Bishop Fox is a Platinum sponsor of the Red Team Village, created to “bridge the gap between penetration testers and offensive red teams.” Meet Foxes on site and virtually as we show our support to the DEF CON community. Recently, we sat down with Savannah Lazzara with the Red Team Village to share why we think it’s important to be a sponsor.
Capture the Flag: August 5-8
Bishop Fox’s managing senior operator Barrett Darnell returns to host the Red Team Village CTF. All levels are welcome. The top teams will advance to the immersive scenario. And, there will be prizes! Learn more and register.
Bishop Fox Session
Topic: You’re Doing IoT RNG
Date: August 6, 2021 at 5 p.m. PST
Location: In Person (Track 1) and Virtual
Think of a random number between '0' and infinity. Was your number '0'? Seriously? Crap. Well unfortunately, the hardware random number generators (RNG) used by your favorite IoT devices to create encryption keys may not work much better than you when it comes to randomness. In this talk, we'll delve into murky design specs, opaque software libraries, and lots of empirical results. We wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyze them. What we found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security. Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread and the attacks are practical. RNG is bad out there - "IoT Crypto-pocalypse" bad.
Bishop Fox Session
Topic: ATM Transaction Reversal Frauds (And How To Fight Them)
Presenter: Hector Cuevas Cruz
Date: August 6, 2021
Time: 10 a.m. PST
Location: DEF CON Payment Village - Virtual
Transaction Reversal Frauds (TRF) are a type of attack that doesn't require malware, complex physical attacks, or even opening an ATM. Instead they abuse some business and operational rules defined by the financial institutions to cash-out an ATM. This presentation describes what Transaction Reversal Frauds are, why this type of attacks are on rise, and more importantly, how to detect them through an integral analysis of journaling and some other logs.