Announcement

Collapse
No announcement yet.

Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller

    Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level - Fischer, Miller



    Title:
    Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level

    Presenter:
    Jonathan Fischer, Jeremy Miller

    Abstract:
    Enterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared hardware peripherals. This creates the ideal landscape for hardware implant attacks; however, implants have not kept up with this shift. While closed source, for-profit solutions exist and have seen some recent advances in innovation, they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals) relying on corporate networks for remote control. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more. They will also leave with a new platform from which to innovate custom implants. Live demos will be used to show these new tactics against real world infrastructure. This talk builds off of previous implant talks but will show how to leverage new techniques and technologies to push the innovation of hardware implants forward evolutionarily.

    Biography:
    Jonathan Fischer is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than five years at a Fortune 500. Since joining the cyber security industry, Jonathan has since earned various industry certifications (OSCP, GPEN, etc.) and continues to leverage his unique experience in his research into hardware hacking.

    Jeremy Miller is a 12+ year security professional that has worked in various industries including life-sciences, finance, and retail. Jeremy has worked both sides of the security spectrum ranging from Security Research, Red Teaming and Penetration Testing to Threat Intelligence and SOC Analyst. Jeremy currently works as a Security Technical Lead for an emerging R&D Life Science Platform where he works on product and infrastructure security.



  • #2
    For sneak peeks and other information about our upcoming talk, please check our Twitter page:
    https://twitter.com/Injectyll_HIDe

    Comment

    Working...
    X