Скачать презентацию Thru Glass Xfer Ted doesn t think this can Скачать презентацию Thru Glass Xfer Ted doesn t think this can

6c741a082d6ae923b259c20212b5828f.ppt

  • Количество слайдов: 10

Thru. Glass. Xfer Ted doesn’t think this can end well October 2014 Through Glass Thru. Glass. Xfer Ted doesn’t think this can end well October 2014 Through Glass Transfer // Ian Latter

This is enterprise @ L 7 • Remote access – VMware – Citrix – This is enterprise @ L 7 • Remote access – VMware – Citrix – RDP – VNC – SSH – etc ad nausea • Console abstraction October 2014 Through Glass Transfer // Ian Latter

Optical Packet Network (L 3) • Data exfiltration – Imagine the screen as cut Optical Packet Network (L 3) • Data exfiltration – Imagine the screen as cut fiber optic bundle • Consider an image (arbitrarily: QR Code) as an optical packet within the ether of the display • Animate it - replace one image for another image to create a packet flow • Datagram network protocol, OSI Layer 3 – Layer 4 problems for receiver • Uni-directional flow (no flow control) • Camera oversampling, Packet duplication October 2014 Through Glass Transfer // Ian Latter

TGXf Transport Protocol + Through Glass Transfer (exfiltrate) • One way data transfer, two TGXf Transport Protocol + Through Glass Transfer (exfiltrate) • One way data transfer, two or more peers Features (at Layers 4 -7) • Supports high latency, interrupted transfers, error detection, 80 bps -> 32 kbps, and; • ANSI terminal displays (42 x 21 chars) – Requires (of Layer 3) • Basically binary encoding and >10 bytes MTU – Either 1, 2, 5, 8 or 10 Frames Per Second (FPS) – QR Code version 1, 2, 8 or 15 – Binary encoding, Type M (15%) error correction October 2014 Through Glass Transfer // Ian Latter

Keyboard Packet Network (L 3) • Data infiltration – Arduino Leonardo – USB HID Keyboard Packet Network (L 3) • Data infiltration – Arduino Leonardo – USB HID Keyboard • No drivers needed! • Keyboard. println(“x”) – Upload arbitrary executables via keyb • Images; – Digispark - 6 KB flash – Leostick - 32 KB flash October 2014 Through Glass Transfer // Ian Latter

TKXf – “Keyboard Stuffer” Through Keyboard Transfer (infiltrate) • Target Arduino (top) – USB TKXf – “Keyboard Stuffer” Through Keyboard Transfer (infiltrate) • Target Arduino (top) – USB HID Keyboard • Encodes received raw/binary data as keys – Alter “Keyboard” library to expose HID packet (12 x faster ++) • Attacker Arduino – USB Serial Interface • Sends raw/binary octets to Target Arduino October 2014 Through Glass Transfer // Ian Latter

TCXf Application Architecture Through Console Transfer (full duplex compromise) October 2014 Through Glass Transfer TCXf Application Architecture Through Console Transfer (full duplex compromise) October 2014 Through Glass Transfer // Ian Latter

TCXf IP Network Evolution • PPP over the Screen and Keyboard – On the TCXf IP Network Evolution • PPP over the Screen and Keyboard – On the target device; • sudo pppd 10. 1. 1. 1: 10. 1. 1. 2 debug noccp nodetatch pty “netcat localhost 8442” – Note the privilege required to create a NIC (We already had a full-duplex socket without it) – On the attackers device; • sleep 2; sudo pppd noipdefault debug noccp nodetatch pty “netcat localhost 8442” October 2014 Through Glass Transfer // Ian Latter

TCXf PPP via XPe Thin Client Playing video. . October 2014 Through Glass Transfer TCXf PPP via XPe Thin Client Playing video. . October 2014 Through Glass Transfer // Ian Latter

Thank-you! – Thanks to Ruxcon • Thanks to my wife and daughter • Thru. Thank-you! – Thanks to Ruxcon • Thanks to my wife and daughter • Thru. Glass. Xfer – Information site: http: //thruglassxfer. com/ Source code, white paper, and videos are all available – Project site: http: //midnightcode. org/projects/TGXf/ – Contact me: Ian. Latter@midnightcode. org (If you’re talking to me on social media, it’s not me) October 2014 Through Glass Transfer // Ian Latter