Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Accuracy of Mr Robot

Tom Webster
October 08, 2015
Technology
0
430

The Accuracy of Mr Robot

This is a quick little talk I gave at [OISF](http://www.ohioinfosec.org/) about Mr. Robot and it's accuracy. Nothing really that hasn't been discussed at length already.

Tom Webster

October 08, 2015
Tweet

More Decks by Tom Webster

See All by Tom Webster
Securing XMPP
samurailink3
0
230
pfSense Basics
samurailink3
0
250
Wifi Grenade
samurailink3
0
2.7k
2 Factor: General Discussion
samurailink3
0
330
Modern Times: Passwords
samurailink3
0
340
Hacking People: No Mask Required
samurailink3
0
380
Salting your Hashes: Modern Password Storage
samurailink3
0
260
Making Security Shiny
samurailink3
0
490

Other Decks in Technology

See All in Technology
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
100
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
Terraform Stacks入門 #HashiTalks
msato
0
350
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
230
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
130
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
390
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Teambox: Starting and Learning
jrom
133
8.8k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
For a Future-Friendly Web
brad_frost
175
9.4k
Making Projects Easy
brettharned
115
5.9k
The Invisible Side of Design
smashingmag
298
50k
The World Runs on Bad Software
bkeepers
PRO
65
11k
A Philosophy of Restraint
colly
203
16k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410

Transcript

  1. MR ROBOT The Accuracy of

  2. Tom Webster is not mr robot “SamuraiLink3” Plus.google.com/+tomwebster [email protected] SamuraiLink3.com

    @SamuraiLink3

  3. Infosec in TV/Film It usually goes something like this:

  4. FAILS We all fail sometimes • Invalid IP address •

    Interesting story here, the show's legal department simply wouldn't allow showing a real IP address, as it posed too much of a liability risk to the show, so they had to use an invalid IP. • Time is sped up on many of the hacks • Not even infosec people want to wait for John the Ripper to finish, Mr. Robot took the liberty of cutting time out of time-intensive hacks. • A payload was supposed to open port 22 (ssh), but the target was a Windows machine. Sure, you can run ssh on Windows, but it's an unlikely connection type, also a reverse shell is much much more likely in this scenario.

  5. Script Kiddie Easy, fundamental • Watching people on open wifi

    • Dictionary attacks against weak passwords • Many passwords or dictionary basis words are discovered through observation or social engineering.

  6. Hacktivist Someone was paying attention • Dropping USB keys with

    autorun malware • Remotely accessible Raspberry Pi with Kali • Technical advisors worked in a cell connection so the Pi was "always accessible", even behind NAT on it's ethernet connection. • The command was netcat with a listening shell: `nc -l -p6996 -e /bin/sh` • Phishing calls used to get personal information. • This is your bank's fraud department calling...

  7. Red Team True professionalism • HID/RFID Cloning • Whoops! Sorry!

    Didn't even see you there! • Social Engineering with SET (The Social Engineering Toolkit by Dave Kennedy) • Really cool, SET got screen time on national television.

  8. APT (this is for those of you playing the at-home

    infosec drinking game) • One person entered a space before each command. Why? • export HISTCONTROL=ignorespace • This allows you to enter a command, prefixed by space, and it will NOT be added to the history file. This is the default behavior in most *nix environments. • Android Malware Install • Uses Framaroot to force-root the device through one of several security holes in older Android builds. • Then installs Flexispy, which watches many IM programs and other device details. This is a real spy application in use today. The install is shot-for-shot what happens to a real device.

  9. Credits Where to go for more details samurailink3.com/talks/mr-robot/