Open in app

Sign in

Write

Sign in

Recap Amrita InCTF 2019 | Part 2

Devesh Sharma
Opstree
Published in
4 min readJan 29, 2020

+

Amrita InCTF 10th Edition is an offline CTF(Capture the Flag) event hosted by Amrita University. In our previous blog, we discussed talks from the first day. In this, we’ll share some lights on the talks from the second day.

Talk 1: Exploring attack surfaces in embedded devices by Vivek

The IoT has become popular in everyday household items like a fridge, washing machine, camera, and television. You can access them remotely and some devices can communicate with each other. These connections become entry points to the attacker.

Nowadays commodity devices are getting intelligent and SOC’s are pretty much cheaper($5 raspberry pi Zero), as such they are all over us from watch to contact glasses; these are all now getting connected to a massive IoT network all connected and potentially vulnerable.

Below are some insights on key topics discussed in the talk around IOT security.

BLE Security Testing:- Bluetooth Low Energy Low cost and ease of implementation lead BLE to be widely used among IoT devices and applications like Wearable sensors, light-bulbs, and medical devices.

BLE has three main vulnerabilities.

ZigBee Security Testing-: Zigbee is a wireless communication Protocol. It’s used to connect the sensor, door locks, electric meters, and traffic management systems. This protocol is open at a network level. So when the devices start connecting they send out beacon requests.

NFC RFID cloning:-

There is no security, they’ve been hacked, there’s no protection of data, no privacy, everything is in the clear and it’s not resistant to sniffing or common attacks.

To access sensitive information, you have to provide that sector of memory with the right key-otherwise, it will show up blank. Even though these cards are a lot more secure, once you know the encryption algorithm you can decrypt them and access the sensitive information. With that, people can also clone these cards relatively easily.

Talk 2: APT attack by Shaunak :

Shaunak is the CEO of the Zacco cybersecurity company. He talks about his experience in APT attacks. He gives a brief intro about what Advanced persistent threat attacks. He also shared his experience of finding out an APT attack within an organization that had no clue about it.

What is APT Attack:-

APT attacks are performed in a large scale. APT attacks are a cybercrime directed at business and political targets. Organized crime groups may sponsor advanced persistent threats to gain the information they can use to carry out criminal acts for financial gain.

How an APT attack works:-

  • Establish a foothold: After gaining the access target, the APT group do future reconnaissance, create networks of backdoors and tunnels that they can use to move around unnoticed. APTs may use advanced malware techniques such as code rewriting to cover their tracks.
  • Gain even greater access: Once inside a network, APT actors may use such methods as password cracking to gain administrative rights. So they can get high-level access.
  • Move laterally: After getting admin access, they can then move around the enterprise network. They can attempt to attack other servers.
  • Stage the attack: At this point, the hackers centralize, encrypt, and compress the data so they can exfiltrate it.
  • Take the data: The attacker transfers data in his own system.
  • Remain until they’re detected: The APT group can repeat this process for a long time until they detected.

Talk 3: Intel L1 Terminal Fault Vulnerability
by Reno Robert

Reno Robert talks about Inlet L1 Terminal Fault most Intel processors are affected with this vulnerability. It can allow attackers to access sensitive information stored in the Level 1 CPU cache.

This may include data from the operating system, kernel, hypervisor, or the neighboring virtual machine.

It may allow malicious code execution on one thread to access data from the L1 cache of another thread within the same core.

This was all from day 2 talk, Come back on next Tuesday for talks from Day 3. And as the final segment of this series, we’ll be updating about attack/defense and jeopardy CTF experience.

We’ll be more than happy to hear from you in the comments section regarding any feedback or criticism.

Stay Tuned, Happy Blogging!

Reference: https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/ https://msrc-blog.microsoft.com/2018/08/14/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ https://research.kudelskisecurity.com/2017/11/21/zigbee-security-basics-part-3/

Opstree is an End to End DevOps solution provider

Originally published at http://blog.opstree.com on January 29, 2020.

--

--

Devesh Sharma
Opstree

Written by Devesh Sharma

0 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams