The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

null Meetup: "Flying Drones, NSA Hacking and Backdooring Bootloaders"

01
Nov
Date:
01 November 2017
Time:
18:30 - 21:30 hrs
Location:
Teleportboulevard 121, Amsterdam Sloterdijk
Organised by:
KPN

Agenda:

1. "Drones Don't Fly When the Sky is Grey" with Javi Moreno
2. "I Boot when U-Boot" by Bernardo Maia Rodrigues - Vincent Ruijter

------------------

Abstract of first talk: A short film by Bea Cabrera. Project presentation, film screening and Q&A.
Storyline: After discovering the tracks of what looks like an illegal hacking attempt upon his company’s network, Mike Donahue will pursue the trespassers’ digital trail while staying one step ahead of the NSA. A fictional story about government surveillance loosely, but factually, based on recent real events.

------------------

Abstract of second talk: Personal computer systems are now considerably more secure than embedded devices. Trusted Platform Module (TPM) and secure boot are readily available and even default in a lot of new desktop computers and laptops. Numerous small office and consumer devices, including routers and smart televisions, however, are lacking even the most basic security features. In this talk we will demonstrate and describe the inner-workings of a custom developed (Fully Weaponised IoT Cyber™) bootkit, which gains persistence on U-Boot based embedded devices, at a lower level than even the firmware. Firmware updates and factory resets usually do not interfere with the bootloader, as a small problem could render the device unusable for an end-user: the bootkit will therefore remain present. By including a properly functioning killswitch and a multi-boot like technique, it is possible to switch between a regular and a backdoored image to thwart detection. Enterprises and ISPs must take this additional attack surface into account, and put effort into detecting and responding to this threat. Well-known security researchers have long advocated for easier ways to verify and demonstrate the integrity of hardware, but this comes at a price that vendors are not willing to pay for security. Recently however, regulatory bodies have started to enforce vendors to lock-down their wireless devices, in order to prevent them from operating outside of their certified frequencies. But these 'vendor lock-downs' are not sufficient to increase the device security, as we will demonstrate, it's just a minor inconvenience.

------------------

Speakers:

Javi Moreno works as a security consultant, specialised in cryptography and embedded security. Used to play CTFs often, now he prefers to sleep. He participated in Drones Don't Fly When the Sky is Grey as producer, advisor and coffee provider. You can follow him at @vierito5

Bernardo Maia Rodrigues (Brazil) Bernardo works as an Ethical Hacker for KPNs (Royal Duth Telecom) REDteam. He enjoys hacking (and bricking) embedded devices including routers, modems and TVs. He presented on security topics at the NullByte Conference, the null Amsterdam chapter and local venues. He frequently participates in CTFs with TheGoonies and is famous for not using buzzwords like IoT, APT and Cyber in his bio.

Vincent Ruijter (Netherlands) Pacifistic Internetveapon @ KPNs (Royal Dutch Telco) REDteam, who thinks he knows Linux. Moderator @ null Amsterdam chapter, with an endless curiosity for all things binary. Knows how to quit Vi ^[ESC!wqwq:wq!

More events

14
Nov

KVNRO Symposium “Defensie Structureel Partner Nationale Veiligheid”

location:
Generaal-Majoor Kootkazerne Wolweg 100 3776 LT Stroe
organised by:
Koninklijke Vereniging van Nederlandse Reserveofficieren (KVNRO)
HSD event
14-15
Nov

Dataprotectie & Privacy Congres – 7e editie

location:
Van der Valk Exclusief Winthontlaan 4 3526 KV Utrecht Nederland
organised by:
IIR
HSD event
18
Nov

i2 Cyber Threat Intelligence Bootcamp

location:
Veenendaal
organised by:
DataExpert
HSD event
19-22
Nov

Milipol Paris 2019: Leading event for homeland security and safety

location:
Paris-Nord Villepinte Exhibition Centre
organised by:
Comexposium in partnership with the French National Police and Gendarmerie, Civil Defence Service, French Customs, City Police, Interpol, etc. under the auspices of the French Ministry of Interior
HSD event
19-21
Nov

Smart City World Expo

location:
Barcelona
organised by:
Fira Barcelona
HSD event
20
Nov

4th International Cyber Warfare and Security Conference

location:
Congresium Ankara Söğütözü Caddesi No:1/A 06510 Çankaya, Ankara / TÜRKİYE
organised by:
HSD event
21
Nov

NISA International Conference 2019

location:
HSD Campus, Wilhelmina van Pruisenweg 104, The Hague
organised by:
Netherlands Intelligence Studies Association NISA
HSD event
21
Nov

Horizon2020 Pitching Session at Milipol 2019

location:
Paris-Nord Villepinte Exhibition Centre
organised by:
SEREN4 Security Research Enterprise Europe Network
HSD event
21
Nov

Cybersecurity Kennislunch

location:
OnderNemerSplein Rotterdam Blaak 40 3011 TA Rotterdam
organised by:
Chamber of Commerce
HSD event
26-28
Nov

TRUSTECH Cards and Digital Trust

location:
Palais des Festivals Cannes
organised by:
TRUSTECH
HSD event
26
Nov

RSA Conference Kick-off

location:
organised by:
InnovationQuarter, Netherlands Enterprise Agency, HSD
HSD event
28
Nov

Nixu - Adaptive Access Event

location:
HSD Campus
organised by:
Nixu, Ping Identity, Saviynt
HSD event
03
Dec

Dcypher Symposium 2019

location:
MediaPlaza (in het jaarbeurs gebouw), Utrecht Jaarbeursplein 3521 AL Utrecht
organised by:
Dcypher in close cooperation with NWO, RVO, NCSC, NPRO-SIA
HSD event
05
Dec

The KVK Business Challenge: Cost Effective Broad Band Internet in Wider Coastal Areas

location:
organised by:
Chamber of Commerce Enterprise Europe Network
HSD event
06
Dec

The Hague Hacks Festival 2019

location:
The Hague Humanity Hub Fluwelen Burgwal 58
organised by:
The Hague Peace Projects
HSD event
09-12
Dec

11th IEEE International Workshop on Information Forensics and Security

location:
Delft, The Netherlands
organised by:
Delft University of Technology, University Federico II of Naples, University of Innsbruck, Austria
HSD event
09
Dec

WIFS 2019 - Demo and Work-in-Progress session

location:
Delft
organised by:
Delft University of Technology
HSD event
20
Feb

CFS2020 - UK – NL Cyber & FinTech Summit

location:
The Hague Conference Center New Babylon
organised by:
British Embassy The Hague
HSD event
23-28
Feb

Economic Mission Cybersecurity to the RSA Conference

location:
San Francisco
organised by:
Netherlands Enterprise Agency (RVO), Consulate General San Francisco
HSD event
16-19
Mar

Conferentie Nederland Digitaal

location:
Groningen
organised by:
Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO), Smart Industry, ministerie van Economische Zaken en Klimaat
HSD event
26
Mar

Symposium Grip op Crisis

location:
Hotel Rest. Oud London Zeist Netherlands
organised by:
SVDC advies in crisisbeheersing
HSD event
01-03
Apr

ASIS Europe 2020 - From Risk to Resilience

location:
Prague, Czech Republic
organised by:
ASIS International
HSD event