Gone In 59 Seconds - High Speed Backdoor Injection via Bootable USB

Presented at DerbyCon 7.0 Legacy (2017), Sept. 24, 2017, 11 a.m. (50 minutes)

Gaining physical access was trivial, but now the computer is locked (or off) and time is running out…the "SmuggleBus" allows us to take advantage of unencrypted drives to quickly collect local password hashes and implant the backdoor of our choice without modifying any system binaries - all from a bootable USB and in a matter of seconds. Piotr Marszalik is an Information Security Consultant and Manager at Crowe Horwath. He specializes in methodology and tool development for Crowe's Penetration Testing and Red Teaming services. Piotr is also an Offensive Security Certified Expert (OSCE). His responsibility at Crowe includes planning and execution of various penetration testing and security awareness assessments. Michael Wrzesniak is a Cybersecurity Consultant at Crowe Horwath. Mike has been involved with Crowe for 2 years. His specialties include penetration testing, web application testing, and malware development. Piotr - @addenial Michael - @0x1CED

Presenters:

• Michael Wrzesniak
• Piotr Marszalik

Links:

• https://www.derbycon.com/sunday-schedule/#event-167
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/Gone In 59 Seconds High Speed Backdoor Injection via Bootable USB Piotr Marszalik Michael Wrzes.mp4

Similar Presentations:

• REcon 2005 / Syllogistic Application Testing
• DerbyCon 1.0 (2011) / Adaptive Penetration Testing
• DerbyCon 7.0 Legacy (2017) / Game On! Using Red Team to Rapidly Evolve Your Defenses