Whitepapers & Talks
Fan-Tastic RFID Thief: Revamping an old weaponised RFID reader tool#
Daniel Underhay presented research on modifications to an existing RFID reader tool which has been used in red team engagements. The talk covered modifications to update the existing Tastic RFID Thief from Bishop fox and also a different approach to sampling data from the MaxiProx HID reader.
Access Control on Sesame Street#
Matthew Daley presents his Gallagher/Cardax access control system research. Gallagher (previously Cardax) make physical access control systems. This talk goes through research on the Gallagher access control system, including the hardware and software components, RFID technologies, communication protocols and credential formats. Several weaknesses are described and their prevalence in the real world is examined with actual fieldwork.
Learn how to clone access cards, modify card data to get elevated access, and brute-force controllers. For those on the other side of the locked door, learn how to avoid these weaknesses and make the most of your existing system.
Project Walrus: an RFID and Contactless Card Cloning App#
Matthew Daley and Daniel Underhay presented a new front-end Android application for the Proxmark3. Designed for streamlined use of the Proxmark3 during red team engagements.
Journey To The Top on Bugcrowd: The Untold Tales of Struggle and Pain#
The bug bounty scene has evolved tremendously over the years. It is now very competitive, especially among the top echelons. Through this presentation, Ahmad shares how he got to rank #2 in Bugcrowd. Ahmad provides insights to some of the challenges he’s faced and how he overcame them. Getting there is a journey - maintaining it is another.
PHP Internals: Exploit Dev Edition#
Emmanuel Law presented his research on PHP Internals from an exploit developer perspective. It covers some of the changes between PHP5 and PHP7. This was presented @ Ruxcon 2016, Kiwicon X and Troopers 17.
Hitchhiker’s Guide to Fuzzing Interpreters#
Emmanuel Law presented his talk on how to quickly bootstrap a fuzzing environment for interpreters. It covers some of the pros and cons as well as some tips to ease the process. This was presented @ Chcon 2016 in Christchurch.
The Three Billion Dollar App#
Aura’s Vladimir Wolstencroft presents his research, “The 3 Billion Dollar App”, at the Troopers infosec conference in Germany. Mobile social applications are proliferating through our society and are starting to take the lime light away from traditional social networks such as Facebook. Younger people especially, are moving towards applications such as WhatsApp and SnapChat. Incumbent companies are eager to exploit this new user base and are willing to offer billions to purchase these apps. Clearly the value is driven by access to this user base and the ability to collect information about users or deliver ads direct to users.
But do we need to spend billions to gain access to this user base? What if we don’t need to spend anything - what if there was a way to deliver content to all the users just by using the app? This talk details what is possible after reverse engineering the SnapChat app and will show how you don’t have to spend billions of dollars to deliver content to SnapChat users.
Bluevox: Attacking One Time Passwords at 1100Hz#
Graeme Neilson and Shingirayi Padya presented at Kiwicon 6 about cracking Audio One Time passwords.
Demonic Possession of Browsers. BeEF Issue #666#
Mike Haworth presented Demonic Possession of Browsers BeEF Issue #666 at Kiwicon 6.
X-Excess: WebApps meet Native Apps#
Mike Haworth and Aura associate Kirk Jackson talked at Kiwicon 5 about issues where the boundary between web apps and native apps gets blurry.
File Upload Considerations#
Kirk Jackson presented at OWASP New Zealand Day 2011 on File Upload Considerations.
Tales from the Crypt0#
Graeme Neilson presented with Kirk Jackson from Xero on cryptography at the OWASP Day New Zealand 15th July 2010. Does the thought of SSL, HTTPS and S/MIME make you squeamish? Does PKI make you want to scream? Does encrypting data at rest make you want to bury yourself alive?
Cryptography is an important part of most web applications these days, and developers and admins need to understand how, why and when to employ the best and appropriate techniques to secure their servers, applications, data and the livelihoods of their users.
Netscreen of the Dead#
Graeme Neilson presented at RuxCon in Sydney Australia (2008) and BlackHat, Las Vegas USA (2009). The presentation covered Graeme’s research on how he’s developed a trojan ScreenOS operating system that when loaded onto any Juniper Firewall turns it into a ZOMBIE, giving Graeme full access to the underlying firewall, bypassing all rules and passwords
We must of course mention Juniper at this point – “we express our appreciation for your pragmatic and careful handling of this case” (Juniper, 28 Nov 08). They also released a tech bulletin: PSN-2008-11-111, “ScreenOS Firmware Image Authenticity Notification” which states: “All Juniper ScreenOS Firewall Platforms are susceptible to circumstances in which a maliciously modified ScreenOS image can be installed.”