The large adoption of wireless devices goes further than WiFi (smartmeters, wearable devices, Internet of Things, etc.).
The developers of these new types of devices may not have a deep security background and it can lead to security and privacy issues when the solution is stressed.
However, to assess those types of devices, the only solution would be a dedicated hardware component with an appropriate radio interface for each one of them.
That is why we developed an easy-to-use wireless monitor/injector tool based on Software Defined Radio using GNU Radio and the well-known scapy framework.
In this talk, we will introduce this tool we developed for a wide range of wireless security assessments: the main goal of our tool is to provide effective penetration testing capabilities for security auditors with little to no knowledge of radio communications.
Beyond files recovery: OWADE cloud-based forensic
You recovered a bunch of files from a used hard drive and now what ?
If you ever wanted to push Windows offline forensic to the next level, come to our talk where we will show you how to use our open source tool OWADE (Offline Windows Analyzer and Data Extractor) to recover many interesting information from a used hard drive including web credentials, instant messaging credentials and user habits information.
We will walk you through the entire recovery chain process and demonstrate how to use OWADE to handle Windows various level of encryption (Syskey, DPAPI…) and extract the maximum information from used drives. OWADE is based on our work on DPAPIck our tool to decrypt DPAPI secrets.
We will present various statistics we computed on the data we gathered from the eBay used hard drive we bought to test and develop OWADE.
At the end of the talk we will release OWADE so you can play with it.
DPAPI : les secrets du moteur de chiffrement de Windows
es systèmes d’exploitation de Microsoft regorgent d’interfaces de programmation
diverses et variées. Parmi elles, DPAPI, qui permet de chiffrer et déchiffrer les
données jugées sensibles de façon transparente, est restée pendant plus de
10 ans non documentée. Nous vous proposons dans cet article de regarder sous le
capot et de découvrir les secrets du moteur de chiffrement de Windows.
Reversing DPAPI and stealing windows secrets offline
The Data Protection API (DPAPI) plays a key role in Windows security: This API is meant to be the standard way on Windows OS to store encrypted data on the disk. DPAPI is used by many popular applications including Internet Explorer, Google Talk, Google Chrome, Skype, MSN (6.5-7) to encrypt their passwords. It is also used by Windows itself to store sensitive information such as EFS certificates and Wifi (WEP and WPA) keys. DPAPI uses very opaque structures to store these encrypted data on disk and the available documentation is very sparse. Therefore prior to our work it was impossible to extract and analyze these secrets offline for forensic purposes. This is a particular huge issue for files encrypted using EFS because unless the EFS certificate protected by DPAPI is recovered these files can't be decrypted and analyzed. To address these issues, we did reverse the DPAPI and in this presentation will provide a complete walkthrough DPAPI and its structures. Afterward armed with this knowledge, anyone interested in windows forensic will be able to deal with data stored with DPAPI. We will cover the change made by Microsoft from Windows XP up to Windows Seven. Finally we will demonstrate and release DPAPick (www.dpapick.com) which we believe, is the first tool that allows to decrypt offline data encrypted with DPAPI.