Announcement

Collapse
No announcement yet.

Jimi 'jimi2x" Allee - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jimi 'jimi2x" Allee - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky

    Jimi 'jimi2x" Allee - Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky



    jimi2x (Jimi Two Times) AKA: Jimi Allee, CEO @ Lost Rabbit Labs,He/Him/They
    Presentation Title: Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky
    Length of presentation: 45 minutes
    Demo

    Learn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a 'Master Key' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!

    SPEAKER BIO:

    With 30 years in the Information Security industry, Jimi Allee has successfully navigated through many roles within the Infosec landscape, including Network/System/Security Engineering, Threat Intel/Risk Analysis, Offensive Security, Red/Blue/Purple Teaming as well as Research & Development. A former member of the US National Video Game Team, Jimi’s passionate curiosity brings a gamer mentality to the world of Threat Research, Detection and Elimination. Jimi is currently the CEO of Lost Rabbit Labs, a Full-Spectrum Cybersecurity Services company that specializes in Collaborative Penetration Testing and Assessments.

    @jimi2x303

    REFERENCES:
    https://github.com/dbisu/pico-ducky
    https://bugs.chromium.org/p/chromium...tail?id=954818

    []
Working...
X