The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

null Meetup: "Flying Drones, NSA Hacking and Backdooring Bootloaders"

01
Nov
Date:
01 November 2017
Time:
18:30 - 21:30 hrs
Location:
Teleportboulevard 121, Amsterdam Sloterdijk
Organised by:
KPN

Agenda:

1. "Drones Don't Fly When the Sky is Grey" with Javi Moreno
2. "I Boot when U-Boot" by Bernardo Maia Rodrigues - Vincent Ruijter

------------------

Abstract of first talk: A short film by Bea Cabrera. Project presentation, film screening and Q&A.
Storyline: After discovering the tracks of what looks like an illegal hacking attempt upon his company’s network, Mike Donahue will pursue the trespassers’ digital trail while staying one step ahead of the NSA. A fictional story about government surveillance loosely, but factually, based on recent real events.

------------------

Abstract of second talk: Personal computer systems are now considerably more secure than embedded devices. Trusted Platform Module (TPM) and secure boot are readily available and even default in a lot of new desktop computers and laptops. Numerous small office and consumer devices, including routers and smart televisions, however, are lacking even the most basic security features. In this talk we will demonstrate and describe the inner-workings of a custom developed (Fully Weaponised IoT Cyber™) bootkit, which gains persistence on U-Boot based embedded devices, at a lower level than even the firmware. Firmware updates and factory resets usually do not interfere with the bootloader, as a small problem could render the device unusable for an end-user: the bootkit will therefore remain present. By including a properly functioning killswitch and a multi-boot like technique, it is possible to switch between a regular and a backdoored image to thwart detection. Enterprises and ISPs must take this additional attack surface into account, and put effort into detecting and responding to this threat. Well-known security researchers have long advocated for easier ways to verify and demonstrate the integrity of hardware, but this comes at a price that vendors are not willing to pay for security. Recently however, regulatory bodies have started to enforce vendors to lock-down their wireless devices, in order to prevent them from operating outside of their certified frequencies. But these 'vendor lock-downs' are not sufficient to increase the device security, as we will demonstrate, it's just a minor inconvenience.

------------------

Speakers:

Javi Moreno works as a security consultant, specialised in cryptography and embedded security. Used to play CTFs often, now he prefers to sleep. He participated in Drones Don't Fly When the Sky is Grey as producer, advisor and coffee provider. You can follow him at @vierito5

Bernardo Maia Rodrigues (Brazil) Bernardo works as an Ethical Hacker for KPNs (Royal Duth Telecom) REDteam. He enjoys hacking (and bricking) embedded devices including routers, modems and TVs. He presented on security topics at the NullByte Conference, the null Amsterdam chapter and local venues. He frequently participates in CTFs with TheGoonies and is famous for not using buzzwords like IoT, APT and Cyber in his bio.

Vincent Ruijter (Netherlands) Pacifistic Internetveapon @ KPNs (Royal Dutch Telco) REDteam, who thinks he knows Linux. Moderator @ null Amsterdam chapter, with an endless curiosity for all things binary. Knows how to quit Vi ^[ESC!wqwq:wq!

More events

22-24
Jan

Hardwear.io Security Training

location:
Park Inn Alexanderplatz, Berlin, Germany
organised by:
Hardwear.io
HSD event
28
Jan

NLSecure[ID]

location:
NBC Congrescentrum, Nieuwegein
organised by:
KPN
HSD event
28
Jan

Nixu & ColorTokens: Risk & Ransomware Event

location:
HSD Campus
organised by:
Nixu, ColorTokens
HSD event
30
Jan

Matchmaking & information meeting NWA Cybersecurity

location:
Zilveren Vosch, Plompetorengracht 3 Utrecht
organised by:
NWO
HSD event
31
Jan

UNO - Hoe Beveilig je de Werkplek van de Toekomst?

location:
HSD Campus
organised by:
Veeam, Threadstone, UNO
HSD event
05
Feb

Symposium Maastricht University: Lessons Learnt

location:
organised by:
University of Maastricht
HSD event
12
Feb

Nixu Industrial Cyber Security Event

location:
HSD Campus
organised by:
Nixu
HSD event
12
Feb

Congres IT & Information Security - CISO Leadership: breng uw leiderschap naar een hoger niveau

location:
Congrescentrum 1931 Oude Engelenseweg 1 5222 AA ’s-Hertogenbosch
organised by:
Heliview
HSD event
13
Feb

A View on 2020 Dutch Economy: International Businesses, Trade Developments and Investment Opportunities

location:
organised by:
KPMG Meijburg & Co, NFIA, Rabobank, TradeCounsellors.nl, VNO-NCW and MKB Nederland
HSD event
19-20
Feb

DRIVER+ Advanced Crisis Management Conference

location:
Brussels, Belgium
organised by:
DRIVER+ project
HSD event
19
Feb

Hoe Werken we met Elkaar aan een Veilige Digitale Wereld?

location:
Oosterhout, Distributieweg 15
organised by:
Equalit
HSD event
20-21
Feb

Conference ‘Data for Peace and Security'

location:
The Hague
organised by:
The Netherlands Ministry of Foreign Affairs
HSD event
20
Feb

UK – NL Cyber & FinTech Summit and Matchmaking (CFS2020)

location:
Anna van Buerenplein 29 2595 DA Den Haag, Netherlands
organised by:
Enterprise Europe Network, KVK, RVO
HSD event
23-28
Feb

Economic Mission Cybersecurity to the RSA Conference

location:
San Francisco
organised by:
Netherlands Enterprise Agency (RVO), Consulate General San Francisco
HSD event
24-28
Feb

Holland Pavilion @ MWC Barcelona 2020

location:
Barcelona
organised by:
Enterprise Summit
HSD event
03
Mar

Themamiddag Bewustwording Informatiebeveiliging

location:
Centraal Nederland, rondom Utrecht. Exacte locatie volgt na inschrijving.
organised by:
BeOne Development
HSD event
05
Mar

HSD Café: CISOs and Cybersecurity Incidents

location:
HSD Campus, 7th floor
organised by:
HSD Office
HSD event
05
Mar

Hoe Helpt Nieuw Talent met Fraudepreventie?

location:
Amsterdam, La Guardiaweg 94-114
organised by:
UWV
HSD event
11
Mar

Security Bootcamp 2020

location:
Van Nelle Fabriek, Rotterdam
organised by:
SecureLink Nederland B.V.
HSD event
16-19
Mar

Conferentie Nederland Digitaal

location:
Groningen
organised by:
Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO), Smart Industry, ministerie van Economische Zaken en Klimaat
HSD event
17-18
Mar

ICT.OPEN2020

location:
Martiniplaza, Groningen
organised by:
NWO, IPN
HSD event
17
Mar

Symposium E-Discovery

location:
Zernikedreef 11, 2333 CK, Leiden
organised by:
Hogeschool Leiden
HSD event
19
Mar

Symposium Cyber Resilience

location:
De Haagse Hogeschool, Johanna Westerdijkplein 75 2501 EH Den Haag
organised by:
De Haagse Hogeschool
HSD event
23
Mar

Cybersecurity Recruitment Seminar

location:
HSD Campus
organised by:
Cyber Security Academy, ROC Mondriaan, NCOI/Computrain, Security Academy NL, HSD
HSD event
24-25
Mar

CyberTech Africa

location:
organised by:
CyberTech
HSD event
25-26
Mar

Insider Risk Management Public & Private Sector - Europe Masterclass 2020

location:
organised by:
Signpost Six
HSD event
26
Mar

Symposium Grip op Crisis

location:
Hotel Rest. Oud London Zeist Netherlands
organised by:
SVDC advies in crisisbeheersing
HSD event
01-03
Apr

ASIS Europe 2020 - From Risk to Resilience

location:
Prague, Czech Republic
organised by:
ASIS International
HSD event
07
Apr

HSD Café: OT Security

location:
HSD Campus, 7th floor
organised by:
HSD Office
HSD event
17
Apr

Finals Blue Tulip Awards 2020

location:
Taets Art and Event Park, Zaandam
organised by:
Accenture
HSD event
20
Apr

Hannover Messe 2020 | Holland High Tech House

location:
Hannover, Duitsland
organised by:
FME
HSD event
27-01
Apr-May

Hardwear.io Security Training

location:
Biltmore Hotel and Suits, Santa Clara, CA, USA
organised by:
Hardwear.io
HSD event
29-30
Apr

Mobile 360 - Security for 5G

location:
The Hague Conference Centre, New Babylon
organised by:
GSMA
HSD event
27-01
Apr-May

Hardwear.io Security Training

location:
Biltmore Hotel and Suits, Santa Clara, CA, USA
organised by:
Hardwear.io
HSD event
19
May

Resilience and Adaptivity in Professional Education to Prepare for a Changing Security Environment

location:
Brasserskade, The Hague
organised by:
Instituut Defensie Leergangen (Netherlands Defence College)
HSD event
27
May

Jaarcongres 2020: Maak Haaglanden de innovatiefste regio

location:
World Horti Center Naaldwijk
organised by:
Innovatief Haaglanden
HSD event
02-04
Jun

Info Security Europe

location:
Olympia London
organised by:
Info Security Europe
HSD event
25
Jun

HSD Café: MKB Special - Boost Your Partnership

location:
HSD Campus, 7th floor
organised by:
HSD Office
HSD event
23-28
Aug

International Cyber Security Summer School 2020

location:
organised by:
NATO C&I Agency, Europol,EY, Leiden University and HSD
HSD event
23-24
Sep

CyberTech Europe, Rome

location:
organised by:
CyberTech
HSD event
28
Sep

Hack The Hague 2020: Save the Date

location:
City Hall, Spui 70, 2511 BT The Hague
organised by:
City of The Hague and Cybersprint
HSD event
29-30
Sep

One Conference 2020: Save the Date

location:
World Forum, The Hague
organised by:
Ministry of Economic Affairs and Climate Policy, Ministry of Justice and Security, National Cyber Security Centre
HSD event
06-08
Oct

IT-SA 2020

location:
Exhibition Centre Nuremberg
organised by:
HSD event