The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

null Meetup: "Flying Drones, NSA Hacking and Backdooring Bootloaders"

01
Nov
Date:
01 November 2017
Time:
18:30 - 21:30 hrs
Location:
Teleportboulevard 121, Amsterdam Sloterdijk
Organised by:
KPN

Agenda:

1. "Drones Don't Fly When the Sky is Grey" with Javi Moreno
2. "I Boot when U-Boot" by Bernardo Maia Rodrigues - Vincent Ruijter

------------------

Abstract of first talk: A short film by Bea Cabrera. Project presentation, film screening and Q&A.
Storyline: After discovering the tracks of what looks like an illegal hacking attempt upon his company’s network, Mike Donahue will pursue the trespassers’ digital trail while staying one step ahead of the NSA. A fictional story about government surveillance loosely, but factually, based on recent real events.

------------------

Abstract of second talk: Personal computer systems are now considerably more secure than embedded devices. Trusted Platform Module (TPM) and secure boot are readily available and even default in a lot of new desktop computers and laptops. Numerous small office and consumer devices, including routers and smart televisions, however, are lacking even the most basic security features. In this talk we will demonstrate and describe the inner-workings of a custom developed (Fully Weaponised IoT Cyber™) bootkit, which gains persistence on U-Boot based embedded devices, at a lower level than even the firmware. Firmware updates and factory resets usually do not interfere with the bootloader, as a small problem could render the device unusable for an end-user: the bootkit will therefore remain present. By including a properly functioning killswitch and a multi-boot like technique, it is possible to switch between a regular and a backdoored image to thwart detection. Enterprises and ISPs must take this additional attack surface into account, and put effort into detecting and responding to this threat. Well-known security researchers have long advocated for easier ways to verify and demonstrate the integrity of hardware, but this comes at a price that vendors are not willing to pay for security. Recently however, regulatory bodies have started to enforce vendors to lock-down their wireless devices, in order to prevent them from operating outside of their certified frequencies. But these 'vendor lock-downs' are not sufficient to increase the device security, as we will demonstrate, it's just a minor inconvenience.

------------------

Speakers:

Javi Moreno works as a security consultant, specialised in cryptography and embedded security. Used to play CTFs often, now he prefers to sleep. He participated in Drones Don't Fly When the Sky is Grey as producer, advisor and coffee provider. You can follow him at @vierito5

Bernardo Maia Rodrigues (Brazil) Bernardo works as an Ethical Hacker for KPNs (Royal Duth Telecom) REDteam. He enjoys hacking (and bricking) embedded devices including routers, modems and TVs. He presented on security topics at the NullByte Conference, the null Amsterdam chapter and local venues. He frequently participates in CTFs with TheGoonies and is famous for not using buzzwords like IoT, APT and Cyber in his bio.

Vincent Ruijter (Netherlands) Pacifistic Internetveapon @ KPNs (Royal Dutch Telco) REDteam, who thinks he knows Linux. Moderator @ null Amsterdam chapter, with an endless curiosity for all things binary. Knows how to quit Vi ^[ESC!wqwq:wq!

HSD Partners involved

More events

22-27
Aug

International Cyber Security Summer School 2021

location:
Online
organised by:
NATO Communication & Information Agency (NCIA), Europol EC3, Leiden University, Palo Alto Networks, Dutch Innovation Factory and HSD
HSD event
01
Sep

To educate, to motivate or to facilitate? Psychology addressing the human factor in cybersecurity

location:
Online
organised by:
ISACA NL Chapter and NOREA
HSD event
07
Sep

Cyber Breakfast Session

location:
Signaalrood 25, 2718SH Zoetermeer
organised by:
Computest
HSD event
07
Sep

NLSecure[ID] September Edition

location:
Online
organised by:
KPN
HSD event
27
Sep

Hâck The Hague 2021

location:
Online
organised by:
Gemeente Den Haag & Cybersprint
HSD event
28-29
Sep

CyberTech Europe, Rome

location:
organised by:
CyberTech
HSD event
28-29
Sep

One Conference 2021

location:
organised by:
Ministry of Economic Affairs and Climate Policy, Ministry of Justice and Security, National Cyber Security Centre
HSD event
04
Oct

Kick-off Cybersecuritymaand door Alert Online

location:
Online
organised by:
Alert Online
HSD event
05
Oct

MKB Digicafé: Cyberweerbaar vs. Cybercriminaliteit

location:
Online
organised by:
MKB Digicafé, EYE en HSD
HSD event
06
Oct

Digital Experience 2021 - 6 oktober 2021

location:
Van der Valk Hotel Utrecht & Online
organised by:
DataExpert
HSD event
07
Oct

The Future of Business Technology - Leaders of Innovation

location:
Pathe, Berlijnplein 100, Utrecht, NL
organised by:
Dutch IT-channel
HSD event
12-14
Oct

WorldPensionSummit 2021

location:
Louwman Museum, The Hague or online.
organised by:
Pensions&Investments
HSD event
14
Oct

Symposium 'Reflection corona crisis, look back with crisis experts'

location:
Hotel Rest. Oud London Zeist
organised by:
SVDC advies in crisisbeheersing
HSD event
19
Oct

Masterclass security awareness: Zo ontwikkel je een human-centric awareness programma

location:
NBC Congrescentrum Nieuwegein
organised by:
Infosequre i.s.m CFLW Cyber Strategies, de Haagse Hogeschool en TNO
HSD event
25-29
Oct

Hardwear.io Netherlands 2021

location:
Hotel NH Den Haag 100 Prinses Margrietplantsoen 2595 BM Den Haag
organised by:
Hardwear.io
HSD event
01
Nov

Overheidsbrede Cyberoefening en Webinars 2021

location:
Online
organised by:
Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, ICTU. Northwave. Intelligent Security Operations, COT Instituut voor Veiligheids- en Crisismanagement
HSD event
26-28
Nov

Hackathon for Good (4th Edition)

location:
Online
organised by:
hosted by the city of The Hague and organized by The Hague Tech, in close collaboration with the Hague’s innovation ecosystems
HSD event
28-30
Nov

@Hack: Infosec on the edge

location:
Riyadh Front Expo Centre, Riyadh
organised by:
Informa Tech
HSD event
05-08
Jan

Handelsmissie Tech solutions for a responsible future - CES 2022

location:
Las Vegas, VS
organised by:
Ministerie van Economische Zaken en Klimaat, Rijksdienst voor Ondernemend Nederland, Ministerie van Buitenlandse Zaken, Consulaat-Generaal San Francisco
HSD event