue teams.

Android has been known for returning malicious apps, and it seems that is for a good reason. The “Man in the disk” talk showed how easy it is to create a malicoius Android app by exploiting the write to external storage function. The malicious apps can detect whenever the phone writes to external storage. Then the app can replace the data with whatever you want as there are no write protection to the storage. This external storage is used to share files between applications or between a PC. Needless to say, inputting malicious data here could be extremely damaging.

The day ended with Defcon closing ceremony where among others the CTF winners was announced. The conference keeps growing with another all time high attendance of about 25 000 (not confirmed).

We have thoroughly enjoyed this week and are already looking forward to next years event. They will move the conference to Bally’s to make the sessions a bit closer to each other. This years talks where split between the Flamingo and Caesars Palace making it difficult to reach each session as it was a 15 minute walk between the hotels.

See you next year at bally’s!

DAY 1 @ DEFCON 26 Thu, 09 Aug 2018 23:03:33 +0000 Finally the day arrived and we got to visit DEFCON. It’s been a day we all have been looking forward to, its finally time for the biggest nerd gathering of the year.

The day started warm. We’ve been having around 43 to 45 degrees Celsius down here, so moving outside has been a bit of a challenge. Queues opened at 6 am this year at Defcon, but wisely enough we waited a couple of hours and got our hands on the precious badges at around 9 just in time for the talks that started at 10.

Two very proud security guys in the picture with their long awaited badges. I am sorry @espen, we’ll get your picture tomorrow ^^

Today had only 1 track, the 101 track. This because BlackHat had its final day and is overlapping Defcon’s opening day.

In our first talk we would like to mention we learned a lot about ThinSIM attacks. This is attacks on the ThinSIM feature that resides between the SIM card and the phone processor. It is possible to use exploits and Man in the middle attacks to fool a victim. Fun stuff, although really hard to protect against, as security protection is very limited at that stage in the phone connectivity.

We also attended a talk about How to evade Surveillance teams. This must have been today’s highlight with anti surveillance evasion techniques, with real life demos. Anyone seen the TV Show the Americans? Little did i know that this show actually was based on a true story: https// Anyway and awesome presentation there as well.

The day ended with the Defcon 101 n00b panel. Basically an introduction to DEFCON for all the first time n00bs, like us.

Tomorrow will be another fun day with many great presentations, demos and talks lined up.

We’ll post another blog tomorrow with some more updates.