It's time to announce a large-scale project I have been working on for the past 2 years with a team of security researchers
@einstais
@calderpwn
@edeirme
and
@beauwoods
- a book on "Practical IoT Hacking" to be released this September by
@nostarch
Press:
Updated the
#Ncrack
RDP module to support all latest Windows versions and the more complicated version 5 of remote desktop (fastpath, fragmentation etc.) No other cracking tool supports this as of today. Try it at
#Nmap
@Nmap
After a gruesome, intense 48-hour exam and a detailed report spanning 101 (no joke) pages, I attained my
#OSCE
certificate by
@offsectraining
- highly recommended course!
We recently released a book on “Practical IoT Hacking”, a simple yet effective guide on how to attack (and as a result defend) the Internet of Things. The journey of writing a technical book was a long and arduous one, yet filled with valuable lessons:
Just published Ncrack release 0.7 with new modules: DICOM, MQTT, SMB2, CVS and an extended RDP module supporting all latest Windows versions! Also now ported to support OpenSSL 1.1. Get it at:
#Nmap
#Ncrack
@Nmap
#infosec
Here at the
@defcon
contest awards ceremony with Biohacking Village
@DC_BHV
CTF 2019 winner (murphLaw - team of 8 members)
#defcon
#defcon2019
#defcon27
. They had to deal with fierce competition of over 40 teams and over 40 challenges about medical devices and clinical systems.
New
#Ncrack
module for
#MQTT
done! To be uploaded soon at . Rate-limiting seems to be non-existent on the eclipse mosquitto broker (and I suppose most other MQTT software), so number of auth attempts per second is crazy high
Just received the email about my passing the 48-hour CTP /
#OSCE
exam (on my first try) by
@offsectraining
- this has been one of the most intense and challenging exams I have ever taken but well worth it : )
If you are in Vegas and want to talk about medical device security or
@nmap
/
#Ncrack
hit me up at
#BSidesLV
and
#Defcon
. Or just visit the biohacking village
@DC_BHV
and attend our presentation and CTF on assessing medical devices :)
Call me weird but I still enjoy writing C so much. Spent the night yesterday working on a deliberately vulnerable firmware update service for the IoTGoat project -
#iot
#iotsecurity
This is beyond surprising! Our kindle version of 'Practical IoT Hacking' book is now:
#1
in Network Security
#3
in Computer Network Security
#8
in Computer Hacking
on Amazon:
It's finally here!
Take 35% off your pre-order of Practical IoT Hacking through December 29th with code HACKTHINGS at . You'll get Early Access chapters now. Print books will be sent as soon as they receive inventory — around February 2021.
2 days until the biohacking village
@DC_BHV
CTF
@defcon
- get ready for an immersive hospital environment while you hack your way through insecure medical devices, analyze DICOM and extract PHI from vulnerable PACS servers!
#medsec
@EvaLovelac3
@TProphet
I have seen medical devices crashing and rebooting due to a simple Nmap version scan against an unauthenticated exposed network service.
#KilledByNmap
Just received my US green card today! The exhilaration is sky-high - this is such a big step and was well worth all the time, effort and stress throughout the last years!
Getting ready for the
@defcon
China workshop with
@calderpwn
and
@edeirme
on Ncrack and Nmap NSE Development for Offense and Defense. New
#Ncrack
module will be presented.
Tomorrow
@brrcon_
fellow Mayo engineer
@_sophron
will be presenting "Advanced Wifiphiser Usage for Red Team Campaigns": Don't miss it!
#infosec
#wifi
- You can try wifiphisher at
We have created more than 40 flags so far for the
@DC_BHV
Biohacking Village CTF
@defcon
- from Software Defined Radio challenges to PACS / DICOM exploitation to medical device firmware forensics!
#medsec
An amazing conference and hosting
@owasp_riviera
in Cozumel, Mexico. Included was a boat tour to El Cielo! Many thanks to
@calderpwn
and the rest of the team that made all of this possible!
I am thrilled to announce that, starting tomorrow, I will be joining OpenAI's security engineering team and help lay the foundations for a safe and secure AGI! ()
I am immensely proud of the work we have been doing
@mayoclinic
to improve the security of medical devices & clinical systems and protect patients' lives - an honorable and meaningful mission. But the time has come to move on the next adventure.
I am quite satisfied with how the
@GrrCON
presentation went and the feedback I got! Thank you all for watching! The questions & discussions after the talk made all the stress and effort worth it 😁
#GrrCON
We have reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board of Bret Taylor (Chair), Larry Summers, and Adam D'Angelo.
We are collaborating to figure out the details. Thank you so much for your patience through this.
@FarjaalAhmad
These are not real commands. It's just the AI model generating text that looks like real output of commands. You can verify this by generating a unique hash on an endpoint you control and trying to fetch it from ChatGPT: you won't be able to.
Last January I had the opportunity to present at the Medical Device Security 101 Conference
@ARC_MedSec
about "Common Vulnerabilities in Medical Devices" - many more upcoming conferences scheduled for the coming months on
#medsec
#healthcare
#infosec
PACS servers (talking
#DICOM
) are so common in hospital networks, yet so insecure that we had even created a set of challenges for last year's
@DC_BHV
@defcon
Biohacking Village CTF at Defcon to raise awareness about them:
Finally managed to get a
#LoRa
attack working!
#iot
#IoTSecurity
Bad documentation made me spend hours debugging and digging in .cpp code to find correct values for configuring the radio
The third and final day of the biohacking village CTF 2019 will be tomorrow! All flags should be submitted by 12.30 pm the latest!
@DC_BHV
#DEFCON27
#defcon2019
#defcon
I can attest to that 100%. I recently had the experience of working with No Starch Press for an upcoming book and their editorial support is top-notch.
Dig deeply into the level of editorial support you will receive when writing your book. We have seven editors on staff who will review and craft your work with you -- before your book goes to copyedit.
@beauwoods
Vendor: this new version of our medical device is "unhackable" (exact words)
<next day, in our medical device lab>
Engineers: got root
#TrueStory
Really enjoyed watching Jay Radcliffe's
@jradcliffe02
Defcon 25 presentation on a scientific method in security research with examples from the medical device / healthcare security field
#infosec
#medsec