The Dutch
Security Cluster
 
 
The Dutch
Security Cluster

null Meetup: "Flying Drones, NSA Hacking and Backdooring Bootloaders"

01
Nov
Date:
01 November 2017
Time:
18:30 - 21:30 hrs
Location:
Teleportboulevard 121, Amsterdam Sloterdijk
Organised by:
KPN

Agenda:

1. "Drones Don't Fly When the Sky is Grey" with Javi Moreno
2. "I Boot when U-Boot" by Bernardo Maia Rodrigues - Vincent Ruijter

------------------

Abstract of first talk: A short film by Bea Cabrera. Project presentation, film screening and Q&A.
Storyline: After discovering the tracks of what looks like an illegal hacking attempt upon his company’s network, Mike Donahue will pursue the trespassers’ digital trail while staying one step ahead of the NSA. A fictional story about government surveillance loosely, but factually, based on recent real events.

------------------

Abstract of second talk: Personal computer systems are now considerably more secure than embedded devices. Trusted Platform Module (TPM) and secure boot are readily available and even default in a lot of new desktop computers and laptops. Numerous small office and consumer devices, including routers and smart televisions, however, are lacking even the most basic security features. In this talk we will demonstrate and describe the inner-workings of a custom developed (Fully Weaponised IoT Cyber™) bootkit, which gains persistence on U-Boot based embedded devices, at a lower level than even the firmware. Firmware updates and factory resets usually do not interfere with the bootloader, as a small problem could render the device unusable for an end-user: the bootkit will therefore remain present. By including a properly functioning killswitch and a multi-boot like technique, it is possible to switch between a regular and a backdoored image to thwart detection. Enterprises and ISPs must take this additional attack surface into account, and put effort into detecting and responding to this threat. Well-known security researchers have long advocated for easier ways to verify and demonstrate the integrity of hardware, but this comes at a price that vendors are not willing to pay for security. Recently however, regulatory bodies have started to enforce vendors to lock-down their wireless devices, in order to prevent them from operating outside of their certified frequencies. But these 'vendor lock-downs' are not sufficient to increase the device security, as we will demonstrate, it's just a minor inconvenience.

------------------

Speakers:

Javi Moreno works as a security consultant, specialised in cryptography and embedded security. Used to play CTFs often, now he prefers to sleep. He participated in Drones Don't Fly When the Sky is Grey as producer, advisor and coffee provider. You can follow him at @vierito5

Bernardo Maia Rodrigues (Brazil) Bernardo works as an Ethical Hacker for KPNs (Royal Duth Telecom) REDteam. He enjoys hacking (and bricking) embedded devices including routers, modems and TVs. He presented on security topics at the NullByte Conference, the null Amsterdam chapter and local venues. He frequently participates in CTFs with TheGoonies and is famous for not using buzzwords like IoT, APT and Cyber in his bio.

Vincent Ruijter (Netherlands) Pacifistic Internetveapon @ KPNs (Royal Dutch Telco) REDteam, who thinks he knows Linux. Moderator @ null Amsterdam chapter, with an endless curiosity for all things binary. Knows how to quit Vi ^[ESC!wqwq:wq!

HSD Partners involved

More events

10-30
Aug-Oct

Digital Cyber Security Innovation Mission Taiwan

location:
Online mission
organised by:
Netherlands Enterprise Agency Netherlands Office Taipei Hague Security Delta Innovation Quarter
HSD event
01-26
Oct

Virtuele Overheidsbrede Cyberoefening en Webinars

location:
Virtueel
organised by:
Ministerie van BZK i.s.m. VNG, IBD, NCTV, Ministerie van EZK en CIO-Rijk, IPO, Unie van Waterschappen, CIP, UWV en Logius. De organisatie van de Overheidsbrede Cyberwebinars wordt verzorgd door ICTU en VNG Connect.
HSD event
01-13
Oct-Nov

Indo Dutch Cyber Security School 2020

location:
Online
organised by:
The Hague Centre for Strategic Studies, DSCI, City of The Hague, NL Embassy
HSD event
20-22
Oct

WorldPensionSummit 2020

location:
Louwman Museum, The Hague
organised by:
Pensions & Investments
HSD event
22
Oct

ReadID, NFC-based identity verification 'Conversion is Key'

location:
Free online event
organised by:
ReadID - powered by InnoValor
HSD event
26-28
Oct

Cyber Mission Nürnberg (München)

location:
Germany
organised by:
InnovationQuarter, the Netherlands Enterprise Agency (RVO), the Consulate General in Munich and the Hague Security Delta (HSD)
HSD event
27-29
Oct

Impactfest 2020

location:
Online
organised by:
HSD event
27
Oct

Security Xperience

location:
Online
organised by:
KPN Security
HSD event
28
Oct

CISO: Leadership

location:
Online
organised by:
HSD
HSD event
28
Oct

Free online event- DESIGNING SECURE BOOTLOADERS

location:
ONLINE!
organised by:
QA Ltd. & Riscure
HSD event
28
Oct

Behind The Scr33ns 2020

location:
Online
organised by:
Fox-IT
HSD event
28
Oct

French Threat Day | Brought to You by Anomali, ThreatFabric and Fox-IT

location:
Online
organised by:
Anomali, ThreatFrabric & Fox-IT
HSD event
29
Oct

HSD Café: AI, Security en Ethiek

location:
Online
organised by:
The Hague Security Delta
HSD event
29
Oct

[Webinar] "OT Security Risks: Remote Access & Maintenance"

location:
Online
organised by:
Trinity DS & Secura
HSD event
01-13
Oct-Nov

Indo Dutch Cyber Security School 2020

location:
Online
organised by:
The Hague Centre for Strategic Studies, DSCI, City of The Hague, NL Embassy
HSD event
03-26
Nov

#INNOvember

location:
Live en online
organised by:
Rijks Innovatie Community
HSD event
05
Nov

Online HSD Café: SME Special – Funding & Internationalisation

location:
Online
organised by:
HSD, InnovationQuarter, Yes!Delft The Hague and TIIN Capital
HSD event
05
Nov

Online symposium 'Opstap naar Weerbaarheid' 2020

location:
Online
organised by:
Ministry of Economic Affairs and Climate Policy
HSD event
10-12
Nov

2020 Conference on Cyber Norms | Moving Forward: Fragmentation, Polarization and Hybridity in Cyberspace

location:
Online
organised by:
The Hague Program for Cyber Norms / Leiden University
HSD event
12
Nov

1st Global Online Scam Summit

location:
Virtual
organised by:
Ecommerce Foundation (Scamadviser.com)
HSD event
18
Nov

Jaarcongres 2020: Maak Haaglanden de innovatiefste regio

location:
World Horti Center Naaldwijk
organised by:
Innovatief Haaglanden
HSD event
18-19
Nov

NIDV Exhibition Defence & Security

location:
Online
organised by:
Stichting Nederlandse Industrie voor Defensie en Veiligheid
HSD event
22-24
Nov

CyberTech Africa

location:
organised by:
CyberTech
HSD event
23-01
Nov-Dec

Cyber Investor Days

location:
Bochum, Germany
organised by:
ECSO
HSD event
24
Nov

HSD Café: Crisis Management

location:
Online
organised by:
HSD
HSD event
23-01
Nov-Dec

Cyber Investor Days

location:
Bochum, Germany
organised by:
ECSO
HSD event
01
Dec

Dutch IT Security Event

location:
Fokker Terminal, Den Haag
organised by:
DutchIT Channel
HSD event
03
Dec

HSD Café: Trendmonitor

location:
Online
organised by:
HSD
HSD event
12-13
Dec

Hackaton Cybersecurity

location:
Online
organised by:
The Hague University of Applied Sciences
HSD event
11-14
Jan

Virtuele editie CES 2021: 'Tech Solutions for Global Challenges'

location:
Online
organised by:
ROV, Ministry of Foreign Affairs & Ministry of Economic Affairs and Climate Policy
HSD event
24-26
Mar

Call for proposal: EIT Digital 2021 Brokerage Events

location:
Brussels
organised by:
EIT Digitial
HSD event
27
Mar

Operatie Volt

location:
DeFabrique Westkanaaldijk 7 3542 DA Utrecht
organised by:
Politie en het Ministery van Defentie
HSD event
27
Sep

Hâck The Hague 2021

location:
City Hall The Hague
organised by:
Gemeente Den Haag & Cybersprint
HSD event
28-29
Sep

CyberTech Europe, Rome

location:
organised by:
CyberTech
HSD event