He then shows me, and HE was the one running a vulnerable machine to Mousejacking!
COOLEST DEFCON BADGES MAC
And if you look at my picture, there it is! That's the 40 bit MAC address of a nRF24L chip! But, who was it? Then the guy running the Wall of Sheep asks if it also affects dongles that are only for mice, and I tell him yes. And what do I find? I found a vulnerable machine! And I ask to have it listed, since it is a remote keyboard level exploit. I'm running my RadioInstigator looking for people with nRF24L keyboard/mouse HID chips plugged in. No that was a fucking PURE WIN!īut it stopped.? Not at all! I headed to Packet Village to the Wall of Sheep. I didn't 'win' per se, but did get an And!Xor badge. The annual contest, started by technologist Joe Grand, challenges conference attendees to. I had a fucking awesome party in my room on the 8th floor of the Flamengo, where we ended at Taco Bell with one hell of a SE master who ended up kissing the lady working at the Taco Bell.ĭid the awesomeness stop there? NO! I went to the Homebuilt Hacker Competition. The booze-loving binary beast is one of two dozens entries in this years Defcon badge hacking contest. I was interviewed by HackADay's Sophie Kravitz with my device I built called the RadioInstigator! Yeah, this year was my first and I fucking pwn3d it! I don't want people vulnerable raising tide lifts all boats, kind of thing.
I also made a point to inform anybody and everybody I individually saw running these dongles to immediately remove them from your computer, and dispose of them. However, the way I chose to run my "attacks" were to prove beyond a shadow of doubt that they work, yet 'Do no Harm'. These destination devices are NOT MINE and I did not have permission to run active attacks on them. I would NOT actually run any attacks against anyone running an affected dongle.I could show a successful injection attack against a destination chip.I could identify between a non-injectable keyboard/mouse and an injectable computer dongle.Eventually, the Defcon organizers settled into a cadence.
A Defcon 17 attendee even added a Breathalyzer to his badge. The Defcon 16 badge included a 'TV-B-GONE' function, to the great chagrin of the Las Vegas restaurants and sports bars owners. HOWEVER the script I indicated was a "touch empty.txt" null script. As badge functionality grew, enterprising conference attendees started modifying them. I did indeed use the MouseJack program "Jackit" to remotely run a script on the Wall of Sheep's maintainer computer. I would like to specifically clarify the following.
0 kommentar(er)
