Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Def con 29 card

Bishop Fox is a Platinum sponsor of the Red Team Village, created to “bridge the gap between penetration testers and offensive red teams.” Meet Foxes on site and virtually as we show our support to the DEF CON community. Recently, we sat down with Savannah Lazzara with the Red Team Village to share why we think it’s important to be a sponsor.

Watch the video

Capture the Flag: August 5-8

Bishop Fox’s managing senior operator Barrett Darnell returns to host the Red Team Village CTF. All levels are welcome. The top teams will advance to the immersive scenario. And, there will be prizes! Learn more and register.

Bishop Fox Session

Topic: You’re Doing IoT RNG

Presenters: Dan Petro and Allan Cecil

Date: August 6, 2021 at 5 p.m. PST

Location: In Person (Track 1) and Virtual

Abstract:

Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness. In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.

Watch the talk

Bishop Fox Session

Topic: ATM Transaction Reversal Frauds (And How To Fight Them)

Presenter: Hector Cuevas Cruz

Date: August 6, 2021

Time: 10 a.m. PST

Location: DEF CON Payment Village - Virtual

Abstract:

Transaction Reversal Frauds (TRF) are a type of attack that doesn't require malware, complex physical attacks, or even opening an ATM. Instead they abuse some business and operational rules defined by the financial institutions to cash-out an ATM. This presentation describes what Transaction Reversal Frauds are, why this type of attacks are on rise, and more importantly, how to detect them through an integral analysis of journaling and some other logs.

Watch the talk


Barrett darnell

About the speaker, Barrett Darnell

Bishop Fox Alumnus

Barrett Darnell was a Senior Operator at Bishop Fox and a technical lead for the Continuous Attack Surface Testing (COSMOS) Managed Security Service. Prior to coming to Bishop Fox, he served as an exploitation operator in the US Department of Defense's most elite computer network exploitation (CNE) unit. As a top-rated military officer, Barrett led an offensive operations team in the US Air Force's premier selectively-manned cyber attack squadron. Barrett also teaches SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking to a worldwide audience. Barrett holds a Bachelor of Science in Computer Science from Washington State University and a Master of Science in Software Engineering from the University of West Florida.

More by Barrett

Dan petro

About the speaker, Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
More by Dan

Allan cecil

About the speaker, Allan Cecil

Security Consultant III at Bishop Fox

Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and President of the North Bay Linux Users' Group. He acts as the senior ambassador on staff at TASVideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
More by Allan

Hector cuevas cruz

About the speaker, Hector Cuevas Cruz

Security Consultant

Hector Cuevas Cruz is a Bishop Fox security consultant. He has more than 11 years of experience in information security where he has worked as an Offensive Security Consultant, Forensic Analyst, and Threat Hunter at some of the most renowned security companies. Hector has been a regular presenter at national conferences in Mexico since age 17. He has specialized in Red teaming, Digital Forensics, Incident Response, and ATM security assessments.

More by Hector

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.