Termin:Chaotic-Congress-Cinema Nr. 23

Aus Attraktor Wiki

Wechseln zu: Navigation, Suche


Chaotic Congress Cinema Nr. 23

Beginn:

29.06.2011 20:00

Ende:

29.06.2011 22:00


Needs to be there, but does not need to be seen by a visitor Yes Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter Chaotic Congress Cinema.

A framework for automated architecture-independent gadget search

CCC edition

We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set.

Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free- branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.


http://events.ccc.de/congress/2010/Fahrplan/events/4168.en.html

http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4168-en-automated_architecture_independent_gadget_search.mp4


The Hidden Nemesis

Backdooring Embedded Controllers

Want to persistently backdoor a laptop? Backdooring the BIOS is out of the question since your target can dump and diff it? Planting hardware is out of the question as well? Shhhhhhh.. I have something for you:

Embedded controllers are present in every modern laptop, yet their security impact has been unresearched thus far. An embedded controller has access to the complete stream of keyboard scan codes, can control fans and the battery charging process. Backdooring the embedded controller is a powerful way to plant a persistent firmware keylogger that works in a cross-platform fashion. Since ECs usually also provide battery and temperature sensor readings through ACPI, there also exists a way to funnel out the keystroke data through a low-privilege process later. Some laptops even allow EC controller firmware updates over the LAN!

I will present a PoC backdoor for a widespread series of laptops and show you how to defend yourself against this attack by dumping the EC firmware yourself.


http://events.ccc.de/congress/2010/Fahrplan/events/4174.en.html

http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4174-en-the_hidden_nemesis.mp4

Diese Seite wurde zuletzt am 25. Juni 2011 um 19:33 Uhr geändert. Diese Seite wurde bisher 3.614 mal abgerufen.