Game of Drones: Putting the Emerging "Drone Defense" Market to the Test

Presented at DEF CON 25 (2017), July 29, 2017, 4 p.m. (45 minutes)

When you learned that military and law enforcement agencies had trained screaming eagles to pluck drones from the sky, did you too find yourself asking: "I wonder if I could throw these eagles off my tail, maybe by deploying delicious bacon countermeasures?" Well you'd be wise to question just how effective these emerging, first generation "drone defense" solutions really are, and which amount to little more than "snake oil". There is no such thing as "best practices" when it comes to defending against "rogue drones", period. Over the past 2 years, new defensive products that detect and respond to "rogue drones" have been crawling out of the woodwork. The vast majority are immature, unproven solutions that require a proper vetting. We've taken a MythBusters-style approach to testing the effectiveness of a variety of drone defense solutions, pitting them against our DangerDrone. Videos demonstrating the results should be almost as fun for you to watch as they were for us to produce. Expect to witness epic aerial battles against an assortment of drone defense types, including: • trained eagles and falcons that hunt "rogue drones" • fighter drones that hunt and shoot nets • drones with large nets that swoop in and snatch up 'rogue drones' • surface-to-air projectile weapons, including bazooka-like cannons that launch nets, and shotgun shells containing nets • signal jamming and hijacking devices that attack drone command and control interfaces • even frickin' laser beams and Patriot missiles! We'll also be releasing DangerDrone v2.0, an upgraded version of our free Raspberry Pi-based pentesting quadcopter (basically a ~$500 hacker's laptop, that can also fly). We'll be giving away a fully functional DangerDrone v2.0 to one lucky audience member! So come see what's guaranteed to be the most entertaining talk this year and find out which of these dogs can hunt!

Presenters:

  • David Latimer - Security Analyst, Bishop Fox
    David Latimer is a Security Analyst at Bishop Fox, a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on network and web application penetration testing. He won a state Cisco Networking Skills competition for Arizona in 2013. He has acted as a network engineer for one of Phoenix's largest datacenters, PhoenixNAP, where he architected large-scale virtualization clusters and assisted with backup disaster recovery services.
  • Francis Brown - Partner, Bishop Fox
    Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON , RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

Links:

Similar Presentations: