OPALE SECURITY@BLACKHAT USA 2015: Hardware Hacking Training for Software Pentester

Hello,

With great honor, we are back to Blackhat USA 2015 Las Vegas Security Conference with our Hardware Hacking training for Software pentester: Book your seat soon !

https://www.blackhat.com/us-15/training/hardware-hacking-laboratory-for-software-pentesters.html

Electronic training board for hardware security

Electronic training board for hardware security

 

See you on vegas?

 

MasterClass FIC 2015 – Hacking et Radio Fréquence : Salle comble !

Opale Security a présenté une méthodologie de pentest des communications Radio Fréquence au FIC 2015. Nous avons fait salle comble (+ 130 personnes !). Beaucoup d’échanges avec l’auditoire. Merci à tous.

Sujet : Pirater  Auditer le protocole sans fil de l’internet des objets à l’aide des outils de radio logicielle

MasterClass Opale Security - Hacking Radio Frequence - Salle comble 2

 

MasterClass Opale Security - Hacking Radio Frequence - Salle comble

Le FIC est aussi l’occasion de présenter notre ‘savoir faire’ et nos expertises concernant la sécurité des systèmes embarqués (électronique, Internet des objets etc…)

Le Général Davis (États-Unis) a assisté à la présentation des solutions opales ecurity

Nous avons pu échanger sur les problématiques du domaine du Hardware Hacking avec le Général Davis (États-Unis) qui a assisté à la présentation des solutions Opale Security sur notre stand.

Nous avons aussi apprécié la visite de Guillaume Poupard, Directeur général de l’ANSSI, et celle de Marie-Noëlle Sclafer, directrice de DGA Maîtrise de l’information.

Merci  à tous nos clients / Visiteurs qui  ont fait le déplacement  pour venir nous voir sur le salon.

Remerciement à CEIS pour l’organisation de cette édition du FIC, à la région Bretagne (http://www.bretagne.fr/), notamment Mr Bernard Pouliquen , vice-président chargé de l’enseignement supérieur et de la recherche, aux autres élus régionaux pour leur implication (Loïg Chesnais-Girard @LoigCG), à la Meito (http://www.meito.com/accueil @LaMeito), au pôle d’excellence cyber (plus particulièrement Mr Paul-André Pincemin) pour la préparation et l’appui apporté à Opale Security avant et pendant tout le salon. En Région Bretagne, quand on parle « d’accompagnement des PME dans le domaine de la cyberSécurité » , ce ne sont pas que des mots ! 

Si vous souhaitez avoir plus d’information sur nos services (Formation aux Hardware Hacking, Audit de sécurité de systèmes embarqués, Sécurisation de l’internet des objets etc…) n’hésitez pas à prendre contact (contact(AT)opale-security.com)

Interview d’ @OpaleSecurity par @atlantico_fr / reflexions à propos des derniers documents de la NSA analysés par les journalistes du Spiegel

Opale Security a été interviewé par les journalistes d’Atlantico : sous un titre quelque peu « racoleur » à notre goût, nous avons répondu à leurs questions et proposons quelques reflexions (sans prétention) à propos des derniers documents de la NSA analysés par les journalistes du Spiegel.

http://www.atlantico.fr/decryptage/tout-savoir-tor-et-autres-outils-susceptibles-resister-surveillance-nsa-yann-allain-1930722.html

Pour aller plus loin dans vos propres reflexions sur ce sujet, il nous semble nécessaire de vous inviter à visionner la video de la conférence que ces journalistes du Spiegel ont faite aux 31C3 : https://www.youtube.com/watch?v=0SgGMj3Mf88

Bonne lecture.

 

 

OPALE SECURITY @FIC2015 : Hacking the Internet of things Wireless protocol with Software Defined Radio Tools

With a growing need of both communication and mobility, it is obvious that wireless and Radio Frequency (RF) technologies will continue their quick ascent. From the small (Bluetooth, Zigbee…) to the large distance (GSM, Wi-Fi) RF protocols exists and are massively deployed. They exposed embedded devices or Internet of Things to new ways of attack from radio based system and, as usual, attackers follow closely.

It is therefore logical to see dedicated tools appearing to assist security auditors in their purpose to asses wireless communication. Despite the support that can bring these tools, security auditors and software pen-testers need to enter the limbo of RF signal processing areas which require an (often left aside) important electronic background.

However, learning with software defined radio (SDR) tools is a good and fun way to begin discover, step by step, this domain. That’s what we wanted by creating this master class : To allow you to understand and see more clearly things that travels invisibly over the air.

To do so, we will focus on how to audit most of the wireless protocols. They are commonly used by hardware that compose embedded devices as well as digital and control systems, instrumentation or supervision devices. You will specifically discover wireless protocol auditing methodology and tools of trade . No boring theory associated … or few. Our masterclass will be given with a more technical, practical and demonstrative approach. You will discover how to use best SDR tools available such as HAckRF One or USRP board etc. On the other hand we will also demonstrate that you can continue to evolve in this audit domain without selling a kidney, by the simple use of a 10$ TNT receivers.

At the end of this masterclass, you will be able to begin to develop clear auditing guidelines, methods and references to properly evaluate and asses any (or most of !) wireless protocol use by embedded devices by yourself.

Welcome to RF hacking world and See you soon at FIC2015 ! (Stand F12)

OPALE SECURITY obtient l’agrément CIR « organisme de recherche privé »

OPALE SECURITY, Cabinet de conseil en sécurité des SI et des systèmes embarqués , vient d’obtenir l’agrément Crédit Impôt Recherche (CIR) pour une durée de 3 ans (2014 à 2016).

Dans le cadre de ce dispositif, nos clients , qui font appel à notre expertise en R&D , peuvent ainsi déduire de leur Crédit Impôt Recherche les dépenses associées (sous réserve du respect de la réglementation en vigueur).

Dans ce cadre, 30% du coût de nos prestations éligibles seront alors remboursées par l’état à nos clients. Ce remboursement s’effectue sous la forme d’un crédit d’impôt.

Ce savoir faire en R&D vient compléter une offre de conseil en sécurité des SI et des système embarqués permettant à nos clients de réduire les risques de façon pragmatiques et efficaces.

The security of Internet of Things: Do we need an « OWASP like » group ?

Bruce Schneier just wrote an essai about insecurity of « Internet of things » in Wired online magazine.

It’s a worth reading article !

Source : The Internet of Things Is Wildly Insecure — And Often Unpatchable | Wired Opinion | Wired.com http://www.wired.com/opinion/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/

We agree with most of the fact exposed by this article but we would like to add some point related to the « (in)security of Internet of things » . Our main purpose is that we wonder how to limit risks from the security community perspective?

At OPALE SECURITY, we made a lot of embedded system security audits , we proposed several  hardware hackings trainings  and we share with the community some of our « modest security research » related to to this subject. Our experiences show that the security issues exposed by this article are correct, and of course, vulnerabilities exist inside those type of « embedded systems, where computing is embedded into the hardware itself » (we like the  expression used by Bruce Schneier to define an embedded systems) but other aspects related to this area are also often treated marginally from a security point of view:

  • Best security practices are not very well publicized or accessible
    • How to audit the security of this type of device ?
    • Are security communities and industrial (manufacturer or designers) prepared? 
    • Do they have access to security standards and best practices ?
  • People’s skills or knowledges ?
    • Is that IT security people are sufficiently trained and skilled to effectively audit the electronics systems?
    • Are people involved also able to design the best secured embedded architecture for their own or for their customers as they do for web applications ?
    • Is that Electronic designers and manufacturers know how their systems could be hacked?

In fact , we think that there is a need for a « sort of OWASP project » but dedicated to Internet of things security related stuff. 

Do you agree ?

Regards

YA


Want to learn how to audit and secure embedded devices? Check our new practical training! Hardware Hacking lab training V2 just released

Hardware Hacking lab training V2 just released

If you wand to learn how to audit or secure an embedded device please consider to book a seat in our training (contact us at formation@opale-security.com). We may give this training where you are located on demand

We built a real and functional embedded device that contains plenty of hardware vulnerabilities (Hard & Soft level): It’s a vulnerable electronic lock board dedicated to hardware hacking training !

Electronic training board for hardware security

Electronic training board for hardware security

Summary: This training goals is to give to security people with no electronic skills or electronic designer with no security skills all basic necessary knowledge, method and tools to be able to perform hardware security audit and to learn how to secure and design embedded device . It will contains plenty of hands on exercises.

Prerequisites: Laptop with VMWARE PLAYER + CDROM or USB + 50 Go Free HD space for VMs

Content : The Hardware hacking laboratory  training 
 will allow you to understand security flaws and how to exploit hardware vulnerabilities & how to secure Hardware products.
We will provided to each persons , for the duration of the training, all necessary hardware stuff to follow the training (Prototypes, Tools, etc…) and perform hands on labs


Duration estimated : 3 days

Part 1 : Hardware Hacking 101

Basic review of electronic knowledge for IT security pentester
, Motivations, 
Brief history of hacking security talks, 
Hardware security vulnerabilities review
, Offensive & Defensive aspects of Hardware hacking

Hans on labs for basic electronic component and embedded systems

Part 2 : Hardware hacking audit

Method, tools, how to 
plan your audits, 
Differences with software pen testing or audit, 
Tools of trade for Hardware security audit

Hands on labs with Hardware tools

Part 3 : How to access to the hardware?


How to acquire electronic signals, 
Tools demonstration

hands on 
Soldering/Desoldering – Fingerprinting electronic circuits

Part 4: How to access the software inside the hardware?


Embedded system architecture presentation (Microcontrolor, FPGA, ASIC, …), 
Embedded system OS presentation
, Direct access to the software via I/O interfaces (JTAG, I2C, DMA,etc…)

Hands on to dump firmware trough different type of Interfaces
 + Indirect access to the software or sensitive content via side channel attacks demo (Power analysis attacks…)

Part 5: Complete Hacking labs

(Based on our vulnerable embedded system prototype provided)

Hands on – Identifying electronics component
, Important electronic signal acquisition, desoldering sensitive component for « offline » analysis
, interception and analysis of electronic bus signals on the electronic board
, modifying and dumping Firmware via JTAG debug function (and other I/O access)
, Fuzzing external interface to spot basic vulnerabilities in embedded system
, Exploiting vulnerabilities during an hardware security audit

Part 6 : Protect your hardware products

Secure Design and Development Life cycle (SDLC), 
Review of hardware security best practices to limit risks

Hands on exercises (how to limit jtag access, encrypt firmware, limit software vulnerabilities at embedded level,…)

Review of protections against side channel attack (limit power analysis attacks)

Part 7 : Designed your own hardware hacking (security audit)tools

Basic tools used to designed electronic systems

Hands on – Create your 1st electronic circuit board

FPGA for security pentester

Hands on – Create your 1st FPGA based security tool

Mass production process review

and more…

Interesting new (or underused!) intrusion vectors for .NET Web applications presented at last Blackhat Conference

At the last Blackhat Conference, researchers showed some efficient and new intrusion vectors, underused by auditors and hackers.
« … Server Web Controls are common components in modern platforms that speed up development and enable content reuse. Since events of server controls implement additional application features, they might be protected via privilege validation, comments or properties that disable or render them invisible.However, since Invisibility, by definition, is in the eyes of the beholder, an invisible object can still be visible to instruments designed to locate it. By abusing the event activation mechanism of server controls, it’s possible to enumerate and execute dormant events, in-spite of most security measures – all using a refined methodology and a new designated tool.
.. »
The concept of their research is to execute Dormant (just hidden) Server Events & Controls . One example is Invisible control, not rendered on the client side but code still exists and run on the server side
The researchers provided a set of tools to detect some of those ‘dormant » server events & control.
Regarding your web applications using .NET technology, it could be important to try to detect (and exploit) those type of « Hidden » events if they exist

NEW OPALE SECURITY TRAINING : Hardware Hacking laboratory for software Pentester @ Hack In Paris 2013!

We are teaching Hardware Hacking for software Pentester @ Hack In Paris 2013!

Registration is now open https://www.hackinparis.com/training-yann-allain

Agenda

Date: Mon, 2013-06-17 09:00 – Wed, 2013-06-19 18:00

Venue : The conference will held at Disney’s Hotel New York® Convention Centre, located in Disneyland Paris (France)

Duration: 3 days

Summary: This training goals is to give to software pentesters (with no electronic skills) all basic necessary knowledge, method and tools to be able to perform hardware security audit. It will contains plenty of hands on exercises.

Prerequisites: Laptop with VMWARE PLAYER + CDROM or USB + 50 Go Free HD space for VMs

Content : The Hardware hacking laboratory  training 
 will allow you to understand security flaws and how to exploit hardware vulnerabilities & how to secure Hardware products.
We will provided to each persons , for the duration of the training, all necessary hardware stuff to follow the training (Prototypes, Tools, etc…) and perform hands on labs


Duration estimated : 3 days

Part 1 : Hardware Hacking 101

Basic review of electronic knowledge for IT security pentester
, Motivations, 
Brief history of hacking security talks, 
Hardware security vulnerabilities review
, Offensive & Defensive aspects of Hardware hacking

Hans on labs for basic electronic component and embedded systems

Part 2 : Hardware hacking audit

Method, tools, how to 
plan your audits, 
Differences with software pen testing or audit, 
Tools of trade for Hardware security audit

Hands on labs with Hardware tools

Part 3 : How to access to the hardware?


How to acquire electronic signals, 
Tools demonstration

hands on 
Soldering/Desoldering – Fingerprinting electronic circuits

Part 4: How to access the software inside the hardware?


Embedded system architecture presentation (Microcontrolor, FPGA, ASIC, …), 
Embedded system OS presentation
, Direct access to the software via I/O interfaces (JTAG, I2C, DMA,etc…)

Hands on to dump firmware trough different type of Interfaces
 + Indirect access to the software or sensitive content via side channel attacks demo (Power analysis attacks…)

Part 5: Complete Hacking labs

(Based on our vulnerable embedded system prototype provided)

Hands on – Identifying electronics component
, Important electronic signal acquisition, desoldering sensitive component for « offline » analysis
, interception and analysis of electronic bus signals on the electronic board
, modifying and dumping Firmware via JTAG debug function (and other I/O access)
, Fuzzing external interface to spot basic vulnerabilities in embedded system
, Exploiting vulnerabilities during an hardware security audit

Part 6 : Protect your hardware products

Secure Design and Development Life cycle (SDLC), 
Review of hardware security best practices to limit risks

Hands on exercises (how to limit jtag access, encrypt firmware, limit software vulnerabilities at embedded level,…)

Review of protections against side channel attack (limit power analysis attacks)

Part 7 : Designed your own hardware hacking (security audit)tools

Basic tools used to designed electronic systems

Hands on – Create your 1st electronic circuit board

FPGA for security pentester

Hands on – Create your 1st FPGA based security tool

Mass production process review

and more…

PCI DSS : New Risk Assesment Guideline published by PCI DSS Council

le PCI DSS COUNCIL vient de publier un nouveau guide. Il présente les bonnes pratiques à mettre en place pour réaliser les analyses de risques annuelles imposées par le standards PCI DSS ( Requirement 12,1,2)

Source :https://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf

Les aspects de formalisation sont très largement mise en avant dans ce document. Plusieurs méthodologies d’analyse de risque sont proposées (sans rendre leur utilisation obligatoire); Il s’agit de l’ISO 27005, NIST SP 800-30 et OCTOVA.

A priori, les QSA (Qualified Security Assessor) vont , sans doute, à partir de maintenant, demander un niveau de formalisation de vos analyses de risques conforme a ces références méthodologiques pour valider le pré requis 12,1,2.

Suivre

Recevez les nouvelles publications par mail.

Rejoignez 105 autres abonnés