Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices

Presented at DEF CON 21 (2013), Aug. 3, 2013, 2 p.m. (45 minutes)

Malicious attackers and penetration testers alike are drawn to the ease and convenience of small, disguise-able attacker-controlled devices that can be implanted physically in a target organization. When such devices are discovered in an organization, that organization may wish to perform a forensic analysis of the device in order to determine what systems it has compromised, what information has been gathered, and any information that can help identify the attacker. Also, attacker-implanted penetration testing software and hardware may also be the target of counter-attack. Malicious attackers may compromise penetration testers' devices in order to surreptitiously gather information across multiple targets and pentests. The very tools we rely on to test security may provide an attractive attack surface for third parties.

In this talk, procedures for forensic examination and zero-day vulnerabilities that lead to remote compromise of the Pwn Plug will be discussed and demonstrated as a case study. Possible attack scenarios will be discussed.

Presenters:

• Wesley McGrew - Research Associate, Mississippi State University
  Wesley McGrew (@McGrewSecurity) is an assistant research professor at Mississippi State University's Computer Security Research Center, where he recently earned a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems. He also lectures for the MSU National Forensics Training Center, which provides free digital forensics training to law enforcement and wounded veterans. In the spring 2013 semester, he began teaching a self-designed course on reverse engineering to students at MSU, using real-world, high-profile malware samples, as part of gaining NSA CAE Cyber Ops certification for MSU. Wesley has presented at Black Hat USA and DEF CON, and is the author of penetration testing and forensics tools that he publishes through his personal/consultancy website, McGrewSecurity.com.

Links:

• https://defcon.org/html/defcon-21/dc-21-speakers.html#McGrew
• https://infocon.org/cons/DEF CON/DEF CON 21/DEF CON 21 video and slides/DEF CON 21 - Wesley McGrew - Pwn The Pwn Plug - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=Cvb2aerU6wk

Similar Presentations:

• Black Hat USA 2016 / Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
• DEF CON 23 (2015) / I Hunt Penetration Testers: More Weaknesses in Tools and Procedures
• DEF CON 24 (2016) / Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools