Geekly Articles each Day
📜 ⬆️ ⬇️

Crazy car, semi-legal TPM and liquid nitrogen: what is remembered by NeoQUEST-2014


Hi, Habr! In this article we will share with readers the materials of the NeoQUEST-2014 reports, which took place on July 3 in St. Petersburg, and tell you about the event itself.
So, under the cut:



That same July 3rd ...


... it was uncharacteristically sunny for St. Petersburg, however, despite such a rare chance to sunbathe, there were a large number of guests in the conference hall of the Resource Center for International Activities all day.


')

Early in the morning


The event was opened by the report “In commutation: how safe are mesh networks?” , Highlighting the relevance of mesh networks (in particular, ad-hoc and DTN) and related information security incidents.

Discussion of mesh-networks smoothly flowed into the report “The Internet is in the order of things” , about what the Internet of things is, why it is so difficult to build an effective protection of “networks of things” and which modern methods of protection are most relevant.

In the intervals between the first reports of the lively presenter, Dmitry Kuzenyatkin helped the guests to feel easy and relaxed, arranging fun contests and generously rewarding the winners and participants with a truly masculine gift: socks with the NeoQUEST logo!



In addition to socks, there were mugs, lanterns and elegant cane umbrellas (This is Peter, baby!), Which were useful to the lucky ones in the evening, when, according to St. Petersburg custom, a sudden rain poured.

In the middle of the report, "The Unprovable PC Speaker" , technical competitions had already started: the audience had to figure out what message squeaked "hryuker"! The idea was that the audio message was Morse code, and it needed to be decrypted. However, there were no radio spectators in the hall, so no one could cope with Morse code, and the guests managed to decipher the message only after a hint posted on Twitter:



Fun during breaks


An intriguing chess competition: anyone could play chess with one of the organizers of NeoQUEST, and he guessed his age according to the figures he used to go. It looks like IP Guessing, isn't it? However, the clue is absolutely logical and directly related to mathematics. You can check yourself by taking the conditions of the problems on our Twitter ( here and here ).

In addition, the quiz “Examination of information security” was held on Twitter all over the day on NeoQUEST. It included tricks on information security! Active guests puzzled over the reverse Polish notation , features of SVG-format files, POSTNET- encoding, and even not all coped with the cleverly composed cipher of Caesar!

For those who were tired of sitting and wanted some kind of vigorous activity, an escape-room was assembled, where an artificially designed flash drive, password-protected smartphones, various sensors, signaling and tracking devices were waiting for those who wanted to feel like a spy.

A prerequisite for receiving the prize was the successful passage of all sections of the room, but in the hall every now and then a siren sounded, announcing that the participant in the first section was noticed!



Afternoon


After the coffee break, the performances continued with the overview report “I2P and TOR: you cannot pardon execution. Anonymity on the Internet - an illusion or a reality? ”, And after it the time came for the long-awaited for many guests report on TPM and TXT ( “ tpm.txt: what is overseas iron capable of? ” ). The report told about what TPM is, where to get it (how to turn it on), how to work with it, and much, much more!

After the next coffee break, the guests gathered, anticipating the promised cold-boot attack. A few slides of a stylish comic presentation - and the show has begun! To the music of Prodidgy and, as we promised, with the help of the guys from the audience!





Checking whether it was possible to really decipher the passwords entered by guests from the audience through the cold-boot was somewhat delayed: it was exactly the Thursday in which Windows puts updates. While the updates were being made, the guests listened to the report “How to steal a cat via USB” on security threats when synchronizing smartphones with a PC. The report was accompanied by a demonstration of how to intercept and modify data in the synchronization process. Possible methods of countering attacks were also considered: from the PC side (isolation approach) and from the smartphone side (cryptographic approach). For each approach, their positive and negative sides were described, key fragments of the implemented sources were presented.

After the report, the guys proudly announced the successful completion of the experiment: the password was taken out of memory, and that is extremely important: it was the same password that, secretly from the organizers of the attack, was invented by a guest from the hall!

Many photos of cold-boot attack!


















Evening "in the car"


The final chord of the evening was the report “Car - smartphone on wheels. Fasten Cyber-belts! ” , Which caused a large number of questions and discussions. By the way, in the parking lot near the NeoQUEST venue there was a Crazy Car showing all the potential vulnerabilities of a modern car that cybercriminals could exploit.



To be continued...


One of the key events of NeoQUEST-2014 was Hackquest - a competition in cyber security among the winners of the February online tour. To get the main prize - a trip to one of the international conferences on information security - the guys had to go through 5 challenging and completely diverse tasks: Web security, hardware, mobile and network technologies. Participants were given 8 hours to pass, and, by the way, no one passed the same task!
About who became the winner, what were the tasks, and - the most interesting - how could they be passed? - in our next article on NeoQUEST!

Source: https://habr.com/ru/post/230579/

More articles:


All Articles