1.0 The Silicon Root of Trust: Pre-Boot & Hardware Primitives The security of the macOS platform on Apple Silicon is not defined by the kernel; it is d...

Attached: 4 images Misc story time: tldr: I've been collecting security conference stickers for 20+ years and just now got around to using them ¯\_(ツ)_/¯ I'm not the kind of person to put stickers on my laptop. This means that for 23 years (apparently), when I got stickers from a conference, I kept them, put them in a bag, moved them from house-to-house, but never actually did anything with them. Until now. I finally found a usage; which is decorating the otherwise-sketchy-looking metal ammo case which @VeronicaKovah & I are now using to carry phones with us to trainings. We watched some videos on youtube that make it seem like those LiPo fire-protection bags would do a whole lot of not-much in the event that a fire broke out on one of the batteries. But a simple metal box seemed to do a lot better in terms of containing the flames. So we of course expect that airport security will always stop us when traveling with them (though at least this time our TSA pre-check status seemed to give us a pass on the way out). But the expectation is that contrary to what you might thing, adding hacking conference stickers will actually be disarming, rather than alarming, with security personnel - at least when compared to the alternative of seeing a raw ammo canister ;) The oldest sticker seems to be from DEF CON 10 (X), circa 2002 (my first DEF CON was 8 FWIW). In general I don't seek out stickers, but I do think the BadBIOS and "I want to believe" ones are things I probably got from Joe Fitz as they were of-the-moment and relevant to my interests. (If you're not familiar with the latter, it's from a very FUDish cover article [1]). I could have completely filled them, but I left a little bit of space for the future. Check out the larger pics for a potential stroll down memory lane. (RIP Shmoocon, Hackademic.info, NoSuchCon. Memento mori conference organizers ;)) #DEFCON, #BlackHat, #ShmooCon, #BlueHat, #RingZer0, #HackLU, #HardwearIO, #DistrictCon, #HackFest, #NoSuchCon, #DeepSec, #HITB, #HackersOnTheHill [1] https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

BlackHoodie founder Marion Marschalek shares her journey from early challenges to creating a global, inclusive reverse-engineering network.

We hold this truth to be self-evident&#58; SUFFERING BUILDS STRENGTH! In this talk I will walk you through the trials, tribulations, and triumph(!) of the worst debugging setup I've ever hacked together, which I used to reverse engineer the Realtek RTL8761B* family of Bluetooth chips.<p>This work was done because Bluetooth security tools are in an abominable state. We use "CSR4" (Cambridge Silicon Radio) dongles that don't support packets newer than Bluetooth 4.0 (released in 2010!), just to be able to spoof the Bluetooth Device Address (BDADDR) for MitM attacks.<p>Veronica Kovah & I have been creating Bluetooth security classes for <a href="https://ost2.fyi/">OpenSecurityTraining2</a>. And we wanted to use better hardware; ideally something that supports BT 5.4 (released in 2023). So I bought a bunch of cheap dongles off Amazon, and found that most of them used the same RTL8761B chip. So the goal was clear&#58; at a minimum, figure out a way to spoof the BDADDR on these dongles. But I also a set out a nice-to-have stretch goal - to figure out how to use these dongles to send custom LMP packets (which are architecturally not meant to be under full user control.) That way, could replace a bulky and expensive $55 dev board (that is only used for BT Classic), with a cheap and small $14 USB dongle (which has a better antenna to boot!) This would make Blue2thprinting (released at Hardwear.io 2023), and thus Bluetooth reconnaissance & vulnerability assessment, cheaper & better.<p>Bloodied (but not broken) by the ordeal, I achieved my goals and stretch goals. And given that there are no public descriptions of how Realtek Bluetooth chips work, I look forward to sharing hitherto-unknown information about how to navigate and understand these mostly-16-bit-MIPS-code systems. And I'll discuss how their ROM-"patch"ing firmware update mechanism works, how you can patch it to change its code too, and the security implications thereof.

Enter the email you have used / will use when registering for beta.ost2.fyi. This will be used to enroll you in the beta class if you are selected. If your account does not exist at the time enrollmen...

This fast-paced 3-day training explores Linux internals and Linux binary analysis techniques, before jumping right in with common Linux malware. Work through advanced samples, Linux software protectio...

This repository contains information about Bluetooth HCI Vendor-Specific Commands (VSCs) which are known to be security-relevant. - darkmentorllc/BT_Security_VSC_DB