No IOUs with IOT

Presented at BSidesLV 2019, Aug. 7, 2019, 6 p.m. (25 minutes)

Mass Attack Campaign with Hands-on Webcam Exercise will teach participants about the IOT threat landscape (what have we seen) and common oversights made in the development, configuration, and deployment of IoT devices. And, while IOT may not be interesting itself as an end target, it's easy to build an automated campaign at scale which can access operational systems and sensitive data. I'll do a hacking demonstration to show the stages of an IOT campaign from OSINT/recon to exploitation to lateral movement to steal interesting things.

Presenters:

• Bryson Bort
  Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master's Degree in Telecommunications Management from the University of Maryland, a Master's in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

Similar Presentations:

• Still Hacking Anyway (SHA2017) / An autopsy in the IoT - Nabaztag, the Hare
• THOTCON 0xA (2019) / When Refrigerators Attack - Defending (and weaponizing) IoT
• BSidesDC 2019 / No IOUs with IOT