Piano Thieving for Experts - ThruGlassXfer

Piano Thieving for Experts - ThruGlassXfer

ThruGlassXfer Ted doesnt think this can end well October 2014 Through Glass Transfer // Ian Latter This is enterprise @ L7 Remote access VMware Citrix RDP VNC SSH etc ad nausea

Console abstraction October 2014 Through Glass Transfer // Ian Latter Optical Packet Network (L3) Data exfiltration Imagine the screen as cut fiber optic bundle Consider an image (arbitrarily: QR Code) as an optical packet within the ether of the display Animate it - replace one image for another image to create a packet flow Datagram network protocol, OSI Layer 3

Layer 4 problems for receiver Uni-directional flow (no flow control) Camera oversampling, Packet duplication October 2014 Through Glass Transfer // Ian Latter TGXf Transport Protocol + Through Glass Transfer (exfiltrate) One way data transfer, two or more peers Features (at Layers 4-7) Supports high latency, interrupted transfers, error detection, 80bps -> 32kbps, and; ANSI terminal displays (42x21 chars)

Requires (of Layer 3) Basically binary encoding and >10bytes MTU Either 1, 2, 5, 8 or 10 Frames Per Second (FPS) QR Code version 1, 2, 8 or 15 Binary encoding, Type M (15%) error correction October 2014 Through Glass Transfer // Ian Latter Keyboard Packet Network (L3)

Data infiltration Arduino Leonardo USB HID Keyboard No drivers needed! Keyboard.println(x) Upload arbitrary executables via keyb Images; Digispark - 6KB flash Leostick - 32KB flash October 2014 Through Glass Transfer // Ian Latter

TKXf Keyboard Stuffer Through Keyboard Transfer (infiltrate) Target Arduino (top) USB HID Keyboard Encodes received raw/binary data as keys Alter Keyboard library to expose HID packet (12x faster ++) Attacker Arduino USB Serial Interface

Sends raw/binary octets to Target Arduino October 2014 Through Glass Transfer // Ian Latter TCXf Application Architecture Through Console Transfer (full duplex compromise) October 2014 Through Glass Transfer // Ian Latter TCXf IP Network Evolution PPP over the Screen and Keyboard

On the target device; sudo pppd 10.1.1.1:10.1.1.2 debug noccp nodetatch pty netcat localhost 8442 Note the privilege required to create a NIC (We already had a full-duplex socket without it) On the attackers device; sleep 2; sudo pppd noipdefault debug noccp nodetatch pty netcat localhost 8442 October 2014 Through Glass Transfer // Ian Latter TCXf PPP via XPe Thin Client

Playing video .. October 2014 Through Glass Transfer // Ian Latter Thank-you! Thanks to Ruxcon Thanks to my wife and daughter ThruGlassXfer Information site: http://thruglassxfer.com/ Source code, white paper, and videos are all available Project site: http://midnightcode.org/projects/TGXf/ Contact me:

[email protected] (If youre talking to me on social media, its not me) October 2014 Through Glass Transfer // Ian Latter

Recently Viewed Presentations

  • Les liaisons intermoléculaires

    Les liaisons intermoléculaires

    Exemple de composé covalent solide Relations entre la force des liaisons intermoléculaires et les propriétés physiques 2) Les corps covalents Les corps covalents formés de molécules polaires Dans ces composés, les importantes forces d'attraction entre les dipôles s'ajouteront aux forces...
  • Making the best use of clinical radiology services

    Making the best use of clinical radiology services

    Referral guidelines from Royal College of Radiologists (iRefer) Link on intranet via: Divisions and departments (purple on left) Facilities and clinical support. Radiology. RCR guidelines. iRefer. ... uses first part of the e-mail (egfirstname.surname) If doesn't work, please contact IT.
  • Qualit des donnes Suivi et Evaluation des programmes

    Qualit des donnes Suivi et Evaluation des programmes

    Y at-il des possibilités pour l'introduction de problèmes de qualité ici? N'oubliez pas le critère de 5, VRIPT, et maintenant de revoir vos sources de données. * Some steps you can take to improve data quality at its source are...
  • Visit for more Learning Reso Steganography is the

    Visit for more Learning Reso Steganography is the

    Steganography is the art and science of writing hidden message in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. Steganography works by replacing bits of useless or unused data...
  • Measurement Conversions - Study Island

    Measurement Conversions - Study Island

    Circle the larger measurement. 1 quart, 1 pint OR 6 pints 10. 4 weeks OR 35 days 750 centimeters OR 7 meters 3 kilograms OR 250 grams 13. 5 feet, 6 inches OR 64 inches Measurement Conversions Answer Key Abraham...
  • Operation sockhop 2015

    Operation sockhop 2015

    Promotions: Cal Steere. Dom Morelli. William and Lorraine Boyko. Carol Montalto. PRIZES FOR THE BEST DRESSED AND FOR THE BEST COUPLE DANCE CONTEST!! Win a Big Screen television, buy your raffle tickets now! ONE TICKET FOR $10.00 OR GET 3...
  • Plants

    Plants

    Vascular seed plants. Sporophyte is most prominent part of life cycle, producing gametophytes (opposite of seedless plants) Two types: Gymnosperms "naked seeds" Four main divisions. Angiosperms. Flowering plants. Ovary grows into fruit around seeds
  • English III American Literature - robeson.k12.nc.us

    English III American Literature - robeson.k12.nc.us

    Calibri Arial Ravie Elephant Bauhaus 93 Cambria Berlin Sans FB Office Theme English III American Literature PowerPoint Presentation PowerPoint Presentation THEMES PowerPoint Presentation Extra Credit A Personal Application of "The Road Not Taken" PowerPoint Presentation