Presented at
NolaCon 2018,
May 19, 2018, 5:30 p.m.
(Unknown duration)
This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells.
Additional info:
https://www.n00py.io/2017/01/control-your-mac-with-an-iphone-app-an-analysis-of-hipporemote/
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
https://github.com/n00py/AngryHippo - Exploiting the HippoConnect protocol for HippoRemote
https://github.com/n00py/Dissonance - Rogue Synergy server
Presenters:
-
Esteban Rodriguez
I am a Security Consultant at Coalfire Labs. I primarily perform network and web application penetration testing. I worked previously at Apple Inc performing intrusion analysis and incident response. Outside of work I blog at n00py.io and perform independent security research. I have authored multiple penetration testing tools and have presented at Bsides Puerto Rico covering penetration testing techniques.
Links:
Similar Presentations: