My Amazing Road to Defcon

My Amazing Road to Defcon

WISP (Women in Security & Privacy) is a program that helps to advance women’s roles in IT through networking, mentorship, and education. It promotes various initiatives to help inspire women to be active in the community. This year, WISP set up a Defcon sponsorship that provided winners with tickets to the convention, with a stipend, and in a show of amazing support, that number jumped from 2 women, to 57 within a week.  I was lucky number 57.  I recently…

Read More Read More

Part 2: Pairing Problems

Part 2: Pairing Problems

In part one of this series, I briefly discussed the fundamental protocols that work in conjunction with Bluetooth, like: LMP, L2CAP, SDP and RFCOMM.  I also touched up on  BD_ADDR, and NAP/UAP/LAP.  I went over other states BT devices within a piconet swap to, and hinted at the amount of enumeration we can glean from just OUI‘s and packets.  In this post, I will go a step further and cover the pairing process involved between devices and note some of…

Read More Read More

Part 1: A Brief History of BT

Part 1: A Brief History of BT

With the re-emergence of popularity in both vendor and client Bluetooth usage, along with the release of BlueBorne, I thought I would write a post that provides readers with a little bit of a better understanding of the fundamental workings and flaws used with the technology.  This post was personally picked as a subject of interest by Pirate Moo blog readers and friends, and will later be used to provide an analysis of subjects of interest chosen by users.  I…

Read More Read More

Notes: CH 11: iOS Analysis Part 1

Notes: CH 11: iOS Analysis Part 1

iOS FS: Apple devices: Some OS X foundation: Diff framework: OS X apps won’t run on iOS UNIX based FS: Structures similar but diff: Ways each store apps/usr data iOS: Apps interact w/FS: Limited/sandboxed by design: Each has a container/# of containers w/specific roles Both iOS/OS X use a HFS: Hierarchical File System iOS HFSX | HFS+ OS X HFX+ Difference: Latter contains case sensitive filenames Forensic tools originally: Could interpret HFS+: When it came to H+ 0x400 offset of…

Read More Read More

The Invisible Women of IT

The Invisible Women of IT

In years past, I have read countless articles about problems facing women in the IT community within a broad spectrum; ranging from vicarious forms of discrimination, to opinion based pieces from outsiders looking in. One thing I have yet to encounter however, is the perspective from women on the other side of the fence. The women who seem selectively removed from the discussion, because of their lack of willingness to participate, popularity, or stances that are askew from mainstream thought…

Read More Read More

SIM Card Analysis P2 TON/NPI

SIM Card Analysis P2 TON/NPI

TON/NPI Single octet Indicates type of number telephone will represent Byte representative of bin num created 1st bit: Always 1 Combined with TON: 3 bits and 4 bits NPI Type of Number/Numbering Plan Indicator   SMS-SUBMIT Structure Type Description Need TP-MTI TP-Message-Type-Indicator Mandatory TP-RD TP-Reject-Duplicated Mandatory TP-VPF TP-Validity-Period-Format Mandatory TP-RP TP-Reply-Path Mandatory TP-UDHI  TP-User-Date-Header-Indicator Optional TP-SRR TP-Status-Report-Request Optional TP-MR TP-Message-Reference Mandatory TP-DA TP-Destination-Address Mandatory TP-PID TP-Protocol-Identifier Mandatory TP-DCS TP-Data-Coding-Scheme Mandatory TP-VP TP-Validity-Period Optional TP-UDL TP-User-Data-Length Mandatory TP-UD TP-User-Data Optional Example:…

Read More Read More

SIM Card Analysis Part 1 (TON/NPI in other portion)

SIM Card Analysis Part 1 (TON/NPI in other portion)

  Smart cards: “microprocessor equipped tokens…store/process diverse range of data/apps” Many use UICC/SIM interchangeably HW portion of smart card SIM/USIM: SW apps included on card UICC: Universal Integrated Circuit Card: SIM: Only GSM originally: Key to mobile op on network w/HW/SW Used in most smart devices: CDMA included R-UIM: Removable User Identity Module CSIM: CDMA2000 Sub ID Module cards: Part of CDMA devices can be used globally Defined by ETSI: Adopted by 3GPP: Apps: USIM/SIM/ISIM/CSIM Coverage sub cards: UMTS network…

Read More Read More

Mobile Forensic Tool Overview P2 (JTAG/Chip-Off)

Mobile Forensic Tool Overview P2 (JTAG/Chip-Off)

JTAG JETAG: Joint European Test Action Group: 1985 in EU as standard for boundary-scan testing Boundary scanning context of mobile devices efficiently tests connections on printed circuit board in effort to program/debug device w/out needing phys access to flash 1986:  Members from NA joined: JTAG: Joint Test Action Group 1986-1988: Group proposed/published series of proposals to IEEE Testability Bus Standards Committee Final version of JTAG 2.0 accepted Published 1990/updated several times w/current specs ID’d as IEEE Std. 1149.2013 At core:…

Read More Read More

Mobile Forensic Tool Overview P1

Mobile Forensic Tool Overview P1

Logical Collection: 2007: NIST SP 800-101: Logical acquisition implies bit-by-bit copy of logical storage objects that reside on logical store 2013: SWGDE: Scientific Working Group on Digital Evidence: Removed bit-by-bit classification proposed by NIST Stated logical acquisition implies copy of logical storage of objects that reside on a logical store 2013 publication: Process that provides access to usr-accessible files Logical analysis process will “not generally provide access to deleted data” 2014: NIST: SP 800-101R: Logical acquisition is capturing a copy…

Read More Read More

Intro to Digital Forensics: Ch 1

Intro to Digital Forensics: Ch 1

Digital Forensics: “The application of CS and investigative procedures for a legal purpose involving the analysis of digital evidence (info of probative value that is stored/transmitted in bin form) after proper search authority, chain of custody, validation w/mathematics [hash], use of validated tools, repeatability, reporting/possible expert presentation” “Commentary: Defining Digital Forensics,” Forensic, Magazine 2007 October 2012: ISO s27037: Standard for digital forensics ratified: Defines personnel methods for acquiring/preserving evidence FRE: Federal Rules of Evidence: 1973: Signed into law: Ensure consistency…

Read More Read More